HIPAA Security Survey
Summary: This survey has been developed to gather information to assist us in our obligation to become complaint with the Health Insurance Portability and Accountability Act (HIPAA) of 1996 (45 CFR 160.103; 164.501, 514). Compliancy with HIPAA security rules is required by April of 2005.
Applies to all faculty, staff, students and volunteers.
Background:
Protected health information (PHI) under HIPAA means individually identifiable health information. Identifiable refers not only to data that is explicitly linked to a particular individual (that's identified information). It also includes health information with data items which reasonably could be expected to allow individual identification.
De-identified information is that from which all potentially identifying information has been removed.
Survey:
1. Do you create, receive, or house individually identifiable health information? on- or off-campus (including work-related materials stored in your home, car, laptop, or personal digital assistant) that relates to:
- the provision of medical care
- or the payment for such care
- or the past, present, or future physical or mental health condition of human beings
and that does or could be used to identify human beings who are the subject of such information?
< Choose one >
No – Yes - Don't know - Not applicable
If yes, please indicate your relationship to this information. Check all that apply.
I create or receive information of this nature.
I administer a system which houses information of this nature.
2. Do you engage in any transactions, communications, or sharing of information with a different unit of the University (either at UC, Irvine or another University of California campus, or UC system) or an outside entity through or from which you receive, send, transmit, relay, or otherwise share any individually identifiable health information?
< Choose one >
No – Yes - Don't know - Not applicable
3. Do you have any contract, grant, or protocol with an outside entity via which you send out an individual (faculty member, student, student rotation, etc.) to an outside site and that individual is privy to individually identifiable health information?
< Choose one >
No – Yes - Don't know - Not applicable
4. Do you customarily release any individually identifiable health information as part of your required compliance with state or federal law (e.g., JCAHO reporting, mandatory child abuse reporting)?
< Choose one >
No – Yes - Don't know - Not applicable
5. Did you answer "No" to any of the questions 1--4 because you believe that the health information you create, house, or receive has been coded or de-identified and could not be tracked back to an individual?
< Choose one >
No – Yes
6. Did you answer "No" to any of the questions 1--4 because you have contractually provided that an outside entity (such as a Third Party Administrator) manage/handle all individually identifiable health information?
< Choose one >
No - Yes
If you answered "Yes" to any of the questions 1--4, please answer the following question.
7. Is the individually identifiable health information that you create, house, use, or receive related to
Check all that apply
Clinical treatment
Research involving human subjects
Research that involves treatment
Laboratory work
Teaching
Other (Please specify - 255 characters maximum)
8. Do others in your unit create or receive individually identifiable health information?
< Choose one >
No - Yes - Don't know Not applicable
9. Please provide your name and e-mail address.
Name:
E-mail:
10. Who is your employer?
Medical Center
College of Medicine
Other (Please specify - 255 characters maximum)
11. What is your title?
12. Please identify a contact person for your unit.
Name:
E-mail:
If you need assistance in completing this form, or have additional questions risen by this review, please contact BLANK, with the subject line, "HIPAA survey question".
