Policy - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

Policy

Description:

Back up the system nightly Housekeeping Make it easy to ... of intent/good faith Risk management Housekeeping Use present ... Entity Authentication * * Scope ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 32
Provided by: HollyGreg
Category:

less

Transcript and Presenter's Notes

Title: Policy


1
Policy Procedure Writing
2
Objectives
  • Identify key elements to include in a Policy and
    a Procedure (PP)?
  • Outline key sections of a PP
  • Posting implementing PPs
  • Tie these elements into writing HIPAA PPs in
    your organization

3
Value of Consistent PPs
  • Support consistent organizational processes
  • Training source for workforce
  • Proof of intent/good faith
  • Risk management

4
Housekeeping
  • Use present tense
  • Avoid the words will, could, and should
  • Start sentences with an action word
  • Example
  • The Security Officer will train all workforce
    members
  • vs.
  • The Security Officer trains all workforce members
  • Example
  • The system is backed up nightly
  • vs.
  • Back up the system nightly

5
Housekeeping
  • Make it easy to understand for everyone to whom
    the policy applies (avoid legal ease)?
  • Number each page
  • Header with title
  • 12 font

6
Housekeeping
  • Use a Template PP
  • Table of Contents
  • Number all points
  • Use outline formatting
  • Limit each point to 1 or 2 sentences
  • Flowchart/Mind map

7
What is a Policy?
  • Guideline, goal, position of the organization
  • What and why of an operation, function,
    decision, or procedure (objective)?
  • Address the law requirements
  • Organizational
  • Federal
  • State
  • Other

8
Responsible for Implementation
  • Who rolls out and monitors that the PP is
    followed?
  • Department issuing the policy
  • Privacy and/or Security Officer
  • May be the author
  • List departments and roles, not names

9
Applicable to
  • Who is required to follow or perform the tasks
    outlined in the PP? Who does it affect?
  • What departments?
  • Which facilities?
  • What systems?
  • Other organizations?

10
Violations of the PP
  • Include steps taken when a violation of the PP
    is reported/noted
  • Consider action plans for violations committed by
    workforce members, business associates, business
    partners, etc.
  • Refer to Sanction or Disciplinary Action policy

11
Purpose (Not Required)?
  • Reason for the PP
  • Why written

Scope (Not Required)?
  • Broad general statements outlining to whom or in
    which situations the procedure applies

12
Key Definitions
  • Include definitions for important terms used
  • Legal
  • Technical
  • Open for interpretation
  • List definitions alphabetically

13
What is a Procedure?
  • Describes specifically how to accomplish the
    policy
  • Defines how it is done
  • Step-by-step how to accomplish a task
  • Sequential
  • Recommendation Flowchart/Mind Map

14
Authors of the PP
  • List authors
  • Include date signed
  • Other considerations
  • Include Revised by (for future changes to
    policy)?
  • Place on a separate Signature page

15
Attachments to Policy
  • Forms
  • Checklists
  • Training Tools
  • Examples
  • Flowcharts

16
Reviewed By
  • Individuals with authority over the PP
  • Department chair, medical director, manager,
    supervisor, etc.
  • Not the author
  • May also be used for future reviews of PP (no
    changes made when reviewed)?
  • Include date signed
  • Consider placing on Signature page

17
Applicable Standards/Regulations
  • List all standards, regulations, laws, statutes,
    etc. that apply to the PP

18
Sources
  • References used as a basis to write the PP
  • Examples AHIMA, NIST, Phoenix Health Systems,
    etc.
  • Other PPs
  • Include the following
  • Document title
  • Author
  • Date published

19
Other Considerations
  • Have a PP standardizing how to write, revise,
    post, and train PPs in your organization
  • One person/department/team maintains all PPs
  • PP numbering
  • 4-digit number (01-04)?
  • 1st two are issuing dept.
  • 2nd two are policy
  • Master Index

20
Other Considerations
  • Inform all new employees of how to access and
    follow PPs
  • Use PPs to train those that need to follow them
  • May need to refine procedures at departmental
    level
  • Other regulation/law requirements

21
Prior to Posting
  • Request team member and key workforce members it
    affects to review
  • Verify it identifies who, what, where, when, why,
    how
  • Confirm all attachments are addressed within the
    PP

22
Prior to Posting
  • Check formatting
  • Review accuracy of page numbering
  • Confirm page numbering is correct in Table of
    Contents
  • Do a spell check

23
Steps For Posting
  • Post where all may access
  • Intranet
  • Shared drive
  • Binder in central location
  • Notification
  • Email management/workforce
  • Post on notification board(s)?

24
Review Schedule
  • Review annually and as changes occur
  • Determine who is responsible to review
    (ex. author)?
  • Post changes and notify of changes

25
Maintain Documentation
  • HIPAA Maintain all versions for minimum of 6
    years from last date in effect
  • Hard copy or electronic
  • Other regulations may require storing for
    extended periods of time

26
HIPAA PP Writing Before You Start
  • Locate existing, overlapping PPs
  • Get help from departments affected by the PP
  • High level
  • Workforce
  • Experts

27
Read the Regulations
  • Find overlapping in the Privacy Security Rule
    and combine the PPs
  • Find overlapping across implementation
    specifications within each particular rule and
    combine them into one PP

28
HIPAA COW Security PP Grid
  • www.hipaacow.org
  • Click on HIPAA COW Documents Forms
  • Select Security Documents
  • Accept the Disclaimer
  • Open the Security Rules PP Grid document

29
PP Writing Resources
  • HIPAA COW www.hipaacow.org
  • Policy template
  • Click on HIPAA COW Documents Forms
  • Select Security Documents
  • Accept the Disclaimer
  • Open the Security Policy Template document
  • List of other resources
  • Click on Other HIPAA COW Resources
  • Open Security Policies and Procedures document
  • AHIMA www.ahima.org

30
System Access Policy
  • 164.308a3iiB Workforce Clearance Procedure
  • 164.308a3iiC Termination Procedures
  • 164.308a4ii Isolating HC Clearinghouse Function
  • 164.308a4iiB Access Authorization
  • 164.308a4iiC Access Establishment Modification
  • 164.308a5iiD Password Management

31
System Access Policy Continued
  • 164.310b Workstation Use
  • 164.310c Workstation Security
  • 164.312a2i Unique User Identification
  • 164.312a2iii Automatic Logoff
  • 164.312d Person or Entity Authentication
Write a Comment
User Comments (0)
About PowerShow.com