<% ' FP_ASP ASP Automatically generated by a Frontpage Component. Do not Edit. On Error Resume Next Session("FP_OldCodePage") = Session.CodePage Session("FP_OldLCID") = Session.LCID Session.CodePage = 1252 Err.Clear strErrorUrl = "alteer_hipaa_sorry.asp" If Request.ServerVariables("REQUEST_METHOD") = "POST" Then If Request.Form("VTI-GROUP") = "0" Then Err.Clear Set fp_conn = Server.CreateObject("ADODB.Connection") FP_DumpError strErrorUrl, "Cannot create connection" Set fp_rs = Server.CreateObject("ADODB.Recordset") FP_DumpError strErrorUrl, "Cannot create record set" fp_conn.Open Application("alteer_hipaa_survey_ConnectionString") FP_DumpError strErrorUrl, "Cannot open database" fp_rs.Open "Results", fp_conn, 1, 3, 2 ' adOpenKeySet, adLockOptimistic, adCmdTable FP_DumpError strErrorUrl, "Cannot open record set" fp_rs.AddNew FP_DumpError strErrorUrl, "Cannot add new record set to the database" Dim arFormFields0(75) Dim arFormDBFields0(75) Dim arFormValues0(75) arFormFields0(0) = "no54" arFormDBFields0(0) = "no54" arFormValues0(0) = Request("no54") arFormFields0(1) = "no43" arFormDBFields0(1) = "no43" arFormValues0(1) = Request("no43") arFormFields0(2) = "no32" arFormDBFields0(2) = "no32" arFormValues0(2) = Request("no32") arFormFields0(3) = "no21" arFormDBFields0(3) = "no21" arFormValues0(3) = Request("no21") arFormFields0(4) = "no10" arFormDBFields0(4) = "no10" arFormValues0(4) = Request("no10") arFormFields0(5) = "no4" arFormDBFields0(5) = "no4" arFormValues0(5) = Request("no4") arFormFields0(6) = "no_prob_lists" arFormDBFields0(6) = "no_prob_lists" arFormValues0(6) = Request("no_prob_lists") arFormFields0(7) = "no55" arFormDBFields0(7) = "no55" arFormValues0(7) = Request("no55") arFormFields0(8) = "no44" arFormDBFields0(8) = "no44" arFormValues0(8) = Request("no44") arFormFields0(9) = "no33" arFormDBFields0(9) = "no33" arFormValues0(9) = Request("no33") arFormFields0(10) = "no22" arFormDBFields0(10) = "no22" arFormValues0(10) = Request("no22") arFormFields0(11) = "no11" arFormDBFields0(11) = "no11" arFormValues0(11) = Request("no11") arFormFields0(12) = "no5" arFormDBFields0(12) = "no5" arFormValues0(12) = Request("no5") arFormFields0(13) = "type_of_practice" arFormDBFields0(13) = "type_of_practice" arFormValues0(13) = Request("type_of_practice") arFormFields0(14) = "no56" arFormDBFields0(14) = "no56" arFormValues0(14) = Request("no56") arFormFields0(15) = "no45" arFormDBFields0(15) = "no45" arFormValues0(15) = Request("no45") arFormFields0(16) = "no34" arFormDBFields0(16) = "no34" arFormValues0(16) = Request("no34") arFormFields0(17) = "no23" arFormDBFields0(17) = "no23" arFormValues0(17) = Request("no23") arFormFields0(18) = "no12" arFormDBFields0(18) = "no12" arFormValues0(18) = Request("no12") arFormFields0(19) = "no6" arFormDBFields0(19) = "no6" arFormValues0(19) = Request("no6") arFormFields0(20) = "physicians" arFormDBFields0(20) = "physicians" arFormValues0(20) = Request("physicians") arFormFields0(21) = "no57" arFormDBFields0(21) = "no57" arFormValues0(21) = Request("no57") arFormFields0(22) = "no46" arFormDBFields0(22) = "no46" arFormValues0(22) = Request("no46") arFormFields0(23) = "no35" arFormDBFields0(23) = "no35" arFormValues0(23) = Request("no35") arFormFields0(24) = "no24" arFormDBFields0(24) = "no24" arFormValues0(24) = Request("no24") arFormFields0(25) = "no13" arFormDBFields0(25) = "no13" arFormValues0(25) = Request("no13") arFormFields0(26) = "no7" arFormDBFields0(26) = "no7" arFormValues0(26) = Request("no7") arFormFields0(27) = "no58" arFormDBFields0(27) = "no58" arFormValues0(27) = Request("no58") arFormFields0(28) = "no47" arFormDBFields0(28) = "no47" arFormValues0(28) = Request("no47") arFormFields0(29) = "no36" arFormDBFields0(29) = "no36" arFormValues0(29) = Request("no36") arFormFields0(30) = "no25" arFormDBFields0(30) = "no25" arFormValues0(30) = Request("no25") arFormFields0(31) = "no14" arFormDBFields0(31) = "no14" arFormValues0(31) = Request("no14") arFormFields0(32) = "no8" arFormDBFields0(32) = "no8" arFormValues0(32) = Request("no8") arFormFields0(33) = "no59" arFormDBFields0(33) = "no59" arFormValues0(33) = Request("no59") arFormFields0(34) = "no48" arFormDBFields0(34) = "no48" arFormValues0(34) = Request("no48") arFormFields0(35) = "no37" arFormDBFields0(35) = "no37" arFormValues0(35) = Request("no37") arFormFields0(36) = "no26" arFormDBFields0(36) = "no26" arFormValues0(36) = Request("no26") arFormFields0(37) = "no15" arFormDBFields0(37) = "no15" arFormValues0(37) = Request("no15") arFormFields0(38) = "no9" arFormDBFields0(38) = "no9" arFormValues0(38) = Request("no9") arFormFields0(39) = "no_staff_mem" arFormDBFields0(39) = "no_staff_mem" arFormValues0(39) = Request("no_staff_mem") arFormFields0(40) = "no_encounters" arFormDBFields0(40) = "no_encounters" arFormValues0(40) = Request("no_encounters") arFormFields0(41) = "avg_time_patient_visit" arFormDBFields0(41) = "avg_time_patient_visit" arFormValues0(41) = Request("avg_time_patient_visit") arFormFields0(42) = "no49" arFormDBFields0(42) = "no49" arFormValues0(42) = Request("no49") arFormFields0(43) = "no38" arFormDBFields0(43) = "no38" arFormValues0(43) = Request("no38") arFormFields0(44) = "no27" arFormDBFields0(44) = "no27" arFormValues0(44) = Request("no27") arFormFields0(45) = "no16" arFormDBFields0(45) = "no16" arFormValues0(45) = Request("no16") arFormFields0(46) = "avg_time_reimburse" arFormDBFields0(46) = "avg_time_reimburse" arFormValues0(46) = Request("avg_time_reimburse") arFormFields0(47) = "no39" arFormDBFields0(47) = "no39" arFormValues0(47) = Request("no39") arFormFields0(48) = "no28" arFormDBFields0(48) = "no28" arFormValues0(48) = Request("no28") arFormFields0(49) = "no17" arFormDBFields0(49) = "no17" arFormValues0(49) = Request("no17") arFormFields0(50) = "avg_charts" arFormDBFields0(50) = "avg_charts" arFormValues0(50) = Request("avg_charts") arFormFields0(51) = "avg_refills" arFormDBFields0(51) = "avg_refills" arFormValues0(51) = Request("avg_refills") arFormFields0(52) = "no29" arFormDBFields0(52) = "no29" arFormValues0(52) = Request("no29") arFormFields0(53) = "no18" arFormDBFields0(53) = "no18" arFormValues0(53) = Request("no18") arFormFields0(54) = "no19" arFormDBFields0(54) = "no19" arFormValues0(54) = Request("no19") arFormFields0(55) = "no_lab_sheets" arFormDBFields0(55) = "no_lab_sheets" arFormValues0(55) = Request("no_lab_sheets") arFormFields0(56) = "locations" arFormDBFields0(56) = "locations" arFormValues0(56) = Request("locations") arFormFields0(57) = "avg_time_charts" arFormDBFields0(57) = "avg_time_charts" arFormValues0(57) = Request("avg_time_charts") arFormFields0(58) = "avg_time_dictations" arFormDBFields0(58) = "avg_time_dictations" arFormValues0(58) = Request("avg_time_dictations") arFormFields0(59) = "zip_code" arFormDBFields0(59) = "zip_code" arFormValues0(59) = Request("zip_code") arFormFields0(60) = "practice_name" arFormDBFields0(60) = "practice_name" arFormValues0(60) = Request("practice_name") arFormFields0(61) = "no50" arFormDBFields0(61) = "no50" arFormValues0(61) = Request("no50") arFormFields0(62) = "avg_time_refill" arFormDBFields0(62) = "avg_time_refill" arFormValues0(62) = Request("avg_time_refill") arFormFields0(63) = "no51" arFormDBFields0(63) = "no51" arFormValues0(63) = Request("no51") arFormFields0(64) = "no40" arFormDBFields0(64) = "no40" arFormValues0(64) = Request("no40") arFormFields0(65) = "no52" arFormDBFields0(65) = "no52" arFormValues0(65) = Request("no52") arFormFields0(66) = "no41" arFormDBFields0(66) = "no41" arFormValues0(66) = Request("no41") arFormFields0(67) = "no30" arFormDBFields0(67) = "no30" arFormValues0(67) = Request("no30") arFormFields0(68) = "no2" arFormDBFields0(68) = "no2" arFormValues0(68) = Request("no2") arFormFields0(69) = "dictations" arFormDBFields0(69) = "dictations" arFormValues0(69) = Request("dictations") arFormFields0(70) = "no53" arFormDBFields0(70) = "no53" arFormValues0(70) = Request("no53") arFormFields0(71) = "no42" arFormDBFields0(71) = "no42" arFormValues0(71) = Request("no42") arFormFields0(72) = "no31" arFormDBFields0(72) = "no31" arFormValues0(72) = Request("no31") arFormFields0(73) = "no20" arFormDBFields0(73) = "no20" arFormValues0(73) = Request("no20") arFormFields0(74) = "no3" arFormDBFields0(74) = "no3" arFormValues0(74) = Request("no3") FP_SaveFormFields fp_rs, arFormFields0, arFormDBFields0 If Request.ServerVariables("HTTP_USER_AGENT") <> "" Then FP_SaveFieldToDB fp_rs, Request.ServerVariables("HTTP_USER_AGENT"), "Browser_type" End If If Request.ServerVariables("REMOTE_HOST") <> "" Then FP_SaveFieldToDB fp_rs, Request.ServerVariables("REMOTE_HOST"), "Remote_computer_name" End If FP_SaveFieldToDB fp_rs, Now, "Timestamp" If Request.ServerVariables("REMOTE_USER") <> "" Then FP_SaveFieldToDB fp_rs, Request.ServerVariables("REMOTE_USER"), "User_name" End If fp_rs.Update FP_DumpError strErrorUrl, "Cannot update the database" fp_rs.Close fp_conn.Close Session("FP_SavedFields")=arFormFields0 Session("FP_SavedValues")=arFormValues0 Session.CodePage = Session("FP_OldCodePage") Session.LCID = Session("FP_OldLCID") Response.Redirect "alteer_hipaa_thanks.asp" End If End If Session.CodePage = Session("FP_OldCodePage") Session.LCID = Session("FP_OldLCID") %> Comtech Networks
Comtech Networks
 
HIPAA Readiness Survey
HIPAA HIPAAReadiness Survey


HIPAA Readiness Survey

1. Practice Profile

Practice Name
Type of Practice
# of Physicians
# Locations
Zip code of Locations
Average Number of Pharmacy Refills
Average Time to Complete
# of Encounter Dictations
Average Time to Complete
Average Time of Patient Visit per Physicians
Average Reimbursement Rate per Visit
Average Number Chart Pulls
Average Time to Complete
#  Encounters Daily
# Lab Sheets
# Problem Lists
Number Staff Members

2. Does your organization electronically transmit or exchange health information to carry out financial or administrative activities related to one or more of the following transactions:

Health claims
Healthcare payment and remittance advice
Coordination of benefits
Health claims status
Enrollment and disenrollment in a health plan
Eligibility for a health plan
Health plan premium payments
Referral certification and authorization
First report of injury
Health claims attachments
Medical Records transfer, duplication or archival
Other activities involving individually identifiable health information

Yes                  No                 Not Sure

3. Is your organization a health plan (provides or pays the cost of medical care) with less than 50 employees or annual receipts of $5 million or less?

Yes                  No                 Not Sure

4. Does your organization receive individually identifiable patient information from a health plan, healthcare clearinghouse or healthcare provider or from a business partner of one of these entities?

Yes                  No                 Not Sure

5. Does your organization have a person specifically identified to be in charge of health data privacy?

Yes                  No                 Not Sure

6. If your organization is a healthcare plan or healthcare provider, does it give patients a written explanation (notice) of the uses and disclosures of their individually identifiable health information?

Yes                  No                 Not Sure

7. If you answered Yes to the previous question, have you reviewed your patient notification policies within the last six months?

Yes                  No                 Not Sure

8. If you are a health plan or healthcare provider, does your organization use individually identifiable health information for any of the following uses?

Marketing
Sell, rent or barter patient information, including mailing lists
For health insurance underwriting purposes
Disclosure to employers for employment determinations
Fundraising


Yes                  No                 Not Sure

9. If your organization maintains individually identifiable patient information, does it allow individuals to access their records?

Yes                  No                 Not Sure

10. If you are a health plan or healthcare provider, do you charge patients for copies of their medical records?

Yes                  No                 Not Sure

 11. Does your organization have written procedures for safeguarding the identity of the patient's (member's) protected health information?

Yes                  No                 Not Sure

12. Has your organization developed policies and procedures to determine the minimum amount of protected health information necessary to accomplish the intended use of the data?

Yes                  No                 Not Sure

13. If your organization maintains individually identifiable patient information, does it provide individuals with an accounting of all disclosures of protected information?

Yes                  No                 Not Sure

14. If your organization is a health plan or healthcare provider, does it enable individuals to amend or correct their medical records?

Yes                  No                 Not Sure

15. Has your organization appointed someone to be in charge of security?

Yes                  No                 Not Sure

16. If you answered yes to the previous question, has that person developed an implementation team?

Yes                  No                 Not Sure

17. Does your organization have written data security policies for workstation use?

Yes                  No                 Not Sure

18. If you answered Yes to the previous question, has your organization reviewed these written workstation data security policies within the last 6 months?

Yes                  No                 Not Sure

19. Does your organization have or plan to launch a publicly accessible Web Site?

Yes                  No                 Not Sure

20. Does your organization have formal documented policies for granting different levels of access to healthcare information?

Yes                  No                 Not Sure

21. If you answered Yes to the previous question, has your organization reviewed its data access policies and procedures in that last six months?

Yes                  No                 Not Sure

22. Does your organization have written policies and procedures for ensuring the physical security of workstation locations?

Yes                  No                 Not Sure

23. Does your organization have written personnel security procedures addressing access to health information?

Yes                  No                 Not Sure

24. Has your organization reviewed its personnel security procedures in the last six months?

Yes                  No                 Not Sure

25. Does your organization have and follow policies and procedures in the event of termination of an employee with access to identifiable health information?

Yes                  No                 Not Sure

26. Does your organization use e-mail to transmit or receive any patient information?

Yes                  No                 Not Sure

27. Does your organization allow employees to telecommunicate?

Yes                  No                 Not Sure

28. Does your organization have written policies governing the receipt and removal of hardware/software, such as diskettes and tapes, into and out of a facility?

Yes                  No                 Not Sure

29. If you answered Yes to the previous question, have you reviewed your policies governing the removal of hardware/software into and out of your facility within the last six months?

Yes                  No                 Not Sure

30. Does your organization have written policies that identify and confirm the identity of a user when he or she tries to access health data?

Yes                  No                 Not Sure

31. If you answered Yes to the previous question, has your organization reviewed its written policies that identify and confirm the identity of users within the last six months ?

Yes                  No                 Not Sure

32. Does your organization have specific mechanisms for granting access to protected health information on your computer systems and networks?

Yes                  No                 Not Sure

33. If your organization uses computer networks or the Internet to transact business, does it have documented procedures, software and hardware that assure the integrity of data, authenticate the message and verify the identity of the sender and recipient?

Yes                  No                 Not Sure

34. If you answered Yes to the previous question, has your organization evaluated the effectiveness of its systems that assure data integrity, authenticate the message and verify the identity of the sender and recipient within the last six months?

Yes                  No                 Not Sure

35. Does your organization use open networks to transmit or receive health data?

Yes                  No                 Not Sure

36. Does your organization have specific mechanisms for authenticating the sender and recipient of electronically transmitted data?

Yes                  No                 Not Sure

37. Does your organization use or plan to use digital signatures within the next 12 months?

Yes                  No                 Not Sure

38. Does your organization have written procedures for reporting and responding to computer security breaches?

Yes                  No                 Not Sure

39. If you answered Yes to the previous question, has your organization reviewed its breach of security procedures in the last six months?

Yes                  No                 Not Sure

40. Does your organization plan to have an evaluation of your security system and/or confidentiality practices performed by an outside entity within the next 12 months?

Yes                  No                 Not Sure

41. In the last 12 months, has your organization conducted a comprehensive risk assessment of its vulnerability to a security breach?

Yes                  No                 Not Sure

42. Has your organization reviewed or analyzed previously undertaken Y2K activities in the last 12 months to create or change data security and privacy practices?

Yes                  No                 Not Sure

43. Do you have a written detailed contingency plan to respond to computer system emergencies?

Yes                  No                 Not Sure

44. If you answered Yes to the previous question, has your organization reviewed its contingency plans within the last six months?

Yes                  No                 Not Sure

45. Does your organization have a comprehensive computer security training program for all employees?

Yes                  No                 Not Sure

46. Has your organization conducted security awareness training in the last six months?

Yes                  No                 Not Sure

47. Has your organization provided training to its employees, agents and contractors regarding the confidentiality of health information?

Yes                  No                 Not Sure

48. Has your organization budgeted any resources to provide for HIPAA compliance?

Yes                  No                 Not Sure

49. If you answered No to the previous question, does your organization plan to add HIPAA compliance, training and education to the new budgetary cycle?

Yes                  No                 Not Sure

50. Does your organization plan to handle HIPAA compliance internally?

Yes                  No                 Not Sure

51. Does your organization establish or terminate insurance coverage by transmitting subscriber enrollment information to a health plan?

Yes                  No                 Not Sure

52. If your organization is a health care provider or health plan, does it transmit Remittance Advice and/or Explanation of Benefits?

Yes                  No                 Not Sure

53. Does your organization transmit encounter data for reporting purposes, internally or between providers and plans (even though services are prospectively paid by capitulation or other methods?

Yes                  No                 Not Sure

54. Does your organization transmit claim requests, or respond to claim requests for payments and accompanying information either internally or externally?

Yes                  No                 Not Sure

55. Does your organization transmit or receive authorizations for health care or referral authorizations?

Yes                  No                 Not Sure

56. Does your organization inquire or respond to inquiries regarding the status of a health care claim?

Yes                  No                 Not Sure


57. Does your organization use an outside vendor's system for the collection, dissemination, transfer and archival of individually identifiable health information?

Yes                  No                 Not Sure

58. If you answered Yes to the previous question, what is the vendors time line for HIPAA compliance?

Yes                  No                 Not Sure

59. Has your organization reviewed its contracts with health plans, healthcare clearinghouses, healthcare providers and/or employers from a HIPAA compliance standpoint?

Yes                  No                 Not Sure