Page 1 of 7    Dedicated to protecting and improving the health and environment of the people of Colorado

Memorandum of Understanding From: CDPHE To: All Providers Re: Date:

HIPAA Compliance November 29, 2016

In an effort to ensure that all providers remain compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Colorado Department of Public Health & Environment (department) will be implementing some procedural changes with the Health Survey desk revisit process beginning December 1, 2016. The HIPAA Privacy and Security rules have established the standards for protecting health information that is being stored or transferred in an electronic format. Please visit the following link for additional summary and information regarding HIPAA requirements and additional links to view the full Privacy and Security rules, https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html. Following the approval of any plans of correction (POC), the department is required to conduct a revisit survey of each provider to establish that POC’s have been appropriately implemented and any deficient practice has been reconciled and is in compliance. These revisit surveys can be completed either at the onsite location of the provider or by what the department refers to as desk revisits, which require providers to submit paper documentation to demonstrate compliance. The submission of paper documents can be completed using one of two different electronic methods: fax or email. Moving forward, submission of documentation by email will require additional steps and safeguards by each provider, excepting those providers that were already meeting these requirements. More specifically, on December 1, 2016, the department will be issuing the specific list of documentation for desk revisits by email to each provider through a secure email encryption service called Zixcorp. The department has been sending all deficiency lists, survey results letters and additional documents through this email encryption service for some time and therefore most providers should have a basic understanding of this system. Once this email is received, it will contain a link for each provider to select and log into their own unique Zixcorp portal account. Once logged in, the provider will be able to view a PDF attachment that will contain the list of documentation needed for the desk revisit. Any provider opting to send documentation via email will be required to log into this account and then reply and attach any documentation being submitted for review. Please note, this email will only be available for 14 days at which point the system no longer allows providers to view the email or the attachments. If this occurs, please contact the department for further assistance. In the following pages, you will find specific instructions on the exact process to follow when submitting your documentation via email. Using the Zixcorp system provided by the department will ensure that each provider remains HIPAA compliant in this process.

Page 2 of 7    Alternatively, some providers already utilize an email encryption service and may continue to use those services. Any provider that does not have their own email encryption service, must either begin using Zixcorp or obtain their own encryption service when sending protected health information. Should any provider have specific questions regarding this process at any time, you may contact Jason Bohl, Quality Assurance Supervisor, at 303-692-6221 or by email at [email protected] or you may also contact the Revisit Desk Coordinator at 303-692-2818 or by email at [email protected]. Sincerely,

Jason Bohl, Quality Assurance Supervisor Health Facility Quality Branch Colorado Department of Public Health & Environment

Page 3 of 7   

Desk Revisit Instructional Guidelines: 1. The provider will receive an email from [email protected] that when opened will have the following image below:

2. Select the “Open Message” box within the email (as identified above) and you will be directed to the State of Colorado Secure Email Portal login page. If you have previously logged into this account, you will only need to enter your password. If you have not logged into this account, you will need to first complete the registration step. Note: DO NOT reply directly to this email with your attachments. While the email will be successful, any attachments sent via a direct reply will not be sent securely and will ultimately violate HIPAA Security rules.

3. The system will automatically bring you to the email. From this screen, you will be able to view the attached PDF document. This document will include three separate columns, the deficiency list, the POC submitted by the provider, and the POC directives which will include the list of documentation that must be submitted for the desk revisit.

4. As you will notice, this system operates very similarly to your own email system in that when ready, you can select the “reply” option to begin typing a message or attaching documents that you wish to send. Please see the following image.  

Page 4 of 7   

    5. Once you select “reply”, the following image shows that you will be given the option to “Attach Files”.

     

Page 5 of 7    6. When attaching files, please take note of the limitations of this system identified below that you can only attach 10 files and those files cannot exceed more than 25 MB.

7. When attaching documents, it is imperative that you ensure proper labeling of the attachments. The title of each attachment should be the deficiency number, Ex. Tag 205. If multiple attachments are necessary for one deficiency, continue to use the deficiency number but include a number or letter in parenthesis to identify multiple attachments. For example, Tag 205 (A) and Tag 205 (B).

 

8. Should any attachment put the facility above the allotted 25 MB limit, you will receive the following error message:

Page 6 of 7    9. Should the facility reach its 10 attachment limit, you will receive the following error message:

10. Do not despair, if you receive either of the above messages, select the “finish” button, type any message necessary and then select the “send” option, see below:

           

Page 7 of 7    11. You will then be directed to the following screen. You will simply select the same email and then  begin the process over from Step 3 above.    

    If you receive any additional error messages or have any questions at any time during this process,  please contact Jason Bohl at 303‐692‐6221 or the Revisit Desk Coordinator at 303‐692‐2818 and we will  be happy to provide any technical assistance needed.  

HIPAA Compliance Memo and Instructions.pdf

There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. HIPAA ...
Download PDF
367KB Sizes 3 Downloads 256 Views
Report

Recommend Documents

HIPAA Compliance Memo and Instructions.pdf
HIPAA Compliance Memo and Instructions.pdf. HIPAA Compliance Memo and Instructions.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying HIPAA ...
HIPAA Compliance & Data Protection with Google Apps
must sign a Business Associate Agreement (BAA) with Google. ... things to focus on are key trends in the highlights section, overall exposure to data breach in.
HIPAA Compliance on Google Cloud Platform
This guide is intended for security officers, compliance officers, ... practice for information security controls based on the ISO/IEC. 27002 specifically for cloud services. Our ISO ... Google's comprehensive third party audit approach is designed t
WinguMD-HIPAA-Compliance-Statement.pdf
Communications Systems (PACS), Vendor Neutral Archives (VNA), Electronic Medical Records. (EMR) using industry defined protocols including Digital Communications in Medicine (DICOM),. Health Level 7 (HL7) and Fast Healthcare Interoperability Resource
HIPAA Compliance with G Suite
Security best practices .... Page 10 ... When deploying an Apps Script project that handles PHI as a web app, under “Execute the .... Documents hosted on any of.
HIPAA Summary.pdf
Download. Connect more apps... Try one of the apps below to open or edit this item. HIPAA Summary.pdf. HIPAA Summary.pdf. Open. Extract. Open with. Sign In.
HIPAA Notice
Mesquite Fire Rescue is required by law to maintain ... notice of our legal duties and privacy practices with respect to ... not have to comply with your request if.
HIPAA Summary.pdf
Regulatory. Background. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public. Law 104-191, was enacted on August 21, 1996.
HIPAA Summary.pdf
Whoops! There was a problem loading more pages. HIPAA Summary.pdf. HIPAA Summary.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying HIPAA ...
802 HIPAA Training.pdf
Page 1. Whoops! There was a problem loading more pages. 802 HIPAA Training.pdf. 802 HIPAA Training.pdf. Open. Extract. Open with. Sign In. Main menu.
Guided HIPAA Compliance.pdf
Certified Information Systems Security Professional (CISSP). • Certified Information Systems Auditor (CISA) ... Displaying Guided HIPAA Compliance.pdf. Page 1 ...
HIPAA Privacy Practices.pdf
HIPAA Privacy Practices.pdf. HIPAA Privacy Practices.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying HIPAA Privacy Practices.pdf. Page 1 of 3.