Get documents about "Information Subpoena
Description
Information Subpoena document sample
Document Sample
Survey Title: CHPS Job Analysis 2009_Modified_Completed Responses v2 [379 responses]
Report Type: Bar Graph
Start Date:
End Date:
Invitations Sent:2486
Delivered:2241
Bounced:
Completed Responses:379
Response Rate:16.9%
Incomplete Responses:81
Incomplete responses included in this report:0
1. Please indicate which one of the following most closely matches your current set of responsibilities related to healt
Responses Count
My responsibilities include working directly in
healthcare information privacy 116
My responsibilities include working directly in
healthcare information security 2
My responsibilities include working directly in
healthcare information privacy and security 130
I don’t work directly in healthcare information
privacy or security, but supervise one or more
individuals who do 14
Did Not Answer 117
(Did not answer) 0
Total Responses 379 3.69%
2. Which of the following best represents your work schedule?
Responses Count
I work full time (30+ hours per week) 356
I work part-time (less than 30 hours per week) 11
I am not currently working 9
(Did not answer) 3
Total Responses 379
3. How many hours per week (on average) would you say you devote to your work (including supervision) in healthca
Responses Count
10 or fewer hours per week 171
11-20 hours per week 90
21-30 hours per week 37
More than 30 hours per week 78
(Did not answer) 3
Total Responses 379
4. Please indicate your Job Level category:
Responses Count
Executive / President / Vice President 9
Director (HIM, IT, etc.)/Officer (privacy, security,
compliance) 284
Educator 6
Manager / Supervisor 37
Consultant 18
Clinician (MD, RN etc.) 0
Technology Role (e.g. systems analyst, product
analyst/specialist) 10
HIM Technician Role (e.g. coder,
transcriptionist, CDI specialist, claims/financial
analyst) 5
Clerical / Administrative support 2
Not currently working 7
(Did not answer) 1
Total Responses 379
5. Choose below if you are designated as a Director or Officer (choose all that apply):
Responses Count
Compliance Officer 44
Director in HIM 204
Director of IT or IS 8
Director, Other 16
Privacy Officer 227
Security Officer 38
(Did not answer) 97
Total Responses 634
Multiple answers per participant possible. Percentages added may exceed 100 since a participant may select more than one an
7. Please indicate your primary Job Setting:
Responses Count
Acute Care Hospital 176
Ambulatory Surgery Center 3
Behavioral / Mental Health Facility 24
Clinic / Physician Practice 32
Consulting Services 13
Educational Institution 8
Health Information Exchange (HIE) 0
Home Health / Hospice 7
Integrated Healthcare Delivery System 54
Long-term / Skilled Nursing Facility 21
Non-Provider Setting (e.g. Government,
Vendor, Association) 19
Not Currently Working 4
Other Provider Setting (e.g. Rehab facility, etc.) 16
(Did not answer) 2
Total Responses 379
8. Please indicate your highest education level attained:
Responses Count
High School Graduate 6
HIM Certificate Program 16
AHIMA ISP Program 19
Associate Degree 72
Baccalaureate Degree 149
Masters Degree 99
Doctorate 2
Doctor of Law (JD) 4
Doctor of Medicine (MD) 1
Other (please specify) 9
(Did not answer) 2
Total Responses 379
Responses v2 [379 responses]
atches your current set of responsibilities related to health
%
30.61%
My responsibilities include
0.53% working directly in healthcare
0% information privacy
34.30%
30.87% 30.61%
My responsibilities include
3.69% working directly in healthcare
30.87% information security
34.30% 0%
3.69% 0.53%
My responsibilities include
e? working directly in healthcare
% information privacy and
security
93.93%
2.90%
2.37%
0.79%
u devote to your work (including supervision) in healthcare privacy
%
45.12%
23.75%
9.76%
20.58%
0.79%
%
2.37%
74.93%
1.58%
9.76%
4.75%
0%
2.64%
1.32%
0.53%
1.85%
0.26%
r (choose all that apply):
%
11.61%
53.83%
2.11%
4.22%
59.89%
10.03%
25.59%
y exceed 100 since a participant may select more than one answer for
%
46.44%
0.79%
6.33%
8.44%
3.43%
2.11%
0%
1.85%
14.25%
5.54%
5.01%
1.06%
4.22%
0.53%
%
1.58%
4.22%
5.01%
19.00%
39.31%
26.12%
0.53%
1.06%
0.26%
2.37%
0.53%
Survey Title: CHPS Job Analysis 2009_Modified_Completed Responses v2 [379 responses]
Report Type: Bar Graph
Start Date:12-Nov-2009
End Date:31-Oct-2010
Invitations Sent:379
Delivered:379
Bounced: 0
Completed Responses:379
Response Rate:100.00%
Incomplete Responses:0
Incomplete responses included in this report:0
1. Please indicate which one of the following most closely matches your current set of responsibilities related to healt
Responses Count
My responsibilities include working directly in healthcare information
privacy 116
My responsibilities include working directly in healthcare information
security 2
My responsibilities include working directly in healthcare information
privacy and security 130
I don’t work directly in healthcare information privacy or security, but
supervise one or more individuals who do 14
Did Not Answer 117
(Did not answer) 0
Total Responses 379
2. Which of the following best represents your work schedule?
Responses Count
I work full time (30+ hours per week) 356
I work part-time (less than 30 hours per week) 11
I am not currently working 9
(Did not answer) 3
Total Responses 379
3. How many hours per week (on average) would you say you devote to your work (including supervision) in healthca
Responses Count
10 or fewer hours per week 171
11-20 hours per week 90
21-30 hours per week 37
More than 30 hours per week 78
(Did not answer) 3
Total Responses 379
4. Please indicate your Job Level category:
Responses Count
Executive / President / Vice President 9
Director (HIM, IT, etc.)/Officer (privacy, security, compliance) 284
Educator 6
Manager / Supervisor 37
Consultant 18
Clinician (MD, RN etc.) 0
Technology Role (e.g. systems analyst, product analyst/specialist) 10
HIM Technician Role (e.g. coder, transcriptionist, CDI specialist,
claims/financial analyst) 5
Clerical / Administrative support 2
Not currently working 7
(Did not answer) 1
Total Responses 379
5. Choose below if you are designated as a Director or Officer (choose all that apply):
Responses Count
Compliance Officer 44
Director in HIM 204
Director of IT or IS 8
Director, Other 16
Privacy Officer 227
Security Officer 38
(Did not answer) 97
Total Responses 634
Multiple answers per participant possible. Percentages added may exceed 100 since a participant may select more than one an
7. Please indicate your primary Job Setting:
Responses Count
Acute Care Hospital 176
Ambulatory Surgery Center 3
Behavioral / Mental Health Facility 24
Clinic / Physician Practice 32
Consulting Services 13
Educational Institution 8
Health Information Exchange (HIE) 0
Home Health / Hospice 7
Integrated Healthcare Delivery System 54
Long-term / Skilled Nursing Facility 21
Non-Provider Setting (e.g. Government, Vendor, Association) 19
Not Currently Working 4
Other Provider Setting (e.g. Rehab facility, etc.) 16
(Did not answer) 2
Total Responses 379
8. Please indicate your highest education level attained:
Responses Count
High School Graduate 6
HIM Certificate Program 16
AHIMA ISP Program 19
Associate Degree 72
Baccalaureate Degree 149
Masters Degree 99
Doctorate 2
Doctor of Law (JD) 4
Doctor of Medicine (MD) 1
Other (please specify) 9
(Did not answer) 2
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
9. Importance
9(a). Importance: Domain 1: Ethical, Legal, and Regulatory Issues / External Environmental Assessment
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 0
2 - Moderately Important 15
3 - Very Important 115
4 - Extremely Important 247
(Did not answer) 1
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
9(b). Importance: Domain 2: Program Management and Administration
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 3
2 - Moderately Important 69
3 - Very Important 191
4 - Extremely Important 112
(Did not answer) 4
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
9(c). Importance: Domain 3: Information Technology / Physical and Technical Safeguards
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 2
2 - Moderately Important 28
3 - Very Important 119
4 - Extremely Important 224
(Did not answer) 6
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
9(d). Importance: Domain 4: Investigation, Compliance, and Enforcement
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 0
2 - Moderately Important 25
3 - Very Important 117
4 - Extremely Important 234
(Did not answer) 3
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
9(e). Importance: Domain 5: Customer / Client / Patient Services
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 1
2 - Moderately Important 62
3 - Very Important 157
4 - Extremely Important 154
(Did not answer) 5
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
10. Criticality
10(a). Criticality: Domain 1: Ethical, Legal, and Regulatory Issues / External Environmental Assessment
Responses Count
0 - No Harm 1
1 - Minimal Harm 12
2 - Moderate Harm 74
3 - Substantial Harm 182
4 - Extreme Harm 107
(Did not answer) 3
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
10(b). Criticality: Domain 2: Program Management and Administration
Responses Count
0 - No Harm 4
1 - Minimal Harm 48
2 - Moderate Harm 151
3 - Substantial Harm 134
4 - Extreme Harm 35
(Did not answer) 7
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
10(c). Criticality: Domain 3: Information Technology / Physical and Technical Safeguards
Responses Count
0 - No Harm 2
1 - Minimal Harm 9
2 - Moderate Harm 55
3 - Substantial Harm 150
4 - Extreme Harm 158
(Did not answer) 5
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
10(d). Criticality: Domain 4: Investigation, Compliance, and Enforcement
Responses Count
0 - No Harm 1
1 - Minimal Harm 11
2 - Moderate Harm 59
3 - Substantial Harm 175
4 - Extreme Harm 125
(Did not answer) 8
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
10(e). Criticality: Domain 5: Customer / Client / Patient Services
Responses Count
0 - No Harm 3
1 - Minimal Harm 29
2 - Moderate Harm 117
3 - Substantial Harm 145
4 - Extreme Harm 79
(Did not answer) 6
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
11. Frequency
11(a). Frequency: Domain 1: Ethical, Legal, and Regulatory Issues / External Environmental Assessment
Responses Count
0 - Never 1
1 - Rarely 9
2 - Sometimes 67
3 - Often 174
4 - Repeatedly 124
(Did not answer) 4
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
11(b). Frequency: Domain 2: Program Management and Administration
Responses Count
0 - Never 0
1 - Rarely 14
2 - Sometimes 87
3 - Often 178
4 - Repeatedly 89
(Did not answer) 11
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
11(c). Frequency: Domain 3: Information Technology / Physical and Technical Safeguards
Responses Count
0 - Never 2
1 - Rarely 22
2 - Sometimes 92
3 - Often 148
4 - Repeatedly 109
(Did not answer) 6
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
11(d). Frequency: Domain 4: Investigation, Compliance, and Enforcement
Responses Count
0 - Never 0
1 - Rarely 12
2 - Sometimes 87
3 - Often 133
4 - Repeatedly 141
(Did not answer) 6
Total Responses 379
STEP 3: Performance Domain EvaluationPerformance Domains are the major responsibilities or duties that define the
11(e). Frequency: Domain 5: Customer / Client / Patient Services
Responses Count
0 - Never 0
1 - Rarely 19
2 - Sometimes 102
3 - Often 151
4 - Repeatedly 102
(Did not answer) 5
Total Responses 379
D1 — Task 1
12. Importance
12(a). Importance: Serve as a resource (provide guidance) to your organization regarding privacy and security laws, re
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 2
2 - Moderately Important 9
3 - Very Important 115
4 - Extremely Important 251
(Did not answer) 2
Total Responses 379
D1 — Task 1
13. Criticality
13(a). Criticality: Serve as a resource (provide guidance) to your organization regarding privacy and security laws, reg
Responses Count
0 - No Harm 3
1 - Minimal Harm 17
2 - Moderate Harm 79
3 - Substantial Harm 168
4 - Extreme Harm 108
(Did not answer) 4
Total Responses 379
D1 — Task 1
14. Frequency
14(a). Frequency: Serve as a resource (provide guidance) to your organization regarding privacy and security laws, re
Responses Count
0 - Never 0
1 - Rarely 9
2 - Sometimes 35
3 - Often 147
4 - Repeatedly 184
(Did not answer) 4
Total Responses 379
D1 — Task 2
16. Importance
16(a). Importance: Develop incident response plan and identify team members (e.g. Human Resources, Legal, Risk Ma
Responses Count
0 - Of No Importance 3
1 - Of Little Importance 10
2 - Moderately Important 47
3 - Very Important 160
4 - Extremely Important 155
(Did not answer) 4
Total Responses 379
D1 — Task 2
17. Criticality
17(a). Criticality: Develop incident response plan and identify team members (e.g. Human Resources, Legal, Risk Man
Responses Count
0 - No Harm 6
1 - Minimal Harm 27
2 - Moderate Harm 95
3 - Substantial Harm 151
4 - Extreme Harm 92
(Did not answer) 8
Total Responses 379
D1 — Task 2
18. Frequency
18(a). Frequency: Develop incident response plan and identify team members (e.g. Human Resources, Legal, Risk Man
Responses Count
0 - Never 7
1 - Rarely 55
2 - Sometimes 136
3 - Often 119
4 - Repeatedly 53
(Did not answer) 9
Total Responses 379
D1 — Task 3
20. Importance
20(a). Importance: Demonstrate privacy and security compliance with documentation, production, and retention as req
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 3
2 - Moderately Important 41
3 - Very Important 128
4 - Extremely Important 205
(Did not answer) 2
Total Responses 379
D1 — Task 3
21. Criticality
21(a). Criticality: Demonstrate privacy and security compliance with documentation, production, and retention as requ
Responses Count
0 - No Harm 6
1 - Minimal Harm 40
2 - Moderate Harm 87
3 - Substantial Harm 146
4 - Extreme Harm 94
(Did not answer) 6
Total Responses 379
D1 — Task 3
22. Frequency
22(a). Frequency: Demonstrate privacy and security compliance with documentation, production, and retention as req
Responses Count
0 - Never 1
1 - Rarely 23
2 - Sometimes 92
3 - Often 129
4 - Repeatedly 128
(Did not answer) 6
Total Responses 379
D2 — Task 1
24. Importance
24(a). Importance: Administer an appropriate organizational infrastructure for privacy and information security to over
Responses Count
0 - Of No Importance 2
1 - Of Little Importance 8
2 - Moderately Important 64
3 - Very Important 174
4 - Extremely Important 128
(Did not answer) 3
Total Responses 379
D2 — Task 1
25. Criticality
25(a). Criticality: Administer an appropriate organizational infrastructure for privacy and information security to overs
Responses Count
0 - No Harm 6
1 - Minimal Harm 39
2 - Moderate Harm 117
3 - Substantial Harm 150
4 - Extreme Harm 61
(Did not answer) 6
Total Responses 379
D2 — Task 1
26. Frequency
26(a). Frequency: Administer an appropriate organizational infrastructure for privacy and information security to overs
Responses Count
0 - Never 13
1 - Rarely 26
2 - Sometimes 125
3 - Often 135
4 - Repeatedly 76
(Did not answer) 4
Total Responses 379
D2 — Task 2
28. Importance
28(a). Importance: Create, document, and communicate information privacy and security policies, procedures, consen
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 0
2 - Moderately Important 28
3 - Very Important 145
4 - Extremely Important 203
(Did not answer) 3
Total Responses 379
D2 — Task 2
29. Criticality
29(a). Criticality: Create, document, and communicate information privacy and security policies, procedures, consents
Responses Count
0 - No Harm 4
1 - Minimal Harm 18
2 - Moderate Harm 91
3 - Substantial Harm 167
4 - Extreme Harm 92
(Did not answer) 7
Total Responses 379
D2 — Task 2
30. Frequency
30(a). Frequency: Create, document, and communicate information privacy and security policies, procedures, consen
Responses Count
0 - Never 1
1 - Rarely 7
2 - Sometimes 80
3 - Often 155
4 - Repeatedly 131
(Did not answer) 5
Total Responses 379
D2 — Task 3
32. Importance
32(a). Importance: Identify contracts and business relationships and secure appropriate agreements related to privacy
Responses Count
0 - Of No Importance 2
1 - Of Little Importance 8
2 - Moderately Important 90
3 - Very Important 154
4 - Extremely Important 120
(Did not answer) 5
Total Responses 379
D2 — Task 3
33. Criticality
33(a). Criticality: Identify contracts and business relationships and secure appropriate agreements related to privacy a
Responses Count
0 - No Harm 7
1 - Minimal Harm 36
2 - Moderate Harm 121
3 - Substantial Harm 140
4 - Extreme Harm 68
(Did not answer) 7
Total Responses 379
D2 — Task 3
34. Frequency
34(a). Frequency: Identify contracts and business relationships and secure appropriate agreements related to privacy
Responses Count
0 - Never 8
1 - Rarely 57
2 - Sometimes 129
3 - Often 120
4 - Repeatedly 60
(Did not answer) 5
Total Responses 379
D2 — Task 4
36. Importance
36(a). Importance: Establish and maintain facility security plan to safeguard unauthorized physical access to informat
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 6
2 - Moderately Important 31
3 - Very Important 119
4 - Extremely Important 217
(Did not answer) 5
Total Responses 379
D2 — Task 4
37. Criticality
37(a). Criticality: Establish and maintain facility security plan to safeguard unauthorized physical access to informatio
Responses Count
0 - No Harm 2
1 - Minimal Harm 5
2 - Moderate Harm 50
3 - Substantial Harm 146
4 - Extreme Harm 168
(Did not answer) 8
Total Responses 379
D2 — Task 4
38. Frequency
38(a). Frequency: Establish and maintain facility security plan to safeguard unauthorized physical access to informati
Responses Count
0 - Never 11
1 - Rarely 38
2 - Sometimes 100
3 - Often 115
4 - Repeatedly 109
(Did not answer) 6
Total Responses 379
D2 — Task 5
40. Importance
40(a). Importance: Develop, deliver, evaluate and document training and awareness on information privacy and securi
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 0
2 - Moderately Important 38
3 - Very Important 152
4 - Extremely Important 186
(Did not answer) 3
Total Responses 379
D2 — Task 5
41. Criticality
41(a). Criticality: Develop, deliver, evaluate and document training and awareness on information privacy and security
Responses Count
0 - No Harm 6
1 - Minimal Harm 21
2 - Moderate Harm 93
3 - Substantial Harm 159
4 - Extreme Harm 94
(Did not answer) 6
Total Responses 379
D2 — Task 5
42. Frequency
42(a). Frequency: Develop, deliver, evaluate and document training and awareness on information privacy and securit
Responses Count
0 - Never 3
1 - Rarely 10
2 - Sometimes 77
3 - Often 150
4 - Repeatedly 135
(Did not answer) 4
Total Responses 379
D2 — Task 6
44. Importance
44(a). Importance: Work with appropriate organization officials to verify that information used or disclosed for researc
Responses Count
0 - Of No Importance 9
1 - Of Little Importance 16
2 - Moderately Important 118
3 - Very Important 143
4 - Extremely Important 90
(Did not answer) 3
Total Responses 379
D2 — Task 6
45. Criticality
45(a). Criticality: Work with appropriate organization officials to verify that information used or disclosed for research
Responses Count
0 - No Harm 16
1 - Minimal Harm 55
2 - Moderate Harm 138
3 - Substantial Harm 106
4 - Extreme Harm 58
(Did not answer) 6
Total Responses 379
D2 — Task 6
46. Frequency
46(a). Frequency: Work with appropriate organization officials to verify that information used or disclosed for research
Responses Count
0 - Never 30
1 - Rarely 93
2 - Sometimes 123
3 - Often 81
4 - Repeatedly 46
(Did not answer) 6
Total Responses 379
D2 — Task 7
48. Importance
48(a). Importance: Assess, recommend, revise, and communicate changes to organizational policies, procedures, and
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 4
2 - Moderately Important 61
3 - Very Important 184
4 - Extremely Important 128
(Did not answer) 1
Total Responses 379
D2 — Task 7
49. Criticality
49(a). Criticality: Assess, recommend, revise, and communicate changes to organizational policies, procedures, and p
Responses Count
0 - No Harm 6
1 - Minimal Harm 38
2 - Moderate Harm 126
3 - Substantial Harm 141
4 - Extreme Harm 64
(Did not answer) 4
Total Responses 379
D2 — Task 7
50. Frequency
50(a). Frequency: Assess, recommend, revise, and communicate changes to organizational policies, procedures, and
Responses Count
0 - Never 5
1 - Rarely 27
2 - Sometimes 125
3 - Often 142
4 - Repeatedly 78
(Did not answer) 2
Total Responses 379
D2 — Task 8
52. Importance
52(a). Importance: Assess and communicate risks and ramifications of privacy and security incidents, including those
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 6
2 - Moderately Important 78
3 - Very Important 161
4 - Extremely Important 130
(Did not answer) 3
Total Responses 379
D2 — Task 8
53. Criticality
53(a). Criticality: Assess and communicate risks and ramifications of privacy and security incidents, including those b
Responses Count
0 - No Harm 6
1 - Minimal Harm 26
2 - Moderate Harm 103
3 - Substantial Harm 158
4 - Extreme Harm 80
(Did not answer) 6
Total Responses 379
D2 — Task 8
54. Frequency
54(a). Frequency: Assess and communicate risks and ramifications of privacy and security incidents, including those
Responses Count
0 - Never 4
1 - Rarely 55
2 - Sometimes 148
3 - Often 113
4 - Repeatedly 55
(Did not answer) 4
Total Responses 379
D2 — Task 9
56. Importance
56(a). Importance: Establish a preventative program to detect, prevent and mitigate privacy/security breaches.
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 3
2 - Moderately Important 40
3 - Very Important 130
4 - Extremely Important 202
(Did not answer) 3
Total Responses 379
D2 — Task 9
57. Criticality
57(a). Criticality: Establish a preventative program to detect, prevent and mitigate privacy/security breaches.
Responses Count
0 - No Harm 2
1 - Minimal Harm 13
2 - Moderate Harm 74
3 - Substantial Harm 160
4 - Extreme Harm 124
(Did not answer) 6
Total Responses 379
D2 — Task 9
58. Frequency
58(a). Frequency: Establish a preventative program to detect, prevent and mitigate privacy/security breaches.
Responses Count
0 - Never 5
1 - Rarely 36
2 - Sometimes 112
3 - Often 144
4 - Repeatedly 78
(Did not answer) 4
Total Responses 379
D2 — Task 10
60. Importance
60(a). Importance: Apply and recommend appropriate de-identification methodologies.
Responses Count
0 - Of No Importance 5
1 - Of Little Importance 26
2 - Moderately Important 107
3 - Very Important 147
4 - Extremely Important 89
(Did not answer) 5
Total Responses 379
D2 — Task 10
61. Criticality
61(a). Criticality: Apply and recommend appropriate de-identification methodologies.
Responses Count
0 - No Harm 7
1 - Minimal Harm 46
2 - Moderate Harm 121
3 - Substantial Harm 133
4 - Extreme Harm 63
(Did not answer) 9
Total Responses 379
D2 — Task 10
62. Frequency
62(a). Frequency: Apply and recommend appropriate de-identification methodologies.
Responses Count
0 - Never 16
1 - Rarely 110
2 - Sometimes 125
3 - Often 90
4 - Repeatedly 32
(Did not answer) 6
Total Responses 379
D2 — Task 11
64. Importance
64(a). Importance: Verify that requesters of protected information are authorized and permitted to receive the protecte
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 1
2 - Moderately Important 19
3 - Very Important 100
4 - Extremely Important 255
(Did not answer) 3
Total Responses 379
D2 — Task 11
65. Criticality
65(a). Criticality: Verify that requesters of protected information are authorized and permitted to receive the protected
Responses Count
0 - No Harm 2
1 - Minimal Harm 5
2 - Moderate Harm 52
3 - Substantial Harm 150
4 - Extreme Harm 164
(Did not answer) 6
Total Responses 379
D2 — Task 11
66. Frequency
66(a). Frequency: Verify that requesters of protected information are authorized and permitted to receive the protected
Responses Count
0 - Never 1
1 - Rarely 21
2 - Sometimes 54
3 - Often 102
4 - Repeatedly 197
(Did not answer) 4
Total Responses 379
D2 — Task 12
68. Importance
68(a). Importance: Define HIPAA-designated record sets for the organization in order to appropriately respond to a req
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 14
2 - Moderately Important 80
3 - Very Important 173
4 - Extremely Important 108
(Did not answer) 3
Total Responses 379
D2 — Task 12
69. Criticality
69(a). Criticality: Define HIPAA-designated record sets for the organization in order to appropriately respond to a requ
Responses Count
0 - No Harm 6
1 - Minimal Harm 44
2 - Moderate Harm 137
3 - Substantial Harm 124
4 - Extreme Harm 62
(Did not answer) 6
Total Responses 379
D2 — Task 12
70. Frequency
70(a). Frequency: Define HIPAA-designated record sets for the organization in order to appropriately respond to a requ
Responses Count
0 - Never 6
1 - Rarely 72
2 - Sometimes 107
3 - Often 118
4 - Repeatedly 72
(Did not answer) 4
Total Responses 379
D2 — Task 13
72. Importance
72(a). Importance: Identify information and record sets requiring special privacy protections.
Responses Count
0 - Of No Importance 2
1 - Of Little Importance 8
2 - Moderately Important 51
3 - Very Important 141
4 - Extremely Important 174
(Did not answer) 3
Total Responses 379
D2 — Task 13
73. Criticality
73(a). Criticality: Identify information and record sets requiring special privacy protections.
Responses Count
0 - No Harm 4
1 - Minimal Harm 16
2 - Moderate Harm 82
3 - Substantial Harm 150
4 - Extreme Harm 120
(Did not answer) 7
Total Responses 379
D2 — Task 13
74. Frequency
74(a). Frequency: Identify information and record sets requiring special privacy protections.
Responses Count
0 - Never 6
1 - Rarely 75
2 - Sometimes 118
3 - Often 100
4 - Repeatedly 76
(Did not answer) 4
Total Responses 379
D2 — Task 14
76. Importance
76(a). Importance: Identify permitted uses and disclosures of protected health information with or without patient auth
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 3
2 - Moderately Important 33
3 - Very Important 158
4 - Extremely Important 184
(Did not answer) 1
Total Responses 379
D2 — Task 14
77. Criticality
77(a). Criticality: Identify permitted uses and disclosures of protected health information with or without patient autho
Responses Count
0 - No Harm 0
1 - Minimal Harm 13
2 - Moderate Harm 85
3 - Substantial Harm 164
4 - Extreme Harm 113
(Did not answer) 4
Total Responses 379
D2 — Task 14
78. Frequency
78(a). Frequency: Identify permitted uses and disclosures of protected health information with or without patient auth
Responses Count
0 - Never 2
1 - Rarely 29
2 - Sometimes 87
3 - Often 131
4 - Repeatedly 128
(Did not answer) 2
Total Responses 379
D2 — Task 15
80. Importance
80(a). Importance: Develop minimum necessary procedures.
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 6
2 - Moderately Important 79
3 - Very Important 168
4 - Extremely Important 122
(Did not answer) 3
Total Responses 379
D2 — Task 15
81. Criticality
81(a). Criticality: Develop minimum necessary procedures.
Responses Count
0 - No Harm 1
1 - Minimal Harm 30
2 - Moderate Harm 155
3 - Substantial Harm 124
4 - Extreme Harm 63
(Did not answer) 6
Total Responses 379
D2 — Task 15
82. Frequency
82(a). Frequency: Develop minimum necessary procedures.
Responses Count
0 - Never 7
1 - Rarely 48
2 - Sometimes 140
3 - Often 120
4 - Repeatedly 60
(Did not answer) 4
Total Responses 379
D2 — Task 16
84. Importance
84(a). Importance: Recommend, review and approve protocols that are in place to verify identity and access rights and
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 4
2 - Moderately Important 56
3 - Very Important 163
4 - Extremely Important 152
(Did not answer) 3
Total Responses 379
D2 — Task 16
85. Criticality
85(a). Criticality: Recommend, review and approve protocols that are in place to verify identity and access rights and p
Responses Count
0 - No Harm 1
1 - Minimal Harm 22
2 - Moderate Harm 104
3 - Substantial Harm 154
4 - Extreme Harm 93
(Did not answer) 5
Total Responses 379
D2 — Task 16
86. Frequency
86(a). Frequency: Recommend, review and approve protocols that are in place to verify identity and access rights and
Responses Count
0 - Never 5
1 - Rarely 43
2 - Sometimes 112
3 - Often 139
4 - Repeatedly 77
(Did not answer) 3
Total Responses 379
D3 — Task 1
88. Importance
88(a). Importance: Facilitate development and maintenance of the inventory of software, hardware, and all information
Responses Count
0 - Of No Importance 8
1 - Of Little Importance 14
2 - Moderately Important 68
3 - Very Important 168
4 - Extremely Important 120
(Did not answer) 1
Total Responses 379
D3 — Task 1
89. Criticality
89(a). Criticality: Facilitate development and maintenance of the inventory of software, hardware, and all information a
Responses Count
0 - No Harm 10
1 - Minimal Harm 34
2 - Moderate Harm 105
3 - Substantial Harm 138
4 - Extreme Harm 88
(Did not answer) 4
Total Responses 379
D3 — Task 1
90. Frequency
90(a). Frequency: Facilitate development and maintenance of the inventory of software, hardware, and all information
Responses Count
0 - Never 39
1 - Rarely 88
2 - Sometimes 122
3 - Often 78
4 - Repeatedly 50
(Did not answer) 2
Total Responses 379
D3 — Task 2
92. Importance
92(a). Importance: Participate in business continuity planning for planned downtime and contingency planning for em
Responses Count
0 - Of No Importance 5
1 - Of Little Importance 7
2 - Moderately Important 72
3 - Very Important 153
4 - Extremely Important 140
(Did not answer) 2
Total Responses 379
D3 — Task 2
93. Criticality
93(a). Criticality: Participate in business continuity planning for planned downtime and contingency planning for emer
Responses Count
0 - No Harm 5
1 - Minimal Harm 38
2 - Moderate Harm 94
3 - Substantial Harm 126
4 - Extreme Harm 111
(Did not answer) 5
Total Responses 379
D3 — Task 2
94. Frequency
94(a). Frequency: Participate in business continuity planning for planned downtime and contingency planning for eme
Responses Count
0 - Never 22
1 - Rarely 85
2 - Sometimes 144
3 - Often 91
4 - Repeatedly 34
(Did not answer) 3
Total Responses 379
D3 — Task 3
96. Importance
96(a). Importance: Participate in evaluation, selection, and implementation of information privacy and security solutio
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 12
2 - Moderately Important 80
3 - Very Important 160
4 - Extremely Important 125
(Did not answer) 1
Total Responses 379
D3 — Task 3
97. Criticality
97(a). Criticality: Participate in evaluation, selection, and implementation of information privacy and security solutions
Responses Count
0 - No Harm 6
1 - Minimal Harm 42
2 - Moderate Harm 125
3 - Substantial Harm 137
4 - Extreme Harm 65
(Did not answer) 4
Total Responses 379
D3 — Task 3
98. Frequency
98(a). Frequency: Participate in evaluation, selection, and implementation of information privacy and security solution
Responses Count
0 - Never 15
1 - Rarely 73
2 - Sometimes 128
3 - Often 114
4 - Repeatedly 47
(Did not answer) 2
Total Responses 379
D3 — Task 4
100. Importance
100(a). Importance: Develop a systematic process to evaluate risk to and criticalities of information systems which co
Responses Count
0 - Of No Importance 5
1 - Of Little Importance 8
2 - Moderately Important 70
3 - Very Important 181
4 - Extremely Important 113
(Did not answer) 2
Total Responses 379
D3 — Task 4
101. Criticality
101(a). Criticality: Develop a systematic process to evaluate risk to and criticalities of information systems which cont
Responses Count
0 - No Harm 7
1 - Minimal Harm 23
2 - Moderate Harm 120
3 - Substantial Harm 148
4 - Extreme Harm 76
(Did not answer) 5
Total Responses 379
D3 — Task 4
102. Frequency
102(a). Frequency: Develop a systematic process to evaluate risk to and criticalities of information systems which con
Responses Count
0 - Never 24
1 - Rarely 72
2 - Sometimes 131
3 - Often 106
4 - Repeatedly 43
(Did not answer) 3
Total Responses 379
D3 — Task 5
104. Importance
104(a). Importance: Assess, implement and oversee media control practices that govern the receipt, removal, re-use, o
Responses Count
0 - Of No Importance 6
1 - Of Little Importance 6
2 - Moderately Important 62
3 - Very Important 155
4 - Extremely Important 149
(Did not answer) 1
Total Responses 379
D3 — Task 5
105. Criticality
105(a). Criticality: Assess, implement and oversee media control practices that govern the receipt, removal, re-use, or
Responses Count
0 - No Harm 6
1 - Minimal Harm 10
2 - Moderate Harm 92
3 - Substantial Harm 147
4 - Extreme Harm 120
(Did not answer) 4
Total Responses 379
D3 — Task 5
106. Frequency
106(a). Frequency: Assess, implement and oversee media control practices that govern the receipt, removal, re-use, o
Responses Count
0 - Never 29
1 - Rarely 74
2 - Sometimes 122
3 - Often 91
4 - Repeatedly 61
(Did not answer) 2
Total Responses 379
D3 — Task 6
108. Importance
108(a). Importance: Establish and monitor physical security mechanisms to limit the access of authorized personnel t
Responses Count
0 - Of No Importance 2
1 - Of Little Importance 12
2 - Moderately Important 43
3 - Very Important 163
4 - Extremely Important 156
(Did not answer) 3
Total Responses 379
D3 — Task 6
109. Criticality
109(a). Criticality: Establish and monitor physical security mechanisms to limit the access of authorized personnel to
Responses Count
0 - No Harm 1
1 - Minimal Harm 17
2 - Moderate Harm 95
3 - Substantial Harm 155
4 - Extreme Harm 104
(Did not answer) 7
Total Responses 379
D3 — Task 6
110. Frequency
110(a). Frequency: Establish and monitor physical security mechanisms to limit the access of authorized personnel to
Responses Count
0 - Never 15
1 - Rarely 54
2 - Sometimes 110
3 - Often 123
4 - Repeatedly 71
(Did not answer) 6
Total Responses 379
D3 — Task 7
112. Importance
112(a). Importance: Establish reasonable safeguards to reduce incidental disclosures.
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 9
2 - Moderately Important 89
3 - Very Important 154
4 - Extremely Important 124
(Did not answer) 2
Total Responses 379
D3 — Task 7
113. Criticality
113(a). Criticality: Establish reasonable safeguards to reduce incidental disclosures.
Responses Count
0 - No Harm 1
1 - Minimal Harm 42
2 - Moderate Harm 135
3 - Substantial Harm 138
4 - Extreme Harm 58
(Did not answer) 5
Total Responses 379
D3 — Task 7
114. Frequency
114(a). Frequency: Establish reasonable safeguards to reduce incidental disclosures.
Responses Count
0 - Never 4
1 - Rarely 39
2 - Sometimes 140
3 - Often 135
4 - Repeatedly 57
(Did not answer) 4
Total Responses 379
D3 — Task 8
116. Importance
116(a). Importance: Develop and manage organization’s information security plan.
Responses Count
0 - Of No Importance 5
1 - Of Little Importance 13
2 - Moderately Important 54
3 - Very Important 157
4 - Extremely Important 148
(Did not answer) 2
Total Responses 379
D3 — Task 8
117. Criticality
117(a). Criticality: Develop and manage organization’s information security plan.
Responses Count
0 - No Harm 8
1 - Minimal Harm 23
2 - Moderate Harm 95
3 - Substantial Harm 153
4 - Extreme Harm 95
(Did not answer) 5
Total Responses 379
D3 — Task 8
118. Frequency
118(a). Frequency: Develop and manage organization’s information security plan.
Responses Count
0 - Never 34
1 - Rarely 72
2 - Sometimes 118
3 - Often 97
4 - Repeatedly 54
(Did not answer) 4
Total Responses 379
D3 — Task 9
120. Importance
120(a). Importance: Participate in the organizational risk assessment plan to identify threats and vulnerabilities.
Responses Count
0 - Of No Importance 2
1 - Of Little Importance 7
2 - Moderately Important 60
3 - Very Important 154
4 - Extremely Important 152
(Did not answer) 4
Total Responses 379
D3 — Task 9
121. Criticality
121(a). Criticality: Participate in the organizational risk assessment plan to identify threats and vulnerabilities.
Responses Count
0 - No Harm 7
1 - Minimal Harm 20
2 - Moderate Harm 98
3 - Substantial Harm 149
4 - Extreme Harm 98
(Did not answer) 7
Total Responses 379
D3 — Task 9
122. Frequency
122(a). Frequency: Participate in the organizational risk assessment plan to identify threats and vulnerabilities.
Responses Count
0 - Never 19
1 - Rarely 70
2 - Sometimes 118
3 - Often 118
4 - Repeatedly 48
(Did not answer) 6
Total Responses 379
D3 — Task 10
124. Importance
124(a). Importance: Establish security policy and compliance review program.
Responses Count
0 - Of No Importance 5
1 - Of Little Importance 10
2 - Moderately Important 59
3 - Very Important 176
4 - Extremely Important 127
(Did not answer) 2
Total Responses 379
D3 — Task 10
125. Criticality
125(a). Criticality: Establish security policy and compliance review program.
Responses Count
0 - No Harm 8
1 - Minimal Harm 33
2 - Moderate Harm 102
3 - Substantial Harm 161
4 - Extreme Harm 70
(Did not answer) 5
Total Responses 379
D3 — Task 10
126. Frequency
126(a). Frequency: Establish security policy and compliance review program.
Responses Count
0 - Never 22
1 - Rarely 59
2 - Sometimes 134
3 - Often 119
4 - Repeatedly 40
(Did not answer) 5
Total Responses 379
D3 — Task 11
128. Importance
128(a). Importance: Ensure adequacy of technical safeguards such as configuration management, intrusion detection
Responses Count
0 - Of No Importance 5
1 - Of Little Importance 17
2 - Moderately Important 65
3 - Very Important 146
4 - Extremely Important 141
(Did not answer) 5
Total Responses 379
D3 — Task 11
129. Criticality
129(a). Criticality: Ensure adequacy of technical safeguards such as configuration management, intrusion detection, a
Responses Count
0 - No Harm 6
1 - Minimal Harm 20
2 - Moderate Harm 92
3 - Substantial Harm 157
4 - Extreme Harm 96
(Did not answer) 8
Total Responses 379
D3 — Task 11
130. Frequency
130(a). Frequency: Ensure adequacy of technical safeguards such as configuration management, intrusion detection,
Responses Count
0 - Never 54
1 - Rarely 75
2 - Sometimes 106
3 - Often 94
4 - Repeatedly 43
(Did not answer) 7
Total Responses 379
D3 — Task 12
132. Importance
132(a). Importance: Establish a documentation process to record any and all changes made to software and hardware
Responses Count
0 - Of No Importance 7
1 - Of Little Importance 25
2 - Moderately Important 101
3 - Very Important 150
4 - Extremely Important 93
(Did not answer) 3
Total Responses 379
D3 — Task 12
133. Criticality
133(a). Criticality: Establish a documentation process to record any and all changes made to software and hardware.
Responses Count
0 - No Harm 14
1 - Minimal Harm 64
2 - Moderate Harm 131
3 - Substantial Harm 112
4 - Extreme Harm 52
(Did not answer) 6
Total Responses 379
D3 — Task 12
134. Frequency
134(a). Frequency: Establish a documentation process to record any and all changes made to software and hardware.
Responses Count
0 - Never 70
1 - Rarely 104
2 - Sometimes 84
3 - Often 78
4 - Repeatedly 38
(Did not answer) 5
Total Responses 379
D3 — Task 13
136. Importance
136(a). Importance: Establish internal policies, procedures and rules to protect information and comply with security r
Responses Count
0 - Of No Importance 2
1 - Of Little Importance 5
2 - Moderately Important 59
3 - Very Important 159
4 - Extremely Important 152
(Did not answer) 2
Total Responses 379
D3 — Task 13
137. Criticality
137(a). Criticality: Establish internal policies, procedures and rules to protect information and comply with security req
Responses Count
0 - No Harm 3
1 - Minimal Harm 28
2 - Moderate Harm 105
3 - Substantial Harm 158
4 - Extreme Harm 81
(Did not answer) 4
Total Responses 379
D3 — Task 13
138. Frequency
138(a). Frequency: Establish internal policies, procedures and rules to protect information and comply with security re
Responses Count
0 - Never 25
1 - Rarely 44
2 - Sometimes 112
3 - Often 144
4 - Repeatedly 51
(Did not answer) 3
Total Responses 379
D3 — Task 14
140. Importance
140(a). Importance: Apply appropriate technologies to protect information received from or transmitted to external use
Responses Count
0 - Of No Importance 4
1 - Of Little Importance 15
2 - Moderately Important 59
3 - Very Important 148
4 - Extremely Important 150
(Did not answer) 3
Total Responses 379
D3 — Task 14
141. Criticality
141(a). Criticality: Apply appropriate technologies to protect information received from or transmitted to external user
Responses Count
0 - No Harm 6
1 - Minimal Harm 31
2 - Moderate Harm 81
3 - Substantial Harm 160
4 - Extreme Harm 95
(Did not answer) 6
Total Responses 379
D3 — Task 14
142. Frequency
142(a). Frequency: Apply appropriate technologies to protect information received from or transmitted to external use
Responses Count
0 - Never 48
1 - Rarely 69
2 - Sometimes 105
3 - Often 90
4 - Repeatedly 62
(Did not answer) 5
Total Responses 379
D3 — Task 15
144. Importance
144(a). Importance: Verify and validate data backup plan.
Responses Count
0 - Of No Importance 8
1 - Of Little Importance 9
2 - Moderately Important 48
3 - Very Important 142
4 - Extremely Important 169
(Did not answer) 3
Total Responses 379
D3 — Task 15
145. Criticality
145(a). Criticality: Verify and validate data backup plan.
Responses Count
0 - No Harm 7
1 - Minimal Harm 31
2 - Moderate Harm 72
3 - Substantial Harm 134
4 - Extreme Harm 130
(Did not answer) 5
Total Responses 379
D3 — Task 15
146. Frequency
146(a). Frequency: Verify and validate data backup plan.
Responses Count
0 - Never 59
1 - Rarely 74
2 - Sometimes 93
3 - Often 88
4 - Repeatedly 62
(Did not answer) 3
Total Responses 379
D3 — Task 16
148. Importance
148(a). Importance: Establish guidelines, procedures and controls to ensure the integrity, availability and confidential
Responses Count
0 - Of No Importance 7
1 - Of Little Importance 7
2 - Moderately Important 40
3 - Very Important 136
4 - Extremely Important 184
(Did not answer) 5
Total Responses 379
D3 — Task 16
149. Criticality
149(a). Criticality: Establish guidelines, procedures and controls to ensure the integrity, availability and confidentiality
Responses Count
0 - No Harm 7
1 - Minimal Harm 19
2 - Moderate Harm 71
3 - Substantial Harm 146
4 - Extreme Harm 129
(Did not answer) 7
Total Responses 379
D3 — Task 16
150. Frequency
150(a). Frequency: Establish guidelines, procedures and controls to ensure the integrity, availability and confidentialit
Responses Count
0 - Never 58
1 - Rarely 61
2 - Sometimes 101
3 - Often 96
4 - Repeatedly 58
(Did not answer) 5
Total Responses 379
D3 — Task 17
152. Importance
152(a). Importance: Advocate the use of event triggering to identify abnormal conditions within a system (e.g. intrusio
Responses Count
0 - Of No Importance 4
1 - Of Little Importance 7
2 - Moderately Important 69
3 - Very Important 144
4 - Extremely Important 148
(Did not answer) 7
Total Responses 379
D3 — Task 17
153. Criticality
153(a). Criticality: Advocate the use of event triggering to identify abnormal conditions within a system (e.g. intrusion
Responses Count
0 - No Harm 2
1 - Minimal Harm 27
2 - Moderate Harm 97
3 - Substantial Harm 143
4 - Extreme Harm 102
(Did not answer) 8
Total Responses 379
D3 — Task 17
154. Frequency
154(a). Frequency: Advocate the use of event triggering to identify abnormal conditions within a system (e.g. intrusion
Responses Count
0 - Never 63
1 - Rarely 64
2 - Sometimes 95
3 - Often 84
4 - Repeatedly 67
(Did not answer) 6
Total Responses 379
D3 — Task 18
156. Importance
156(a). Importance: Establish and manage process for verifying and controlling access authorizations and privileges i
Responses Count
0 - Of No Importance 2
1 - Of Little Importance 6
2 - Moderately Important 68
3 - Very Important 158
4 - Extremely Important 137
(Did not answer) 8
Total Responses 379
D3 — Task 18
157. Criticality
157(a). Criticality: Establish and manage process for verifying and controlling access authorizations and privileges inc
Responses Count
0 - No Harm 4
1 - Minimal Harm 22
2 - Moderate Harm 102
3 - Substantial Harm 153
4 - Extreme Harm 88
(Did not answer) 10
Total Responses 379
D3 — Task 18
158. Frequency
158(a). Frequency: Establish and manage process for verifying and controlling access authorizations and privileges in
Responses Count
0 - Never 38
1 - Rarely 56
2 - Sometimes 117
3 - Often 95
4 - Repeatedly 64
(Did not answer) 9
Total Responses 379
D3 — Task 19
160. Importance
160(a). Importance: Establish and manage authentication mechanisms.
Responses Count
0 - Of No Importance 3
1 - Of Little Importance 10
2 - Moderately Important 62
3 - Very Important 166
4 - Extremely Important 130
(Did not answer) 8
Total Responses 379
D3 — Task 19
161. Criticality
161(a). Criticality: Establish and manage authentication mechanisms.
Responses Count
0 - No Harm 4
1 - Minimal Harm 34
2 - Moderate Harm 93
3 - Substantial Harm 160
4 - Extreme Harm 78
(Did not answer) 10
Total Responses 379
D3 — Task 19
162. Frequency
162(a). Frequency: Establish and manage authentication mechanisms.
Responses Count
0 - Never 56
1 - Rarely 56
2 - Sometimes 99
3 - Often 98
4 - Repeatedly 62
(Did not answer) 8
Total Responses 379
D3 — Task 20
164. Importance
164(a). Importance: Recommend the encryption of protected health information and other sensitive data based on risk
Responses Count
0 - Of No Importance 4
1 - Of Little Importance 10
2 - Moderately Important 49
3 - Very Important 121
4 - Extremely Important 188
(Did not answer) 7
Total Responses 379
D3 — Task 20
165. Criticality
165(a). Criticality: Recommend the encryption of protected health information and other sensitive data based on risk a
Responses Count
0 - No Harm 9
1 - Minimal Harm 19
2 - Moderate Harm 65
3 - Substantial Harm 150
4 - Extreme Harm 128
(Did not answer) 8
Total Responses 379
D3 — Task 20
166. Frequency
166(a). Frequency: Recommend the encryption of protected health information and other sensitive data based on risk
Responses Count
0 - Never 32
1 - Rarely 59
2 - Sometimes 100
3 - Often 101
4 - Repeatedly 81
(Did not answer) 6
Total Responses 379
D3 — Task 21
168. Importance
168(a). Importance: Provide for forensic services.
Responses Count
0 - Of No Importance 34
1 - Of Little Importance 51
2 - Moderately Important 130
3 - Very Important 102
4 - Extremely Important 56
(Did not answer) 6
Total Responses 379
D3 — Task 21
169. Criticality
169(a). Criticality: Provide for forensic services.
Responses Count
0 - No Harm 46
1 - Minimal Harm 73
2 - Moderate Harm 127
3 - Substantial Harm 85
4 - Extreme Harm 40
(Did not answer) 8
Total Responses 379
D3 — Task 21
170. Frequency
170(a). Frequency: Provide for forensic services.
Responses Count
0 - Never 127
1 - Rarely 116
2 - Sometimes 84
3 - Often 28
4 - Repeatedly 18
(Did not answer) 6
Total Responses 379
D4 — Task 1
172. Importance
172(a). Importance: Monitor and assess compliance with state and federal laws and regulations related to privacy and
Responses Count
0 - Of No Importance 2
1 - Of Little Importance 3
2 - Moderately Important 29
3 - Very Important 141
4 - Extremely Important 202
(Did not answer) 2
Total Responses 379
D4 — Task 1
173. Criticality
173(a). Criticality: Monitor and assess compliance with state and federal laws and regulations related to privacy and s
Responses Count
0 - No Harm 3
1 - Minimal Harm 25
2 - Moderate Harm 87
3 - Substantial Harm 151
4 - Extreme Harm 107
(Did not answer) 6
Total Responses 379
D4 — Task 1
174. Frequency
174(a). Frequency: Monitor and assess compliance with state and federal laws and regulations related to privacy and
Responses Count
0 - Never 1
1 - Rarely 15
2 - Sometimes 59
3 - Often 153
4 - Repeatedly 146
(Did not answer) 5
Total Responses 379
D4 — Task 2
176. Importance
176(a). Importance: Coordinate the organization’s response to inquiries and investigations from external entities relat
Responses Count
0 - Of No Importance 2
1 - Of Little Importance 3
2 - Moderately Important 55
3 - Very Important 151
4 - Extremely Important 164
(Did not answer) 4
Total Responses 379
D4 — Task 2
177. Criticality
177(a). Criticality: Coordinate the organization’s response to inquiries and investigations from external entities relatin
Responses Count
0 - No Harm 8
1 - Minimal Harm 28
2 - Moderate Harm 97
3 - Substantial Harm 150
4 - Extreme Harm 89
(Did not answer) 7
Total Responses 379
D4 — Task 2
178. Frequency
178(a). Frequency: Coordinate the organization’s response to inquiries and investigations from external entities relatin
Responses Count
0 - Never 9
1 - Rarely 58
2 - Sometimes 102
3 - Often 111
4 - Repeatedly 93
(Did not answer) 6
Total Responses 379
D4 — Task 3
180. Importance
180(a). Importance: Establish performance indicators, triggers, and alerts. Develop performance measures and report
Responses Count
0 - Of No Importance 3
1 - Of Little Importance 19
2 - Moderately Important 122
3 - Very Important 160
4 - Extremely Important 70
(Did not answer) 5
Total Responses 379
D4 — Task 3
181. Criticality
181(a). Criticality: Establish performance indicators, triggers, and alerts. Develop performance measures and reports t
Responses Count
0 - No Harm 27
1 - Minimal Harm 57
2 - Moderate Harm 151
3 - Substantial Harm 104
4 - Extreme Harm 32
(Did not answer) 8
Total Responses 379
D4 — Task 3
182. Frequency
182(a). Frequency: Establish performance indicators, triggers, and alerts. Develop performance measures and reports
Responses Count
0 - Never 18
1 - Rarely 60
2 - Sometimes 140
3 - Often 112
4 - Repeatedly 42
(Did not answer) 7
Total Responses 379
D4 — Task 4
184. Importance
184(a). Importance: Enforce privacy and security policies, procedures, and guidelines to facilitate compliance with fed
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 2
2 - Moderately Important 34
3 - Very Important 127
4 - Extremely Important 211
(Did not answer) 4
Total Responses 379
D4 — Task 4
185. Criticality
185(a). Criticality: Enforce privacy and security policies, procedures, and guidelines to facilitate compliance with feder
Responses Count
0 - No Harm 3
1 - Minimal Harm 22
2 - Moderate Harm 87
3 - Substantial Harm 150
4 - Extreme Harm 110
(Did not answer) 7
Total Responses 379
D4 — Task 4
186. Frequency
186(a). Frequency: Enforce privacy and security policies, procedures, and guidelines to facilitate compliance with fede
Responses Count
0 - Never 1
1 - Rarely 14
2 - Sometimes 59
3 - Often 143
4 - Repeatedly 156
(Did not answer) 6
Total Responses 379
D4 — Task 5
188. Importance
188(a). Importance: Monitor appropriate access to protected/identifiable health information.
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 3
2 - Moderately Important 38
3 - Very Important 149
4 - Extremely Important 186
(Did not answer) 3
Total Responses 379
D4 — Task 5
189. Criticality
189(a). Criticality: Monitor appropriate access to protected/identifiable health information.
Responses Count
0 - No Harm 0
1 - Minimal Harm 11
2 - Moderate Harm 85
3 - Substantial Harm 156
4 - Extreme Harm 121
(Did not answer) 6
Total Responses 379
D4 — Task 5
190. Frequency
190(a). Frequency: Monitor appropriate access to protected/identifiable health information.
Responses Count
0 - Never 4
1 - Rarely 11
2 - Sometimes 68
3 - Often 125
4 - Repeatedly 166
(Did not answer) 5
Total Responses 379
D4 — Task 6
192. Importance
192(a). Importance: Establish an incident/complaint investigation response and resolution process for privacy and sec
Responses Count
0 - Of No Importance 0
1 - Of Little Importance 5
2 - Moderately Important 42
3 - Very Important 165
4 - Extremely Important 165
(Did not answer) 2
Total Responses 379
D4 — Task 6
193. Criticality
193(a). Criticality: Establish an incident/complaint investigation response and resolution process for privacy and secu
Responses Count
0 - No Harm 1
1 - Minimal Harm 19
2 - Moderate Harm 103
3 - Substantial Harm 162
4 - Extreme Harm 88
(Did not answer) 6
Total Responses 379
D4 — Task 6
194. Frequency
194(a). Frequency: Establish an incident/complaint investigation response and resolution process for privacy and sec
Responses Count
0 - Never 6
1 - Rarely 34
2 - Sometimes 101
3 - Often 142
4 - Repeatedly 92
(Did not answer) 4
Total Responses 379
D5 — Task 1
196. Importance
196(a). Importance: Establish and maintain an operational system to distribute the organization’s Notice of Privacy Pr
Responses Count
0 - Of No Importance 4
1 - Of Little Importance 14
2 - Moderately Important 89
3 - Very Important 132
4 - Extremely Important 138
(Did not answer) 2
Total Responses 379
D5 — Task 1
197. Criticality
197(a). Criticality: Establish and maintain an operational system to distribute the organization’s Notice of Privacy Prac
Responses Count
0 - No Harm 27
1 - Minimal Harm 76
2 - Moderate Harm 124
3 - Substantial Harm 98
4 - Extreme Harm 49
(Did not answer) 5
Total Responses 379
D5 — Task 1
198. Frequency
198(a). Frequency: Establish and maintain an operational system to distribute the organization’s Notice of Privacy Pra
Responses Count
0 - Never 7
1 - Rarely 58
2 - Sometimes 85
3 - Often 110
4 - Repeatedly 115
(Did not answer) 4
Total Responses 379
D5 — Task 2
200. Importance
200(a). Importance: Inform the individual who is the subject of individually identifiable health information of their infor
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 15
2 - Moderately Important 87
3 - Very Important 162
4 - Extremely Important 111
(Did not answer) 3
Total Responses 379
D5 — Task 2
201. Criticality
201(a). Criticality: Inform the individual who is the subject of individually identifiable health information of their inform
Responses Count
0 - No Harm 20
1 - Minimal Harm 75
2 - Moderate Harm 130
3 - Substantial Harm 92
4 - Extreme Harm 56
(Did not answer) 6
Total Responses 379
D5 — Task 2
202. Frequency
202(a). Frequency: Inform the individual who is the subject of individually identifiable health information of their inform
Responses Count
0 - Never 13
1 - Rarely 63
2 - Sometimes 87
3 - Often 92
4 - Repeatedly 119
(Did not answer) 5
Total Responses 379
D5 — Task 3
204. Importance
204(a). Importance: Establish and maintain an operational system to receive, process, and document requests for: Am
Responses Count
0 - Of No Importance 1
1 - Of Little Importance 6
2 - Moderately Important 73
3 - Very Important 149
4 - Extremely Important 146
(Did not answer) 4
Total Responses 379
D5 — Task 3
205. Criticality
205(a). Criticality: Establish and maintain an operational system to receive, process, and document requests for: Ame
Responses Count
0 - No Harm 4
1 - Minimal Harm 59
2 - Moderate Harm 118
3 - Substantial Harm 124
4 - Extreme Harm 67
(Did not answer) 7
Total Responses 379
D5 — Task 3
206. Frequency
206(a). Frequency: Establish and maintain an operational system to receive, process, and document requests for: Am
Responses Count
0 - Never 4
1 - Rarely 34
2 - Sometimes 99
3 - Often 129
4 - Repeatedly 105
(Did not answer) 8
Total Responses 379
D5 — Task 4
208. Importance
208(a). Importance: Develop and implement communication tools, as appropriate for the organization, to keep individu
Responses Count
0 - Of No Importance 4
1 - Of Little Importance 15
2 - Moderately Important 108
3 - Very Important 144
4 - Extremely Important 105
(Did not answer) 3
Total Responses 379
D5 — Task 4
209. Criticality
209(a). Criticality: Develop and implement communication tools, as appropriate for the organization, to keep individua
Responses Count
0 - No Harm 21
1 - Minimal Harm 85
2 - Moderate Harm 134
3 - Substantial Harm 88
4 - Extreme Harm 45
(Did not answer) 6
Total Responses 379
D5 — Task 4
210. Frequency
210(a). Frequency: Develop and implement communication tools, as appropriate for the organization, to keep individu
Responses Count
0 - Never 9
1 - Rarely 45
2 - Sometimes 121
3 - Often 122
4 - Repeatedly 77
(Did not answer) 5
Total Responses 379
212. Based on the type of organization you work for, what general size category would you say it falls into?
Responses Count
Small 63
Medium 99
Large 86
(Did not answer) 131
Total Responses 379
To what Executive do the privacy and security functions at your organization report up through?
213. Area / Function
(a) President/VP
(b) CEO/COO
(c) CFO
(d) CIO
(e) CMO
(f) Other
Note: Multiple answers per participant possible. Percentages added may exceed 100 since a participant may select more than
214. Please indicate which professional credentials you hold (choose all that apply):
Responses Count
Certified in Healthcare Privacy (CHP) 65
Certified in Healthcare Security (CHS) 3
Certified in Healthcare Privacy and Security (CHPS) 41
Registered Health Information Administrator (RHIA) 187
Registered Health Information Technician (RHIT) 141
Certified Coding Associate (CCA) 3
Certified Coding Specialist (CCS) 42
Certified Coding Specialist-Physician-based (CCS-P) 6
Certified Information Systems Security Professional (CISSP) 1
Certified Information Privacy Professional (CIPP) 7
Certified Information Security Manager (CISM) 0
Certified Professional in Healthcare Quality (CPHQ) 9
Registered Nurse (RN) 7
Certified Tumor Register (CTR) 5
Certified Professional Coder (CPC) 6
Certified Professional Coder-Hospital (CPC-H) 3
Certified in Public Health (CPH) 0
Certified in Healthcare Compliance (CHC) 7
Medical Doctor (MD) 1
Juris Doctor (JD) 1
Certified Professional in Health Information Technology (CPHIT) 1
Certified Professional in Electronic Health Record (CPEHR) 1
Certified Professional in Healthcare Information and Management
Systems (CPHIMS) 2
Certified Healthcare Financial Professional (CHFP) 1
None of the above 8
Other (please specify) 45
(Did not answer) 14
Total Responses 607
Multiple answers per participant possible. Percentages added may exceed 100 since a participant may select more than one an
215. Please indicate which professional organizations you have a membership with (choose all that apply):
Responses Count
AAFP 0
AAMT 5
AAPC 11
ACHE 9
AHIMA 349
AIIM 2
AMIA 6
ARMA 5
CHIME 1
HFMA 17
HIMSS 50
(ISC)2 CISSP Certification 2
MGMA 3
MTIA 1
NAHQ 11
NCRA 4
Other (please specify) 61
(Did not answer) 22
Total Responses 559
Multiple answers per participant possible. Percentages added may exceed 100 since a participant may select more than one an
216. Please indicate which state you reside in:
Responses Count
Alabama 2
Alaska 1
Arizona 3
Arkansas 3
Armed Forces Asia 0
Armed Forces Europe 0
Armed Forces Pacific 1
California 36
Colorado 11
Connecticut 3
Delaware 0
District of Columbia 1
Florida 22
Georgia 8
Guam 0
Hawaii 1
Idaho 3
Illinois 16
Indiana 8
Iowa 3
Kansas 8
Kentucky 11
Louisiana 6
Maine 3
Maryland 1
Massachusetts 8
Michigan 12
Minnesota 14
Mississippi 2
Missouri 14
Montana 1
Nebraska 2
Nevada 2
New Hampshire 4
New Jersey 5
New Mexico 3
New York 13
North Carolina 11
North Dakota 0
Ohio 8
Oklahoma 2
Oregon 5
Pennsylvania 10
Puerto Rico 4
Rhode Island 3
South Carolina 3
South Dakota 2
Tennessee 12
Texas 36
Utah 1
Vermont 0
Virginia 6
Washington 15
West Virginia 7
Wisconsin 9
Wyoming 1
Outside of United States territory 0
Other (please specify) 2
(Did not answer) 11
Total Responses 379
217. Please indicate your annual salary range:
Responses Count
Less than $20,000 2
$20,000–$29,999 3
$30,000–$39,999 19
$40,000–$49,999 37
$50,000–$59,999 41
$60,000–$69,999 46
$70,000–$79,999 45
$80,000–$89,999 59
$90,000–$99,999 40
$100,000–$124,999 50
More than $125,000 16
Not applicable 16
(Did not answer) 5
Total Responses 379
nsibilities related to health information privacy and security.
%
30.61%
0.53%
34.30%
3.69%
30.87%
0%
%
93.93%
2.90%
2.37%
0.79%
supervision) in healthcare privacy and security?
%
45.12%
23.75%
9.76%
20.58%
0.79%
%
2.37%
74.93%
1.58%
9.76%
4.75%
0%
2.64%
1.32%
0.53%
1.85%
0.26%
%
11.61%
53.83%
2.11%
4.22%
59.89%
10.03%
25.59%
ay select more than one answer for this question.
%
46.44%
0.79%
6.33%
8.44%
3.43%
2.11%
0%
1.85%
14.25%
5.54%
5.01%
1.06%
4.22%
0.53%
%
1.58%
4.22%
5.01%
19.00%
39.31%
26.12%
0.53%
1.06%
0.26%
2.37%
0.53%
s or duties that define the role of the CHPS. Following the work of a panel of your
ssessment
Assigned Weight %
1 0.26%
2 0%
3 3.96%
4 30.34%
5 65.17%
NULL 0.26%
Weighted Score : 4.61
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0%
2 0.79%
3 18.21%
4 50.40%
5 29.55%
NULL 1.06%
Weighted Score : 4.10
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0%
2 0.53%
3 7.39%
4 31.40%
5 59.10%
NULL 1.58%
Weighted Score : 4.51
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0%
2 0%
3 6.60%
4 30.87%
5 61.74%
NULL 0.79%
Weighted Score : 4.56
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0%
2 0.26%
3 16.36%
4 41.42%
5 40.63%
NULL 1.32%
Weighted Score : 4.24
s or duties that define the role of the CHPS. Following the work of a panel of your
ssessment
Assigned Weight %
1 0.26%
2 3.17%
3 19.53%
4 48.02%
5 28.23%
NULL 0.79%
Weighted Score : 4.02
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 1.06%
2 12.66%
3 39.84%
4 35.36%
5 9.23%
NULL 1.85%
Weighted Score : 3.40
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0.53%
2 2.37%
3 14.51%
4 39.58%
5 41.69%
NULL 1.32%
Weighted Score : 4.21
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0.26%
2 2.90%
3 15.57%
4 46.17%
5 32.98%
NULL 2.11%
Weighted Score : 4.11
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0.79%
2 7.65%
3 30.87%
4 38.26%
5 20.84%
NULL 1.58%
Weighted Score : 3.72
s or duties that define the role of the CHPS. Following the work of a panel of your
Assessment
Assigned Weight %
1 0.26%
2 2.37%
3 17.68%
4 45.91%
5 32.72%
NULL 1.06%
Weighted Score : 4.10
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0%
2 3.69%
3 22.96%
4 46.97%
5 23.48%
NULL 2.90%
Weighted Score : 3.93
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0.53%
2 5.80%
3 24.27%
4 39.05%
5 28.76%
NULL 1.58%
Weighted Score : 3.91
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0%
2 3.17%
3 22.96%
4 35.09%
5 37.20%
NULL 1.58%
Weighted Score : 4.08
s or duties that define the role of the CHPS. Following the work of a panel of your
Assigned Weight %
1 0%
2 5.01%
3 26.91%
4 39.84%
5 26.91%
NULL 1.32%
Weighted Score : 3.90
vacy and security laws, regulations, and standards of accreditation
%
0%
0.53%
2.37%
30.34%
66.23%
0.53%
cy and security laws, regulations, and standards of accreditation
%
0.79%
4.49%
20.84%
44.33%
28.50%
1.06%
acy and security laws, regulations, and standards of accreditation
%
0%
2.37%
9.23%
38.79%
48.55%
1.06%
esources, Legal, Risk Management, Physical Security, Law
%
0.79%
2.64%
12.40%
42.22%
40.90%
1.06%
sources, Legal, Risk Management, Physical Security, Law
%
1.58%
7.12%
25.07%
39.84%
24.27%
2.11%
esources, Legal, Risk Management, Physical Security, Law
%
1.85%
14.51%
35.88%
31.40%
13.98%
2.37%
ction, and retention as required by State and Federal law as well as
%
0%
0.79%
10.82%
33.77%
54.09%
0.53%
on, and retention as required by State and Federal law as well as
%
1.58%
10.55%
22.96%
38.52%
24.80%
1.58%
tion, and retention as required by State and Federal law as well as
%
0.26%
6.07%
24.27%
34.04%
33.77%
1.58%
ormation security to oversee the program(s).
%
0.53%
2.11%
16.89%
45.91%
33.77%
0.79%
rmation security to oversee the program(s).
%
1.58%
10.29%
30.87%
39.58%
16.09%
1.58%
ormation security to oversee the program(s).
%
3.43%
6.86%
32.98%
35.62%
20.05%
1.06%
cies, procedures, consents, authorizations, and notice of privacy
%
0%
0%
7.39%
38.26%
53.56%
0.79%
es, procedures, consents, authorizations, and notice of privacy
%
1.06%
4.75%
24.01%
44.06%
24.27%
1.85%
cies, procedures, consents, authorizations, and notice of privacy
%
0.26%
1.85%
21.11%
40.90%
34.56%
1.32%
ements related to privacy and security (e.g., BAA, QSO, etc.).
%
0.53%
2.11%
23.75%
40.63%
31.66%
1.32%
ments related to privacy and security (e.g., BAA, QSO, etc.). Manage
%
1.85%
9.50%
31.93%
36.94%
17.94%
1.85%
ements related to privacy and security (e.g., BAA, QSO, etc.).
%
2.11%
15.04%
34.04%
31.66%
15.83%
1.32%
ysical access to information and prevent theft or tampering.
%
0.26%
1.58%
8.18%
31.40%
57.26%
1.32%
sical access to information and prevent theft or tampering.
%
0.53%
1.32%
13.19%
38.52%
44.33%
2.11%
ysical access to information and prevent theft or tampering.
%
2.90%
10.03%
26.39%
30.34%
28.76%
1.58%
mation privacy and security to provide an informed workforce.
%
0%
0%
10.03%
40.11%
49.08%
0.79%
ation privacy and security to provide an informed workforce.
%
1.58%
5.54%
24.54%
41.95%
24.80%
1.58%
mation privacy and security to provide an informed workforce.
%
0.79%
2.64%
20.32%
39.58%
35.62%
1.06%
d or disclosed for research complies with organizational policies
%
2.37%
4.22%
31.13%
37.73%
23.75%
0.79%
or disclosed for research complies with organizational policies and
%
4.22%
14.51%
36.41%
27.97%
15.30%
1.58%
or disclosed for research complies with organizational policies
%
7.92%
24.54%
32.45%
21.37%
12.14%
1.58%
policies, procedures, and practices related to privacy and security.
%
0.26%
1.06%
16.09%
48.55%
33.77%
0.26%
olicies, procedures, and practices related to privacy and security.
%
1.58%
10.03%
33.25%
37.20%
16.89%
1.06%
policies, procedures, and practices related to privacy and security.
%
1.32%
7.12%
32.98%
37.47%
20.58%
0.53%
ncidents, including those by business associates.
%
0.26%
1.58%
20.58%
42.48%
34.30%
0.79%
cidents, including those by business associates.
%
1.58%
6.86%
27.18%
41.69%
21.11%
1.58%
ncidents, including those by business associates.
%
1.06%
14.51%
39.05%
29.82%
14.51%
1.06%
ecurity breaches.
%
0.26%
0.79%
10.55%
34.30%
53.30%
0.79%
curity breaches.
%
0.53%
3.43%
19.53%
42.22%
32.72%
1.58%
ecurity breaches.
%
1.32%
9.50%
29.55%
37.99%
20.58%
1.06%
%
1.32%
6.86%
28.23%
38.79%
23.48%
1.32%
%
1.85%
12.14%
31.93%
35.09%
16.62%
2.37%
%
4.22%
29.02%
32.98%
23.75%
8.44%
1.58%
ed to receive the protected information (subpoena, court orders,
%
0.26%
0.26%
5.01%
26.39%
67.28%
0.79%
to receive the protected information (subpoena, court orders,
%
0.53%
1.32%
13.72%
39.58%
43.27%
1.58%
d to receive the protected information (subpoena, court orders,
%
0.26%
5.54%
14.25%
26.91%
51.98%
1.06%
opriately respond to a request for release of information.
%
0.26%
3.69%
21.11%
45.65%
28.50%
0.79%
riately respond to a request for release of information.
%
1.58%
11.61%
36.15%
32.72%
16.36%
1.58%
priately respond to a request for release of information.
%
1.58%
19.00%
28.23%
31.13%
19.00%
1.06%
%
0.53%
2.11%
13.46%
37.20%
45.91%
0.79%
%
1.06%
4.22%
21.64%
39.58%
31.66%
1.85%
%
1.58%
19.79%
31.13%
26.39%
20.05%
1.06%
th or without patient authorization.
%
0%
0.79%
8.71%
41.69%
48.55%
0.26%
h or without patient authorization.
%
0%
3.43%
22.43%
43.27%
29.82%
1.06%
h or without patient authorization.
%
0.53%
7.65%
22.96%
34.56%
33.77%
0.53%
%
0.26%
1.58%
20.84%
44.33%
32.19%
0.79%
%
0.26%
7.92%
40.90%
32.72%
16.62%
1.58%
%
1.85%
12.66%
36.94%
31.66%
15.83%
1.06%
tity and access rights and privileges of recipients/users of health
%
0.26%
1.06%
14.78%
43.01%
40.11%
0.79%
y and access rights and privileges of recipients/users of health
%
0.26%
5.80%
27.44%
40.63%
24.54%
1.32%
ity and access rights and privileges of recipients/users of health
%
1.32%
11.35%
29.55%
36.68%
20.32%
0.79%
dware, and all information assets to protect information assets and
%
2.11%
3.69%
17.94%
44.33%
31.66%
0.26%
are, and all information assets to protect information assets and to
%
2.64%
8.97%
27.70%
36.41%
23.22%
1.06%
ware, and all information assets to protect information assets and
%
10.29%
23.22%
32.19%
20.58%
13.19%
0.53%
tingency planning for emergencies and disaster recovery.
%
1.32%
1.85%
19.00%
40.37%
36.94%
0.53%
ngency planning for emergencies and disaster recovery.
%
1.32%
10.03%
24.80%
33.25%
29.29%
1.32%
ingency planning for emergencies and disaster recovery.
%
5.80%
22.43%
37.99%
24.01%
8.97%
0.79%
vacy and security solutions.
%
0.26%
3.17%
21.11%
42.22%
32.98%
0.26%
cy and security solutions.
%
1.58%
11.08%
32.98%
36.15%
17.15%
1.06%
acy and security solutions.
%
3.96%
19.26%
33.77%
30.08%
12.40%
0.53%
mation systems which contain PHI.
%
1.32%
2.11%
18.47%
47.76%
29.82%
0.53%
ation systems which contain PHI.
%
1.85%
6.07%
31.66%
39.05%
20.05%
1.32%
mation systems which contain PHI.
%
6.33%
19.00%
34.56%
27.97%
11.35%
0.79%
receipt, removal, re-use, or disposal (internal and external
%
1.58%
1.58%
16.36%
40.90%
39.31%
0.26%
ceipt, removal, re-use, or disposal (internal and external
%
1.58%
2.64%
24.27%
38.79%
31.66%
1.06%
eceipt, removal, re-use, or disposal (internal and external
%
7.65%
19.53%
32.19%
24.01%
16.09%
0.53%
of authorized personnel to facilities, equipment and information.
%
0.53%
3.17%
11.35%
43.01%
41.16%
0.79%
authorized personnel to facilities, equipment and information.
%
0.26%
4.49%
25.07%
40.90%
27.44%
1.85%
f authorized personnel to facilities, equipment and information.
%
3.96%
14.25%
29.02%
32.45%
18.73%
1.58%
%
0.26%
2.37%
23.48%
40.63%
32.72%
0.53%
%
0.26%
11.08%
35.62%
36.41%
15.30%
1.32%
%
1.06%
10.29%
36.94%
35.62%
15.04%
1.06%
%
1.32%
3.43%
14.25%
41.42%
39.05%
0.53%
%
2.11%
6.07%
25.07%
40.37%
25.07%
1.32%
%
8.97%
19.00%
31.13%
25.59%
14.25%
1.06%
and vulnerabilities.
%
0.53%
1.85%
15.83%
40.63%
40.11%
1.06%
d vulnerabilities.
%
1.85%
5.28%
25.86%
39.31%
25.86%
1.85%
nd vulnerabilities.
%
5.01%
18.47%
31.13%
31.13%
12.66%
1.58%
%
1.32%
2.64%
15.57%
46.44%
33.51%
0.53%
%
2.11%
8.71%
26.91%
42.48%
18.47%
1.32%
%
5.80%
15.57%
35.36%
31.40%
10.55%
1.32%
ment, intrusion detection, and preventive countermeasures.
%
1.32%
4.49%
17.15%
38.52%
37.20%
1.32%
ent, intrusion detection, and preventive countermeasures.
%
1.58%
5.28%
24.27%
41.42%
25.33%
2.11%
ment, intrusion detection, and preventive countermeasures.
%
14.25%
19.79%
27.97%
24.80%
11.35%
1.85%
o software and hardware.
%
1.85%
6.60%
26.65%
39.58%
24.54%
0.79%
software and hardware.
%
3.69%
16.89%
34.56%
29.55%
13.72%
1.58%
o software and hardware.
%
18.47%
27.44%
22.16%
20.58%
10.03%
1.32%
nd comply with security requirements.
%
0.53%
1.32%
15.57%
41.95%
40.11%
0.53%
d comply with security requirements.
%
0.79%
7.39%
27.70%
41.69%
21.37%
1.06%
nd comply with security requirements.
%
6.60%
11.61%
29.55%
37.99%
13.46%
0.79%
ansmitted to external users (HIEs, RHIOs, PHRs, and other third
%
1.06%
3.96%
15.57%
39.05%
39.58%
0.79%
nsmitted to external users (HIEs, RHIOs, PHRs, and other third
%
1.58%
8.18%
21.37%
42.22%
25.07%
1.58%
ansmitted to external users (HIEs, RHIOs, PHRs, and other third
%
12.66%
18.21%
27.70%
23.75%
16.36%
1.32%
%
2.11%
2.37%
12.66%
37.47%
44.59%
0.79%
%
1.85%
8.18%
19.00%
35.36%
34.30%
1.32%
%
15.57%
19.53%
24.54%
23.22%
16.36%
0.79%
ailability and confidentiality of communication across networks
%
1.85%
1.85%
10.55%
35.88%
48.55%
1.32%
ability and confidentiality of communication across networks (e.g.
%
1.85%
5.01%
18.73%
38.52%
34.04%
1.85%
ilability and confidentiality of communication across networks (e.g.
%
15.30%
16.09%
26.65%
25.33%
15.30%
1.32%
hin a system (e.g. intrusion detection, denial of service, and invalid
%
1.06%
1.85%
18.21%
37.99%
39.05%
1.85%
n a system (e.g. intrusion detection, denial of service, and invalid
%
0.53%
7.12%
25.59%
37.73%
26.91%
2.11%
n a system (e.g. intrusion detection, denial of service, and invalid
%
16.62%
16.89%
25.07%
22.16%
17.68%
1.58%
orizations and privileges including emergency access.
%
0.53%
1.58%
17.94%
41.69%
36.15%
2.11%
zations and privileges including emergency access.
%
1.06%
5.80%
26.91%
40.37%
23.22%
2.64%
rizations and privileges including emergency access.
%
10.03%
14.78%
30.87%
25.07%
16.89%
2.37%
%
0.79%
2.64%
16.36%
43.80%
34.30%
2.11%
%
1.06%
8.97%
24.54%
42.22%
20.58%
2.64%
%
14.78%
14.78%
26.12%
25.86%
16.36%
2.11%
nsitive data based on risk assessment.
%
1.06%
2.64%
12.93%
31.93%
49.60%
1.85%
sitive data based on risk assessment.
%
2.37%
5.01%
17.15%
39.58%
33.77%
2.11%
sitive data based on risk assessment.
%
8.44%
15.57%
26.39%
26.65%
21.37%
1.58%
%
8.97%
13.46%
34.30%
26.91%
14.78%
1.58%
%
12.14%
19.26%
33.51%
22.43%
10.55%
2.11%
%
33.51%
30.61%
22.16%
7.39%
4.75%
1.58%
ns related to privacy and security to update organizational
%
0.53%
0.79%
7.65%
37.20%
53.30%
0.53%
s related to privacy and security to update organizational practices,
%
0.79%
6.60%
22.96%
39.84%
28.23%
1.58%
ns related to privacy and security to update organizational
%
0.26%
3.96%
15.57%
40.37%
38.52%
1.32%
om external entities relating to privacy and security to provide
%
0.53%
0.79%
14.51%
39.84%
43.27%
1.06%
m external entities relating to privacy and security to provide
%
2.11%
7.39%
25.59%
39.58%
23.48%
1.85%
om external entities relating to privacy and security to provide
%
2.37%
15.30%
26.91%
29.29%
24.54%
1.58%
nce measures and reports to improve organizational performance
%
0.79%
5.01%
32.19%
42.22%
18.47%
1.32%
e measures and reports to improve organizational performance
%
7.12%
15.04%
39.84%
27.44%
8.44%
2.11%
ce measures and reports to improve organizational performance
%
4.75%
15.83%
36.94%
29.55%
11.08%
1.85%
itate compliance with federal, state, and other regulatory or
%
0.26%
0.53%
8.97%
33.51%
55.67%
1.06%
ate compliance with federal, state, and other regulatory or
%
0.79%
5.80%
22.96%
39.58%
29.02%
1.85%
tate compliance with federal, state, and other regulatory or
%
0.26%
3.69%
15.57%
37.73%
41.16%
1.58%
%
0%
0.79%
10.03%
39.31%
49.08%
0.79%
%
0%
2.90%
22.43%
41.16%
31.93%
1.58%
%
1.06%
2.90%
17.94%
32.98%
43.80%
1.32%
ocess for privacy and security incidents.
%
0%
1.32%
11.08%
43.54%
43.54%
0.53%
cess for privacy and security incidents.
%
0.26%
5.01%
27.18%
42.74%
23.22%
1.58%
ocess for privacy and security incidents.
%
1.58%
8.97%
26.65%
37.47%
24.27%
1.06%
on’s Notice of Privacy Practices and collect the acknowledgement
%
1.06%
3.69%
23.48%
34.83%
36.41%
0.53%
n’s Notice of Privacy Practices and collect the acknowledgement of
%
7.12%
20.05%
32.72%
25.86%
12.93%
1.32%
on’s Notice of Privacy Practices and collect the acknowledgement
%
1.85%
15.30%
22.43%
29.02%
30.34%
1.06%
information of their information privacy rights related to the use
%
0.26%
3.96%
22.96%
42.74%
29.29%
0.79%
nformation of their information privacy rights related to the use and
%
5.28%
19.79%
34.30%
24.27%
14.78%
1.58%
information of their information privacy rights related to the use
%
3.43%
16.62%
22.96%
24.27%
31.40%
1.32%
ocument requests for: Amendments, Access to PHI, Accounting of
%
0.26%
1.58%
19.26%
39.31%
38.52%
1.06%
ument requests for: Amendments, Access to PHI, Accounting of
%
1.06%
15.57%
31.13%
32.72%
17.68%
1.85%
cument requests for: Amendments, Access to PHI, Accounting of
%
1.06%
8.97%
26.12%
34.04%
27.70%
2.11%
anization, to keep individuals informed on the organization’s
%
1.06%
3.96%
28.50%
37.99%
27.70%
0.79%
ization, to keep individuals informed on the organization’s
%
5.54%
22.43%
35.36%
23.22%
11.87%
1.58%
nization, to keep individuals informed on the organization’s
%
2.37%
11.87%
31.93%
32.19%
20.32%
1.32%
ay it falls into?
%
16.62%
26.12%
22.69%
34.56%
gh?
Privacy Security
94 24.80% 79 20.84%
109 28.76% 98 25.86%
96 25.33% 76 20.05%
37 9.76% 102 26.91%
13 3.43% 8 2.11%
78 20.58% 60 15.83%
pant may select more than one answer for this question.
%
17.15%
0.79%
10.82%
49.34%
37.20%
0.79%
11.08%
1.58%
0.26%
1.85%
0%
2.37%
1.85%
1.32%
1.58%
0.79%
0%
1.85%
0.26%
0.26%
0.26%
0.26%
0.53%
0.26%
2.11%
11.87%
3.69%
ay select more than one answer for this question.
all that apply):
%
0%
1.32%
2.90%
2.37%
92.08%
0.53%
1.58%
1.32%
0.26%
4.49%
13.19%
0.53%
0.79%
0.26%
2.90%
1.06%
16.09%
5.80%
ay select more than one answer for this question.
%
0.53%
0.26%
0.79%
0.79%
0%
0%
0.26%
9.50%
2.90%
0.79%
0%
0.26%
5.80%
2.11%
0%
0.26%
0.79%
4.22%
2.11%
0.79%
2.11%
2.90%
1.58%
0.79%
0.26%
2.11%
3.17%
3.69%
0.53%
3.69%
0.26%
0.53%
0.53%
1.06%
1.32%
0.79%
3.43%
2.90%
0%
2.11%
0.53%
1.32%
2.64%
1.06%
0.79%
0.79%
0.53%
3.17%
9.50%
0.26%
0%
1.58%
3.96%
1.85%
2.37%
0.26%
0%
0.53%
2.90%
%
0.53%
0.79%
5.01%
9.76%
10.82%
12.14%
11.87%
15.57%
10.55%
13.19%
4.22%
4.22%
1.32%
Did not answer Total
278 451
260 467
266 438
277 416
365 386
296 434
CHPS Domains & Tasks
CHPS Test Blueprint
ENTER CORRESPONDING TASK FROM
DOMAIN 1: Ethical, Legal, and Regulatory Issues/External Environmental Assessment PREVIOUS BLUEPRINT IN THIS COLUMN
TASK
Serve as a resource (provide guidance) to your organization regarding privacy and security laws,
1 regulations, and standards of accreditation agencies to help interpret and apply the standards. 1.1
Develop incident response plan and identify team members (e.g. Human Resources, Legal, Risk
Management, Physical Security, Law Enforcement, Public Relations, IT, Administration) to respond
2 to a privacy or security incident. 2.2
Demonstrate privacy and security compliance with documentation, production and retention as
3 required by State and Federal law as well as accrediting agencies. 2.6, 2.3
DOMAIN 2: Program Management and Administration
TASK
Administer an appropriate organizational infrastructure for privacy and information security to
1 oversee the program(s). 1.2
Create, document, and communicate information privacy and security policies, procedures,
2 consents, authorizations, notice of privacy practices. 1.3
Identify contracts and business relationships and secure appropriate agreements related to
privacy and security (e.g., BAA, QSO, etc.). Manage business associate relationships throughout
3 the life of the contract. 1.4, 1.5
Evaluate and monitor facility security plan to safeguard unauthorized physical access to
4 information and prevent theft or tampering. 1.9
Develop, deliver, evaluate and document training and awareness on information privacy and
5 security to provide an informed workforce. 1.11
Work with appropriate organization officials to verify that information used or disclosed for
research complies with organizational policies and procedures and applicable privacy regulations.
6 1.12
Assess, recommend, revise, and communicate changes to organizational policies, procedures, and
7 practices related to privacy and security. 1.13
Assess and communicate risks and ramifications of privacy and security incidents, including those
8 by business associates. 2.1
Establish a preventative program to detect, prevent and mitigate privacy/security breaches.
9 3.7
10 Apply and recommend appropriate de-identification methodologies 5.1
Verify that requesters of protected information are authorized and permitted to receive the
11 protected information (subpoena, court orders, search warrants) 5.2
Define HIPAA-designated record sets for the organization in order to appropriately respond to a
12 request for release of information. 5.4
13 Identify information and record sets requiring special privacy protections. 5.5
Serve as a resource (provide guidance) to your organization regarding privacy and security laws,
regulations, and standards of accreditation agencies to help interpret and apply the standards.
14 5.6, 5.7
15 Develop minimum necessary procedures. 5.7
Recommend, review and approve protocols to verify identity and access rights of recipients/users
16 of health information. 5.3, 5.8
DOMAIN 3: Information Technology/Physical and Technical Safeguards
TASK
Facilitate development and verify maintenance of the inventory of software, hardware, and all
information assets to protect information assets and to facilitate risk assessment.
1 1.6, 3.6
Participate in business continuity planning for planned downtime and contingency planning for
2 emergencies and disaster recovery. 1.7
Participate in evaluation, selection, and implementation of information privacy and security
3 solutions. 1.10
Develop a systematic process to evaluate risk to and criticalities of information systems which
4 contain PHI. 1.8, 2.9
Assess, implement and oversee media control practices that govern the receipt, removal, re-use,
or disposal (internal and external destruction) of any media or devices containing sensitive data to
protect the confidentiality, privacy and security of information.
5 4.1
Assess and monitor physical security mechanisms to limit the access of unauthorized personnel to
6 facilities, equipment and information. 4.2
7 Establish reasonable safeguards to reduce incidental disclosures 4.3
Participate in the development and management of the organization’s information security plan.
8 3.2
Participate in the organizational risk assessment plan to identify threats and vulnerabilities.
9 3.3
10 Monitor compliance with the security policies. 2.4
Ensure adequacy of technical safeguards such as configuration management, intrusion detection,
11 and preventive countermeasures. 3.5
Establish internal policies, procedures and rules to protect information and comply with security
13 requirements. 3.8
Apply appropriate technologies to protect information received from or transmitted to external
14 users (HIEs, RHIOs, PHRs, and other third parties). 3.9
15 Verify and validate data backup plan. 3.1
Participate in development of guidelines, procedures and controls to ensure the integrity,
availability and confidentiality of communication across networks (e.g. wireless, Internet, secure
16 sockets, VPNs, and PKI). 3.11
Advocate the use of event triggering to identify abnormal conditions within a system (e.g.
17 intrusion detection, denial of service, and invalid log-on attempts). 3.12
Establish and manage process for verifying and controlling access authorizations and privileges
18 including emergency access 3.13
19 Establish and manage authentication mechanisms. 3.14
Recommend use of encryption of protected health information and other sensitive data based on
20 risk assessment. 3.15
DOMAIN 4: Investigation, Compliance, and Enforcement
TASK
Monitor and assess compliance with state and federal laws and regulations related to privacy and
security to update organizational practices, policies, procedures and training of staff members.
1 2.7
Coordinate the organization’s response to inquiries and investigations from external entities
relating to privacy and security to provide response consistent with organizational policies and
2 procedures. 2.5, 2.8
Develop performance measures and reports to monitor and improve organizational performance
3 and report to appropriate organizational body. 2.7
Enforce privacy and security policies, procedures, and guidelines to facilitate compliance with
4 federal, state, and other regulatory or accrediting bodies. 2.10
5 Monitor access to protected health information. 2.11
Establish an incident/complaint investigation response and resolution process for privacy and
6 security incidents. 2.12
DOMAIN 5: Customer/Client/Patient Services
TASK
1 Establish, maintain, and distribute the organization’s Notice of Privacy Practices.
Inform the individual who is the subject of individually identifiable health information of their
information privacy rights related to the use and disclosure of protected information
2
Establish and maintain an operational system to receive, process, and document requests for:
• Amendments
• Access to PHI
• Accounting of disclosures
• Alternate means of communication
• Restrictions
3 • Complaints
Develop and implement communication tools, as appropriate for the organization, to keep
individuals informed on the organization’s commitment to information privacy and security, their
4 individual rights, and services based on their individual rights.
Breach notification (federal):
• Develop policy and procedure
• Educate workforce on reporting requirements
• Develop risk assessment tools
• Notify approriate individuals/agencies/media within time frame
5 • Maintain the appropriate documentation
Related docs
Other docs by ptp71675
Central Saint Martins MA Industrial Design Application pack for postgraduate study
Views: 126 | Downloads: 0
