| Began Assessment Process |
| Completed an inventory of all Transactions. |
| Completed an inventory for all Protected Health Information that is in your facility. |
| Made a list of all uses (internal) and disclosures (external) of Individually-Identifiable Health Information. |
| Completed inventory of all information systems, and their safeguarding mechanism (e.g. disaster recovery, virus detection, user authentication, access logging, etc.) |
| Identified all policies, procedures, and forms. |
| From the list of DHHS programs, check how many of such programs impact you. |
| From the list of HIPAA-Impacted Data, check which of these affect your practice. |
| |
| Introducing Corrective Activities and New Processes |
| Begin a HIPAA training program for current and future employees. |
| Revise all patient-signed forms to include HIPAA-compliant language and practices. |
| Sign appropriate agreements with business associates and trading partners. |
| Work with Nebraska DHHS programs, agencies and facilities to institute new claims process. |
| For all non-compliant information systems -- Change the current system (e.g., purchase new ones that are compliant, re-write current system, modify privilege settings, change passwords and accounts) |
| The HIPAA Privacy deadline was on 4/14/2003. |
| The HIPAA Security deadline was on 10/16/2003. |
| |
| Maintaining Compliance Status |
| Regularly read Nebraska DHHS HIPAA-related announcements, and implement such changes -- on this website, in provider letters, in email announcements, in postal-delivered literature. |