california hipaa privacy implementation survey: appendix a. … · 2018-01-02 · california hipaa...
TRANSCRIPT
California HIPAA Privacy Implementation Survey:
Appendix A. Stakeholder Interviews
Prepared for the California HealthCare Foundation
Prepared by National Committee for Quality Assurance and Georgetown University Health Privacy Project
April 2002
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 2
Appendix A. Stakeholder Interviews Prior to developing a finalized HIPAA survey for this project, an independent survey research firm conducted a series of stakeholder interviews. The purpose of these interviews was to obtain a general sense of what the actual and perceived barriers are to implementation of the HIPAA privacy rule from those who are and will be directly affected. The NCQA and The Health Privacy Project at Georgetown University chose the stakeholders judgmentally as those who would be familiar with the issues surrounding implementation of the HIPAA privacy rule. Not all stakeholders that were chosen were interviewed due to the time constraints of the project and stakeholders non-compliance. Using a pre-determined script (Attachment I), developed by the research firm, NCQA and The Health Privacy Project at Georgetown University, a total of seven stakeholders were interviewed. The results of the calls identified some main themes that were included in the generation of the final survey. The main themes are:
1. Training for HIPAA will be costly and time consuming; 2. California state law already has strict regulations regarding privacy so that HIPAA will not
drastically change most of the processes; 3. Lack of industry knowledge surrounding technology and its capabilities; 4. Specific Requirements (i.e. consent, minimum necessary, business associate, research) could use
clarification. Detailed Summary of Results Potential Implementation Issue Stakeholder Answers General – Do you think guidance or modifications are needed with regards to HIPAA? Is guidance/ modification really the issue with HIPAA? If yes, where in the HIPAA regulations do you think more guidance should be given? If not, what is/are the issue(s)?
“Accounting of disclosures.” “Yes, the privacy rule within larger organizations will be onerous. The solo/small group offices will be affected the most. California state requirements already have legal implications for security breaches.” “At a minimum the DHHS, should clarify the regulations.”
Cost – What do you think the cost of implementing the HIPAA regulations will be for your organization? Will there be offsetting financial benefits of implementing other sections of HIPAA, such as the transactions and code sets?
“The savings are real, but distant. We will not benefit for a couple of years and there will be an ongoing expense associated with this.” “State law is already so strict, the cost of this implementation should not be prohibitive.” “Anticipate that it will cost $1,000 - $2,000 per doctor to train.” “Do not see any cost off-set by the transaction and code set regulation, since they are already submitting electronically.”
People - What staffing changes do you anticipate having to make to meet the policy requirements by the deadline and then complying with the regulations after the deadline?
“PMO’s have already been established to distribute responsibility.” “Organizations may have trouble dedicating people to regulate HIPAA compliance.” “The Chief Medical Officer has the lead on HIPAA implementation.”
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 3
Potential Implementation Issue Stakeholder Answers “For small offices, the doctor will become the privacy official.” “The Medical Director is taking the lead with at least another FTE and additional data systems staff.”
Process – Do you think you will need to change the processes within your organization (i.e. the way information travels, employee behavior) in order to comply with HIPAA? Why? Is one of the issues time? What are the other process issues? Do you envision any difficulties doing this?
“California already has strict privacy laws. Most organizations are already in compliance.” “It is always difficult to change people’s behavior.” “There is a tough state law, so everybody is meeting the requirements already.” “Have already been doing so much to plan ahead. Thought about manpower, resources, re-evaluating all past policies and procedures.” “Doctor’s offices will have a problem writing/maintaining all of the policies needed for HIPAA.”
Training - Do you think that you will be able to effectively train all of your employees on the regulations? Do you envision any difficulties doing this?
“This will be a resource issue. It may be smart to piggy back this type of training off of Sexual Harassment training.” “The small offices will be looking to the professional organizations to guide them.” “Already planning the training but this is a large undertaking. Training center accommodates five at a time and there are over 300 doctors in the group.”
Technology – Do the regulations provide adequate guidelines for information technology developers? Can the regulations, such as confidential communications, be implemented with available tools and technologies? Do the regulations support current efforts to automate processes and transactions, e.g. electronic signatures on consent forms?
“[HIPAA] Regulations will be a reason to delay moving towards technology.” “The regulations will make technology development less problematic.” “Believe that current technology can support confidential communications.” “There is an internet barrier. People think that everything on the internet is wide-open. [They think that] will not be able to use the internet anymore.” “Doctor’s do not have internet security.” “No upgrades or system changes have to be made.”
Consent - Are the regulation’s current consent requirements workable? What are some of the specifics issues/ barriers/problems you see with the consent requirements? ? Do you think that the consent requirements may limit the flow of information needed to assess health care quality?
“The current consent requirements are workable.” “That is a good question. It will be interesting to see what people say.” “Yes, consent requirements may limit the flow of information needed to assess health care quality.” “ The new [Consent] requirements will create confusion for doctors … uncertain as to what is required and how you will know if you are in compliance. ” “In time, [Consent] will be workable.”
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 4
Potential Implementation Issue Stakeholder Answers Minimum Necessary – Does the “minimum necessary” rule achieve its intended purpose? Are there unintended consequences? What are they? Do you think Minimum Necessary may limit the flow of information needed to deliver, pay for, and assess health care quality?
“This will be a nightmare for referring physicians. Its onerous and I do not see the point. The unintended consequence is that this will drive up cost of compliance. It is too reliant on personal judgment” “Creates tendency to develop overkill and can create unnecessary complexity.” “This is the easiest part of it. Doctors already do this. Now, it is a documentation process but it won’t hurt much.”
Research – Does the regulation adequately distinguish research and health care operations? Are the guidelines clear for what process providers should follow when determining whether they can or cannot participate in quality measurement activities under HIPAA? Does the rule create significant barriers to researcher access to patient data, or does the rule impose needed procedural safeguards?
“My concern is that research will be cut off.” “This will thwart clinical research. Local doctors will not participate in studies, like breast cancer studies. Regulations must be simplified and made more logical.” “Don’t deal much with research but it will be increasingly difficult to enroll patients in disease management programs. It is not so good now but HIPAA will make things worse.”
Additional Comments: “Fear that health plans will no longer contract with disease management organizations because they will think that transmitting PHI will be breaking the law. More education is needed on consent and disease management entities need to be defined under HIPAA.” “Transaction rule is the best aspect of HIPAA.” “HIPAA is more of an administrative exercise then an exercise of value.” “The strategy should be made simpler.”
Please rank the top barriers of implementation: “Minimum Necessary; Business Associates; Intersect between state and federal regulations.” “Perception that you will be unable to use the internet; Research; Training; Compliance / Quality Assurance; Doctor education around the issues.” “Policy and procedure development; Resource use and cost.” “Design of office plan; Training requirements; Was not a collaborative approach between legislation and delivery system.” “Information exchange between doctors, patients and research; Technology; Training; Quality Assurance; Implementation of the rest of the regulations.”
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 5
Stakeholder Interview Script Preliminary Stakeholder Interviews
Draft Agenda
Date:
Time:
Our firm was hired by the National Committee for Quality Assurance (NCQA) in order to assist in the
development and execution of a survey for the California HealthCare Foundation. The survey’s goal is to
identify actual and perceived barriers to the implementation of the HIPAA privacy regulation. The
president of the NCQA, and the project director of the Georgetown University Health Privacy Project,
have identified you as an individual who might be able to give us some insight into the actual and
perceived barriers so that we can develop a focused survey. We are looking to you to help identify key
survey topics and also assist in identifying potential survey respondents. Your participation will be kept
confidential and only those participating in the development of the survey will have access to your
responses. I know that this is a busy time of the year so; I would like to thank you in advance for your
time. I anticipate that this interview will take between 30 and 40 minutes. The meeting agenda will be as
follows:
• Background / Roles
• Key Issues surrounding HIPAA
• Survey Respondent Identification
• Wrap-Up
Background / Roles We were was chosen to aid the NCQA in developing a survey that would identify areas of the HIPAA
privacy regulation where guidance or modifications may be needed to clarify and interpret sections of the
rule. The results of this survey will be shared with the Department of Health and Human Services in order
to help them understand any issues identified The survey will be a telephone survey that will take under
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 6
an hour and consist of 20 to 25 closed-ended questions with one or two open ended questions. The survey
respondents will be healthcare entities of various types that operate (in some fashion) in the state of
California.
Our next step will be to ask you some open-ended questions to get some of your thoughts with regard to
HIPAA. Please excuse me if there are pauses after you respond to our questions, as I will be attempting to
take detailed notes.
Key Issues surrounding HIPAA • Do you think guidance or modifications are needed with regards to HIPAA?
• Is guidance/ modification really the issue with HIPAA?
• If yes, where in the HIPAA regulations do you think more guidance should be given?
• If not, what is/are the issue(s)?
The following issues are those that the development team thinks may be perceived as barriers to HIPAA
implementation; Cost, People, Process Redesign, Training, Technology Constraints, Unclear Regulations.
As we review these, please provide feedback as to whether you think that these may also be real barriers
to the healthcare community:
• Cost – What do you think the cost of implementing the HIPAA regulations will be for your
organization? Will there be offsetting financial benefits of implementing other sections of HIPAA,
such as the transactions and code sets?
• People - What staffing changes do you anticipate having to make to meet the policy requirements by
the deadline and then complying with the regulations after the deadline?
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 7
• Process – Do you think you will need to change the processes within your organization (i.e., the way
information travels, employee behavior) in order to comply with HIPAA? Why? Is one of the issues
time? What are the other process issues? Do you envision any difficulties doing this?
• Training - Do you think that you will be able to effectively train all of your employees on the
regulations? Do you envision any difficulties doing this?
• Technology – Do the regulations provide adequate guidelines for information technology developers?
Can the regulations, such as confidential communications, be implemented with available tools and
technologies? Do the regulations support current efforts to automate processes and transactions; e.g.,
electronic signatures on consent forms?
• Unclear Regulations - CHCF has identified the following three categories as key issues where the
language may need clarification within the HIPAA regulation. Please provide feedback as to whether
you also think that these topics may need some clarification or modification:
• Consent - Are the regulation’s current consent requirements workable? What are some of the
specifics issues/ barriers/problems you see with the consent requirements? ? Do you think that the
consent requirements may limit the flow of information needed to assess health care quality?
• Minimum Necessary – Does the “minimum necessary” rule achieve its intended purpose? Are there
unintended consequences? What are they? Do you think Minimum Necessary may limit the flow of
information needed to deliver, pay for, and assess health care quality?
• Research – Does the regulation adequately distinguish research and health care operations? Are the
guidelines clear for what process providers should follow when determining whether they can or
cannot participate in quality measurement activities under HIPAA? Does the rule create significant
barriers to researcher access to patient data, or does the rule impose needed procedural safeguards?
Of the barriers / key issues identified above, what do you think are the most significant? Please rank the
top five.
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 8
Respondent Identification
Our goal is to survey between 75 and 100 healthcare organizations. We are limiting our survey to
respondents representing hospitals, health plans, physician organizations, disease management
companies, and researchers. After having spoken with us to gain an understanding of the survey objective,
who do you feel would be appropriate to respond to the survey?
One of the most challenging parts of this survey is to identify whom the correct person to respond within
an organization. Identifying the correct individual would help us get more meaningful data therefore, as
much detail on the respondents you give us would be appreciated (i.e. name, title, telephone number).
Wrap-Up
I would like to thank you for taking the time to help us develop our survey topics and questions. The
information that you have provided us is central in helping us to achieve our goal. Once we have finished
conducting our survey, NCQA will compile and analyze the information and send it to the California
Healthcare Foundation for their publication. Once again, I would like to ensure you that your responses
will not be tied to you or your organization in the final survey results. If you think of additional
information after the call that may be useful to us, please feel free to call me at ____________________.
California HIPAA Privacy Implementation Survey: Appendix B. Questionnaire
Prepared for the California HealthCare Foundation
Prepared by National Committee for Quality Assurance and Georgetown University Health Privacy Project
April 2002
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 2
Appendix B. California HIPAA Implementation Survey Questionnaire Hello, my name is________________. Our research group was hired by the National Committee
for Quality Assurance (NCQA) and the Georgetown University Health Privacy Project to conduct a
survey for the California HealthCare Foundation. The survey’s goal is to obtain feedback on the
impact of the HIPAA privacy regulation on your organization. Once we have finished conducting
the survey, NCQA and Georgetown University Health Privacy Project will compile and analyze the
results and prepare a report for publication by the California HealthCare Foundation. The results of
this survey will be shared with the Department of Health and Human Services. In addition, as a
participant in this survey, you will receive a copy of the final report.
You have been identified as the individual within your organization who will be able to answer the
survey questions on behalf of your organization. Your responses will be kept confidential. Only
those administering the survey will have access to your responses. There will be a total of 20 closed-
ended and 9 open-ended questions. I anticipate that this interview will take between 30 and 40
minutes, so thank you in advance for your time. What questions do you have at this time?
These questions are scripted, so if at any time you need me to repeat a question or answer, please
feel free to interrupt. Also, please excuse any pauses, as I will be taking detailed notes during this
survey.
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 3
First, I would like to verify some demographic information. Please remember that your name will
be kept confidential and your organization will not be publicly associated with its specific responses.
Background Participant: Name: Position: Phone #: Name of Facility/Organization: Type of Facility/Organization:
Hospital: Rural, Community, Academic Size: < 50 bed, 50 – 99, 100 – 299, > 300
Physician: Single Specialty Multi-specialty
Size: < 30 31 – 100 > 100
Payor: Type: Commercial Medicaid Medicare (Check all that apply)
Researcher
Disease Management Address of Facility/Organization Street 1: Street 2: City: State: Zip:
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 4
Questions 1. On a scale of 1 –5, with 1 being “Low” and 5 being “High”, how would you rate your
overall knowledge of the HIPAA privacy regulation?
1 = Low (only cursory awareness) 2 = 3 = Medium – Have attended a HIPAA awareness seminar 4 = 5 = High – Have read the HIPAA Regulations and Notice of Proposed Rule Making and
attended training
1 2 3 4 5
2. On a scale of 1 – 5, with 1 being “least workable” and 5 being “most workable”, how
do you view the workability of the HIPAA Privacy Regulation’s current consent requirements? 1 = Consent requirements are not workable 2 = 3 = Consent requirements are somewhat workable 4 = 5 = Consent requirements are very workable
1 2 3 4 5 Don’t Know
3. On a scale of 1 –5, with 1 being “will greatly limit” and 5 being “will greatly enhance”
how do you think the consent requirements will affect the flow of information needed to assess health care quality? 1 = Consent requirements will greatly limit the flow of information 2 = Consent requirements will somewhat limit the flow of information 3 = Consent requirements will have no affect on the flow of information 4 = Consent requirements will somewhat enhance the flow of information 5 = Consent requirements will greatly enhance the flow of information
1 2 3 4 5 Don’t Know
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 5
3a. (If answered “1” or “2” to question 3) In what way do you think that the consent
requirement will limit the flow of information?
4. What do you deem useful and what are your concerns with the consent
requirements?
5. On a scale of 1 – 5, with 1 being “least workable” and 5 being “most workable”, how
do you view the workability of the HIPAA Privacy Regulation’s current “Minimum Necessary” requirements? 1 = “Minimum Necessary” requirements are not workable 2 = 3 = “Minimum Necessary” requirements are somewhat workable 4 = 5 = “Minimum Necessary” requirements are very workable
1 2 3 4 5 Don’t Know
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 6
6. This will be a three-part question. On a scale of 1 – 5, with 1 being “will greatly limit”
and 5 being “will greatly enhance”, how do you think the “Minimum Necessary” rule will affect the flow of information needed for each of the following: delivery, payment, and assessment of health care quality? Please use these choices for each of the following categories; delivery, payment and assessment: 1 = “Minimum Necessary” will greatly limit the flow of information 2 = “Minimum Necessary” will somewhat limit the flow of information 3 = “Minimum Necessary” will have no affect on the flow of information 4 = “Minimum Necessary” will somewhat enhance the flow of information 5 = “Minimum Necessary” will greatly enhance the flow of information 1 2 3 4 5 Don’t Know Delivery Payment Assessment
7. On a scale of 1-5, with 1 being “No Impact” and 5 being “Significant Impact”, to
what degree will the regulations have an impact on whether or not providers can or cannot participate in quality measurement activities under HIPAA? 1 = No impact 2 = 3 = Minimal impact 4 = 5 = Significant impact
1 2 3 4 5 Don’t Know
8. This will be a three-part question. Do you believe that the regulations clearly define
who your business associates are, what their responsibilities are and what provisions need to be included in the agreement? Yes No Don’t Know Business Associates Responsibilities Agreement Provisions
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 7
8a. (If “No” to any part of question 8) Where do additional clarifications or
modifications need to be given?
9. On a scale of 1 – 5, with 1 being “small” and 5 being “large”, what is the magnitude
of the burden of implementing the Business Associate Agreement in terms of cost and time? 1 = Small burden 2 = 3 = Burden is neither small nor large 4 = 5 = Large burden 1 2 3 4 5 Don’t Know Cost Time
10. On a scale of 1 – 5, with 1 being “regulations are unclear” and 5 being “regulations
are very clear”, does the regulation adequately distinguish between research and health care operations? 1 = The regulations are unclear between research and operations 2 = 3 = The regulations are neither clear nor unclear 4 = 5 = The regulations are clear between research and operations 1 2 3 4 5 Don’t Know
10a. (If answered “1” or “2” to question 10) Where do additional clarifications or
modifications need to be given?
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 8
11. Are there additional areas in the HIPAA Privacy Regulation where you would like to
see the Department of Health and Human Services provide additional clarification and/or modification? Yes No Don’t Know
11a. (If “Yes” to question 11) Which component(s) of the Privacy Regulation would you
like to see the Department of Health and Human Services provide additional clarification and/or modification?
12. Has your organization developed a strategy for HIPAA Privacy Regulation
compliance? Yes No Don’t Know
13. We are now ten months into a two-year compliance period. Which of the following
has your organization completed toward the implementation of the HIPAA Privacy Regulation? (Check all that apply) Yes No Don’t Know Developed a strategic plan Conducted Gap Assessment Developed Readiness Initiatives Completed Implementing Readiness Initiatives
14. Has your organization designated a Privacy Official as defined by HIPAA?
Yes No Don’t Know
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 9
14a. (If “Yes” to question 14) Has the Privacy Official identified the resources (people) within your organization that are needed to ready your organization for HIPAA compliance? Yes No Don’t know
15. Which department in your organization has the lead on the HIPAA privacy
implementation? 1 = Medical Records 2 = Information Technology 3 = Legal 4 = Operations 5 = Other, please specify: ____________________________________________ 1 2 3 4 5 Don’t Know
16. If and when do you anticipate the cost to comply with the Privacy regulations will be
offset by the savings expected by implementing other components of the regulations (e.g., the Transaction and Code Set regulations)? (Check all that apply). Short Term (<1 year) Medium Term (3–5 years) Long Term (5+ years) No Savings Don’t Know
17. Which of the following describes your organization’s progress in regards to the
budgeting and funding of your HIPAA efforts?(Check the option that most applies to your organization). Not Budgeted Budgeted, but not yet funded Partially funded (e.g., cost to upgrade system and develop consent form, privacy notice and disclosure form) Fully Funded Not developing a HIPAA specific budget (e.g. will be included in individual department’s budget) Don’t Know
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 10
18. In which departments or areas of your organization will implementation of the HIPAA Privacy Regulation be most costly? Please provide the top three in descending order – highest to lowest. 1. Area:
2. Area:
3. Area:
19. How does your organization plan to monitor compliance after the HIPAA Privacy
regulation is in effect? ______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
20. Have you identified those state laws that are preempted by and are not preempted by
the HIPAA Privacy Regulation?
Yes No Don’t Know Preempt Do Not Preempt
20a. (If “Yes” to question 20) How are you analyzing and tracking state privacy law’s
interplay with HIPAA?
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 11
20b. (If “No” to question 20) How are you planning to analyze and track state privacy
laws interplay with HIPAA? ______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
21. On a scale of 1 – 5, with 1 being “no guidelines” and 5 being “extensive guidelines”,
to what extent do the HIPAA Privacy regulations provide guidelines for information technology developers? 1 = No guidelines 2 = Few guidelines 3 = Adequate guidelines 4 = Several guidelines 5 = Extensive guidelines
1 2 3 4 5 Don’t Know
22. Can the following requirements be implemented with available tools and
technologies? Yes Partially No Don’t know Tracking Consent Revocations of Consent Limitations on Consent Accounting of Disclosure
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 12
23. What are the greatest benefits and/or challenges for your organization relating to the
implementation of the HIPAA Privacy Regulation?
This concludes the survey. Thank you for taking the time to participate. Once again, I would like to
ensure you that your responses will not be tied to you or your organization in the final survey results.
Thank you.
Have a good day.
California HIPAA Privacy Implementation Survey: Appendix C. Survey Protocol Outcomes Prepared for the California HealthCare Foundation Prepared by National Committee for Quality Assurance and Georgetown University Health Privacy Project April 2002
California HIPAA Implementation Survey/California HealthCare Foundation 2
Appendix C: Survey Protocol Outcomes 1) Response Rates Overall and by Group There were 420 organizations identified for the survey, out of which 416 were still in business at the time of the survey. These organizations were classified as Hospitals, Physician Groups, Payors, and Others (Disease Management Organizations, Researchers, and Other organizations believed to be impacted by HIPAA regulations). One hundred surveys out of the 416 were completed, yielding an overall response rate of 24% for the survey. The highest response rate by group was 70%, among respondents representing Payors (26 completed out of 37 attempted). Respondents representing Others had the second highest response rate at 32% (26 completed out of 81 attempted). Only 22% (29 out of 131 attempted) of the Hospitals in our sample completed the survey, and only 11% (19 out of 167 attempted) of Physician Groups in our sample completed the survey. 2) Reasons given by Non-Respondents Of non-respondents that could be reached, many provided reasons for not participating in the survey when asked. Twenty-four respondents stated that they did not believe their organization would be impacted by HIPAA regulations. Fifty percent of these responses were from Physician Group non-respondents, and 47% of these responses were from Disease Management organization non-respondents. Other common reasons given for non-participation were “no time” to do the survey or that the respondent “doesn’t do surveys.” 3) Characteristics of Respondents Overall and by Group Despite the low response rates among Hospital respondents in this study, surveys completed by respondents representing Hospitals still constitute 29% of the total number of completed surveys, followed by Payors and Others (each 26% of total). Physician Groups constituted 19% of the total number of completed surveys. Hospitals represented in the sample tended to be large community hospitals. Of the 29 Hospitals, 18 (63%) were Community hospitals, 8 (27%) were Academic hospitals, and 3 (10%) were rural hospitals. Sixty-three percent of the Hospital respondents represented hospitals with 300 or more beds, 27% were from hospitals with 100 to 299 beds, 7% were from hospitals with 50 to 99 beds, and 3% were from hospitals with less than 50 beds. Physician Groups represented in the sample tended to be mostly multiple specialty groups with more than 100 physicians. Multiple specialty physician groups comprise 84% of Physician Group responses, while single specialty groups comprise 16% of Physician Group responses. 74% of Physician Group responses were from groups with a size greater than 100; 10% were from groups of 31 to 100 in size, and 16% of physician responses were from groups with less than 30 physicians. Fifty percent of Payors were either partially or exclusively Medicaid Payors, while 46% were either Commercial or Commercial and Medicare. Fifty percent of Other respondents represented Disease Management Organizations, and 46% were from Other organizations. Only 1 respondent was classified as “Researcher.” Twelve respondents classified as Other represented organizations such as: clearinghouses, corporate offices for a system of hospitals, employee benefit consulting firms, behavioral health care organizations, medical groups/medical management groups, and online companies.
California HIPAA Privacy Implementation Survey: Appendix D. Pie Charts Prepared for the California HealthCare Foundation Prepared by National Committee for Quality Assurance and Georgetown University Health Privacy Project April 2002
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 2
Appendix D. Pie charts with percentages of total valid responses for each closed-ended question
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 3
1. On a scale of 1 –5, with 1 being “Low” and 5 being “High”, how would yourate your overall knowledge of the HIPAA privacy regulation?
Percentage of Responses by Category
Response #1 Response #2 Response #3Response#4
Response#5
Hospital 0% 0% 10% 34% 55%PhysicianGroup 5% 5% 26% 42% 21%Payor 0% 8% 35% 31% 27%Other 0% 0% 15% 46% 38%
Total Response Percentage - By Response
438%
1-Low1%
3-Medium21%
5-High37%
23%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 4
2. On a scale of 1 – 5, with 1 being “least workable” and 5 being “most workable”,how do you view the workability of the HIPAA Privacy Regulation’s currentconsent requirements?
Total Response Percentage - By Response
419%
1-Low7%
3-Medium51%
5-High10%
213%
Percentage of Responses by Category
Response #1 Response #2 Response #3Response#4
Response#5
Hospital 3% 7% 66% 14% 10%PhysicianGroup 5% 16% 58% 21% 0%Payor 12% 20% 36% 16% 16%Other 8% 12% 42% 27% 12%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 5
3. On a scale of 1 –5, with 1 being “will greatly limit” and 5 being “will greatly enhance” how do you think the consent requirements will affect the flow of information needed to assess health care quality?
Total Response Percentage - By Response
49%
1-Low7%
3-Medium32%
5-High1%
251%
Percentage of Responses by Category Response #1 Response #2 Response #3 Response #4 Response #5 Hospital 4% 61% 18% 18% 0% Physician Group 5% 42% 42% 5% 5% Payor 4% 48% 44% 4% 0% Other 15% 50% 27% 8% 0%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 6
5. On a scale of 1 – 5, with 1 being “least workable” and 5 being “most workable”, how do you view the workability of the HIPAA Privacy Regulation’s current “Minimum Necessary” requirements?
Total Response Percentage - By Response
418%
1-Low4%
3-Medium58%
5-High5%
215%
Percentage of Responses by Category Response #1 Response #2 Response #3 Response #4 Response #5 Hospital 4% 14% 57% 18% 7% Physician Group 5% 11% 68% 11% 5% Payor 0% 22% 52% 22% 4% Other 8% 13% 54% 21% 4%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 7
6. This will be a three-part question. On a scale of 1 – 5, with 1 being “will greatly limit” and 5 being “will greatly enhance”, how do you think the “Minimum Necessary” rule will affect the flow of information needed for each of the following: delivery, payment, and assessment of health care quality?
Delivery
Total Response Percentage - By Response
49%
1-Low4%
3-Medium45%
5-High1%
241%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 8
6. Payment
Total Response Percentage - By Response
412%
1-Low4%
3-Medium45%
5-High4%
235%
Percentage of Responses by Category Response #1 Response #2 Response #3 Response #4 Response #5 Hospital 4% 19% 59% 15% 4% Physician Group 0% 56% 33% 6% 6% Payor 0% 58% 25% 13% 4% Other 14% 10% 57% 14% 5%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 9
6. Assessment
Total Response Percentage - By Response
46%
1-Low9%
3-Medium35%
5-High2%
248%
Percentage of Responses by Category Response #1 Response #2 Response #3 Response #4 Response #5 Hospital 4% 36% 48% 12% 0% Physician Group 6% 61% 22% 0% 11% Payor 9% 50% 32% 9% 0% Other 17% 48% 35% 0% 0%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 10
7. On a scale of 1-5, with 1 being “No Impact” and 5 being “Significant Impact”,to what degree will the regulations have an impact on whether or notproviders can or cannot participate in quality measurement activities underHIPAA?
Total Response Percentage - By Response
415%
1-Low29%
3-Medium26%
5- High 8%
222%
Percentage of Responses by Category
Response #1 Response #2 Response #3Response#4
Response#5
Hospital 50% 15% 27% 8% 0%PhysicianGroup 18% 18% 29% 29% 6%Payor 14% 33% 29% 10% 14%Other 26% 22% 22% 17% 13%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 11
8. This will be a three-part question. Do you believe that the regulations clearly define who
your business associates are, what their responsibilities are and what provisions need to be included in the agreement? Business Associates
Total Response Percentage - By Response
2-No35%
1 -Yes65%
Percentage of Responses by Category Response #1 Response #2 Hospital 69% 31% Physician Group 81% 19% Payor 50% 50% Other 64% 36%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 12
8- Responsibilities
Total Response Percentage - By Percentage
1-Yes63%
2-No37%
Percentage of Responses by Category Response #1 Response #2 Hospital 72% 28% Physician Group 78% 22% Payor 44% 56% Other 60% 40%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 13
8- Agreement Provisions
Total Repsonse Percentage - By Response
1 -Yes62%
2-No38%
Percentage of Responses by Category
Response #1 Response #2Hospital 74% 26%PhysicianGroup 71% 29%Payor 50% 50%Other 54% 46%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 14
9. On a scale of 1 – 5, with 1 being “small” and 5 being “large”, what is the magnitude of
the burden of implementing the Business Associate Agreement in terms of cost and time? Cost
Total Response Percentage - By Response
428%
1-Low7%
3-Medium32%
5-High25%
27%
Percentage of Responses by Category Response #1 Response #2 Response #3 Response #4 Response #5 Hospital 4% 7% 30% 30% 30% Physician Group 5% 0% 26% 42% 26% Payor 12% 4% 32% 20% 32% Other 8% 17% 38% 25% 13%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 15
9-Time
Total Response Percentage - By Response
1-Low6%
3-Medium18%
5-High39%
24%
433%
Percentage of Responses by Category
Response #1 Response #2 Response #3Response#4
Response#5
Hospital 4% 4% 7% 30% 56%PhysicianGroup 5% 0% 11% 26% 58%Payor 8% 0% 28% 32% 32%Other 8% 13% 25% 42% 13%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 16
10. On a scale of 1 – 5, with 1 being “regulations are unclear” and 5 being “regulations are
very clear”, does the regulation adequately distinguish between research and health care operations?
Total Response Percentage - By Response
433%
1-Low8%
3-Medium32%
5-High17% 2
10%
Percentage of Responses by Category Response #1 Response #2 Response #3 Response #4 Response #5 Hospital 8% 17% 33% 33% 8% Physician Group 0% 15% 46% 15% 23% Payor 10% 5% 33% 38% 14% Other 10% 5% 20% 40% 25%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 17
11. Are there additional areas in the HIPAA Privacy Regulation where you would like to
see the Department of Health and Human Services provide additional clarification and/or modification?
Total Response Percentage - By Response
1-Yes 78%
2-No 22%
Percentage of Responses by Category Response #1 Response #2 Hospital 96% 4% Physician Group 42% 58% Payor 79% 21% Other 76% 24%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 18
12. Has your organization developed a strategy for HIPAA Privacy Regulation
compliance?
Total Repsonse Percentage - By Response
1-Yes86%
2-No14%
Percentage of Responses by Category Response #1 Response #2 Hospital 93% 7% Physician 78% 22% Payor 77% 23% Other 92% 8%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 19
13. We are now ten months into a two-year compliance period. Which of the following has
your organization completed toward the implementation of the HIPAA Privacy Regulation? (Check all that apply)
Developed a strategic plan
Total Response Percentage - By Response
1-Yes81%
2-No19%
Percentage of Responses by Category Response #1 Response #2 Hospital 96% 4% Physician Group 65% 35% Payor 77% 23% Other 80% 20%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 20
13-Conducted Gap Assessment
Total Response Percentage - By Response
1-Yes67%
2-No33%
Percentage of Responses by Category Response #1 Response #2 Hospital 75% 25% Physician Group 53% 47% Payor 69% 31% Other 65% 35%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 21
13-Developed Readiness Initiatives
Total Response Percentage - By Response
1-Yes52%
2-No 48%
Percentage of Responses by Category Response #1 Response #2 Hospital 67% 33% Physician Group 35% 65% Payor 48% 52% Other 52% 48%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 22
13-Completed Implementing Readiness Initiatives
Total Response Percentage - By Response
1-Yes12%
2-No83%
Percentage of Responses by Category Response #1 Response #2 Hospital 4% 96% Physician Group 12% 88% Payor 8% 92% Other 24% 76%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 23
14. Has your organization designated a Privacy Official as defined by HIPAA?
Total Response Percentage - By Response
2-No23%
1-Yes77%
Percentage of Responses by Category Response #1 Response #2 Hospital 76% 24% Physician Group 65% 35% Payor 75% 25%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 24
14a. (If “Yes” to question 14) Has the Privacy Official identified the resources (people)
within your organization that are needed to ready your organization for HIPAA compliance?
Total Response Percentage - By Response
2 No13%
1-Yes87%
Percentage of Responses by Category Response #1 Response #2 Hospital 100% 0% Physician Group 75% 25% Payor 79% 21% Other 86% 14%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 25
15. Which department in your organization has the lead on the HIPAA privacy
implementation?
Total Response Percentage - By Response
4-Legal 10%
2-Medical Records9%
5-Operations13%
3-InformationTechnology
13%
1-Compliance27%
6-Other28%
Percentage of Responses by Category Response #1 Response #2 Response #3 Response #4 Response #5 Response #6 Hospital 46% 25% 4% 0% 11% 14% Physician Group 16% 11% 21% 5% 21% 26% Payor 23% 0% 8% 23% 15% 31% Other 16% 0% 24% 12% 8% 40%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 26
16. If and when do you anticipate the cost to comply with the Privacy regulations will be
offset by the savings expected by implementing other components of the regulations (e.g., the Transaction and Code Set regulations)? (Check all that apply).
Total Response Percentage - By Response
4-No Savings48%
2-Medium Term26%
3-Long Term22%
1-Short Term4%
Percentage of Responses by Category Response #1 Response #2 Response #3 Response #4 Hospital 11% 26% 37% 26% Physician Group 6% 25% 6% 63% Payor 0% 31% 23% 46% Other 0% 25% 20% 55%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 27
17. Which of the following describes your organization’s progress in regards to the
budgeting and funding of your HIPAA efforts? (Check the option that most applies to your organization).
Total Response Percentage - By Response
4-Fully Funded21%
2-Bugeted Not Funded
6%
5-Not Developing28%
3-Partially Funded 27%
1-Not Budgeted18%
Percentage of Responses by Category Response #1 Response #2 Response #3 Response #4 Response #5 Hospital 17% 14% 24% 24% 21% Physician Group 42% 11% 21% 5% 21% Payor 4% 0% 42% 29% 25% Other 13% 0% 21% 21% 46%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 28
20. Have you identified those state laws that are preempted by and are not preempted by
the HIPAA Privacy Regulation? Preempt
Total Response Percentage - By Response
2-No56%
1-Yes44%
Percentage of Responses by Category Response #1 Response #2 Hospital 52% 48% Physician Group 38% 62% Payor 42% 58% Other 41% 59%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 29
20. Do Not Preempt
Total Response Percentage - By Response
2-No 54%
1-Yes46%
Percentage of Responses by Category Response #1 Response #2 Hospital 56% 44% Physician Group 38% 62% Payor 43% 57% Other 43% 57%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 30
21. On a scale of 1 – 5, with 1 being “no guidelines” and 5 being “extensive guidelines”, to
what extent do the HIPAA Privacy regulations provide guidelines for information technology developers?
Total Response Percentage - By Response
4-High Guidelines9%
2-Low Guidelines49%
3-Guidelines29%
1-No Guidelines13%
Percentage of Responses by Category Response #1 Response #2 Response #3 Response #4 Hospital 5% 48% 43% 5% Physician Group 6% 56% 31% 6% Payor 14% 43% 29% 14% Other 23% 55% 14% 9%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 31
22. Can the following requirements be implemented with available tools and technologies?
Tracking Consent
Total Response Percentage - By Response
2-Partial26%
3-No21%
1-Yes53%
Percentage of Responses by Category Response #1 Response #2 Response #3 Hospital 52% 28% 20% Physician Group 47% 20% 33% Payor 53% 32% 16% Other 61% 22% 17%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 32
22. Revocations of Consent
Total Response Percentage - By Response
2-Partially27%
3-No28%
1- Yes45%
Percentage of Responses by Category Response #1 Response #2 Response #3 Hospital 44% 32% 24% Physician Group 47% 20% 33% Payor 39% 28% 33% Other 50% 25% 25%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 33
22. Limitations of Consent
Total Response Percentage - By Response
2-Partially28%
3-No35%
1- Yes37%
Percentage of Responses by Category Response #1 Response #2 Response #3 Hospital 30% 39% 30% Physician Group 40% 27% 33% Payor 32% 21% 47% Other 45% 23% 32%
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 34
22. Accounting of Disclosure
Total Response Percentage - By Response
2-Partially28%
3-No 29%
1-Yes43%
Percentage of Responses by Category Response #1 Response #2 Response #3 Hospital 44% 32% 24% Physician Group 33% 33% 33% Payor 43% 24% 33% Other 48% 24% 29%
California HIPAA Privacy Implementation Survey: Appendix E. Bar Charts Prepared for the California HealthCare Foundation Prepared by National Committee for Quality Assurance and Georgetown University Health Privacy Project April 2002
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 2
1. On a scale of 1 –5, with 1 being “Low” and 5 being “High”, how would you
rate your overall knowledge of the HIPAA privacy regulation?
Number of Responses by Category
0 0
3
10
16
1 1
5
8
4
0
2
98
7
0 0
4
12
10
0
2
4
6
8
10
12
14
16
18
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 3
2. On a scale of 1 – 5, with 1 being “least workable” and 5 being “most workable”, how do you view the workability of the HIPAA Privacy Regulation’s current consent requirements?
Number of Responses by Category
1
2
19
4
3
1
3
11
4
0
3
5
9
4 4
2
3
11
7
3
0
2
4
6
8
10
12
14
16
18
20
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 4
3. On a scale of 1 –5, with 1 being “will greatly limit” and 5 being “will greatly enhance” how do you think the consent requirements will affect the flow of information needed to assess health care quality?
Number of Responses by Category
1
17
5 5
0
1
8 8
1 11
12
11
1
0
4
13
7
2
00
2
4
6
8
10
12
14
16
18
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 5
5. On a scale of 1 – 5, with 1 being “least workable” and 5 being “most workable”, how do you view the workability of the HIPAA Privacy Regulation’s current “Minimum Necessary” requirements?
Number of Responses by Category
1
4
16
5
21
2
13
21
0
5
12
5
12
3
13
5
1
0
2
4
6
8
10
12
14
16
18
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 6
6. This will be a three-part question. On a scale of 1 – 5, with 1 being “will greatly limit” and 5 being “will greatly enhance”, how do you think the “Minimum Necessary” rule will affect the flow of information needed for each of the following: delivery, payment, and assessment of health care quality.
Delivery
Number of Responses by Category
0
8
14
5
01
9
7
01
0
11
9
3
0
3
10
12
0 00
2
4
6
8
10
12
14
16
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 7
6 Payment
Number of Responses by Category
1
5
16
4
10
10
6
1 10
14
6
3
1
32
12
3
1
0
2
4
6
8
10
12
14
16
18
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 8
6. Assessment
Number of Responses by Category
1
9
12
3
0
1
11
4
0
22
11
7
2
0
4
11
8
0 00
2
4
6
8
10
12
14
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 9
7. In a scale of 1-5, with 1 being “No Impact” and 5 being “Significant Impact”, to
what degree will the regulations have an impact on whether or not providers can or cannot participate in quality measurement activities under HIPAA?
Number of Responses by Category
13
4
7
2
0
3 3
5 5
1
3
7
6
2
3
6
5 5
4
3
0
2
4
6
8
10
12
14
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 10
8. This will be a three-part question. Do you believe that the regulations clearly
define who your business associates are, what their responsibilities are and what provisions need to be included in the agreement?
Business Associates
Number of Responses by Category
20
9
13
3
13 13
16
9
0
5
10
15
20
25
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 11
8- Responsibilities
Number of Responses by Category
21
8
14
4
11
1415
10
0
5
10
15
20
25
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 12
8- Agreement Provisions
Number of Responses by Category
20
7
12
5
12 1213
11
0
5
10
15
20
25
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 13
9. On a scale of 1 – 5, with 1 being “small” and 5 being “large”, what is the magnitude of the burden of implementing the Business Associate Agreement in terms of cost and time? Cost
Number of Responses by Category
1
2
8 8 8
1
0
5
8
5
3
1
8
5
8
2
4
9
6
3
0
1
2
3
4
5
6
7
8
9
10
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 14
9- Time
Number of Responses by Category
1 1
2
8
15
1
0
2
5
11
2
0
7
8 8
2
3
6
10
3
0
2
4
6
8
10
12
14
16
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 15
10. On a scale of 1 – 5, with 1 being “regulations are unclear” and 5 being “regulations
are very clear”, does the regulation adequately distinguish between research and health care operations?
Number of Responses by Category
2
4
8 8
2
0
2
6
2
3
2
1
7
8
3
2
1
4
8
5
0
1
2
3
4
5
6
7
8
9
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 16
11. Are there additional areas in the HIPAA Privacy Regulation where you would like to
see the Department of Health and Human Services provide additional clarification and/or modification?
Number of Responses by Category
25
1
57
15
4
16
5
0
5
10
15
20
25
30
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 17
12. Has your organization developed a strategy for HIPAA Privacy Regulation
compliance?
Number of Responses by Category
27
2
14
4
20
6
22
2
0
5
10
15
20
25
30
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 18
13. We are now ten months into a two-year compliance period. Which of the following
has your organization completed toward the implementation of the HIPAA Privacy Regulation? (Check all that apply)
Developed a strategic plan
Number of Responses by Category
27
1
11
6
20
6
20
5
0
5
10
15
20
25
30
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 19
13- Conducted Gap Assessment
Number of Responses by Category
21
7
98
18
8
15
8
0
5
10
15
20
25
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 20
13- Developed Readiness Initiatives
Number of Responses by Category
18
9
6
1112
131312
0
2
4
6
8
10
12
14
16
18
20
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 21
13-Completed Implementing Readiness Initiatives
Number of Responses by Category
1
26
2
15
2
23
6
19
0
5
10
15
20
25
30
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 22
14. Has your organization designated a Privacy Official as defined by HIPAA?
Number of Responses by Category
22
7
11
6
18
6
22
3
0
5
10
15
20
25
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 23
14a. (If “Yes” to question 14) Has the Privacy Official identified the resources (people)
within your organization that are needed to ready your organization for HIPAA compliance?
Number of Responses by Category
22
0
9
3
15
4
19
3
0
5
10
15
20
25
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 24
15. Which department in your organization has the lead on the HIPAA privacy
implementation?
Number of Responses by Category
13
7
1
0
3
4
3
2
4
1
4
5
6
0
2
6
4
8
4
0
6
3
2
10
0
2
4
6
8
10
12
14
1 2 3 4 5 6
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 25
16. If and when do you anticipate the cost to comply with the Privacy regulations will be
offset by the savings expected by implementing other components of the regulations (e.g., the Transaction and Code Set regulations)? (Check all that apply).
Number of Responses by Category
2
5
7
5
1
4
1
10
0
4
3
6
0
5
4
11
0
2
4
6
8
10
12
1 2 3 4
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 26
17. Which of the following describes your organization’s progress in regards to the
budgeting and funding of your HIPAA efforts? (Check the option that most applies to your organization).
Number of Responses by Category
5
4
7 7
6
8
2
4
1
4
1
0
10
7
6
3
0
5 5
11
0
2
4
6
8
10
12
1 2 3 4 5
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 27
20. Have you identified those state laws that are preempted by and are not preempted
by the HIPAA Privacy Regulation? Preempt
Number of Responses by Category
1413
5
8
10
14
9
13
0
2
4
6
8
10
12
14
16
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 28
20- Do not Preempt
Number of Responses by Category
15
12
5
8
10
13
9
12
0
2
4
6
8
10
12
14
16
1 2
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 29
21. On a scale of 1 – 5, with 1 being “no guidelines” and 5 being “extensive guidelines”,
to what extent do the HIPAA Privacy regulations provide guidelines for information technology developers?
Number of Responses by Category
1
10
9
11
9
5
1
3
9
6
3
5
12
3
2
0
2
4
6
8
10
12
14
1 2 3 4
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 30
22. Can the following requirements be implemented with available tools and technologies? Tracking Consent
Number of Responses by Category
13
7
5
7
3
5
10
6
3
14
54
0
2
4
6
8
10
12
14
16
1 2 3
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 31
22. Revocations of Consent
Number of Responses by Category
11
8
6
7
3
5
7
5
6
12
6 6
0
2
4
6
8
10
12
14
1 2 3Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 32
22- Limitations of Consent
Number of Responses by Category
7
9
7
6
4
5
6
4
9
10
5
7
0
2
4
6
8
10
12
1 2 3
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 33
22. Accounting of Disclosure
Number of Responses by Category
11
8
6
5 5 5
9
5
7
10
5
6
0
2
4
6
8
10
12
1 2 3
Type of Response
Num
ber o
f Res
pons
e
HospitalPhysicianPayorOther
California HIPAA Privacy Implementation Survey:
Appendix F. Data Frequency Sheets for Open-ended Questions
Prepared for the California HealthCare Foundation
Prepared by National Committee for Quality Assurance and Georgetown University Health Privacy Project
April 2002
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
2
Survey Response Rate Population Surveyed Percent
Total 420 100 24% Hospital 133 29 22% Rural - 3 - < 50 bed - - - 50 - 99 - 1 - 100 - 299 - - - > 300 bed - 2 - Community - 18 - < 50 beds - 1 - 50 - 99 - 1 - 100 - 299 - 6 - > 300 beds - 10 - Academic - 8 - < 50 beds - - - 50 - 99 - - - 100 - 299 - 2 - > 300 beds - 6 - Physician Group 167 19 11% Single Specialty - 3 - < 30 - 3 - 31 - 100 - - - >100 - - - Multi-Specialty - 16 - < 30 - - - 31 - 100 - 2 - > 100 - 14 - Payor 39 26 67% Commercial - 3 - Medicaid - 7 - Medicare - 3 - Commercial and Medicaid - 3 - Commercial and Medicare - 6 - Medicaid and Medicare - - - All - 4 - Other 81 26 32% Researcher - 1 - Disease Mgmt - 13 - Other - 12 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
3
1. On a scale of 1 –5, with 1 being “Low” and 5 being “High”, how would you rate your overall knowledge of the HIPAA privacy regulation?
1
Low 2 3
Medium4 5
High Don't Know
Total 1 3 21 38 37 - Hospital - - 3 10 16 - Rural - - - - 3 - < 50 bed - - - - - - 50 - 99 - - - - 1 - 100 - 299 - - - - - - > 300 bed - - - - 2 - Community - - 3 10 5 - < 50 beds - - 1 - - - 50 - 99 - - - - 1 - 100 - 299 - - 2 2 2 - > 300 beds - - - 8 2 - Academic - - - - 8 - < 50 beds - - - - - - 50 - 99 - - - - - - 100 - 299 - - - - 2 - > 300 beds - - - - 6 - Physician Group 1 1 5 8 4 - Single Specialty 1 - 1 1 - - < 30 1 - 1 1 - - 31 - 100 - - - - - - >100 - - - - - - Multi-Specialty - 1 4 7 4 - < 30 - - - - - - 31 – 100 - - 1 - 1 - > 100 - 1 3 7 3 - Payor - 2 9 8 7 - Commercial - - 1 1 1 - Medicaid - - 3 4 - - Medicare - - 1 2 - - Commercial and Medicaid - 1 - - 2 - Commercial and Medicare - - 3 1 2 - Medicaid and Medicare - - - - - - All - 1 1 - 2 - Other - - 4 12 10 - Researcher - - - - 1 - Disease Mgmt - - 2 8 3 - Other - - 2 4 6 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
4
2. On a scale of 1 – 5, with 1 being “least workable” and 5 being “most workable”, how do you view the workability of the HIPAA Privacy Regulation’s current consent requirements?
1 Least
Workable
2 3 4 5 Most
Workable
Don't Know
Total 7 13 50 19 10 1 Hospital 1 2 19 4 3 - Rural - - 2 1 - - < 50 bed - - - - - - 50 - 99 - - 1 - - - 100 - 299 - - - - - - > 300 bed - - 1 1 - - Community 1 2 12 2 1 - < 50 beds - - - 1 - - 50 - 99 - - 1 - - - 100 - 299 - - 6 - - - > 300 beds 1 2 5 1 1 - Academic - - 5 1 2 - < 50 beds - - - - - - 50 - 99 - - - - - - 100 - 299 - - 2 - - - > 300 beds - - 3 1 2 - Physician Group 1 3 11 4 - - Single Specialty 1 - 2 - - - < 30 1 - 2 - - - 31 - 100 - - - - - - >100 - - - - - - Multi-Specialty - 3 9 4 - - < 30 - - - - - - 31 - 100 - 1 1 - - - > 100 - 2 8 4 - - Payor 3 5 9 4 4 1 Commercial 1 1 - - 1 - Medicaid 1 2 2 1 1 - Medicare - - 2 1 - - Commercial and Medicaid - 1 - 1 1 - Commercial and Medicare - 1 4 1 - - Medicaid and Medicare - - - - - - All 1 - 1 - 1 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
5
Other 2 3 11 7 3 - Researcher - - - 1 - - Disease Mgmt 2 1 8 1 1 - Other - 2 3 5 2 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
6
3. On a scale of 1 –5, with 1 being “will greatly limit” and 5 being “will greatly enhance” how do you think the consent requirements will affect the flow of information needed to assess health care quality?
1
Will GreatlyLimit
2 3 4 5
Will Greatly Enhance
Don't Know
Total 7 50 31 9 1 2 Hospital 1 17 5 5 - 1 Rural - 1 - 2 - - < 50 bed - - - - - - 50 - 99 - 1 - - - - 100 - 299 - - - - - - > 300 bed - - - 2 - - Community 1 13 4 - - - < 50 beds - - 1 - - - 50 - 99 - 1 - - - - 100 - 299 - 3 3 - - - > 300 beds 1 9 - - - - Academic - 3 1 3 - 1 < 50 beds - - - - - - 50 - 99 - - - - - - 100 - 299 - 1 - 1 - - > 300 beds - 2 1 2 - 1 Physician Group 1 8 8 1 1 - Single Specialty - 3 - - - - < 30 - 3 - - - - 31 - 100 - - - - - - >100 - - - - - - Multi-Specialty 1 5 8 1 1 - < 30 - - - - - - 31 - 100 - 1 - - 1 - > 100 1 4 8 1 - - Payor 1 12 11 1 - 1 Commercial - 1 2 - - - Medicaid - 2 5 - - - Medicare - 2 - 1 - - Commercial and Medicaid 1 1 1 - - - Commercial and Medicare - 4 2 - - - Medicaid and Medicare - - - - - - All - 2 1 - - 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
7
Other 4 13 7 2 - - Researcher - 1 - - - - Disease Mgmt 2 6 4 1 - - Other 2 6 3 1 - -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
8
5. On a scale of 1 – 5, with 1 being “least workable” and 5 being “most workable”, how do you view the workability of the HIPAA Privacy Regulation’s current “Minimum Necessary” requirements?
1
Least Workable
2 3 4 5
Most Workable
Don't Know
Total 4 14 54 17 5 6 Hospital 1 4 16 5 2 1 Rural - 2 1 - - - < 50 bed - - - - - - 50 - 99 - - 1 - - - 100 - 299 - - - - - - > 300 bed - 2 - - - - Community 1 1 11 3 1 1 < 50 beds - - - 1 - - 50 - 99 - - 1 - - - 100 - 299 - - 3 1 1 1 > 300 beds 1 1 7 1 - - Academic - 1 4 2 1 - < 50 beds - - - - - - 50 - 99 - - - - - - 100 - 299 - - 2 - - - > 300 beds - 1 2 2 1 - Physician Group 1 2 13 2 1 - Single Specialty - - 3 - - - < 30 - - 3 - - - 31 - 100 - - - - - - >100 - - - - - - Multi-Specialty 1 2 10 2 1 - < 30 - - - - - - 31 - 100 - 1 - - 1 - > 100 1 1 10 2 - - Payor - 5 12 5 1 3 Commercial - 1 2 - - - Medicaid - 3 - 2 - 2 Medicare - - 3 - - - Commercial and Medicaid - - 1 2 - - Commercial and Medicare - 1 3 1 1 - Medicaid and Medicare - - - - - - All - - 3 - - 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
9
Other 2 3 13 5 1 2 Researcher - - 1 - - - Disease Mgmt 1 3 5 2 1 1 Other 1 - 7 3 - 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
10
6. This will be a three-part question. On a scale of 1 – 5, with 1 being “will greatly limit” and 5 being “will greatly enhance”, how do you think the “Minimum Necessary” rule will affect the flow of information needed for each of the following: delivery, payment, and assessment of health care quality?
6a. Delivery 1
Greatly Limit
2 3 4 5
Greatly Enhance
Don't Know
Total 4 38 42 8 1 7 Hospital - 8 14 5 - 2 Rural - - 2 - - 1 < 50 bed - - - - - - 50 - 99 - - 1 - - - 100 - 299 - - - - - - > 300 bed - - 1 - - 1 Community - 5 10 2 - 1 < 50 beds - - 1 - - - 50 - 99 - 1 - - - - 100 - 299 - - 5 - - 1 > 300 beds - 4 4 2 - - Academic - 3 2 3 - - < 50 beds - - - - - - 50 - 99 - - - - - - 100 - 299 - 2 - - - - > 300 beds - 1 2 3 - - Physician Group 1 9 7 - 1 1 Single Specialty - 2 - - - 1 < 30 - 2 - - - 1 31 - 100 - - - - - - >100 - - - - - - Multi-Specialty 1 7 7 - 1 - < 30 - - - - - - 31 - 100 - 1 - - 1 - > 100 1 6 7 - - - Payor - 11 9 3 - 3 Commercial - 2 1 - - - Medicaid - 2 2 3 - - Medicare - 3 - - - - Commercial and Medicaid - 1 2 - - - Commercial and Medicare - 1 3 - - 2 Medicaid and Medicare - - - - - - All - 2 1 - - 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
11
Other 3 10 12 - - 1 Researcher - 1 - - - - Disease Mgmt 1 6 5 - - 1 Other 2 3 7 - - -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
12
6b. Payment
6b. Payment 1
Greatly Limit
2 3 4 5
Greatly Enhance
Don't Know
Total 4 31 40 11 4 10 Hospital 1 5 16 4 1 2 Rural - - 2 - - 1 < 50 bed - - - - - - 50 - 99 - - 1 - - - 100 - 299 - - - - - - > 300 bed - - 1 - - 1 Community 1 3 10 2 1 1 < 50 beds - - 1 - - - 50 - 99 - - 1 - - - 100 - 299 - 1 3 1 - 1 > 300 beds 1 2 5 1 1 - Academic - 2 4 2 - - < 50 beds - - - - - - 50 - 99 - - - - - - 100 - 299 - - 2 - - - > 300 beds - 2 2 2 - - Physician Group - 10 6 1 1 1 Single Specialty - 1 - 1 - 1 < 30 - 1 - 1 - 1 31 - 100 - - - - - - >100 - - - - - - Multi-Specialty - 9 6 - 1 - < 30 - - - - - - 31 - 100 - 1 - - 1 - > 100 - 8 6 - - - Payor - 14 6 3 1 2 Commercial - 2 - - 1 - Medicaid - 2 3 2 - - Medicare - 2 - 1 - - Commercial and Medicaid - 1 2 - - - Commercial and Medicare - 4 1 - - 1 Medicaid and Medicare - - - - - - All - 3 - - - 1 Other 3 2 12 3 1 5 Researcher - - 1 - - - Disease Mgmt 1 2 4 2 - 4 Other 2 - 7 1 1 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
13
6c. Assessment
6c. Assessment 1
Greatly Limit
2 3 4 5
Greatly Enhance
Don't Know
Total 8 42 31 5 2 12 Hospital 1 9 12 3 - 4 Rural - - 2 - - 1 < 50 bed - - - - - - 50 - 99 - - 1 - - - 100 - 299 - - - - - - > 300 bed - - 1 - - 1 Community - 6 9 - - 3 < 50 beds - - 1 - - - 50 - 99 - 1 - - - - 100 - 299 - 2 3 - - 1 > 300 beds - 3 5 - - 2 Academic 1 3 1 3 - - < 50 beds - - - - - - 50 - 99 - - - - - - 100 - 299 - 2 - - - - > 300 beds 1 1 1 3 - - Physician Group 1 11 4 - 2 1 Single Specialty 1 1 - - - 1 < 30 1 1 - - - 1 31 - 100 - - - - - - >100 - - - - - - Multi-Specialty - 10 4 - 2 - < 30 - - - - - - 31 - 100 - 1 - - 1 - > 100 - 9 4 - 1 - Payor 2 11 7 2 - 4 Commercial 1 1 1 - - - Medicaid - 1 3 2 - 1 Medicare - 3 - - - - Commercial and Medicaid - 1 2 - - - Commercial and Medicare 1 3 1 - - 1 Medicaid and Medicare - - - - - - All - 2 - - - 2 Other 4 11 8 - - 3 Researcher 1 - - - - - Disease Mgmt 1 6 4 - - 2 Other 2 5 4 - - 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
14
7. On a scale of 1-5, with 1 being “No Impact” and 5 being “Significant Impact”, to what degree will the regulations have an impact on whether or not providers can or cannot participate in quality measurement activities under HIPAA?
1
No Impact
2 3 4 5
Significant Impact
Don't Know
Total 25 19 23 13 7 13 Hospital 13 4 7 2 - 3 Rural 2 - - - - 1 < 50 bed - - - - - - 50 - 99 1 - - - - - 100 - 299 - - - - - > 300 bed 1 - - - - 1 Community 8 3 5 1 - 1 < 50 beds 1 - - - - - 50 - 99 - 1 - - - - 100 - 299 4 1 - - - 1 > 300 beds 3 1 5 1 - - Academic 3 1 2 1 - 1 < 50 beds - - - - - - 50 - 99 - - - - - - 100 - 299 - - 1 - - 1 > 300 beds 3 1 1 1 - - Physician Group 3 3 5 5 1 2 Single Specialty - 1 1 1 - - < 30 - 1 1 1 - - 31 - 100 - - - - - - >100 - - - - - - Multi-Specialty 3 2 4 4 1 2 < 30 - - - - - - 31 - 100 - - - 1 1 - > 100 3 2 4 3 - 2 Payor 3 7 6 2 3 5 Commercial 1 - 1 - - 1 Medicaid - 4 1 1 - 1 Medicare - - 1 - - 2 Commercial and Medicaid - 1 1 1 - - Commercial and Medicare 1 2 1 - 1 1 Medicaid and Medicare - - - - - - All 1 - 1 - 2 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
15
Other 6 5 5 4 3 3 Researcher - - - - 1 - Disease Mgmt 3 2 3 3 - 2 Other 3 3 2 1 2 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
16
8.a This will be a three-part question. Do you believe that the regulations clearly define who your business associates are, what their responsibilities are and what provisions need to be included in the agreement? 8.a Business Associates Yes No Don’t Know
Total 62 34 4 Hospital 20 9 - Rural 3 - - < 50 bed - - - 50 - 99 1 - - 100 - 299 - - - > 300 bed 2 - - Community 11 7 - < 50 beds 1 - - 50 - 99 - 1 - 100 - 299 3 3 - > 300 beds 7 3 - Academic 6 2 - < 50 beds - - - 50 - 99 - - - 100 - 299 1 1 - > 300 beds 5 1 - Physician Group 13 3 3 Single Specialty - 1 2 < 30 - 1 2 31 - 100 - - - >100 - - - Multi-Specialty 13 2 1 < 30 - - - 31 - 100 2 - - > 100 11 2 1 Payor 13 13 - Commercial - 3 - Medicaid - 7 - Medicare 2 1 - Commercial and Medicaid 3 - - Commercial and Medicare 4 2 - Medicaid and Medicare - - - All 4 - - Other 16 9 1 Researcher 1 - - Disease Mgmt 8 5 - Other 7 4 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
17
8.b - Responsibilities 8.b Responsibilities Yes No Don’t Know
Total 61 36 3 Hospital 21 8 - Rural 2 1 - < 50 bed - - - 50 - 99 1 - - 100 - 299 - - - > 300 bed 1 1 - Community 12 6 - < 50 beds 1 - - 50 - 99 - 1 - 100 - 299 3 3 - > 300 beds 8 2 - Academic 7 1 - < 50 beds - - - 50 - 99 - - - 100 - 299 1 1 - > 300 beds 6 - - Physician Group 14 4 1 Single Specialty - 2 1 < 30 - 2 1 31 - 100 - - - >100 - - - Multi-Specialty 14 2 - < 30 - - - 31 - 100 2 - - > 100 12 2 - Payor 11 14 1 Commercial 1 2 - Medicaid 1 6 - Medicare 1 1 1 Commercial and Medicaid 2 1 - Commercial and Medicare 4 2 - Medicaid and Medicare - - - All 2 2 - Other 15 10 1 Researcher 1 - - Disease Mgmt 7 6 - Other 7 4 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
18
8.c- Agreement Provisions 8.c Agreement Provisions Yes No Don’t Know
Total 57 35 8 Hospital 20 7 2 Rural 2 1 - < 50 bed 1 - - 50 - 99 - - - 100 - 299 - - - > 300 bed 1 1 - Community 13 4 1 < 50 beds 1 - - 50 - 99 - 1 - 100 - 299 4 2 - > 300 beds 8 1 1 Academic 5 2 1 < 50 beds - - - 50 - 99 - - - 100 - 299 - 1 1 > 300 beds 5 1 - Physician Group 12 5 2 Single Specialty - 1 2 < 30 - 1 2 31 - 100 - - - >100 - - - Multi-Specialty 12 4 - < 30 - - - 31 - 100 2 - - > 100 10 4 - Payor 12 12 2 Commercial 2 1 - Medicaid 1 6 - Medicare 1 1 1 Commercial and Medicaid 2 1 - Commercial and Medicare 4 1 1 Medicaid and Medicare - - - All 2 2 - Other 13 11 2 Researcher - - 1 Disease Mgmt 7 6 - Other 6 5 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
19
9. On a scale of 1 – 5, with 1 being “small” and 5 being “large”, what is the magnitude of the burden of implementing the Business Associate Agreement in terms of cost and time?
9a. Cost 1
Small 2 3 4 5
Large Don't Know
Total 7 7 30 27 24 5 Hospital 1 2 8 8 8 2 Rural - - 1 2 - - < 50 bed - - - - - - 50 - 99 - - 1 - - - 100 - 299 - - - - - - > 300 bed - - - 2 - - Community 1 2 5 4 5 1 < 50 beds 1 - - - - - 50 - 99 - - - 1 - - 100 - 299 - 1 2 1 2 - > 300 beds - 1 3 2 3 1 Academic - - 2 2 3 1 < 50 beds - - - - - - 50 - 99 - - - - - - 100 - 299 - - - 1 - 1 > 300 beds - - 2 1 3 - Physician Group 1 - 5 8 5 - Single Specialty - - - 1 2 - < 30 - - - 1 2 - 31 - 100 - - - - - - >100 - - - - - - Multi-Specialty 1 - 5 7 3 - < 30 - - - - - - 31 - 100 - - - - 2 - > 100 1 - 5 7 1 - Payor 3 1 8 5 8 1 Commercial 1 - - - 2 - Medicaid 1 1 3 1 1 - Medicare - - 1 1 1 - Commercial and Medicaid - - - - 2 1 Commercial and Medicare - - 3 2 1 - Medicaid and Medicare - - - - - - All 1 - 1 1 1 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
20
Other 2 4 9 6 3 2 Researcher - - - 1 - - Disease Mgmt 1 2 5 3 - 2 Other 1 2 4 2 3 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
21
9b-Time
9b) Time 1
Small 2 3 4 5
Large Don't Know
Total 6 4 17 31 37 5 Hospital 1 1 2 8 15 2 Rural - - 1 1 1 - < 50 bed - - - - - - 50 – 99 - - 1 - - - 100 – 299 - - - - - - > 300 bed - - - 1 1 - Community 1 1 1 5 9 1 < 50 beds 1 - - - - - 50 – 99 - - - 1 - - 100 – 299 - 1 - 2 3 - > 300 beds - - 1 2 6 1 Academic - - - 2 5 1 < 50 beds - - - - - - 50 – 99 - - - - - - 100 – 299 - - - 1 - 1 > 300 beds - - - 1 5 - Physician Group 1 - 2 5 11 - Single Specialty - - - 1 2 - < 30 - - - 1 2 - 31 – 100 - - - - - - >100 - - - - - - Multi-Specialty 1 - 2 4 9 - < 30 - - - - - - 31 – 100 - - - - 2 - > 100 1 - 2 4 7 - Payor 2 - 7 8 8 1 Commercial - - 1 - 2 - Medicaid 1 - 3 2 1 - Medicare - - - 2 1 - Commercial and Medicaid - - - - 2 1 Commercial and Medicare - - 2 3 1 - Medicaid and Medicare - - - - - - All 1 - 1 1 1 - Other 2 3 6 10 3 2 Researcher - - - 1 - - Disease Mgmt 1 2 4 4 - 2 Other 1 1 2 5 3 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
22
10. On a scale of 1 – 5, with 1 being “regulations are unclear” and 5 being “regulations are very clear”, does the regulation adequately distinguish between research and health care operations?
1
Unclear 2 3 4 5
Very Clear Don't Know
Total 6 8 25 26 13 22 Hospital 2 4 8 8 2 5 Rural - - - 1 - 2 < 50 bed - - - - - - 50 – 99 - - - - - 1 100 – 299 - - - - - - > 300 bed - - - 1 - 1 Community 1 2 6 4 2 3 < 50 beds - - 1 - - - 50 – 99 - - 1 - - - 100 – 299 - - 2 1 1 2 > 300 beds 1 2 2 3 1 1 Academic 1 2 2 3 - - < 50 beds - - - - - - 50 – 99 - - - - - - 100 – 299 - - 1 1 - - > 300 beds 1 2 1 2 - - Physician Group - 2 6 2 3 6 Single Specialty - - 1 - - 2 < 30 - - 1 - - 2 31 – 100 - - - - - - >100 - - - - - - Multi-Specialty - 2 5 2 3 4 < 30 - - - - - - 31 – 100 - - - - 2 - > 100 - 2 5 2 1 4 Payor 2 1 7 8 3 5 Commercial 1 1 - 1 - - Medicaid - - 2 3 1 1 Medicare - - - 2 1 Commercial and Medicaid - - 1 - 1 1 Commercial and Medicare - - 2 2 - 2 Medicaid and Medicare - - - - - - All 1 - 2 - - 1 Other 2 1 4 8 5 6 Researcher - 1 - - - -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
23
Disease Mgmt 1 - 3 5 - 4 Other 1 - 1 3 5 2
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
24
11. Are there additional areas in the HIPAA Privacy Regulation where you would like to see the Department of Health and Human Services provide additional clarification and/or modification?
Yes No Don’t Know
Total 61 17 22 Hospital 25 1 3 Rural 3 - - < 50 bed - - - 50 - 99 1 - - 100 - 299 - - - > 300 bed 2 - - Community 15 1 2 < 50 beds - 1 - 50 - 99 1 - - 100 - 299 4 - 2 > 300 beds 10 - - Academic 7 - 1 < 50 beds - - - 50 - 99 - - - 100 - 299 2 - - > 300 beds 5 - 1 Physician Group 5 7 7 Single Specialty - 1 2 < 30 - 1 2 31 - 100 - - - >100 - - - Multi-Specialty 5 6 5 < 30 - - - 31 - 100 - - 2 > 100 5 6 3 Payor 15 4 7 Commercial 3 - - Medicaid 4 1 2 Medicare - 2 1 Commercial and Medicaid 1 - 2 Commercial and Medicare 4 1 1 Medicaid and Medicare - - - All 3 - 1 Other 16 5 5 Researcher 1 - - Disease Mgmt 9 1 3 Other 6 4 2
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
25
12. Has your organization developed a strategy for HIPAA Privacy Regulation compliance?
Yes No Don’t Know
Total 83 14 3 Hospital 27 2 - Rural 3 - - < 50 bed - - - 50 - 99 1 - - 100 - 299 - - - > 300 bed 2 - - Community 16 2 - < 50 beds 1 - - 50 - 99 1 - - 100 - 299 4 2 - > 300 beds 10 - - Academic 8 - - < 50 beds - - - 50 - 99 - - - 100 - 299 2 - - > 300 beds 6 - - Physician Group 14 4 1 Single Specialty 2 1 - < 30 2 1 - 31 - 100 - - - >100 - - - Multi-Specialty 12 3 1 < 30 - - - 31 - 100 2 - - > 100 10 3 1 Payor 20 6 - Commercial 3 - - Medicaid 5 2 - Medicare 3 - - Commercial and Medicaid 2 1 - Commercial and Medicare 5 1 - Medicaid and Medicare - - - All 2 2 - Other 22 2 2 Researcher 1 - - Disease Mgmt 12 - 1 Other 9 2 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
26
13. We are now ten months into a two-year compliance period. Which of the following has your organization completed toward the implementation of the HIPAA Privacy Regulation? (Check all that apply)
13a) Developed a Strategic Plan Yes No Don’t Know
Total 78 18 4 Hospital 27 1 1 Rural 3 - - < 50 bed - - - 50 - 99 1 - - 100 - 299 - - - > 300 bed 2 - - Community 16 1 1 < 50 beds 1 - - 50 - 99 1 - - 100 - 299 4 1 1 > 300 beds 10 - - Academic 8 - - < 50 beds - - - 50 - 99 - - - 100 - 299 2 - - > 300 beds 6 - - Physician Group 11 6 2 Single Specialty 2 1 - < 30 2 1 - 31 - 100 - - - >100 - - - Multi-Specialty 9 5 2 < 30 - - - 31 - 100 1 1 - > 100 8 4 2 Payor 20 6 - Commercial 3 - - Medicaid 5 2 - Medicare 3 - - Commercial and Medicaid 2 1 - Commercial and Medicare 5 1 - Medicaid and Medicare - - - All 2 2 - Other 20 5 1 Researcher - 1 - Disease Mgmt 11 1 1 Other 9 3 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
27
13b-Conducted Gap Assessment
13b) Conducted Gap Assessment Yes No Don’t Know
Total 63 31 6 Hospital 21 7 1 Rural 3 - - < 50 bed - - - 50 - 99 1 - - 100 - 299 - - - > 300 bed 2 - - Community 12 5 1 < 50 beds - 1 - 50 - 99 1 - - 100 - 299 3 2 1 > 300 beds 8 2 - Academic 6 2 - < 50 beds - - - 50 - 99 - - - 100 - 299 1 1 - > 300 beds 5 1 - Physician Group 9 8 2 Single Specialty 1 2 - < 30 1 2 - 31 - 100 - - - >100 - - - Multi-Specialty 8 6 2 < 30 - - - 31 - 100 - 2 - > 100 8 4 2 Payor 18 8 - Commercial 3 - - Medicaid 3 4 - Medicare 2 1 - Commercial and Medicaid 2 1 - Commercial and Medicare 6 - - Medicaid and Medicare - - - All 2 2 - Other 15 8 3 Researcher 1 - - Disease Mgmt 7 3 3 Other 7 5 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
28
13c- Developed Readiness Initiatives
13c) Developed Readiness Initiatives Yes No Don’t Know
Total 49 45 6 Hospital 18 9 2 Rural 2 1 - < 50 bed - - - 50 - 99 - 1 - 100 - 299 - - - > 300 bed 2 - - Community 12 5 1 < 50 beds 1 - - 50 - 99 1 - - 100 - 299 1 4 1 > 300 beds 9 1 - Academic 4 3 1 < 50 beds - - - 50 - 99 - - 100 - 299 2 - - > 300 beds 2 3 1 Physician Group 6 11 2 Single Specialty - 3 - < 30 - 3 - 31 - 100 - - - >100 - - - Multi-Specialty 6 8 2 < 30 - - - 31 - 100 - 2 - > 100 6 6 2 Payor 12 13 1 Commercial 2 1 - Medicaid 1 6 - Medicare 1 2 - Commercial and Medicaid 1 1 1 Commercial and Medicare 5 1 - Medicaid and Medicare - - - All 2 2 - Other 13 12 1 Researcher - 1 - Disease Mgmt 8 4 1 Other 5 7 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
29
13. Continued –
13d) Completed Implementing Readiness Initiatives Yes No Don’t Know
Total 11 83 6 Hospital 1 26 2 Rural - 3 - < 50 bed - - - 50 - 99 - 1 - 100 - 299 - - - > 300 bed - 2 - Community 1 16 1 < 50 beds - 1 - 50 - 99 - 1 - 100 - 299 - 5 1 > 300 beds 1 9 - Academic - 7 - < 50 beds - - - 50 - 99 - - - 100 - 299 - 1 1 > 300 beds - 6 - Physician Group 2 15 2 Single Specialty - 3 - < 30 - 3 - 31 - 100 - - - >100 - - - Multi-Specialty 2 12 2 < 30 - - - 31 - 100 - 2 - > 100 2 10 2 Payor 2 23 1 Commercial - 3 - Medicaid - 7 - Medicare - 3 - Commercial and Medicaid - 3 - Commercial and Medicare 1 4 1 Medicaid and Medicare - - - All 1 3 - Other 6 19 1 Researcher - 1 - Disease Mgmt 3 9 1 Other 3 9 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
30
14. Has your organization designated a Privacy Official as defined by HIPAA?
Yes No Don’t Know
Total 73 22 5 Hospital 22 7 - Rural 3 - - < 50 bed - - - 50 - 99 1 - - 100 - 299 - - - > 300 bed 2 - - Community 13 5 - < 50 beds 1 - - 50 - 99 1 - - 100 - 299 4 2 - > 300 beds 7 3 - Academic 6 2 - < 50 beds - - - 50 - 99 - - - 100 - 299 1 1 - > 300 beds 5 1 - Physician Group 11 6 2 Single Specialty 2 - 1 < 30 2 - 1 31 - 100 - - - >100 - - - Multi-Specialty 9 6 1 < 30 - - - 31 - 100 2 - - > 100 7 6 1 Payor 18 6 2 Commercial 3 - - Medicaid 4 2 1 Medicare 3 - - Commercial and Medicaid 1 2 - Commercial and Medicare 5 - 1 Medicaid and Medicare - - - All 2 2 - Other 22 3 1 Researcher 1 - - Disease Mgmt 13 - - Other 8 3 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
31
14a. (If “Yes” to question 14) Has the Privacy Official identified the resources (people) within your organization that are needed to ready your organization for HIPAA compliance?
Yes No Don’t Know
Total 65 10 2 Hospital 22 - 1 Rural 3 - - < 50 bed - - - 50 - 99 1 - - 100 - 299 - - - > 300 bed 2 - - Community 14 - - < 50 beds 1 - - 50 - 99 1 - - 100 - 299 4 - - > 300 beds 8 - - Academic 5 - 1 < 50 beds - - - 50 - 99 - - - 100 - 299 - - 1 > 300 beds 5 - - Physician Group 9 3 1 Single Specialty - 2 - < 30 - 2 - 31 - 100 - - - >100 - - - Multi-Specialty 9 1 1 < 30 - - - 31 - 100 2 - - > 100 7 1 1 Payor 15 4 - Commercial 3 - - Medicaid 2 2 - Medicare 2 1 - Commercial and Medicaid 2 - - Commercial and Medicare 5 - - Medicaid and Medicare - - - All 1 1 - Other 19 3 - Researcher 1 - - Disease Mgmt 11 2 - Other 7 1 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
32
15. Which department in your organization has the lead on the HIPAA privacy
implementation?
ComplianceMedical Records
Information Technology Legal
Operations Other
Don'tKnow
Total 26 9 13 10 13 27 2 Hospital 13 7 1 - 3 4 1 Rural 2 - - - - 1 - < 50 bed - - - - - - - 50 - 99 1 - - - - - - 100 - 299 - - - - - - - > 300 bed 1 - - - - 1 - Community 6 6 1 - 3 1 1 < 50 beds - 1 - - - - - 50 - 99 1 - - - - - - 100 - 299 - 3 1 - 1 - 1 > 300 beds 5 2 - - 2 1 - Academic 5 1 - - - 2 - < 50 beds - - - - - - - 50 - 99 - - - - - - - 100 - 299 2 - - - - - - > 300 beds 3 1 - - - 2 - Physician Group 3 2 4 1 4 5 - Single Specialty - 1 1 - - 1 - < 30 - 1 1 - - 1 - 31 - 100 - - - - - - - >100 - - - - - - - Multi-Specialty 3 1 3 1 4 4 - < 30 - - - - - - - 31 - 100 - - - - - 2 - > 100 3 1 3 1 4 2 - Payor 6 - 2 6 4 8 - Commercial 1 - - 1 1 - - Medicaid 1 - 1 1 1 3 - Medicare 2 - - - - 1 - Commercial and Medicaid - - - 2 1 - - Commercial and Medicare 1 - - 1 - 4 - Medicaid and Medicare - - - - - - - All 1 - 1 1 1 - -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
33
Other 4 - 6 3 2 10 1 Researcher - - - - - 1 - Disease Mgmt 1 - 4 2 1 5 - Other 3 - 2 1 1 4 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
34
16. If and when do you anticipate the cost to comply with the Privacy regulations will be offset by the savings expected by implementing other components of the regulations (e.g., the Transaction and Code Set regulations)? (Check all that apply).
Short Term (< 1 year)
Medium Term(3 – 5 years)
Long Term (>5 years) No Savings
Don’t Know
Total 3 18 15 32 32 Hospital 2 5 7 5 10 Rural - 1 - - 2 < 50 bed - - - - - 50 - 99 - 1 - - - 100 - 299 - - - - - > 300 bed - - - - 2 Community 2 4 5 2 5 < 50 beds 1 - - - - 50 - 99 - - 1 - - 100 - 299 1 2 - 1 2 > 300 beds - 2 4 1 3 Academic - - 2 3 3 < 50 beds - - - - - 50 - 99 - - - - - 100 - 299 - - 1 - 1 > 300 beds - - 1 3 2 Physician Group 1 4 1 10 3 Single Specialty - - - 2 1 < 30 - - - 2 1 31 - 100 - - - - - >100 - - - - - Multi-Specialty 1 4 1 8 2 < 30 - - - - - 31 - 100 - 1 - - 1 > 100 1 3 1 8 1 Payor - 4 3 6 13 Commercial - 1 - 1 1 Medicaid - 1 - 2 4 Medicare - - - 2 1 Commercial and Medicaid - - 2 - 1 Commercial and Medicare - 2 - 1 3 Medicaid and Medicare - - - - - All - - 1 - 3
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
35
Other - 5 4 11 6 Researcher - - - 1 - Disease Mgmt - 3 1 5 4 Other - 2 3 5 2
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
36
18. In which departments or areas of your organization will implementation of the HIPAA Privacy Regulation be most costly? Please provide the top three in descending order – highest to lowest.
High Medium Low Hospital IT Clinics Medical Records IS None None Tracking Disclosures None None IT Medical Records None IT Compliance Department Medical Records IT None None IT None None Medical Records Contract Management Nursing HIM Business Office Information Services IT Medical Records Nursing
Health Information Management
Human Resources – training the workforce IT
IS Medical Records Clinical Departments Nursing Information Systems Administration Medical Records Admission/Registration HIPAA Office Dept Medical Records Admitting and Registration Clinical/Nursing IS Education Medical Records Admitting/ Registration Medical Records IT Medical Records Information Systems Clinical areas M R EDI Clinical Operations Education IS Medical Records Registration Cancer Center I/S Risk Management Medical Records Compliance
have not assessed costs yet
None None
IT None None Security Privacy EDI Nursing Units Admitting Medical Records Nursing Time Medical Records Privacy Officer IT Administration Education
IT - Security Tracking systems for disclosures Training & Audit
Physician Groups Medical Records IT None Clinic Operations IT Billing Operations Transactions Sets Human Resource (people) Information Systems Medical Operations Providers Services Information services Medical records Operations Record Management Admissions IS Information Conversion None None Billing Administration Technology
Information Technology Education/Training Quality Risk Management/Compliance
I/T Medical Management Provider Relations
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
37
High Medium Low Customer Service Health Resource Management Contract Areas I/T Medical Management Provider Relations Medical costs Administrative costs IS costs IS Claims Processing Eligibility Information Technology Care Management Customer Service
Information Technology Medical Records Patient Accounting & Registration
MIS Medical Records Nursing Information Technology Medical Records Operations Payor Operations Utilization Management None System Modifications Training Procedures IT Legal Customer Service MIS Facilities Medical Mgmt Utilization management Member services Provider network operations IT Medical Mgmt Staff Model Dept MIS Claims Utilization Member Services None None Operations IT None Accounting Medical records IS Information Systems Claims Member Services Legal Affairs Medical Management Customer Services IS Don't Know Don't Know IT Contracting Physical Plants Member Services Provider Services Medical Services Operations None None
Medical Services (Pharmacy) I/T Claims/Member Services
Administration Contracting None Operations Member Services Provider Relations Customer Service Network Management Claims Legal IT Network Relations Systems Upgrade None None Operations Health/Plan Enrollment Information Technology IS Provider Network Services Quality Management IS Marketing Materials Legal Legal Providers Services Clinical
Other Legal IRB
Researchers (much more time devoted to obtaining data from providers)
Operations IT None Medical Management IT Legal Clinical Department Information Technology Medical Records IT Health management Operations IT Clinical Management HR Engineering Operations None
IT Policies & Procedures throughout Organization None
Operations IT Marketing
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
38
High Medium Low Telemedicine None None Billing Medical Records Operations IT Operations G&A Operations None None Administration Service Delivery Compliance Monitoring IT Customer Service Claims Contracting IT None Legal Quality Assurance Operations MIS Quality Management Provider Services
Information Technology Human Resource/Benefits Management Communications
Legal Clinical Operations Record Keeping
Keeping "record of disclosures" if "disclosures" include transactions.
Legal issues associated w/ BA contracts None
Fiscal Office Medical Records IT Training Development of Standards IT IT None None
HIPAA Department (Cost Center) Operations Information systems
Information Services Operations Marketing
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
39
20. Have you identified those state laws that are preempted by and are not preempted by the HIPAA Privacy Regulation?
20.1) Preempted Yes No Don’t Know
Total 38 48 14 Hospital 14 13 2 Rural 1 2 - < 50 bed - - - 50 - 99 1 - - 100 - 299 - - - > 300 bed - 2 - Community 9 7 2 < 50 beds - 1 - 50 - 99 1 - - 100 - 299 3 2 1 > 300 beds 5 4 1 Academic 4 4 - < 50 beds - - - 50 - 99 - - - 100 - 299 - 2 - > 300 beds 4 2 - Physician Group 5 8 6 Single Specialty 1 1 1 < 30 1 1 1 31 - 100 - - - >100 - - - Multi-Specialty 4 7 5 < 30 - - - 31 - 100 - 2 - > 100 4 5 5 Payor 10 14 2 Commercial 1 2 - Medicaid 1 6 - Medicare 1 2 - Commercial and Medicaid 2 1 - Commercial and Medicare 4 2 - Medicaid and Medicare - - - All 1 1 2 Other 9 13 4 Researcher - - 1 Disease Mgmt 5 6 2 Other 4 7 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
40
20. Continued –
20.2 Do Not Preempt Yes No Don’t Know
Total 39 45 15 Hospital 15 12 2 Rural 1 2 - < 50 bed - - - 50 - 99 1 - - 100 - 299 - - - > 300 bed - 2 - Community 10 6 2 < 50 beds - 1 - 50 - 99 1 - - 100 - 299 4 1 1 > 300 beds 5 4 1 Academic 4 4 - < 50 beds - - - 50 - 99 - - - 100 - 299 - 2 - > 300 beds 4 2 - Physician Group 5 8 6 Single Specialty 1 1 1 < 30 1 1 1 31 - 100 - - - >100 - - - Multi-Specialty 4 7 5 < 30 - - - 31 - 100 - 2 - > 100 4 5 5 Payor 10 13 3 Commercial 1 2 - Medicaid 1 6 - Medicare 1 1 1 Commercial and Medicaid 2 1 - Commercial and Medicare 4 2 - Medicaid and Medicare - - - All 1 1 2 Other 9 12 4 Researcher - - 1 Disease Mgmt 5 5 2 Other 4 7 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
41
21. On a scale of 1 – 5, with 1 being “no guidelines” and 5 being “extensive guidelines”, to what extent do the HIPAA Privacy regulations provide guidelines for information technology developers?
1 No Guidelines 2 3 4 5 Extensive
Guidelines Don't Know
Total 10 40 23 7 - 20 Hospital 1 10 9 1 - 8 Rural - - 1 - - 2 < 50 bed - - - - - - 50 – 99 - - 1 - - - 100 – 299 - - - - - - > 300 bed - - - - - 2 Community 1 6 5 - - 6 < 50 beds - - 1 - - - 50 – 99 - 1 - - - - 100 – 299 1 3 - - - 2 > 300 beds - 2 4 - - 4 Academic - 4 3 1 - - < 50 beds - - - - - - 50 – 99 - - - - - - 100 – 299 - 2 - - - - > 300 beds - 2 3 1 - - Physician Group 1 9 5 1 - 3 Single Specialty - 1 - - - 2 < 30 - 1 - - - 2 31 – 100 - - - - - - >100 - - - - - - Multi-Specialty 1 8 5 1 - 1 < 30 - - - - - - 31 – 100 - 1 1 - - - > 100 1 7 4 1 - 1 Payor 3 9 6 3 - 5 Commercial 1 2 - - - - Medicaid - 4 1 - - 2 Medicare - 1 1 - - 1 Commercial and Medicaid - - 2 1 - - Commercial and Medicare 1 - 2 2 - 1 Medicaid and Medicare - - - - - - All 1 2 - - - 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
42
Other 5 12 3 2 - 4 Researcher - - - - - 1 Disease Mgmt 3 6 2 - - 2 Other 2 6 1 2 - 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
43
22a. Can the following requirements be implemented with available tools and technologies?
22a. Tracking Consent Yes Partially No Don’t Know
Total 44 21 17 18 Hospital 13 7 5 4 Rural 1 1 - 1 < 50 bed - - - - 50 – 99 1 - - - 100 – 299 - - - - > 300 bed - 1 - 1 Community 9 4 3 2 < 50 beds 1 - - - 50 – 99 - - 1 - 100 – 299 3 1 1 1 > 300 beds 5 3 1 1 Academic 3 2 2 1 < 50 beds - - - - 50 – 99 - - - - 100 – 299 - 1 - 1 > 300 beds 3 1 2 - Physician Group 7 3 5 3 Single Specialty 1 - 1 - < 30 1 - 1 - 31 – 100 - - - - >100 - - - - Multi-Specialty 6 3 4 3 < 30 - - - - 31 – 100 - 1 1 - > 100 6 2 3 3 Payor 10 6 3 8 Commercial 1 - 1 1 Medicaid 4 1 1 1 Medicare 3 - - - Commercial and Medicaid - 1 - 2 Commercial and Medicare 1 2 - 3 Medicaid and Medicare - - - - All 1 2 1 1 Other 14 5 4 3 Researcher - - - 1 Disease Mgmt 7 2 2 2 Other 7 3 2 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
44
22b. Revocations of Consent
22b. Revocations of Consent Yes Partially No Don’t Know
Total 37 22 23 18 Hospital 11 8 6 4 Rural 1 1 - 1 < 50 bed - - - - 50 – 99 1 - - - 100 – 299 - - - - > 300 bed - 1 - 1 Community 7 5 4 2 < 50 beds 1 - - - 50 – 99 - - 1 - 100 – 299 2 1 2 1 > 300 beds 4 4 1 1 Academic 3 2 2 1 < 50 beds - - - - 50 – 99 - - - - 100 – 299 - 1 - 1 > 300 beds 3 1 2 - Physician Group 7 3 5 4 Single Specialty 1 - 1 1 < 30 1 - 1 1 31 – 100 - - - - >100 - - - - Multi-Specialty 6 3 4 3 < 30 - - - - 31 – 100 - 1 1 - > 100 6 2 3 3 Payor 7 5 6 8 Commercial 1 - 1 1 Medicaid 3 - 3 1 Medicare 2 - - 1 Commercial and Medicaid - 1 - 2 Commercial and Medicare 1 1 1 3 Medicaid and Medicare - - - - All - 3 1 - Other 12 6 6 2 Researcher 1 - - - Disease Mgmt 6 1 4 2 Other 5 5 2 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
45
22c. Revocations of Consent
22c) Limitations on Consent Yes Partially No Don’t Know
Total 29 22 28 21 Hospital 7 9 7 6 Rural 1 1 - 1 < 50 bed - - - - 50 – 99 1 - - - 100 – 299 - - - - > 300 bed - 1 - 1 Community 6 6 3 3 < 50 beds 1 - - - 50 – 99 - - 1 - 100 – 299 2 1 1 2 > 300 beds 3 5 1 1 Academic - 2 4 2 < 50 beds - - - - 50 – 99 - - - - 100 – 299 - 1 - 1 > 300 beds - 1 4 1 Physician Group 6 4 5 4 Single Specialty 1 - 1 1 < 30 1 - 1 1 31 – 100 - - - - >100 - - - - Multi-Specialty 5 4 4 3 < 30 - - - - 31 – 100 1 - 1 - > 100 4 4 3 3 Payor 6 4 9 7 Commercial 1 - 1 1 Medicaid 1 - 5 1 Medicare 3 - - - Commercial and Medicaid - 1 - 2 Commercial and Medicare 1 1 1 3 Medicaid and Medicare - - - - All - 2 2 - Other 10 5 7 4 Researcher - - - 1 Disease Mgmt 5 2 3 3 Other 5 3 4 -
California HIPAA Privacy Implementation Survey/California HealthCare Foundation
46
22d. Accounting of Disclosures
22d. Accounting of Disclosure Yes Partially No Don’t Know
Total 35 23 24 18 Hospital 11 8 6 4 Rural 1 1 1 - < 50 bed - - - - 50 – 99 1 - - - 100 – 299 - - - - > 300 bed - 1 1 - Community 9 4 2 3 < 50 beds 1 - - - 50 – 99 - - 1 - 100 – 299 3 1 - 2 > 300 beds 5 3 1 1 Academic 1 3 3 1 < 50 beds - - - - 50 – 99 - - - - 100 – 299 - 1 - 1 > 300 beds 1 2 3 - Physician Group 5 5 5 4 Single Specialty 1 - 1 1 < 30 1 - 1 1 31 – 100 - - - - >100 - - - - Multi-Specialty 4 5 4 3 < 30 - - - - 31 – 100 1 - 1 - > 100 3 5 3 3 Payor 9 5 7 5 Commercial 1 - 2 - Medicaid 2 - 4 1 Medicare 2 1 - - Commercial and Medicaid - 2 - 1 Commercial and Medicare 2 - 1 3 Medicaid and Medicare - - - - All 2 2 - - Other 10 5 6 5 Researcher - - - 1 Disease Mgmt 4 2 3 4 Other 6 3 3 -
California HIPAA Privacy Implementation Survey: Appendix G. Verbatim Responses Prepared for the California HealthCare Foundation Prepared by National Committee for Quality Assurance and Georgetown University Health Privacy Project April 2002
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 2
Appendix G. Verbatim Responses Question 3a. In what way do you think the consent requirement will limit the flow of information?
N=60
a) 30% = process complications/paperwork burden b) 17% = confusion over requirments c) 15% = patient factors such as revoking consent/continuity of care d) 6% = inadequate transfer/flow of information needed for patient assessment Inadequate time is a theme that runs throughout all the answer categories. Hospitals were more likely to see a and c as a problem Payors were more likely to see b as a big problem Question 4. What do you deem useful and what are your concerns with the consent requirements?
N=90
Useful a) 30% = assuring patient rights b) 16% = consistency among providers/national standards c) 16% = nothing A number of respondents did not answer what they deemed useful. Payors were more likely to answer a or c. Others were more likely to answer a. Hospitals and physician groups were evenly divided among the three groups. Concerns a) 19% = continuity of care b) 14% = confusion about consent (patients/employees/physicians) c) 9% = cost Payors were more likely to answer b. Question 8A: Where do additional clarifications or modifications need to be given? (Answered if answered “No” to any of the three items in Question 8).
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 3
a) 42% = Greater clarification of who is and who is not a Business Associate & what relationships and activities determine whether or not one is a Business Associate [hospitals, physicians, payors, others] b) 31% = Roles and Responsibilities of Parties, Follow up Actions [hospitals , physicians, payors, others] c) 6% = Clarification of "Chain of Trust" issues [hospitals, payors, others] d) 4% = Consent - who needs to obtain it, who needs to use it, how often must it be obtained [payors]
N= 52 Hospitals: ♦ Entire Business Associate Area is unclear ♦ Need better definition and examples of who is and who is not a business associate; what
activities and relationships make you a business associate ♦ Follow-up actions that Business associates need to take ♦ Clarification on “Chain of Trust” issues ♦ Clarification on whether confidentiality on business associates part is adequate Physicians: ♦ Entire Business Associate Area needs clarification ♦ Clarification on where IPAs fall in ♦ Definition of Business Associate Payors: ♦ Clarification of Roles of parties/entities ♦ Too much ambiguity, open to much interpretation ♦ Status of providers added to a plan on a fee for service basis vs. network providers ♦ Where subcontractors fit in ♦ Clarification on complex relationships of brokers and agents in insurance industry ♦ Who has to have consent and who can use the consent ♦ How often is consent needed (annually, each time information is gathered?) Others: ♦ Definitions and Examples of Business Associates ♦ Category under which Disease Management Organizations fall (indirect or direct provider vs.
Business Associate)
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 4
♦ Areas of oversight and how oversight is to be performed ♦ Risks and Liabilities for covered entities ♦ “Chain of Trust” ♦ Clarifications for companies providing patient assistance, ombudsman and advocacy services Question 10A: Where do additional clarifications or modifications need to be given? (Answered if respondent said 1 or 2 for question 10). a) 37% = Define what is considered research and how to distinguish it from Quality Improvement, Care, and Health Plan Operations [hosp, others] b) 11% = Exclusions to the regulation, prohibited activities, authorizations for activities [physicians, payors] c) 26% = What information can be disclosed and under what circumstances? [hosp, payors] d) 11% = Consent and IRB waivers [hosp]
N=19 Hospitals ♦ Research area … Define what is considered Research ♦ Informed Consent and Whether IRB Waivers still apply under HIPAA ♦ Patient registries (ie: for Cancer) - states want information, but its unclear if this is a breach of
HIPAA ♦ Whether information can be released for retrospective analysis ♦ Where to draw the line between research and Quality Improvement activities ♦ Clarify care that overlaps from Clinical trial to inpatient hospitalization – what parts of the
Clinical Trial chart become PHI Physicians ♦ What types of research are excluded from the reg? Payor ♦ Define prohibited activities, authorization for activities, and the relationship of research and
operations with health plans ♦ Whether providers can release records for HEDIS data without authorization Other ♦ How to categorize cooperative research projects involving Quality Improvement Projects at
multiple sites ♦ Liabilities of Business Associates and covered entities
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 5
♦ What covered entities can disclose to facilitate healthcare operations to third parties working with consumers to help them manage healthcare benefits
Question 18: In which departments or areas of your organization will implementation of the HIPAA Privacy Regulation be most costly? Please provide the top three in descending order…
HOSPITALS Department High Medium Low IT/IS 12 3 4Medical Records 5 6 5Nursing Units 3 2 2Admitting/Registration 2 1HIM 2Tracking Disclosures 1 1Education 1 1 1Risk Management 1Security 1Clinical Operations 1 4Compliance Department 1 1Contract Management 1Business Office 1HR 1EDI 1 1Cancer Center 1Privacy 1 1Training and Audit 1HIPAA Office 1Administration 1 1TOTAL Responses 28 23 22
PHYSICIAN GROUPS
Department High Medium Low IT/IS 10 2 3Medical Records 2 4Clinical Operations 2Medical Operations 1 3 2Customer Service 1 1Billing 1 1Provider Relations/Services 1 3Contract Areas 1Nursing Units 1Admitting/Registration 1 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 6
HIM Education 1Risk Management 1Eligibility 1Compliance Department Health Resource Management 1Business Office HR 1Transaction Sets 1Claims Processing 1Care Management 1Administration 2TOTAL Responses 18 17 16
PAYORS Department High Medium Low IT/IS 8 3 2Operations 5Legal 3 1 1Member Services 3 3 2Systems Upgrade 2Utilization Management 1 1 1Medical Services (Pharmacy) 1Administration 1Customer Service 1 2Accounting 1Contract Areas 2Medical Records 1Medical Management 3 3Marketing 1Procedures 1Education/Training 1Quality Management 1Physical Plant 1Staff Model Department 1Facilities 1Network Management 1Provider Network Services 3 3Claims Processing 2 1TOTAL Responses 26 23 19
OTHER Department High Medium Low IT/IS 9 5 3Operations 3 5 3Legal 3 1 1Telemedicine 1
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 7
Medical Management 1 1HIPAA Department 1Engineering 1 2Education/Training 1Contract Areas 1Clinical Management 1 1Claims Processing 1 1Administration 1Accounting/Fiscal 1Researchers 1Quality Management/Assurance
2
Provider Network Services 1Medical Records 2 2Marketing 2IRB 1HR 1 1G&A 1Customer Service 2Compliance Monitoring 1Communications 1TOTAL Responses 25 23 18 19. How does your department plan to monitor HIPAA compliance after the privacy regulation is in effect? Hospitals: a) 32% = Audit b) 21% = HIPAA Department/Privacy Officer c) 25% = Other (combinations of above or unknown) d) 7% = Committee e) 7% = Monitoring f) 3% = Security controls g) 3% = Education/Training Physician Groups: a) 35% = Audit b) 35% = HIPAA Department/Privacy Officer c) 30% = Other (combinations of above or unknown) Payors:
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 8
a) 31% = Audit b) 27% = HIPAA Department/Privacy Officer c) 23% = Monitoring d) 19% = Other (combinations of above or unknown) Others: a) 31% = Audit b) 35% = Other (combinations of above or unknown) c) 15% = HIPAA Department/Privacy Officer d) 12% = Monitoring e) 4% = Committee f) 4% = Process Change/Policies and Procedures Question 11a- Which components of the Privacy Regulations would you like to see the Department of Health and Human Services provide additional clarification and/or modification? There were a total of 67 Clarifications: a) 22% were for clarifications on consent b) 16% were for the Minimum Necessary section c) 10% with respect to Communication. Marketing and Funding d) 10% were for clarifications around Business Associates e) 7% were for state preemption clarifications f) 6% for research clarifications a and b were most common for hospitals only four physician clarification comments c and f were most common for payors c most common for Other who also wanted clarifications around Disease Mgmt one payor did mention for clarification on what this means for HEDIS data collection There were a total of 10 suggested modifications, primary ones were: Don't allow patients to revoke consent at any time Make preemption rules more strict Reduce burden of business associate agreement Make disclosure rules less stringent Waive consent for UM Question 20A: (If “Yes to Question 20) How are you analyzing and tracking state privacy laws interplay with HIPAA? a) 29% = Internal Legal/Privacy Officers/Compliance Depts. [hosp, payors]
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 9
b) 29% = Professional and Industry Organizations and Associations [hosp, physicians, payors, others] c) 24% = External Legal Counsel/Consultants [physicians, payors, others]
N=42 Hospitals: ♦ Corporate Offices responsible for Analyzing/Tracking ♦ Privacy Officers ♦ Outside Legal Counsel/consultants ♦ Internal Legal Counsel ♦ Updates and Seminars through professional/industry organizations (California Hospital
Association, California Health Management Association, California Health Information Association, California Healthcare Association)
♦ HIPAA state web sites Physicians: ♦ Matrix of state laws & HIPAA ♦ Internal & External legal counsel ♦ Professional/Industry Associations (California Healthcare Association, Community of Clinics) Payors: ♦ Internal and External legal counsel/consultants ♦ Compliance Department ♦ Newsletters, Updates ♦ Legal/Regulatory Listservs ♦ Professional/Industry Association meetings ♦ HIPAA conferences Others: ♦ Internal analyses ♦ Georgetown University study and Updates ♦ Professional/Industry Associations and Organizations. Question 20B: (If “No” to Question 20) How are you planning to analyze and track state privacy laws interplay with HIPAA? a) 19% = Internal Legal/Privacy Officers/Compliance Depts. [payors, hosp, physicians, others] b) 28% = External Legal Counsel/Consultants [payors, others]
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 10
c) 25% = Professional and Industry Organizations and Associations [Payors, hosp, physicians] d) 8% = DHS or HHS [payors, others]
N=43
Hospitals: ♦ Legal counsel/consultants ♦ Task group will track ♦ Professional/Industry Associations (California Health Information Association, California
Hospital Association) ♦ Privacy Officer ♦ Publications ♦ Seminars on Preemption Physicians: ♦ Privacy Officer/Committee ♦ Govt./Regulatory Compliance Officer ♦ Legal Counsel/External consultants ♦ Professional and Industry Associations Payors: ♦ Internal Legal department/External legal counsel ♦ CA-DHS ♦ HIA ♦ Conferences Others: ♦ Will follow clients requirements to follow state laws ♦ Not planning to analyze/track Question 23. What are the greatest benefits and/or challenges for your organization relating to the implementation of the HIPAA Privacy Regulations? N=95
Benefits a) 18% = patients can expect that their medical record is confidential/patient interests are protected b) 14% = organizational awareness of patient privacy c) 9% = standardization of code sets, uniformity across entities d) 7% = standardization and security of electronic data e) 7% = none
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 11
b was most common for hospitals c was most common for payors
Challenges a) 25% = implementation b) 24% = staff education c) 23% = cost d) 15% = time e) 8% = IT b followed by c were the most common for hospitals a was the most common for physician groups followed by b c followed closely by a were the most common for payers a was the most common for others
California HIPAA Privacy Implementation Survey: Appendix H. Percentage of “don’t know” responses for each closed-ended survey question Prepared for the California HealthCare Foundation Prepared by National Committee for Quality Assurance and Georgetown University Health Privacy Project April 2002
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 2
Appendix H. Percentage of “don’t know” responses for each closed-ended survey question Question % "Don't Know" N "Don't Know" N Total Q2 1% 1 100 Q3 2% 2 100 Q5 6% 6 99 Q6_1 7.07% 7 99 Q6_2 10.10% 10 99 Q6_ 3 12.12% 12 99 Q7 13.13% 13 99 Q8_1 4.04% 4 99 Q8_2 3.03% 3 99 Q8_3 7.07% 7 99 Q9_1 5.05% 5 99 Q9_2 5.05% 5 99 Q10 22.22% 22 99 Q11 22.22% 22 99 Q12 3.03% 3 99 Q13_1 4.04% 4 99 Q13_2 6.06% 6 99 Q13_3 6.06% 6 99 Q13_4 6.06% 6 99 Q14 5.05% 5 99 Q14A 2.60% 2 77 Q15 25.25% 25 99 Q16_1 31.31% 31 99 Q16_2 32.32% 32 99 Q16_3 32.32% 32 99 Q16_4 32.32% 32 99 Q17 4.04% 4 99 Q20_1 13.27% 13 98 Q20_2 14.43% 14 97 Q21 20.41% 20 98 Q22_1 17.35% 17 98 Q22_2 18.37% 18 98 Q22_3 20.41% 20 98 Q22_4 17.35% 17 98
California HIPAA Privacy Implementation Survey:Appendix I.1
Q1: Overall HIPAA knowledge Freq. Percent Percent w/o DK Freq. Percent Percent w/o DK1= low (cursory) 0 0.00% NA 0 0.00% NA2 2 14.29% NA 0 0.00% NA3 = Medium (Attended seminar) 4 28.57% NA 5 41.67% NA4 4 28.57% NA 4 33.33% NA5 = High 4 28.57% NA 3 25.00% NA
TOTAL 14 12
Q12: Developed a compliance strategy 1 = Yes 9 64.29% 64.29% 11 91.67% 91.67%2 = No 5 35.71% 35.71% 1 8.33% 8.33%3 = Don't Know 0 0.00% NA 0 0.00% NA
TOTAL 14 12TOTAL w/o Don't Know 14 12
Q13A: Developed a Strategic Plan1 = Yes 9 64.29% 64.29% 11 91.67% 91.67%2 = No 5 35.71% 35.71% 1 8.33% 8.33%3 = Don't Know 0 0.00% NA 0 0.00% NA
TOTAL 14 12TOTAL w/o Don't Know 14 12
Q13B: Conducted a Gap Assessment1 = Yes 7 50.00% 50.00% 11 91.67% 91.67%2 = No 7 50.00% 50.00% 1 8.33% 8.33%3 = Don't Know 0 0.00% NA 0 0.00% NA
TOTAL 14 12TOTAL w/o Don't Know 14 12
Q13C: Developed Readiness Initiatives1 = Yes 4 28.57% 30.77% 8 66.67% 66.67%2 = No 9 64.29% 69.23% 4 33.33% 33.33%3 = Don't Know 1 7.14% NA 0 0.00% NA
TOTAL 14 12TOTAL w/o Don't Know 13 12
Payor Medicaid = Y(N = 14 )
Payor Medicaid = N(N = 12 )
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q13D: Completed Readiness Initiatives1 = Yes 1 7.14% 7.14% 1 8.33% 9.09%2 = No 13 92.86% 92.86% 10 83.33% 90.91%3 = Don't Know 0 0.00% NA 1 8.33% NA
TOTAL 14 12TOTAL w/o Don't Know 14 11
Q14: Designated a Privacy Official1 = Yes 7 50.00% 53.85% 11 91.67% 100.00%2 = No 6 42.86% 46.15% 0 0.00% 0.00%3 = Don't Know 1 7.14% NA 1 8.33% NA
TOTAL 14 12TOTAL w/o Don't Know 13 11
Q14A: Privacy Official Identified Resources1 = Yes 5 62.50% 62.50% 10 90.91% 90.91%2 = No 3 37.50% 37.50% 1 9.09% 9.09%3 = Don't Know 0 0.00% NA 0 0.00% NA
TOTAL 8 11TOTAL w/o Don't Know 8 11
Q15: Which dept. has lead 1 = Medical Records 0 0.00% 0.00% 0 0.00% 0.00%2 = Information Technology 2 14.29% 14.29% 0 0.00% 0.00%3 = Legal 4 28.57% 28.57% 2 16.67% 16.67%4 = Operations 3 21.43% 21.43% 1 8.33% 8.33%5 = Other 3 21.43% 21.43% 5 41.67% 41.67%6 = Don't Know 0 0.00% NA 0 0.00% NA7 = Compliance Department 2 14.29% 14.29% 4 33.33% 33.33%
TOTAL 14 12TOTAL w/o Don't Know 14 12
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q16A: Short Term Savings (<=1yr)1 = Yes 0 0.00% 0.00% 0 0.00% 0.00%2 = No 6 42.86% 100.00% 8 66.67% 100.00%3 = Don't Know 8 57.14% NA 4 33.33% NA
TOTAL 14 12TOTAL w/o Don’t Know 6 8
Q16B: Medium Term Savings (3 - 5 yrs)1 = Yes 1 7.14% 16.67% 0 0.00% 0.00%2 = No 5 35.71% 83.33% 7 58.33% 100.00%3 = Don't Know 8 57.14% NA 5 41.67% NA
TOTAL 14 12TOTAL w/o Don’t Know 6 7
Q16C: Long Term Savings (5+ yrs)1 = Yes 3 21.43% 50.00% 0 0.00% 0.00%2 = No 3 21.43% 50.00% 7 58.33% 100.00%3 = Don't Know 8 57.14% NA 5 41.67% NA
TOTAL 14 12TOTAL w/o Don’t Know 6 7
Q16D: No Savings 1 = Yes 2 14.29% 33.33% 4 33.33% 57.14%2 = No 4 28.57% 66.67% 3 25.00% 42.86%3 = Don't Know 8 57.14% NA 5 41.67% NA
TOTAL 14 12TOTAL w/o Don’t Know 6 7
Q17: Org's progress in funding compliance1 = Not Budgeted 0 0.00% 0.00% 1 8.33% 9.09%2 = Budgeted, not funded 0 0.00% 0.00% 0 0.00% 0.00%3 = Partially funded 5 35.71% 38.46% 5 41.67% 45.45%4 = Fully Funded 3 21.43% 23.08% 4 33.33% 36.36%5 = Not Developing HIPAA specific budget 5 35.71% 38.46% 1 8.33% 9.09%6 = Don't Know 1 7.14% NA 1 8.33% NA
TOTAL 14 12TOTAL w/o Don’t Know 13 11
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q20.1: Identified state laws that preempt1 = Yes 4 28.57% 33.33% 6 50.00% 50.00%2 = No 8 57.14% 66.67% 6 50.00% 50.00%3 = Don't Know 2 14.29% NA 0 0.00% NA
TOTAL 14 12TOTAL w/o Don’t Know 12 12
Q20.2: Identified state laws that don’t preempt1 = Yes 4 28.57% 33.33% 6 50.00% 54.55%2 = No 8 57.14% 66.67% 5 41.67% 45.45%3 = Don't Know 2 14.29% NA 1 8.33% NA
TOTAL 14 12TOTAL w/o Don’t Know 12 11
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q2: Workability of Consent Freq. Percent Percent w/o DK Freq. Percent Percent w/o DK1 = not workable 1 4.00% 4.17% 6 8.00% 8.00%2 3 12.00% 12.50% 10 13.33% 13.33%3 = somewhat workable 14 56.00% 58.33% 36 48.00% 48.00%4 5 20.00% 20.83% 14 18.67% 18.67%5 = very workable 1 4.00% 4.17% 9 12.00% 12.00%6 = Don't Know 1 4.00% NA 0 0.00% NA
TOTAL 25 75TOTAL w/o Don’t Know 24 75
Q3: Consent & flow of information1 = will greatly limit 1 4.00% 4.17% 6 8.00% 8.11%2 = will somewhat limit 14 56.00% 58.33% 38 50.67% 51.35%3 = will have no effect 7 28.00% 29.17% 24 32.00% 32.43%4 = will somewhat enhance 1 4.00% 4.17% 6 8.00% 8.11%5 = will greatly enhance 1 4.00% 4.17% 0 0.00% 0.00%6 = Don't Know 1 4.00% NA 1 1.33% NA
TOTAL 25 75TOTAL w/o Don’t Know 24 74
Q5: Workability of Min. Necessary1 = not workable 1 4.00% 5.00% 3 4.05% 4.11%2 2 8.00% 10.00% 12 16.22% 16.44%3 = somewhat workable 13 52.00% 65.00% 40 54.05% 54.79%4 3 12.00% 15.00% 14 18.92% 19.18%5 = very workable 1 4.00% 5.00% 4 5.41% 5.48%6 = Don't Know 5 20.00% N/A 1 1.35% N/A
TOTAL 25 74TOTAL w/o Don’t Know 20 73
Knowledge = Low/Med (1,2,3) Knowledge = High (4,5)(N = 25) (N = 75)
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q6A: Min. Necessary & flow of info. For Delivery1 = will greatly limit 2 8.00% 9.52% 2 2.70% 2.82%2 = will somewhat limit 7 28.00% 33.33% 30 40.54% 42.25%3 = will have no effect 9 36.00% 42.86% 33 44.59% 46.48%4 = will somewhat enhance 2 8.00% 9.52% 6 8.11% 8.45%5 = will greatly enhance 1 4.00% 4.76% 0 0.00% 0.00%6 = Don't Know 4 16.00% N/A 3 4.05% N/A
TOTAL 25 74TOTAL w/o Don’t Know 21 71
Q6B: Min. Necessary & flow of info. For Payment1 = will greatly limit 1 4.00% 4.76% 3 4.05% 4.41%2 = will somewhat limit 7 28.00% 33.33% 24 32.43% 35.29%3 = will have no effect 8 32.00% 38.10% 31 41.89% 45.59%4 = will somewhat enhance 3 12.00% 14.29% 8 10.81% 11.76%5 = will greatly enhance 2 8.00% 9.52% 2 2.70% 2.94%6 = Don't Know 4 16.00% N/A 6 8.11% N/A
TOTAL 25 74TOTAL w/o Don’t Know 21 68
Q6C: Min. Necessary & flow of info. For Assessment1 = will greatly limit 2 8.00% 10.53% 6 8.11% 8.82%2 = will somewhat limit 8 32.00% 42.11% 33 44.59% 48.53%3 = will have no effect 6 24.00% 31.58% 25 33.78% 36.76%4 = will somewhat enhance 1 4.00% 5.26% 4 5.41% 5.88%5 = will greatly enhance 2 8.00% 10.53% 0 0.00% 0.00%6 = Don't Know 6 24.00% N/A 6 8.11% N/A
TOTAL 25 74TOTAL w/o Don’t Know 19 68
Q8.1: Regs. Clearly define Business Associates1 = Yes 12 48.00% 54.55% 49 66.22% 67.12%2 = No 10 40.00% 45.45% 24 32.43% 32.88%3 = Don’t Know 3 12.00% N/A 1 1.35% N/A
TOTAL 25 74TOTAL w/o Don’t Know 22 73
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q8.2: Regs. Clearly define Responsibilities1 = Yes 9 36.00% 40.91% 51 68.92% 68.92%2 = No 13 52.00% 59.09% 23 31.08% 31.08%3 = Don’t Know 3 12.00% N/A 0 0.00% N/A
TOTAL 25 74TOTAL w/o Don’t Know 22 74
Q8.3: Regs. Clearly define Agreement Provisions1 = Yes 9 36.00% 45.00% 48 64.86% 66.67%2 = No 11 44.00% 55.00% 24 32.43% 33.33%3 = Don’t Know 5 20.00% N/A 2 2.70% N/A
TOTAL 25 74TOTAL w/o Don’t Know 20 72
Q9.1: Cost Burden of Business Assoc. Requirements1 = small burden 3 12.00% 13.04% 4 5.41% 5.63%2 0 0.00% 0.00% 7 9.46% 9.86%3= burden neither small nor large 9 36.00% 39.13% 21 28.38% 29.58%4 6 24.00% 26.09% 20 27.03% 28.17%5 = large burden 5 20.00% 21.74% 19 25.68% 26.76%6 = Don't Know 2 8.00% N/A 3 4.05% N/A
TOTAL 25 74TOTAL w/o Don’t Know 23 71
Q9.2: Time Burden of Business Assoc. Requirements1 = small burden 2 8.00% 8.70% 4 5.41% 5.63%2 0 0.00% 0.00% 4 5.41% 5.63%3 = burden neither small nor large 7 28.00% 30.43% 10 13.51% 14.08%4 9 36.00% 39.13% 21 28.38% 29.58%5 = large burden 5 20.00% 21.74% 32 43.24% 45.07%6 = Don't Know 2 8.00% N/A 3 4.05% N/A
TOTAL 25 74TOTAL w/o Don’t Know 23 71
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q10: Distinction b/t Research & Health Care Ops.1 = unclear 1 4.00% 5.56% 5 6.76% 8.47%2 1 4.00% 5.56% 7 9.46% 11.86%3 = neither clear nor unclear 5 20.00% 27.78% 20 27.03% 33.90%4 8 32.00% 44.44% 17 22.97% 28.81%5 = clear 3 12.00% 16.67% 10 13.51% 16.95%6 = Don't Know 7 28.00% N/A 15 20.27% N/A
TOTAL 25 74TOTAL w/o Don’t Know 18 59
Q16A: Short Term Savings (<=1yr)1 = Yes 1 4.00% 7.14% 2 2.70% 3.70%2 = No 13 52.00% 92.86% 52 70.27% 96.30%3 = Don't Know 11 44.00% N/A 20 27.03% N/A
TOTAL 25 74TOTAL w/o Don’t Know 14 54
Q16B: Medium Term Savings (3 - 5 yrs)1 = Yes 4 16.00% 30.77% 14 18.92% 25.93%2 = No 9 36.00% 69.23% 40 54.05% 74.07%3 = Don't Know 12 48.00% N/A 20 27.03% N/A
TOTAL 25 74TOTAL w/o Don’t Know 13 54
Q16C: Long Term Savings (5+ yrs)1 = Yes 0 0.00% 0.00% 14 18.92% 25.93%2 = No 13 52.00% 100.00% 40 54.05% 74.07%3 = Don't Know 12 48.00% N/A 20 27.03% N/A
TOTAL 25 74TOTAL w/o Don’t Know 13 54
Q16D: No Savings 1 = Yes 8 32.00% 61.54% 24 32.43% 44.44%2 = No 5 20.00% 38.46% 30 40.54% 55.56%3 = Don't Know 12 48.00% N/A 20 27.03% N/A
TOTAL 25 74TOTAL w/o Don’t Know 13 54
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q20.1: Identified state laws that preempt1 = Yes 3 12.00% 15.00% 35 47.95% 53.85%2 = No 17 68.00% 85.00% 30 41.10% 46.15%3 = Don't Know 5 20.00% N/A 8 10.96% N/A
TOTAL 25 73TOTAL w/o Don’t Know 20 65
Q20.2: Identified state laws that don’t preempt1 = Yes 4 16.00% 20.00% 35 48.61% 55.56%2 = No 16 64.00% 80.00% 28 38.89% 44.44%3 = Don't Know 5 20.00% N/A 9 12.50% N/A
TOTAL 25 72TOTAL w/o Don’t Know 20 63
Q21: Guidelines for IT Developers1 = No guidelines 2 8.00% 10.00% 8 10.96% 13.79%2 = Few guidelines 9 36.00% 45.00% 30 41.10% 51.72%3 = Adequate guidelines 8 32.00% 40.00% 14 19.18% 24.14%4 = Several guidelines 1 4.00% 5.00% 6 8.22% 10.34%5 = Extensive guidelines 0 0.00% 0.00% 0 0.00% 0.00%6 = Don't Know 5 20.00% N/A 15 20.55% N/A
TOTAL 25 73TOTAL w/o Don’t Know 20 58
Q22A: Existing tools for Initial consent1 = Yes 13 52.00% 65.00% 31 42.47% 50.82%2 = Partially 2 8.00% 10.00% 18 24.66% 29.51%3 = No 5 20.00% 25.00% 12 16.44% 19.67%4 = Don't Know 5 20.00% N/A 12 16.44% N/A
TOTAL 25 73TOTAL w/o Don’t Know 20 61
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q22B: Existing tools for Revocations1 = Yes 9 36.00% 47.37% 27 36.99% 44.26%2 = Partially 2 8.00% 10.53% 19 26.03% 31.15%3 = No 8 32.00% 42.11% 15 20.55% 24.59%4 = Don't Know 6 24.00% N/A 12 16.44% N/A
TOTAL 25 73TOTAL w/o Don’t Know 19 61
Q22C Existing tools for Limitations1 = Yes 9 36.00% 45.00% 20 27.40% 34.48%2 = Partially 3 12.00% 15.00% 18 24.66% 31.03%3 = No 8 32.00% 40.00% 20 27.40% 34.48%4 = Don't Know 5 20.00% N/A 15 20.55% N/A
TOTAL 25 73TOTAL w/o Don’t Know 20 58
Q22D Existing tools for Acct. Discl.1 = Yes 11 44.00% 55.00% 24 32.88% 39.34%2 = Partially 3 12.00% 15.00% 19 26.03% 31.15%3 = No 6 24.00% 30.00% 18 24.66% 29.51%4 = Don't Know 5 20.00% N/A 12 16.44% N/A
TOTAL 25 73TOTAL w/o Don’t Know 20 61
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q2: Workability of Consent Freq. Percent Percent w/o DK Freq. Percent Percent w/o DK1 = not workable 7 9.09% 9.09% 0 0.00% 0.00%2 6 7.79% 7.79% 6 33.33% 35.29%3 = somewhat workable 38 49.35% 49.35% 8 44.44% 47.06%4 16 20.78% 20.78% 3 16.67% 17.65%5 = very workable 10 12.99% 12.99% 0 0.00% 0.00%6 = Don't Know 0 0.00% NA 1 5.56% NA
TOTAL 77 18TOTAL w/o Don’t Know 77 17
Q3: Consent & flow of information1 = will greatly limit 4 5.19% 5.26% 3 12.50% 13.04%2 = will somewhat limit 41 53.25% 53.95% 8 33.33% 34.78%3 = will have no effect 24 31.17% 31.58% 6 25.00% 26.09%4 = will somewhat enhance 6 7.79% 7.89% 0 0.00% 0.00%5 = will greatly enhance 1 1.30% 1.32% 6 25.00% 26.09%6 = Don't Know 1 1.30% NA 1 4.17% NA
TOTAL 77 24TOTAL w/o Don’t Know 76 23
Q5: Workability of Min. Necessary1 = not workable 2 2.60% 2.67% 2 11.11% 13.33%2 12 15.58% 16.00% 2 11.11% 13.33%3 = somewhat workable 40 51.95% 53.33% 10 55.56% 66.67%4 16 20.78% 21.33% 1 5.56% 6.67%5 = very workable 5 6.49% 6.67% 0 0.00% 0.00%6 = Don't Know 2 2.60% N/A 3 16.67% NA
TOTAL 77 18TOTAL w/o Don’t Know 75 15
(N=77) (N=18)Developed Strategic Plan = Yes Developed Strategic Plan =No
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q6A: Min. Necessary & flow of info. For Delivery1 = will greatly limit 2 2.60% 2.70% 2 11.11% 12.50%2 = will somewhat limit 28 36.36% 37.84% 7 38.89% 43.75%3 = will have no effect 36 46.75% 48.65% 6 33.33% 37.50%4 = will somewhat enhance 7 9.09% 9.46% 1 5.56% 6.25%5 = will greatly enhance 1 1.30% 1.35% 0 0.00% 0.00%6 = Don't Know 3 3.90% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 74 16
Q6B: Min. Necessary & flow of info. For Payment1 = will greatly limit 2 2.60% 2.86% 2 11.11% 11.76%2 = will somewhat limit 24 31.17% 34.29% 6 33.33% 35.29%3 = will have no effect 30 38.96% 42.86% 8 44.44% 47.06%4 = will somewhat enhance 11 14.29% 15.71% 0 0.00% 0.00%5 = will greatly enhance 3 3.90% 4.29% 1 5.56% 5.88%6 = Don't Know 7 9.09% N/A 1 5.56% NA
TOTAL 77 18TOTAL w/o Don’t Know 70 17
Q6C: Min. Necessary & flow of info. For Assessment1 = will greatly limit 5 6.49% 7.14% 3 16.67% 20.00%2 = will somewhat limit 31 40.26% 44.29% 8 44.44% 53.33%3 = will have no effect 27 35.06% 38.57% 4 22.22% 26.67%4 = will somewhat enhance 5 6.49% 7.14% 0 0.00% 0.00%5 = will greatly enhance 2 2.60% 2.86% 0 0.00% 0.00%6 = Don't Know 7 9.09% N/A 3 16.67% NA
TOTAL 77 18TOTAL w/o Don’t Know 70 15
Q8.1: Regs. Clearly define Business Associates1 = Yes 49 63.64% 65.33% 10 55.56% 62.50%2 = No 26 33.77% 34.67% 6 33.33% 37.50%3 = Don’t Know 2 2.60% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 75 16
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q8.2: Regs. Clearly define Responsibilities1 = Yes 49 63.64% 64.47% 9 50.00% 56.25%2 = No 27 35.06% 35.53% 7 38.89% 43.75%3 = Don’t Know 1 1.30% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 76 16
Q8.3: Regs. Clearly define Agreement Provisions1 = Yes 47 61.04% 64.38% 8 44.44% 53.33%2 = No 26 33.77% 35.62% 7 38.89% 46.67%3 = Don’t Know 4 5.19% N/A 3 16.67% NA
TOTAL 77 18TOTAL w/o Don’t Know 73 15
Q9.1: Cost Burden of Business Assoc. Requirements1 = small burden 6 7.79% 8.00% 0 0.00% 0.00%2 7 9.09% 9.33% 0 0.00% 0.00%3= burden neither small nor large 22 28.57% 29.33% 8 44.44% 50.00%4 21 27.27% 28.00% 4 22.22% 25.00%5 = large burden 19 24.68% 25.33% 4 22.22% 25.00%6 = Don't Know 2 2.60% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 75 16
Q9.2: Time Burden of Business Assoc. Requirements1 = small burden 5 6.49% 6.67% 0 0.00% 0.00%2 4 5.19% 5.33% 0 0.00% 0.00%3 = burden neither small nor large 13 16.88% 17.33% 4 22.22% 25.00%4 21 27.27% 28.00% 8 44.44% 50.00%5 = large burden 32 41.56% 42.67% 4 22.22% 25.00%6 = Don't Know 2 2.60% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 75 16
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q10: Distinction b/t Research & Health Care Ops.1 = unclear 5 6.49% 7.81% 1 5.56% 9.09%2 7 9.09% 10.94% 1 5.56% 9.09%3 = neither clear nor unclear 20 25.97% 31.25% 3 16.67% 27.27%4 21 27.27% 32.81% 4 22.22% 36.36%5 = clear 11 14.29% 17.19% 2 11.11% 18.18%6 = Don't Know 13 16.88% N/A 7 38.89% NA
TOTAL 77 18TOTAL w/o Don’t Know 64 11
Q16A: Short Term Savings (<=1yr)1 = Yes 3 3.90% 5.45% 0 0.00% 0.00%2 = No 52 67.53% 94.55% 11 61.11% 100.00%3 = Don't Know 22 28.57% N/A 7 38.89% NA
TOTAL 77 18TOTAL w/o Don’t Know 55 11
Q16B: Medium Term Savings (3 - 5 yrs)1 = Yes 13 16.88% 24.07% 5 27.78% 45.45%2 = No 41 53.25% 75.93% 6 33.33% 54.55%3 = Don't Know 23 29.87% N/A 7 38.89% NA
TOTAL 77 18TOTAL w/o Don’t Know 54 11
Q16C: Long Term Savings (5+ yrs)1 = Yes 13 16.88% 24.07% 1 5.56% 9.09%2 = No 41 53.25% 75.93% 10 55.56% 90.91%3 = Don't Know 23 29.87% N/A 7 38.89% NA
TOTAL 77 18TOTAL w/o Don’t Know 54 11
Q16D: No Savings 1 = Yes 25 32.47% 46.30% 5 27.78% 45.45%2 = No 29 37.66% 53.70% 6 33.33% 54.55%3 = Don't Know 23 29.87% N/A 7 38.89% NA
TOTAL 77 18TOTAL w/o Don’t Know 54 11
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q17: Org's progress in funding compliance1 = Not Budgeted 9 11.69% 11.84% 6 33.33% 37.50%2 = Budgeted, not funded 6 7.79% 7.89% 0 0.00% 0.00%3 = Partially funded 24 31.17% 31.58% 2 11.11% 12.50%4 = Fully Funded 17 22.08% 22.37% 3 16.67% 18.75%5 = Not Developing HIPAA specific budget 20 25.97% 26.32% 5 27.78% 31.25%6 = Don't Know 1 1.30% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 76 16
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q2: Workability of Consent Freq. Percent Percent w/o DK Freq. Percent Percent w/o DK1 = not workable 6 9.68% 9.68% 1 3.23% 3.33%2 7 11.29% 11.29% 5 16.13% 16.67%3 = somewhat workable 28 45.16% 45.16% 16 51.61% 53.33%4 12 19.35% 19.35% 7 22.58% 23.33%5 = very workable 9 14.52% 14.52% 1 3.23% 3.33%6 = Don't Know 0 0.00% NA 1 3.23% NA
TOTAL 62 31TOTAL w/o Don’t Know 62 30
Q3: Consent & flow of information1 = will greatly limit 4 6.45% 6.56% 3 9.68% 10.00%2 = will somewhat limit 32 51.61% 52.46% 16 51.61% 53.33%3 = will have no effect 20 32.26% 32.79% 9 29.03% 30.00%4 = will somewhat enhance 5 8.06% 8.20% 1 3.23% 3.33%5 = will greatly enhance 0 0.00% 0.00% 1 3.23% 3.33%6 = Don't Know 1 1.61% NA 1 3.23% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 30
Q5: Workability of Min. Necessary1 = not workable 2 3.23% 3.28% 2 6.45% 7.41%2 8 12.90% 13.11% 4 12.90% 14.81%3 = somewhat workable 37 59.68% 60.66% 13 41.94% 48.15%4 12 19.35% 19.67% 5 16.13% 18.52%5 = very workable 2 3.23% 3.28% 3 9.68% 11.11%6 = Don't Know 1 1.61% NA 4 12.90% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 27
(N=62) (N=31)Conducted Gap Assessment = Yes Conducted Gap Assessment= No
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q6A: Min. Necessary & flow of info. For Delivery1 = will greatly limit 2 3.08% 3.39% 2 6.45% 6.90%2 = will somewhat limit 24 36.92% 40.68% 9 29.03% 31.03%3 = will have no effect 29 44.62% 49.15% 13 41.94% 44.83%4 = will somewhat enhance 4 6.15% 6.78% 4 12.90% 13.79%5 = will greatly enhance 0 0.00% 0.00% 1 3.23% 3.45%6 = Don't Know 6 9.23% NA 2 6.45% NA
TOTAL 65 31TOTAL w/o Don’t Know 59 29
Q6B: Min. Necessary & flow of info. For Payment1 = will greatly limit 2 3.23% 3.51% 2 6.45% 6.90%2 = will somewhat limit 19 30.65% 33.33% 10 32.26% 34.48%3 = will have no effect 27 43.55% 47.37% 11 35.48% 37.93%4 = will somewhat enhance 7 11.29% 12.28% 4 12.90% 13.79%5 = will greatly enhance 2 3.23% 3.51% 2 6.45% 6.90%6 = Don't Know 5 8.06% NA 2 6.45% NA
TOTAL 62 31TOTAL w/o Don’t Know 57 29
Q6C: Min. Necessary & flow of info. For Assessment1 = will greatly limit 6 9.68% 10.71% 2 6.45% 7.41%2 = will somewhat limit 25 40.32% 44.64% 12 38.71% 44.44%3 = will have no effect 22 35.48% 39.29% 9 29.03% 33.33%4 = will somewhat enhance 2 3.23% 3.57% 3 9.68% 11.11%5 = will greatly enhance 1 1.61% 1.79% 1 3.23% 3.70%6 = Don't Know 6 9.68% NA 4 12.90% NA
TOTAL 62 31TOTAL w/o Don’t Know 56 27
Q8.1: Regs. Clearly define Business Associates1 = Yes 42 67.74% 68.85% 15 50.00% 53.57%2 = No 19 30.65% 31.15% 13 43.33% 46.43%3 = Don’t Know 1 1.61% NA 2 6.67% NA
TOTAL 62 30TOTAL w/o Don’t Know 61 28
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q8.2: Regs. Clearly define Responsibilities1 = Yes 44 70.97% 72.13% 14 45.16% 48.28%2 = No 17 27.42% 27.87% 15 48.39% 51.72%3 = Don’t Know 1 1.61% NA 2 6.45% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 29
Q8.3: Regs. Clearly define Agreement Provisions1 = Yes 40 64.52% 68.97% 14 45.16% 50.00%2 = No 18 29.03% 31.03% 14 45.16% 50.00%3 = Don’t Know 4 6.45% NA 3 9.68% NA
TOTAL 62 31TOTAL w/o Don’t Know 58 28
Q9.1: Cost Burden of Business Assoc. Requirements1 = small burden 4 6.45% 6.56% 1 3.23% 3.57%2 7 11.29% 11.48% 0 0.00% 0.00%3= burden neither small nor large 20 32.26% 32.79% 10 32.26% 35.71%4 17 27.42% 27.87% 7 22.58% 25.00%5 = large burden 13 20.97% 21.31% 10 32.26% 35.71%6 = Don't Know 1 1.61% NA 3 9.68% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 28
Q9.2: Time Burden of Business Assoc. Requirements1 = small burden 3 4.84% 4.92% 1 3.23% 3.57%2 4 6.45% 6.56% 0 0.00% 0.00%3 = burden neither small nor large 13 20.97% 21.31% 4 12.90% 14.29%4 17 27.42% 27.87% 11 35.48% 39.29%5 = large burden 24 38.71% 39.34% 12 38.71% 42.86%6 = Don't Know 1 1.61% NA 3 9.68% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 28
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q10: Distinction b/t Research & Health Care Ops.1 = unclear 5 8.06% 9.80% 1 3.23% 4.17%2 8 12.90% 15.69% 0 0.00% 0.00%3 = neither clear nor unclear 15 24.19% 29.41% 8 25.81% 33.33%4 18 29.03% 35.29% 7 22.58% 29.17%5 = clear 5 8.06% 9.80% 8 25.81% 33.33%6 = Don't Know 11 17.74% NA 7 22.58% NA
TOTAL 62 31TOTAL w/o Don’t Know 51 24
Q16A: Short Term Savings (<=1yr)1 = Yes 2 3.23% 4.55% 1 3.23% 4.55%2 = No 42 67.74% 95.45% 21 67.74% 95.45%3 = Don't Know 18 29.03% NA 9 29.03% NA
TOTAL 62 31TOTAL w/o Don’t Know 44 22
Q16B: Medium Term Savings (3 - 5 yrs)1 = Yes 12 19.35% 27.91% 6 19.35% 27.27%2 = No 31 50.00% 72.09% 16 51.61% 72.73%3 = Don't Know 19 30.65% NA 9 29.03% NA
TOTAL 62 31TOTAL w/o Don’t Know 43 22
Q16C: Long Term Savings (5+ yrs)1 = Yes 10 16.13% 23.26% 4 12.90% 18.18%2 = No 33 53.23% 76.74% 18 58.06% 81.82%3 = Don't Know 19 30.65% NA 9 29.03% NA
TOTAL 62 31TOTAL w/o Don’t Know 43 22
Q16D: No Savings 1 = Yes 19 30.65% 44.19% 11 35.48% 50.00%2 = No 24 38.71% 55.81% 11 35.48% 50.00%3 = Don't Know 19 30.65% NA 9 29.03% NA
TOTAL 62 31TOTAL w/o Don’t Know 43 22
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q17: Org's progress in funding compliance1 = Not Budgeted 4 6.45% 6.56% 11 35.48% 37.93%2 = Budgeted, not funded 6 9.68% 9.84% 0 0.00% 0.00%3 = Partially funded 18 29.03% 29.51% 7 22.58% 24.14%4 = Fully Funded 17 27.42% 27.87% 2 6.45% 6.90%5 = Not Developing HIPAA specific budget 16 25.81% 26.23% 9 29.03% 31.03%6 = Don't Know 1 1.61% NA 2 6.45% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 29
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Completed Readiness Initiative = Yes Completed Readiness Initiative = No
Q2: Workability of Consent Freq. Percent Percent w/o DK Freq. Percent Percent w/o DK1 = not workable 0 0.00% 0.00% 7 8.54% 8.64%2 1 9.09% 9.09% 11 13.41% 13.58%3 = somewhat workable 7 63.64% 63.64% 37 45.12% 45.68%4 1 9.09% 9.09% 18 21.95% 22.22%5 = very workable 2 18.18% 18.18% 8 9.76% 9.88%6 = Don't Know 0 0.00% NA 1 1.22% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 81
Q3: Consent & flow of information1 = will greatly limit 0 0.00% 0.00% 7 8.54% 8.75%2 = will somewhat limit 7 63.64% 63.64% 40 48.78% 50.00%3 = will have no effect 4 36.36% 36.36% 26 31.71% 32.50%4 = will somewhat enhance 0 0.00% 0.00% 6 7.32% 7.50%5 = will greatly enhance 0 0.00% 0.00% 1 1.22% 1.25%6 = Don't Know 0 0.00% NA 2 2.44% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 80
Q5: Workability of Min. Necessary1 = not workable 0 0.00% 0.00% 4 4.88% 5.19%2 4 36.36% 36.36% 10 12.20% 12.99%3 = somewhat workable 6 54.55% 54.55% 42 51.22% 54.55%4 1 9.09% 9.09% 16 19.51% 20.78%5 = very workable 0 0.00% 0.00% 5 6.10% 6.49%6 = Don't Know 0 0.00% NA 5 6.10% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 77
(N=11) (N=82)
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q6A: Min. Necessary & flow of info. For Delivery1 = will greatly limit 1 9.09% 9.09% 3 3.66% 3.85%2 = will somewhat limit 5 45.45% 45.45% 29 35.37% 37.18%3 = will have no effect 5 45.45% 45.45% 37 45.12% 47.44%4 = will somewhat enhance 0 0.00% 0.00% 8 9.76% 10.26%5 = will greatly enhance 0 0.00% 0.00% 1 1.22% 1.28%6 = Don't Know 0 0.00% NA 4 4.88% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 78
Q6B: Min. Necessary & flow of info. For Payment1 = will greatly limit 1 9.09% 11.11% 3 3.66% 3.90%2 = will somewhat limit 5 45.45% 55.56% 25 30.49% 32.47%3 = will have no effect 3 27.27% 33.33% 34 41.46% 44.16%4 = will somewhat enhance 0 0.00% 0.00% 11 13.41% 14.29%5 = will greatly enhance 0 0.00% 0.00% 4 4.88% 5.19%6 = Don't Know 2 18.18% NA 5 6.10% NA
TOTAL 11 82TOTAL w/o Don’t Know 9 77
Q6C: Min. Necessary & flow of info. For Assessment1 = will greatly limit 1 9.09% 10.00% 7 8.54% 9.46%2 = will somewhat limit 8 72.73% 80.00% 30 36.59% 40.54%3 = will have no effect 1 9.09% 10.00% 30 36.59% 40.54%4 = will somewhat enhance 0 0.00% 0.00% 5 6.10% 6.76%5 = will greatly enhance 0 0.00% 0.00% 2 2.44% 2.70%6 = Don't Know 1 9.09% NA 8 9.76% NA
TOTAL 11 82TOTAL w/o Don’t Know 10 74
Q8.1: Regs. Clearly define Business Associates1 = Yes 8 72.73% 80.00% 50 60.98% 63.29%2 = No 2 18.18% 20.00% 29 35.37% 36.71%3 = Don’t Know 1 9.09% NA 3 3.66% NA
TOTAL 11 82TOTAL w/o Don’t Know 10 79
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q8.2: Regs. Clearly define Responsibilities1 = Yes 8 72.73% 80.00% 51 62.20% 64.56%2 = No 2 18.18% 20.00% 28 34.15% 35.44%3 = Don’t Know 1 9.09% NA 3 3.66% NA
TOTAL 11 82TOTAL w/o Don’t Know 10 79
Q8.3: Regs. Clearly define Agreement Provisions1 = Yes 6 54.55% 54.55% 49 59.76% 64.47%2 = No 5 45.45% 45.45% 27 32.93% 35.53%3 = Don’t Know 0 0.00% NA 6 7.32% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 76
Q9.1: Cost Burden of Business Assoc. Requirements1 = small burden 3 27.27% 30.00% 3 3.66% 3.75%2 2 18.18% 20.00% 5 6.10% 6.25%3= burden neither small nor large 0 0.00% 0.00% 29 35.37% 36.25%4 4 36.36% 40.00% 21 25.61% 26.25%5 = large burden 1 9.09% 10.00% 22 26.83% 27.50%6 = Don't Know 1 9.09% NA 2 2.44% NA
TOTAL 11 82TOTAL w/o Don’t Know 10 80
Q9.2: Time Burden of Business Assoc. Requirements1 = small burden 3 27.27% 30.00% 2 2.44% 2.50%2 1 9.09% 10.00% 3 3.66% 3.75%3 = burden neither small nor large 1 9.09% 10.00% 15 18.29% 18.75%4 2 18.18% 20.00% 27 32.93% 33.75%5 = large burden 3 27.27% 30.00% 33 40.24% 41.25%6 = Don't Know 1 9.09% NA 2 2.44% NA
TOTAL 11 82TOTAL w/o Don’t Know 10 80
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q10: Distinction b/t Research & Health Care Ops.1 = unclear 2 18.18% 22.22% 4 4.88% 6.15%2 0 0.00% 0.00% 8 9.76% 12.31%3 = neither clear nor unclear 4 36.36% 44.44% 18 21.95% 27.69%4 2 18.18% 22.22% 23 28.05% 35.38%5 = clear 1 9.09% 11.11% 12 14.63% 18.46%6 = Don't Know 2 18.18% NA 17 20.73% NA
TOTAL 11 82TOTAL w/o Don’t Know 9 65
Q16A: Short Term Savings (<=1yr)1 = Yes 0 0.00% 0.00% 3 3.66% 5.00%2 = No 6 54.55% 100.00% 57 69.51% 95.00%3 = Don't Know 5 45.45% NA 22 26.83% NA
TOTAL 11 82TOTAL w/o Don’t Know 6 60
Q16B: Medium Term Savings (3 - 5 yrs)1 = Yes 0 0.00% 0.00% 18 21.95% 30.51%2 = No 6 54.55% 100.00% 41 50.00% 69.49%3 = Don't Know 5 45.45% NA 23 28.05% NA
TOTAL 11 82TOTAL w/o Don’t Know 6 59
Q16C: Long Term Savings (5+ yrs)1 = Yes 2 18.18% 33.33% 12 14.63% 20.34%2 = No 4 36.36% 66.67% 47 57.32% 79.66%3 = Don't Know 5 45.45% NA 23 28.05% NA
TOTAL 11 82TOTAL w/o Don’t Know 6 59
Q16D: No Savings 1 = Yes 4 36.36% 66.67% 26 31.71% 44.07%2 = No 2 18.18% 33.33% 33 40.24% 55.93%3 = Don't Know 5 45.45% NA 23 28.05% NA
TOTAL 11 82TOTAL w/o Don’t Know 6 59
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q17: Org's progress in funding compliance1 = Not Budgeted 0 0.00% 0.00% 15 18.29% 18.75%2 = Budgeted, not funded 1 9.09% 9.09% 5 6.10% 6.25%3 = Partially funded 2 18.18% 18.18% 23 28.05% 28.75%4 = Fully Funded 5 45.45% 45.45% 15 18.29% 18.75%5 = Not Developing HIPAA specific budget 3 27.27% 27.27% 22 26.83% 27.50%6 = Don't Know 0 0.00% NA 2 2.44% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 80
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Developed Readiness Initiative = Yes Developed Readiness Initiative = No
Q2: Workability of Consent Freq. Percent Percent w/o DK Freq. Percent Percent w/o DK1 = not workable 5 10.42% 10.42% 2 4.44% 4.55%2 6 12.50% 12.50% 6 13.33% 13.64%3 = somewhat workable 24 50.00% 50.00% 21 46.67% 47.73%4 7 14.58% 14.58% 12 26.67% 27.27%5 = very workable 6 12.50% 12.50% 3 6.67% 6.82%6 = Don't Know 0 0.00% NA 1 2.22% NA
TOTAL 48 45TOTAL w/o Don’t Know 48 44
Q3: Consent & flow of information1 = will greatly limit 4 8.33% 8.33% 3 6.67% 6.98%2 = will somewhat limit 25 52.08% 52.08% 22 48.89% 51.16%3 = will have no effect 15 31.25% 31.25% 15 33.33% 34.88%4 = will somewhat enhance 4 8.33% 8.33% 2 4.44% 4.65%5 = will greatly enhance 0 0.00% 0.00% 1 2.22% 2.33%6 = Don't Know 0 0.00% NA 2 4.44% NA
TOTAL 48 45TOTAL w/o Don’t Know 48 43
Q5: Workability of Min. Necessary1 = not workable 2 4.17% 4.26% 2 4.44% 4.88%2 8 16.67% 17.02% 5 11.11% 12.20%3 = somewhat workable 23 47.92% 48.94% 26 57.78% 63.41%4 11 22.92% 23.40% 6 13.33% 14.63%5 = very workable 3 6.25% 6.38% 2 4.44% 4.88%6 = Don't Know 1 2.08% NA 4 8.89% NA
TOTAL 48 45TOTAL w/o Don’t Know 47 41
Q6A: Min. Necessary & flow of info. For Delivery1 = will greatly limit 2 4.17% 4.35% 2 4.44% 4.76%2 = will somewhat limit 18 37.50% 39.13% 15 33.33% 35.71%3 = will have no effect 23 47.92% 50.00% 19 42.22% 45.24%4 = will somewhat enhance 3 6.25% 6.52% 5 11.11% 11.90%5 = will greatly enhance 0 0.00% 0.00% 1 2.22% 2.38%
(N=48) (N=45)
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
6 = Don't Know 2 4.17% NA 3 6.67% NATOTAL 48 45
TOTAL w/o Don’t Know 46 42
Q6B: Min. Necessary & flow of info. For Payment1 = will greatly limit 1 2.08% 2.38% 3 6.67% 6.98%2 = will somewhat limit 17 35.42% 40.48% 12 26.67% 27.91%3 = will have no effect 20 41.67% 47.62% 17 37.78% 39.53%4 = will somewhat enhance 3 6.25% 7.14% 8 17.78% 18.60%5 = will greatly enhance 1 2.08% 2.38% 3 6.67% 6.98%6 = Don't Know 6 12.50% NA 2 4.44% NA
TOTAL 48 45TOTAL w/o Don’t Know 42 43
Q6C: Min. Necessary & flow of info. For Assessment1 = will greatly limit 4 8.33% 9.09% 3 6.67% 7.69%2 = will somewhat limit 21 43.75% 47.73% 17 37.78% 43.59%3 = will have no effect 17 35.42% 38.64% 14 31.11% 35.90%4 = will somewhat enhance 1 2.08% 2.27% 4 8.89% 10.26%5 = will greatly enhance 1 2.08% 2.27% 1 2.22% 2.56%6 = Don't Know 4 8.33% NA 6 13.33% NA
TOTAL 48 45TOTAL w/o Don’t Know 44 39
Q8.1: Regs. Clearly define Business Associates1 = Yes 31 64.58% 65.96% 26 57.78% 61.90%2 = No 16 33.33% 34.04% 16 35.56% 38.10%3 = Don’t Know 1 2.08% NA 3 6.67% NA
TOTAL 48 45TOTAL w/o Don’t Know 47 42
Q8.2: Regs. Clearly define Responsibilities1 = Yes 31 64.58% 64.58% 25 55.56% 59.52%2 = No 17 35.42% 35.42% 17 37.78% 40.48%3 = Don’t Know 0 0.00% NA 3 6.67% NA
TOTAL 48 45TOTAL w/o Don’t Know 48 42
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q8.3: Regs. Clearly define Agreement Provisions1 = Yes 30 62.50% 65.22% 23 51.11% 57.50%2 = No 16 33.33% 34.78% 17 37.78% 42.50%3 = Don’t Know 2 4.17% NA 5 11.11% NA
TOTAL 48 45TOTAL w/o Don’t Know 46 40
Q9.1: Cost Burden of Business Assoc. Requirements1 = small burden 5 10.42% 10.87% 1 2.22% 2.33%2 4 8.33% 8.70% 3 6.67% 6.98%3= burden neither small nor large 13 27.08% 28.26% 17 37.78% 39.53%4 13 27.08% 28.26% 11 24.44% 25.58%5 = large burden 11 22.92% 23.91% 11 24.44% 25.58%6 = Don't Know 2 4.17% NA 2 4.44% NA
TOTAL 48 45TOTAL w/o Don’t Know 46 43
Q9.2: Time Burden of Business Assoc. Requirements1 = small burden 5 10.42% 10.87% 0 0.00% 0.00%2 3 6.25% 6.52% 1 2.22% 2.33%3 = burden neither small nor large 7 14.58% 15.22% 10 22.22% 23.26%4 10 20.83% 21.74% 18 40.00% 41.86%5 = large burden 21 43.75% 45.65% 14 31.11% 32.56%6 = Don't Know 2 4.17% NA 2 4.44% NA
TOTAL 48 45TOTAL w/o Don’t Know 46 43
Q10: Distinction b/t Research & Health Care Ops.1 = unclear 4 8.33% 10.00% 2 4.44% 6.06%2 4 8.33% 10.00% 4 8.89% 12.12%3 = neither clear nor unclear 15 31.25% 37.50% 8 17.78% 24.24%4 13 27.08% 32.50% 11 24.44% 33.33%5 = clear 4 8.33% 10.00% 8 17.78% 24.24%6 = Don't Know 8 16.67% NA 12 26.67% NA
TOTAL 48 45TOTAL w/o Don’t Know 40 33
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.1
Q16A: Short Term Savings (<=1yr)1 = Yes 2 4.17% 6.06% 1 2.22% 3.23%2 = No 31 64.58% 93.94% 30 66.67% 96.77%3 = Don't Know 15 31.25% NA 14 31.11% NA
TOTAL 48 45TOTAL w/o Don’t Know 33 31
Q16B: Medium Term Savings (3 - 5 yrs)1 = Yes 8 16.67% 25.00% 10 22.22% 32.26%2 = No 24 50.00% 75.00% 21 46.67% 67.74%3 = Don't Know 16 33.33% NA 14 31.11% NA
TOTAL 48 45TOTAL w/o Don’t Know 32 31
Q16C: Long Term Savings (5+ yrs)1 = Yes 8 16.67% 25.00% 5 11.11% 16.13%2 = No 24 50.00% 75.00% 26 57.78% 83.87%3 = Don't Know 16 33.33% NA 14 31.11% NA
TOTAL 48 45TOTAL w/o Don’t Know 32 31
Q16D: No Savings 1 = Yes 14 29.17% 43.75% 15 33.33% 48.39%2 = No 18 37.50% 56.25% 16 35.56% 51.61%3 = Don't Know 16 33.33% NA 14 31.11% NA
TOTAL 48 45TOTAL w/o Don’t Know 32 31
Q17: Org's progress in funding compliance1 = Not Budgeted 3 6.25% 6.38% 11 24.44% 25.58%2 = Budgeted, not funded 4 8.33% 8.51% 2 4.44% 4.65%3 = Partially funded 14 29.17% 29.79% 11 24.44% 25.58%4 = Fully Funded 13 27.08% 27.66% 7 15.56% 16.28%5 = Not Developing HIPAA specific budget 13 27.08% 27.66% 12 26.67% 27.91%6 = Don't Know 1 2.08% NA 2 4.44% NA
TOTAL 48 45TOTAL w/o Don’t Know 47 43
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
Q2: Workability of Consent Freq. Percent Percent w/o DK Freq. Percent Percent w/o DK1 = not workable 7 9.09% 9.09% 0 0.00% 0.00%2 6 7.79% 7.79% 6 33.33% 35.29%3 = somewhat workable 38 49.35% 49.35% 8 44.44% 47.06%4 16 20.78% 20.78% 3 16.67% 17.65%5 = very workable 10 12.99% 12.99% 0 0.00% 0.00%6 = Don't Know 0 0.00% NA 1 5.56% NA
TOTAL 77 18TOTAL w/o Don’t Know 77 17
Q3: Consent & flow of information1 = will greatly limit 4 5.19% 5.26% 3 12.50% 13.04%2 = will somewhat limit 41 53.25% 53.95% 8 33.33% 34.78%3 = will have no effect 24 31.17% 31.58% 6 25.00% 26.09%4 = will somewhat enhance 6 7.79% 7.89% 0 0.00% 0.00%5 = will greatly enhance 1 1.30% 1.32% 6 25.00% 26.09%6 = Don't Know 1 1.30% NA 1 4.17% NA
TOTAL 77 24TOTAL w/o Don’t Know 76 23
Q5: Workability of Min. Necessary1 = not workable 2 2.60% 2.67% 2 11.11% 13.33%2 12 15.58% 16.00% 2 11.11% 13.33%3 = somewhat workable 40 51.95% 53.33% 10 55.56% 66.67%4 16 20.78% 21.33% 1 5.56% 6.67%5 = very workable 5 6.49% 6.67% 0 0.00% 0.00%6 = Don't Know 2 2.60% N/A 3 16.67% NA
TOTAL 77 18TOTAL w/o Don’t Know 75 15
Q6A: Min. Necessary & flow of info. For Delivery1 = will greatly limit 2 2.60% 2.70% 2 11.11% 12.50%2 = will somewhat limit 28 36.36% 37.84% 7 38.89% 43.75%3 = will have no effect 36 46.75% 48.65% 6 33.33% 37.50%4 = will somewhat enhance 7 9.09% 9.46% 1 5.56% 6.25%5 = will greatly enhance 1 1.30% 1.35% 0 0.00% 0.00%
(N=77) (N=18)Developed Strategic Plan = Yes Developed Strategic Plan =No
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
6 = Don't Know 3 3.90% N/A 2 11.11% NATOTAL 77 18
TOTAL w/o Don’t Know 74 16
Q6B: Min. Necessary & flow of info. For Payment1 = will greatly limit 2 2.60% 2.86% 2 11.11% 11.76%2 = will somewhat limit 24 31.17% 34.29% 6 33.33% 35.29%3 = will have no effect 30 38.96% 42.86% 8 44.44% 47.06%4 = will somewhat enhance 11 14.29% 15.71% 0 0.00% 0.00%5 = will greatly enhance 3 3.90% 4.29% 1 5.56% 5.88%6 = Don't Know 7 9.09% N/A 1 5.56% NA
TOTAL 77 18TOTAL w/o Don’t Know 70 17
Q6C: Min. Necessary & flow of info. For Assessment1 = will greatly limit 5 6.49% 7.14% 3 16.67% 20.00%2 = will somewhat limit 31 40.26% 44.29% 8 44.44% 53.33%3 = will have no effect 27 35.06% 38.57% 4 22.22% 26.67%4 = will somewhat enhance 5 6.49% 7.14% 0 0.00% 0.00%5 = will greatly enhance 2 2.60% 2.86% 0 0.00% 0.00%6 = Don't Know 7 9.09% N/A 3 16.67% NA
TOTAL 77 18TOTAL w/o Don’t Know 70 15
Q8.1: Regs. Clearly define Business Associates1 = Yes 49 63.64% 65.33% 10 55.56% 62.50%2 = No 26 33.77% 34.67% 6 33.33% 37.50%3 = Don’t Know 2 2.60% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 75 16
Q8.2: Regs. Clearly define Responsibilities1 = Yes 49 63.64% 64.47% 9 50.00% 56.25%2 = No 27 35.06% 35.53% 7 38.89% 43.75%3 = Don’t Know 1 1.30% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 76 16
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
Q8.3: Regs. Clearly define Agreement Provisions1 = Yes 47 61.04% 64.38% 8 44.44% 53.33%2 = No 26 33.77% 35.62% 7 38.89% 46.67%3 = Don’t Know 4 5.19% N/A 3 16.67% NA
TOTAL 77 18TOTAL w/o Don’t Know 73 15
Q9.1: Cost Burden of Business Assoc. Requirements1 = small burden 6 7.79% 8.00% 0 0.00% 0.00%2 7 9.09% 9.33% 0 0.00% 0.00%3= burden neither small nor large 22 28.57% 29.33% 8 44.44% 50.00%4 21 27.27% 28.00% 4 22.22% 25.00%5 = large burden 19 24.68% 25.33% 4 22.22% 25.00%6 = Don't Know 2 2.60% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 75 16
Q9.2: Time Burden of Business Assoc. Requirements1 = small burden 5 6.49% 6.67% 0 0.00% 0.00%2 4 5.19% 5.33% 0 0.00% 0.00%3 = burden neither small nor large 13 16.88% 17.33% 4 22.22% 25.00%4 21 27.27% 28.00% 8 44.44% 50.00%5 = large burden 32 41.56% 42.67% 4 22.22% 25.00%6 = Don't Know 2 2.60% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 75 16
Q10: Distinction b/t Research & Health Care Ops.1 = unclear 5 6.49% 7.81% 1 5.56% 9.09%2 7 9.09% 10.94% 1 5.56% 9.09%3 = neither clear nor unclear 20 25.97% 31.25% 3 16.67% 27.27%4 21 27.27% 32.81% 4 22.22% 36.36%5 = clear 11 14.29% 17.19% 2 11.11% 18.18%6 = Don't Know 13 16.88% N/A 7 38.89% NA
TOTAL 77 18TOTAL w/o Don’t Know 64 11
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
Q16A: Short Term Savings (<=1yr)1 = Yes 3 3.90% 5.45% 0 0.00% 0.00%2 = No 52 67.53% 94.55% 11 61.11% 100.00%3 = Don't Know 22 28.57% N/A 7 38.89% NA
TOTAL 77 18TOTAL w/o Don’t Know 55 11
Q16B: Medium Term Savings (3 - 5 yrs)1 = Yes 13 16.88% 24.07% 5 27.78% 45.45%2 = No 41 53.25% 75.93% 6 33.33% 54.55%3 = Don't Know 23 29.87% N/A 7 38.89% NA
TOTAL 77 18TOTAL w/o Don’t Know 54 11
Q16C: Long Term Savings (5+ yrs)1 = Yes 13 16.88% 24.07% 1 5.56% 9.09%2 = No 41 53.25% 75.93% 10 55.56% 90.91%3 = Don't Know 23 29.87% N/A 7 38.89% NA
TOTAL 77 18TOTAL w/o Don’t Know 54 11
Q16D: No Savings 1 = Yes 25 32.47% 46.30% 5 27.78% 45.45%2 = No 29 37.66% 53.70% 6 33.33% 54.55%3 = Don't Know 23 29.87% N/A 7 38.89% NA
TOTAL 77 18TOTAL w/o Don’t Know 54 11
Q17: Org's progress in funding compliance1 = Not Budgeted 9 11.69% 11.84% 6 33.33% 37.50%2 = Budgeted, not funded 6 7.79% 7.89% 0 0.00% 0.00%3 = Partially funded 24 31.17% 31.58% 2 11.11% 12.50%4 = Fully Funded 17 22.08% 22.37% 3 16.67% 18.75%5 = Not Developing HIPAA specific budget 20 25.97% 26.32% 5 27.78% 31.25%6 = Don't Know 1 1.30% N/A 2 11.11% NA
TOTAL 77 18TOTAL w/o Don’t Know 76 16
California HealthCare Foundation
California HIPAA Implementation Survey:Appendix I.2
Q2: Workability of Consent Freq. Percent Percent w/o DK Freq. Percent Percent w/o DK1 = not workable 6 9.68% 9.68% 1 3.23% 3.33%2 7 11.29% 11.29% 5 16.13% 16.67%3 = somewhat workable 28 45.16% 45.16% 16 51.61% 53.33%4 12 19.35% 19.35% 7 22.58% 23.33%5 = very workable 9 14.52% 14.52% 1 3.23% 3.33%6 = Don't Know 0 0.00% NA 1 3.23% NA
TOTAL 62 31TOTAL w/o Don’t Know 62 30
Q3: Consent & flow of information1 = will greatly limit 4 6.45% 6.56% 3 9.68% 10.00%2 = will somewhat limit 32 51.61% 52.46% 16 51.61% 53.33%3 = will have no effect 20 32.26% 32.79% 9 29.03% 30.00%4 = will somewhat enhance 5 8.06% 8.20% 1 3.23% 3.33%5 = will greatly enhance 0 0.00% 0.00% 1 3.23% 3.33%6 = Don't Know 1 1.61% NA 1 3.23% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 30
Q5: Workability of Min. Necessary1 = not workable 2 3.23% 3.28% 2 6.45% 7.41%2 8 12.90% 13.11% 4 12.90% 14.81%3 = somewhat workable 37 59.68% 60.66% 13 41.94% 48.15%4 12 19.35% 19.67% 5 16.13% 18.52%5 = very workable 2 3.23% 3.28% 3 9.68% 11.11%6 = Don't Know 1 1.61% NA 4 12.90% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 27
Q6A: Min. Necessary & flow of info. For Delivery1 = will greatly limit 2 3.08% 3.39% 2 6.45% 6.90%2 = will somewhat limit 24 36.92% 40.68% 9 29.03% 31.03%3 = will have no effect 29 44.62% 49.15% 13 41.94% 44.83%4 = will somewhat enhance 4 6.15% 6.78% 4 12.90% 13.79%5 = will greatly enhance 0 0.00% 0.00% 1 3.23% 3.45%
Conducted Gap Assessment = Yes Conducted Gap Assessment= No(N=62) (N=31)
California HealthCare Foundation
California HIPAA Implementation Survey:Appendix I.2
6 = Don't Know 6 9.23% NA 2 6.45% NATOTAL 65 31
TOTAL w/o Don’t Know 59 29
Q6B: Min. Necessary & flow of info. For Payment1 = will greatly limit 2 3.23% 3.51% 2 6.45% 6.90%2 = will somewhat limit 19 30.65% 33.33% 10 32.26% 34.48%3 = will have no effect 27 43.55% 47.37% 11 35.48% 37.93%4 = will somewhat enhance 7 11.29% 12.28% 4 12.90% 13.79%5 = will greatly enhance 2 3.23% 3.51% 2 6.45% 6.90%6 = Don't Know 5 8.06% NA 2 6.45% NA
TOTAL 62 31TOTAL w/o Don’t Know 57 29
Q6C: Min. Necessary & flow of info. For Assessment1 = will greatly limit 6 9.68% 10.71% 2 6.45% 7.41%2 = will somewhat limit 25 40.32% 44.64% 12 38.71% 44.44%3 = will have no effect 22 35.48% 39.29% 9 29.03% 33.33%4 = will somewhat enhance 2 3.23% 3.57% 3 9.68% 11.11%5 = will greatly enhance 1 1.61% 1.79% 1 3.23% 3.70%6 = Don't Know 6 9.68% NA 4 12.90% NA
TOTAL 62 31TOTAL w/o Don’t Know 56 27
Q8.1: Regs. Clearly define Business Associates1 = Yes 42 67.74% 68.85% 15 50.00% 53.57%2 = No 19 30.65% 31.15% 13 43.33% 46.43%3 = Don’t Know 1 1.61% NA 2 6.67% NA
TOTAL 62 30TOTAL w/o Don’t Know 61 28
Q8.2: Regs. Clearly define Responsibilities1 = Yes 44 70.97% 72.13% 14 45.16% 48.28%2 = No 17 27.42% 27.87% 15 48.39% 51.72%3 = Don’t Know 1 1.61% NA 2 6.45% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 29
California HealthCare Foundation
California HIPAA Implementation Survey:Appendix I.2
Q8.3: Regs. Clearly define Agreement Provisions1 = Yes 40 64.52% 68.97% 14 45.16% 50.00%2 = No 18 29.03% 31.03% 14 45.16% 50.00%3 = Don’t Know 4 6.45% NA 3 9.68% NA
TOTAL 62 31TOTAL w/o Don’t Know 58 28
Q9.1: Cost Burden of Business Assoc. Requirements1 = small burden 4 6.45% 6.56% 1 3.23% 3.57%2 7 11.29% 11.48% 0 0.00% 0.00%3= burden neither small nor large 20 32.26% 32.79% 10 32.26% 35.71%4 17 27.42% 27.87% 7 22.58% 25.00%5 = large burden 13 20.97% 21.31% 10 32.26% 35.71%6 = Don't Know 1 1.61% NA 3 9.68% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 28
Q9.2: Time Burden of Business Assoc. Requirements1 = small burden 3 4.84% 4.92% 1 3.23% 3.57%2 4 6.45% 6.56% 0 0.00% 0.00%3 = burden neither small nor large 13 20.97% 21.31% 4 12.90% 14.29%4 17 27.42% 27.87% 11 35.48% 39.29%5 = large burden 24 38.71% 39.34% 12 38.71% 42.86%6 = Don't Know 1 1.61% NA 3 9.68% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 28
Q10: Distinction b/t Research & Health Care Ops.1 = unclear 5 8.06% 9.80% 1 3.23% 4.17%2 8 12.90% 15.69% 0 0.00% 0.00%3 = neither clear nor unclear 15 24.19% 29.41% 8 25.81% 33.33%4 18 29.03% 35.29% 7 22.58% 29.17%5 = clear 5 8.06% 9.80% 8 25.81% 33.33%6 = Don't Know 11 17.74% NA 7 22.58% NA
TOTAL 62 31TOTAL w/o Don’t Know 51 24
California HealthCare Foundation
California HIPAA Implementation Survey:Appendix I.2
Q16A: Short Term Savings (<=1yr)1 = Yes 2 3.23% 4.55% 1 3.23% 4.55%2 = No 42 67.74% 95.45% 21 67.74% 95.45%3 = Don't Know 18 29.03% NA 9 29.03% NA
TOTAL 62 31TOTAL w/o Don’t Know 44 22
Q16B: Medium Term Savings (3 - 5 yrs)1 = Yes 12 19.35% 27.91% 6 19.35% 27.27%2 = No 31 50.00% 72.09% 16 51.61% 72.73%3 = Don't Know 19 30.65% NA 9 29.03% NA
TOTAL 62 31TOTAL w/o Don’t Know 43 22
Q16C: Long Term Savings (5+ yrs)1 = Yes 10 16.13% 23.26% 4 12.90% 18.18%2 = No 33 53.23% 76.74% 18 58.06% 81.82%3 = Don't Know 19 30.65% NA 9 29.03% NA
TOTAL 62 31TOTAL w/o Don’t Know 43 22
Q16D: No Savings 1 = Yes 19 30.65% 44.19% 11 35.48% 50.00%2 = No 24 38.71% 55.81% 11 35.48% 50.00%3 = Don't Know 19 30.65% NA 9 29.03% NA
TOTAL 62 31TOTAL w/o Don’t Know 43 22
Q17: Org's progress in funding compliance1 = Not Budgeted 4 6.45% 6.56% 11 35.48% 37.93%2 = Budgeted, not funded 6 9.68% 9.84% 0 0.00% 0.00%3 = Partially funded 18 29.03% 29.51% 7 22.58% 24.14%4 = Fully Funded 17 27.42% 27.87% 2 6.45% 6.90%5 = Not Developing HIPAA specific budget 16 25.81% 26.23% 9 29.03% 31.03%6 = Don't Know 1 1.61% NA 2 6.45% NA
TOTAL 62 31TOTAL w/o Don’t Know 61 29
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
Completed Readiness Initiative = Yes Completed Readiness Initiative = No
Q2: Workability of Consent Freq. Percent Percent w/o DK Freq. Percent Percent w/o DK1 = not workable 0 0.00% 0.00% 7 8.54% 8.64%2 1 9.09% 9.09% 11 13.41% 13.58%3 = somewhat workable 7 63.64% 63.64% 37 45.12% 45.68%4 1 9.09% 9.09% 18 21.95% 22.22%5 = very workable 2 18.18% 18.18% 8 9.76% 9.88%6 = Don't Know 0 0.00% NA 1 1.22% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 81
Q3: Consent & flow of information1 = will greatly limit 0 0.00% 0.00% 7 8.54% 8.75%2 = will somewhat limit 7 63.64% 63.64% 40 48.78% 50.00%3 = will have no effect 4 36.36% 36.36% 26 31.71% 32.50%4 = will somewhat enhance 0 0.00% 0.00% 6 7.32% 7.50%5 = will greatly enhance 0 0.00% 0.00% 1 1.22% 1.25%6 = Don't Know 0 0.00% NA 2 2.44% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 80
Q5: Workability of Min. Necessary1 = not workable 0 0.00% 0.00% 4 4.88% 5.19%2 4 36.36% 36.36% 10 12.20% 12.99%3 = somewhat workable 6 54.55% 54.55% 42 51.22% 54.55%4 1 9.09% 9.09% 16 19.51% 20.78%5 = very workable 0 0.00% 0.00% 5 6.10% 6.49%6 = Don't Know 0 0.00% NA 5 6.10% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 77
Q6A: Min. Necessary & flow of info. For Delivery1 = will greatly limit 1 9.09% 9.09% 3 3.66% 3.85%2 = will somewhat limit 5 45.45% 45.45% 29 35.37% 37.18%3 = will have no effect 5 45.45% 45.45% 37 45.12% 47.44%4 = will somewhat enhance 0 0.00% 0.00% 8 9.76% 10.26%5 = will greatly enhance 0 0.00% 0.00% 1 1.22% 1.28%
(N=11) (N=82)
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
6 = Don't Know 0 0.00% NA 4 4.88% NATOTAL 11 82
TOTAL w/o Don’t Know 11 78
Q6B: Min. Necessary & flow of info. For Payment1 = will greatly limit 1 9.09% 11.11% 3 3.66% 3.90%2 = will somewhat limit 5 45.45% 55.56% 25 30.49% 32.47%3 = will have no effect 3 27.27% 33.33% 34 41.46% 44.16%4 = will somewhat enhance 0 0.00% 0.00% 11 13.41% 14.29%5 = will greatly enhance 0 0.00% 0.00% 4 4.88% 5.19%6 = Don't Know 2 18.18% NA 5 6.10% NA
TOTAL 11 82TOTAL w/o Don’t Know 9 77
Q6C: Min. Necessary & flow of info. For Assessment1 = will greatly limit 1 9.09% 10.00% 7 8.54% 9.46%2 = will somewhat limit 8 72.73% 80.00% 30 36.59% 40.54%3 = will have no effect 1 9.09% 10.00% 30 36.59% 40.54%4 = will somewhat enhance 0 0.00% 0.00% 5 6.10% 6.76%5 = will greatly enhance 0 0.00% 0.00% 2 2.44% 2.70%6 = Don't Know 1 9.09% NA 8 9.76% NA
TOTAL 11 82TOTAL w/o Don’t Know 10 74
Q8.1: Regs. Clearly define Business Associates1 = Yes 8 72.73% 80.00% 50 60.98% 63.29%2 = No 2 18.18% 20.00% 29 35.37% 36.71%3 = Don’t Know 1 9.09% NA 3 3.66% NA
TOTAL 11 82TOTAL w/o Don’t Know 10 79
Q8.2: Regs. Clearly define Responsibilities1 = Yes 8 72.73% 80.00% 51 62.20% 64.56%2 = No 2 18.18% 20.00% 28 34.15% 35.44%3 = Don’t Know 1 9.09% NA 3 3.66% NA
TOTAL 11 82TOTAL w/o Don’t Know 10 79
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
Q8.3: Regs. Clearly define Agreement Provisions1 = Yes 6 54.55% 54.55% 49 59.76% 64.47%2 = No 5 45.45% 45.45% 27 32.93% 35.53%3 = Don’t Know 0 0.00% NA 6 7.32% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 76
Q9.1: Cost Burden of Business Assoc. Requirements1 = small burden 3 27.27% 30.00% 3 3.66% 3.75%2 2 18.18% 20.00% 5 6.10% 6.25%3= burden neither small nor large 0 0.00% 0.00% 29 35.37% 36.25%4 4 36.36% 40.00% 21 25.61% 26.25%5 = large burden 1 9.09% 10.00% 22 26.83% 27.50%6 = Don't Know 1 9.09% NA 2 2.44% NA
TOTAL 11 82TOTAL w/o Don’t Know 10 80
Q9.2: Time Burden of Business Assoc. Requirements1 = small burden 3 27.27% 30.00% 2 2.44% 2.50%2 1 9.09% 10.00% 3 3.66% 3.75%3 = burden neither small nor large 1 9.09% 10.00% 15 18.29% 18.75%4 2 18.18% 20.00% 27 32.93% 33.75%5 = large burden 3 27.27% 30.00% 33 40.24% 41.25%6 = Don't Know 1 9.09% NA 2 2.44% NA
TOTAL 11 82TOTAL w/o Don’t Know 10 80
Q10: Distinction b/t Research & Health Care Ops.1 = unclear 2 18.18% 22.22% 4 4.88% 6.15%2 0 0.00% 0.00% 8 9.76% 12.31%3 = neither clear nor unclear 4 36.36% 44.44% 18 21.95% 27.69%4 2 18.18% 22.22% 23 28.05% 35.38%5 = clear 1 9.09% 11.11% 12 14.63% 18.46%6 = Don't Know 2 18.18% NA 17 20.73% NA
TOTAL 11 82TOTAL w/o Don’t Know 9 65
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
Q16A: Short Term Savings (<=1yr)1 = Yes 0 0.00% 0.00% 3 3.66% 5.00%2 = No 6 54.55% 100.00% 57 69.51% 95.00%3 = Don't Know 5 45.45% NA 22 26.83% NA
TOTAL 11 82TOTAL w/o Don’t Know 6 60
Q16B: Medium Term Savings (3 - 5 yrs)1 = Yes 0 0.00% 0.00% 18 21.95% 30.51%2 = No 6 54.55% 100.00% 41 50.00% 69.49%3 = Don't Know 5 45.45% NA 23 28.05% NA
TOTAL 11 82TOTAL w/o Don’t Know 6 59
Q16C: Long Term Savings (5+ yrs)1 = Yes 2 18.18% 33.33% 12 14.63% 20.34%2 = No 4 36.36% 66.67% 47 57.32% 79.66%3 = Don't Know 5 45.45% NA 23 28.05% NA
TOTAL 11 82TOTAL w/o Don’t Know 6 59
Q16D: No Savings 1 = Yes 4 36.36% 66.67% 26 31.71% 44.07%2 = No 2 18.18% 33.33% 33 40.24% 55.93%3 = Don't Know 5 45.45% NA 23 28.05% NA
TOTAL 11 82TOTAL w/o Don’t Know 6 59
Q17: Org's progress in funding compliance1 = Not Budgeted 0 0.00% 0.00% 15 18.29% 18.75%2 = Budgeted, not funded 1 9.09% 9.09% 5 6.10% 6.25%3 = Partially funded 2 18.18% 18.18% 23 28.05% 28.75%4 = Fully Funded 5 45.45% 45.45% 15 18.29% 18.75%5 = Not Developing HIPAA specific budget 3 27.27% 27.27% 22 26.83% 27.50%6 = Don't Know 0 0.00% NA 2 2.44% NA
TOTAL 11 82TOTAL w/o Don’t Know 11 80
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
Developed Readiness Initiative = Yes Developed Readiness Initiative = No
Q2: Workability of Consent Freq. Percent Percent w/o DK Freq. Percent Percent w/o DK1 = not workable 5 10.42% 10.42% 2 4.44% 4.55%2 6 12.50% 12.50% 6 13.33% 13.64%3 = somewhat workable 24 50.00% 50.00% 21 46.67% 47.73%4 7 14.58% 14.58% 12 26.67% 27.27%5 = very workable 6 12.50% 12.50% 3 6.67% 6.82%6 = Don't Know 0 0.00% NA 1 2.22% NA
TOTAL 48 45TOTAL w/o Don’t Know 48 44
Q3: Consent & flow of information1 = will greatly limit 4 8.33% 8.33% 3 6.67% 6.98%2 = will somewhat limit 25 52.08% 52.08% 22 48.89% 51.16%3 = will have no effect 15 31.25% 31.25% 15 33.33% 34.88%4 = will somewhat enhance 4 8.33% 8.33% 2 4.44% 4.65%5 = will greatly enhance 0 0.00% 0.00% 1 2.22% 2.33%6 = Don't Know 0 0.00% NA 2 4.44% NA
TOTAL 48 45TOTAL w/o Don’t Know 48 43
Q5: Workability of Min. Necessary1 = not workable 2 4.17% 4.26% 2 4.44% 4.88%2 8 16.67% 17.02% 5 11.11% 12.20%3 = somewhat workable 23 47.92% 48.94% 26 57.78% 63.41%4 11 22.92% 23.40% 6 13.33% 14.63%5 = very workable 3 6.25% 6.38% 2 4.44% 4.88%6 = Don't Know 1 2.08% NA 4 8.89% NA
TOTAL 48 45TOTAL w/o Don’t Know 47 41
Q6A: Min. Necessary & flow of info. For Delivery1 = will greatly limit 2 4.17% 4.35% 2 4.44% 4.76%2 = will somewhat limit 18 37.50% 39.13% 15 33.33% 35.71%3 = will have no effect 23 47.92% 50.00% 19 42.22% 45.24%4 = will somewhat enhance 3 6.25% 6.52% 5 11.11% 11.90%5 = will greatly enhance 0 0.00% 0.00% 1 2.22% 2.38%
(N=48) (N=45)
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
6 = Don't Know 2 4.17% NA 3 6.67% NATOTAL 48 45
TOTAL w/o Don’t Know 46 42
Q6B: Min. Necessary & flow of info. For Payment1 = will greatly limit 1 2.08% 2.38% 3 6.67% 6.98%2 = will somewhat limit 17 35.42% 40.48% 12 26.67% 27.91%3 = will have no effect 20 41.67% 47.62% 17 37.78% 39.53%4 = will somewhat enhance 3 6.25% 7.14% 8 17.78% 18.60%5 = will greatly enhance 1 2.08% 2.38% 3 6.67% 6.98%6 = Don't Know 6 12.50% NA 2 4.44% NA
TOTAL 48 45TOTAL w/o Don’t Know 42 43
Q6C: Min. Necessary & flow of info. For Assessment1 = will greatly limit 4 8.33% 9.09% 3 6.67% 7.69%2 = will somewhat limit 21 43.75% 47.73% 17 37.78% 43.59%3 = will have no effect 17 35.42% 38.64% 14 31.11% 35.90%4 = will somewhat enhance 1 2.08% 2.27% 4 8.89% 10.26%5 = will greatly enhance 1 2.08% 2.27% 1 2.22% 2.56%6 = Don't Know 4 8.33% NA 6 13.33% NA
TOTAL 48 45TOTAL w/o Don’t Know 44 39
Q8.1: Regs. Clearly define Business Associates1 = Yes 31 64.58% 65.96% 26 57.78% 61.90%2 = No 16 33.33% 34.04% 16 35.56% 38.10%3 = Don’t Know 1 2.08% NA 3 6.67% NA
TOTAL 48 45TOTAL w/o Don’t Know 47 42
Q8.2: Regs. Clearly define Responsibilities1 = Yes 31 64.58% 64.58% 25 55.56% 59.52%2 = No 17 35.42% 35.42% 17 37.78% 40.48%3 = Don’t Know 0 0.00% NA 3 6.67% NA
TOTAL 48 45TOTAL w/o Don’t Know 48 42
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
Q8.3: Regs. Clearly define Agreement Provisions1 = Yes 30 62.50% 65.22% 23 51.11% 57.50%2 = No 16 33.33% 34.78% 17 37.78% 42.50%3 = Don’t Know 2 4.17% NA 5 11.11% NA
TOTAL 48 45TOTAL w/o Don’t Know 46 40
Q9.1: Cost Burden of Business Assoc. Requirements1 = small burden 5 10.42% 10.87% 1 2.22% 2.33%2 4 8.33% 8.70% 3 6.67% 6.98%3= burden neither small nor large 13 27.08% 28.26% 17 37.78% 39.53%4 13 27.08% 28.26% 11 24.44% 25.58%5 = large burden 11 22.92% 23.91% 11 24.44% 25.58%6 = Don't Know 2 4.17% NA 2 4.44% NA
TOTAL 48 45TOTAL w/o Don’t Know 46 43
Q9.2: Time Burden of Business Assoc. Requirements1 = small burden 5 10.42% 10.87% 0 0.00% 0.00%2 3 6.25% 6.52% 1 2.22% 2.33%3 = burden neither small nor large 7 14.58% 15.22% 10 22.22% 23.26%4 10 20.83% 21.74% 18 40.00% 41.86%5 = large burden 21 43.75% 45.65% 14 31.11% 32.56%6 = Don't Know 2 4.17% NA 2 4.44% NA
TOTAL 48 45TOTAL w/o Don’t Know 46 43
Q10: Distinction b/t Research & Health Care Ops.1 = unclear 4 8.33% 10.00% 2 4.44% 6.06%2 4 8.33% 10.00% 4 8.89% 12.12%3 = neither clear nor unclear 15 31.25% 37.50% 8 17.78% 24.24%4 13 27.08% 32.50% 11 24.44% 33.33%5 = clear 4 8.33% 10.00% 8 17.78% 24.24%6 = Don't Know 8 16.67% NA 12 26.67% NA
TOTAL 48 45TOTAL w/o Don’t Know 40 33
California HealthCare Foundation
California HIPAA Privacy Implementation Survey:Appendix I.2
Q16A: Short Term Savings (<=1yr)1 = Yes 2 4.17% 6.06% 1 2.22% 3.23%2 = No 31 64.58% 93.94% 30 66.67% 96.77%3 = Don't Know 15 31.25% NA 14 31.11% NA
TOTAL 48 45TOTAL w/o Don’t Know 33 31
Q16B: Medium Term Savings (3 - 5 yrs)1 = Yes 8 16.67% 25.00% 10 22.22% 32.26%2 = No 24 50.00% 75.00% 21 46.67% 67.74%3 = Don't Know 16 33.33% NA 14 31.11% NA
TOTAL 48 45TOTAL w/o Don’t Know 32 31
Q16C: Long Term Savings (5+ yrs)1 = Yes 8 16.67% 25.00% 5 11.11% 16.13%2 = No 24 50.00% 75.00% 26 57.78% 83.87%3 = Don't Know 16 33.33% NA 14 31.11% NA
TOTAL 48 45TOTAL w/o Don’t Know 32 31
Q16D: No Savings 1 = Yes 14 29.17% 43.75% 15 33.33% 48.39%2 = No 18 37.50% 56.25% 16 35.56% 51.61%3 = Don't Know 16 33.33% NA 14 31.11% NA
TOTAL 48 45TOTAL w/o Don’t Know 32 31
Q17: Org's progress in funding compliance1 = Not Budgeted 3 6.25% 6.38% 11 24.44% 25.58%2 = Budgeted, not funded 4 8.33% 8.51% 2 4.44% 4.65%3 = Partially funded 14 29.17% 29.79% 11 24.44% 25.58%4 = Fully Funded 13 27.08% 27.66% 7 15.56% 16.28%5 = Not Developing HIPAA specific budget 13 27.08% 27.66% 12 26.67% 27.91%6 = Don't Know 1 2.08% NA 2 4.44% NA
TOTAL 48 45TOTAL w/o Don’t Know 47 43
California HealthCare Foundation
California HIPAA Privacy Implementation Survey: Appendix J. Characteristics of Survey Respondents Prepared for the California HealthCare Foundation Prepared by National Committee for Quality Assurance and Georgetown University Health Privacy Project April 2002
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 2
Appendix J: Characteristics of Survey Respondents There were 420 organizations identified for the survey, of which 416 were still in business at the time of the survey. These organizations were classified as Hospitals, Physician Groups, Payors, and Others (defined as Disease Management Organizations, Researchers, and other organizations believed to be impacted by HIPAA regulations). One hundred surveys out of the 416 were completed, yielding an overall response rate of 24% for the survey. Of non-respondents who could be reached, many provided reasons for not participating in the survey when asked. Twenty-four respondents stated that they did not believe their organization would be impacted by HIPAA regulations. Fifty percent of these responses were from Physician Group non-respondents, and 47% of these responses were from Disease Management Organization non-respondents. Other common reasons given for non-participation were “no time” to do the survey or that the respondent “doesn’t do surveys.” Hospitals constituted 29% of the total number of completed surveys, followed by Payors and Others (each 26% of total). Physician Groups constituted 19% of the total number of completed surveys. Hospitals represented in the sample tended to be large community hospitals. Of the 29 Hospitals, 18 (63%) were Community, 8 (27%) were Academic, and 3 (10%) were Rural. Sixty-three percent of the Hospital respondents represented hospitals with 300 or more beds, 27% were from hospitals with 100 to 299 beds, 7% were from hospitals with 50 to 99 beds, and 3% were from hospitals with fewer than 50 beds. Physician Groups represented in the sample tended to be mostly multiple specialty groups with more than 100 physicians. Multiple specialty physician groups comprise 84% of Physician Group responses, while single specialty groups comprise 16% of Physician Group responses. Seventy-four of Physician Group responses were from groups with a size greater than 100; 10% were from groups of 31 to 100, and 16% of physician responses were from groups with fewer than 30 physicians. Fifty percent of Payors were either partially or exclusively Medicaid Payors, while 46% were either Commercial or Commercial and Medicare. Fifty percent of Other respondents represented Disease Management Organizations, and 46% were from Other organizations. Only 1 respondent was classified as Researcher. Twelve respondents classified as Other represented organizations such as: clearinghouses, corporate offices for a system of hospitals, employee benefit consulting firms, behavioral health care organizations, medical groups/medical management groups, and online companies.
California HIPAA Privacy Implementation Survey: Appendix K. List of Survey Respondents Prepared for the California HealthCare Foundation Prepared by National Committee for Quality Assurance and Georgetown University Health Privacy Project April 2002
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 2
Appendix K: List of Survey Respondents Organization City State Adventist Health Roseville CA Aetna Hartford CT Alameda Alliance for Health Alameda CA American Healthways Nashville TN Brown & Toland Physician Services Org. San Francisco CA California Pacific Medical Center San Francisco CA CalOptima Orange CA CareCounsel San Rafael CA Catholic Healthcare West Corporate San Francisco CA Cedars-Sinai Medical Center Los Angeles CA Central California Faculty Medical Group Fresno CA Central Valley General Hospital Hanford CA Childrens Hospital Los Angeles Hollywood CA Chinese Community Health Plan San Francisco CA Community Health Group Chula Vista CA Community Hospital of Gardena Gardena CA Core Solutions Buffalo Grove IL Desert Regional Medical Center Palm Springs CA Epic Management Redlands CA Esoterix Inc. Brentwood TN EXCEL MSO, LLC San Jose CA General/ St Joseph Hospital Eureka CA Healinx Corporation Emeryville CA Health Hero Network, Inc. Mountain View CA Health Net, Inc. Woodland Hills CA Health Plan of San Joaquin Stockton CA Health Plan of San Mateo San Francisco CA Health Plan of the Redwoods Santa Rosa CA HealthCare Partners Medical Group Torrance CA Hill Physicians San Ramon CA Hoag Memorial Presbyterian Hospital Newport Beach CA Huntington Beach Hospital Huntington Beach CA Huntington Memorial Hospital Pasadena CA Inland Empire Health Plan San Bernardino CA Intervalley Health Plan Pomona CA I-Trax, Inc. Philadelphia PA Kaiser Permanente Oakland CA Kern Health Systems Bakersfield CA L.A. Care Health Plan Los Angeles CA La Maestra Family Clinic, Inc. San Diego CA LifeMasters Supported Self Care Newport Beach CA Los Angeles Free Clinic Los Angeles CA
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 3
Marin General Hospital Greenbrae CA MedPOINT Management Woodland Hills CA Menifee Valley Medical Center Sun City CA Merck-Medco Franklin Lake NJ Meridian Healthcare Management Woodland Hills CA Molina Healthcare Long Beach CA MSO of Sharp Community Medical San Diego CA Network Medical Management, Inc. Alhambra CA North American Medical Management CA, Inc. Ontario CA On Lok Senior Health Services San Francisco CA Pacific Partners Mgmt. Services, Inc. Foster City CA PacifiCare Health Systems Cypress CA Palo Alto Medical Foundation Palo Alto CA Paradigm Health Corp. Concord CA Physician Associates of the Greater San Gabriel Valley Pasadena CA Premera Blue Cross Mountlake Terrace WA Prospect Medical Group Santa Ana CA Qmed Inc. Laurence Harbor NJ Quintiles Transnational Corp Durham NC RAND Health Santa Monica CA Redwood Coast Medical Services Gualala CA Resolution Health, Inc. San Jose CA Riverside County Regional Medical Center Moreno Valley CA RMS Disease Mgmt McGaw Park IL RxHub LLC St Paul MN Saint Joesphs Hospital Orange CT Salinas Valley Memorial Hospital Salinas CA San Antonio Community Hospital Upland CA San Francisco Health Plan San Francisco CA San Jose Good Samaritan Medical Group San Jose CA Santa Clara Family Health Plan San Jose CA Santa Cruz Womens Health Center Santa Cruz CA Sante Health System Inc. Fresno CA SCAN Health Plan Long Beach CA Scripps Mercy Hospital San Diego CA Serenity Senior Support Services Daly City CA Sharp Health Plan San Diego CA Sharp Home Health Care San Diego CA Sonora Community Hospital - Adventist Health Sonora CA St. Bernardine Medical Center San Bernardino CA St. Agnes Medical Center Fresno CA St. Joseph Health System Santa Rosa CA St. Joseph Heritage Health Foundation Fullerton CA Stanford University Medical Center Stanford CA Sun Health Care Group Albuquerque NM
California HIPAA Privacy Implementation Survey/California HealthCare Foundation 4
Tarzana Treatment Centers, Inc. Tarzana CA Torrance Hospital Independent Practice Assn. Torrance CA Towers Perrin San Francisco CA Tri-City Regional Medical Center Hawaiian Gardens CA UC Davis Health System Sacramento CA UCSD Health Sciences San Diego CA UHP Healthcare Inglewood CA United Health Care Edina MN Universal Care, Inc. Signal Hill CA University Affiliates Medical Group IPA Alhambra CA University of California San Francisco San Francisco CA WellMed, Inc. Portland OR Wellpoint (BCCA) Thousand Oaks CA