Meeting Three

How to Upload Business Associate Agreements/Vendor Confidentiality Agreements to a Vendor Profile

Upon receiving back your vendor agreements you will need to upload them back into The Guard. First, you will want to hover over ‘Accounts’ and then select ‘Vendors’ from the drop down which shows.

Accounts and Vendors

Scroll toward the bottom of that screen so you can see the vendor you wish to add the agreement for. Click on their name beneath ‘Modify/View a Vendor’ so their name highlights black. Then, click ‘View Selected Item’ to the bottom-left in order to bring their information to the top of the screen.

modify view vendor

vendor details

With that Vendor’s profile now loaded beneath ‘Vendor Details,’ click the tab labeled ‘Contracts’ found mid-screen and select ‘Upload New Document.’

add baa to vendor prof

A yellow window will now appear. Within this yellow window you will click ‘Choose File’ to find where the document is on your computer. The ‘Enactment Date’ would be the day the agreement was signed off on and the ‘Review Date’ would be one year after that ‘Enactment Date.’ Leave the box which asks if you’d like this to be readable by all users blank. You do not want this readable by all users. Finally, within the ‘Description’ field you will enter a pre-fix of BA ahead of the Organization name for a Business Associate Agreement, and the name of the individual enter your Facility for a ‘regular’ Vendor who has returned a Confidentiality Agreement.

How to build the Framework for your Remediation Plans

Upon answering the questions within your self-audits, The Guard automatically checked them against the HIPAA Rule and found your Organization’s deficiencies (also known as gaps).

gaps progress bar

In order to fix these deficiencies we will need to develop remediation plans along with you. To start, you will only be setting up the skeleton for the plan which will fix each gap found. In order to set up the framework for this remediation plan, you will want to hover over ‘Auditing’ and select ‘Remediation Plans’ from the drop down which shows.

auditing remed plans

The page which loads defaults to the ‘Notes’ tab found mid-screen. For that reason the Gaps won’t stand out to you until you click the corresponding tab next to ‘Notes.’ It is labeled ‘Gaps.’

notes tab

gaps tab

Within the Gaps tab you will need to avoid clicking the ‘All>>’ key. The reason is that the Government wants to see that you are addressing each and every Gap with it’s own plan. Instead of clicking ‘All>>,’ utilize the ‘Sel >’ key after highlighting the top-most gap found beneath ‘Unassociated/Open Gap Items’ This will move the Gap from the ‘Unassociated/Open Gap Items’ field to the ‘Associated Gap Items’ field.

unassociated gaps

associated gaps

You will find that toward the top of the screen, next to ‘Remediation Plan Title,’ the name for that plan auto-populates to spare you from having to type that in.

gaps fill fields

Type in the Full Name of the person who it will be ‘Assigned To’ and then insert their e-mail address. The ‘Start Date’ and ‘End Date’ were both dates discussed along with you via your Compliance Coach. Please contact your Coach if you need a refresh on which dates to utilize. Now, avoid clicking ‘Mark Complete/Gaps Resolved,’ and instead click ‘Save Remediation Plan’ to your left-hand side. The framework for this plan has now been built.

remed set up cont

Keep following this exact same process, moving gaps over one at a time, until all of them have been saved to a remediation plan and no more show beneath the ‘Unassigned/Open Gap Items’ field.

remed set up cont 2

How to Change Policy Templates within The Guard so that they are Unique to your Organization

After setting up your remediation plans you will want to convert the policy templates built within The Guard over to ones which are unique for your Organization. First, minimize your browser and create two unique file folders on your desktop.

security and privacy folders 2

Title one ‘Security’ and title the other ‘Privacy.’ Now you will want to come back to The Guard and access the templates by hovering over ‘Tracking’ and selecting ‘Documents (Version Control)’ from the drop down which shows.

docs vers ctrl

The ‘Document Repository’ will automatically open to the folder you would want to start with, ‘Security Policy.’ Click on the title of the top policy you now see mid-screen so it highlights black and download the file to your computer by clicking ‘View Selected Item’ to the bottom-middle of your screen.

modify policy templs

Drag and drop the file from your download folder into the corresponding Security/Privacy folders you just created on your computer.

move items to folder

Once the file is in the correct folder, open the document in your word processor so you can modify the template version to be more unique. The top portion is just a disclaimer, stating if you want an Attorney to review this policy prior to implementing it, to feel free. Delete that prior to finalizing the policy.Policy Disclaimer

Next to ‘Organization Name’ you can drag and drop a logo in (if you have one). Otherwise, just go ahead and type in your Organization name as normal.

Policy Org Name

The following portion of the document will be handy for you when moving from template to template, as the information will be the same. Next to ‘Issue Date’ and ‘Effective Date’ please follow the dates as provided to you by your Compliance Coach. They should both be the exact same day. Next to ‘Responsible for Review’ you would insert your name. ‘Review Dates’ vary by State. Most States require the policy be reviewed in two years. This is with the exception of New York, California, Texas, Massachusetts, Michigan and Florida, where the ‘Review Date’ is one year after the ‘Issue/Effective’ dates.

policy dates

From this point, you will want to be sure to read the document thoroughly. Please highlight in red any area on the document which you find confusing, concerning, or want further clarification on. Then, you will save the document on your computer until you review it along with your Compliance Coach. Don’t attempt to upload it back to The Guard yet.

priv policies

Be sure to follow this same process for all 16 of the policies found within the Security Policy folder, as well as the 21 policies you will find within the Privacy Policy folder.

Here’s what to have prepared for your next meeting

Please be sure to have reviewed all policies and highlighted any areas of concern in red.

Please be sure to have uploaded all BAA’s/Vendor CA’s as explained above.

Please be sure to have built the framework for all your remediation plans/gaps.