During your first session your Compliance Coach assigned you some audits to complete for this second meeting. For the beginning of this second session you will be shown how to place those completed External Audits back into The Guard. Several other topics will be discussed as well. Read below for further details.
Uploading External Audits Back to The Guard:
Note for Multi-Site Facilities –
There is pretty much one, and only one time where you would need to switch off of your ‘Main’ site. This is to upload your manual audits.
Upon login, you are asked which site you would like to enter. Click the dropdown which shows and select the intended facility. From there, hit ‘Click to Login’ and you will be inside that alternative location. Please follow the same steps to upload your manual audits as instructed for your ‘Main’ location in these secondary locations.
Amongst the tabs seen above the Dashboard, please hover over ‘Tracking,’ and click ‘Document(s) Version Control.’ You are now in The Guard’s ‘Document Repository.’
When you click any given folder to your left-hand side it will show green to indicate it is open. For purposes of uploading External Audits, please click the folder to your left-hand side titled ‘HIPAA Manual Audits’ so that it indicates it is open. Then you will want to click ‘Upload’ to the bottom-left to bring up the yellow upload window.
Next to ‘Local File’ you can click ‘Choose File’ to find where the document is on your computer. ‘Document Title’ and ‘Description’ would be the same as the title of the document being uploaded. The ‘Enactment Date’ would be the day the audit was completed and the ‘Review Date’ would be one year following. Leave the check box blank, since we do not want everyone reading this document. Finally, click ‘Upload Document’ to place the Audit into The Guard.
While within the ‘Document Repository’ it is worth mentioning that every member of your direct staff would need to sign a Confidentiality Agreement. I’d recommend having each member of the staff physically sign the statement, putting ink to paper. This is with the intent of scanning all the documents at once, creating a big bulk file. This way, you can upload one big file, instead of in a singular manner for each and every employee.
Please upload the signed staff Confidentiality Agreements to the folder labeled ‘Confidentiality’ directly above the one titled ‘HIPAA Manual Audits.’ If this folder is not present for you, you can click ‘New’ (next to ‘Upload’), enter ‘Confidentiality Agreements’ in the open field and click ‘Create Folder’ to add this folder within The Guard.
While you have the ‘Confidentiality’ folder open, click on upload again
While filling out the yellow window there are only subtle differences as to what data you enter. You would still click ‘Choose File’ in order to find that file on your computer. The title is a place where you want to be extremely apparent in what you are doing. For example, type in ‘This is Everyone’s CA’s’. Copy/paste that down to the ‘Description’ field to match the ‘Title’. The ‘Enactment Date’ is the day the last person provides you their signed agreement. The ‘Review Date’ is where is gets a little strange. The Government doesn’t particularly care about these CA’s being reviewed. However, the Guard views the ‘Review Date’ as a mandatory field, which we must fill. For that reason, place the year out as far as your able (2037) and hit ‘Upload Document’.
At a point, each and every member of your staff will go about logging into the Guard for the purposes of attesting to the policies and training pieced together along with your Coach. What we want to do is a little bit of preparatory work in anticipation of this, so it’s not a headache when you transition over to training. This work includes creating profiles for your employees with only 3 little bits of data. It is very simple to do.
First, please navigate to your fifth tab in, Administration, and select the option for Users and Access Control.
Next to Full Name, enter in the employees name First, then last.
Next to Email Address (Login), enter in that employee’s email. It is okay to use a personal one here. No compliance issue to be had, since thee’s no sharing of PHI here.
Next to Password, just give a default password of password in all lower case. This will give you an easy one to reset to if anyone ever forgets theirs. Also, this allows them easy first-access and the ability to make it unique upon logging in.
Now, skip all the stuff in the middle – access roles, job roles – You don’t care about any of that. Instead, just skip down to where it says Save Information and click there. This employee has now been added to the Guard as a User.
With that completed, you will now want to shift your concentration toward your Associates.
First off, let’s discuss Business Associates –
A Business Associate is anyone you pay money to for a specific task and they will be working with Patients’ P.H.I. (Protected Health Information) as part of the reason for why you hired them. They are not your direct employees but they do utilize P.H.I. as the reason for why you hired them. Examples of common Business Associates are establishments such as a Clearinghouse, a Billing Service, a Collection Agency, Storage Companies, IT Services, EHR Platforms, Consultants and Shredding Companies.
Further explanation – A Business Associate can be thought of as a third party you hire for a task you could theoretically perform in-house but it may be more cost effective, or convenient for you to outsource these tasks. For example, you could perform your own billing, but this is time consuming. Instead you outsource this, making that Organization with whom you now share PHI obliged to sign a BAA.
If you are a Covered Entity you will be sending the BAA for CE to your Business Associates.
If you are a Business Associate you will be sending the BAA for CE to any of your clients who did not already provide you one. For your downstream BA’s (partners), you will be sending the document titled BAA for BA.
Best Examples of those who should receive a BAA for BA – Third party backup facilities, IT partners you may work alongside with, Consultants with access to PHI (such as developers), Industrial Shredders, Phone providers for VOIP, and Cloud services (such as Box, DropBox, AWS).
Now, there are other folks you will work with who are not in your direct employ but are paid for a specific task which does not involve them utilizing P.H.I. However, there is a risk of exposure to P.H.I. due to their presence in the building. They may see or hear sensitive information which is not meant for them. For each and every one of these individuals who enters your facility you would want to ensure you have a Confidentiality Agreement in place. A couple of good examples of a regular Vendor is someone such as a member of a Janitorial Staff, a Contractor, Landlords for leased spaces, Drug Reps (if they come behind the counter), or Shared Work Environments. Whether you are a CE or BA, the above applies and the document which is to be signed is titled the HIPAA Confidentiality Agreement Form.
Last fact to consider when developing your vendor list is the concept of Treatment, Payment or Operations. Certain entities do not need any sort of agreement in place based on what they do for you. Anything that affects your ability to treat your patients, receive payment, or carryout healthcare operations does not require a BAA or CA. Examples include Giant insurance Companies like Blue Cross Blue Shield, United Healthcare, but also this trickles down to Labs worked alongside with, frame fitters, lens manufacturers, latex glove suppliers. None of these need agreements in place.
PHEW!!! Now that we’ve discussed that, let’s get into how to use the system –
To start, navigate to your first option, Associates –
I will now post a picture with all the mandatory fields filled in –
Now, let’s say that that Company of Fake is super diligent. They sign that BAA lickety-split, get it back to you and you’re just staring at your document saying, “What do I do with this thing now?” We’re going to actually affix the document to the profile which was built.
From the Local File field, click Choose File to locate the document on your computer. The Enactment Date is the day the agreement was signed. The Review Date is one year following the Enactment. Ignore the check box. In the Description field enter in the name of the Associate and hit Upload Document. Important Note! – After hitting Upload Document, ensure you click Update Vendor below the green button to save your changes.