Please answer TWO the following five questions.
1. Who would you include on a steering committee that is responsible for ongoing HIPAA privacy compliance? Who should lead this committee?
2. What type of ongoing educational activities would you provide for the workforce of your organization to facilitate compliance with the HIPAA privacy rule? Who would be included in these educational activities?
3. How would you ensure that you have identified all of your organization’s current business associates and developed business associate agreements with them?
4. As the privacy officer for a covered entity, you are aware that protected health information has been accessed by an unauthorized individual. What type of analysis will you conduct to determine whether it constitutes a “breach” under HIPAA?
5. Do you believe that the twelve “public interest and benefit” exceptions to the authorization requirement are warranted? Do you believe that any of these exceptions should require the patient’s authorization under the HIPAA Privacy Rule?