Internet data line in laptop

HHS SPI (SECURITY AND PRIVACY INITIAL INQUIRY)

A Review of the Texas HHS SPI - Section B Part 2

Table of Contents

Introduction

This week concludes part B of the Security and Privacy Initial Inquiry (SPI) and is much shorter than the preceding sections (phew!).  This section deals with data protection for the IDD Workforce in the work place, safeguards and practices.

As usual, we must point out that these blogs/articles (including those relating to the SPI and DUA series) are informational. It is the reader’s responsibility to read the root documents for themselves and/or seek understanding and clarification from appropriate experts in the field. We’re excited to announce that Focused Software now offers ancillary consulting services to help you navigate your regulatory questions – call and ask! 

General Comments

For any questions answered “No” an Action Plan for Compliance with a Timeline must be documented in the designated area below the question. The timeline for compliance with HIPAA-related requirements for safeguarding Protected Health Information is 30 calendar days from the date the SPI form is signed. Compliance with requirements related to other types of Confidential Information must be confirmed within 90 calendar days from the date the SPI is signed.

The HHS IDD Operations Portal is in the beta testing phase! Make sure that your client forms are securely stored, easily retrievable and in an electronic format that allows you to send documents through the Portal without hunting for paperwork and printing reams of paper!

Questions 1

#1. This question was dealt with in last week’s blog. 

Question 2

#2. Does Applicant/Bidder have a current Workforce training program?

Discussion:

Discussion: Training of Workforce must occur at least once every year, and within 30 days of date of hiring a new Workforce member who will handle Texas  HHS CI. Workforce includes you, your employees, your subcontractors, your volunteers, your trainees, and any other persons under you direct supervision. We can help with training guides, assessments, questionnaires, and other tools for training – call and ask.

Training must include: 

(1) privacy and security policies, procedures, plans and applicable requirements for handling Texas HHS CI, 

(2) a requirement to complete training before access is given to Texas HHS CI, and 

(3) written proof of training and a procedure for monitoring timely completion of training.

Question 3

#3. Does Applicant/Bidder have Privacy Safeguards to protect Texas HHS CI in oral, paper and/or electronic form?

Discussion:  The “Privacy Safeguards” standard assures the privacy of PHI by requiring covered entities to reasonably safeguard PHI from any intentional or unintentional use or disclosure in violation of the Privacy Rule. The safeguards requirement, as with all other requirements in the Privacy Rule, establishes protections for PHI in all forms: paper, electronic, and oral. Safeguards include such actions and practices as securing locations and equipment; implementing technical solutions to mitigate risks; and workforce training.

The Privacy Rule’s safeguards standard is flexible and does not prescribe any specific practices or actions that must be taken by covered entities. This allows entities of different sizes, functions, and needs to adequately protect the privacy of PHI as appropriate to their circumstances.

This means protection of Texas HHS Confidential Information by establishing, implementing and maintaining required Administrative, Physical and Technical policies, procedures, processes and controls, required by the DUA, HIPAA (45 CFR 164.530), Social Security Administration, Medicaid and laws, rules or regulations, as applicable.

  • Administrative safeguards include administrative protections, policies and procedures for matters such as training, provision of access to CI, restriction/termination of access to data and/or hardware used for CI, and review of safeguards, incident management, disaster recovery plans, etc. 
  • Technical safeguards include technical protections, policies and procedures for things such as unique username/password credentials, failed login lockout, setting pdf apps/printers so they not retain recent documents, how paper is faxed or mailed, and electronic protections such as encryption of data. 
  • Physical safeguards include physical protections, policies and procedures, such as locks, keys, physical access, physical storage and shredding documents as well as proper disposal of discarded material that may contain CI.

Question 4

#4. Does Applicant/Bidder and all subcontractors (if applicable) maintain a current list of Authorized Users who have access to Texas HHS Confidential Information, whether oral, written or electronic?

Discussion: A current and accurate list of all staff (including direct care), subcontractors, vendors etc with access to a provider’s CI must be kept at all times. This is an essential item. A part of any employee termination procedure should include immediate denial of access to CI as well as removal from the Authorized Users list. 

Question 5

#5.  Does Applicant/Bidder and all subcontractors (if applicable) monitor for and remove terminated employees or those no longer authorized to handle Texas HHS CI from the list of Authorized Users?

Discussion: This is referenced above and, again, is critical. Focused Software gives you an easy one step inactivation so you can deny access to individuals who have lost Authorized User status in seconds!

Until Next Time.....

Stay tuned – remember Focused Software is here for you! Our blog next week will cover section C of the SPI.  Contact us today – we’ll be happy to provide a free, no-obligation demonstration of the Focused Software Electronic Health Record, discuss provider operations and brainstorm with you so you feel confident complying with the SPI and DUA requirements.

Call NOW – (281) 884 3537 ext. 117

Focused Blog List

2022 (1)
  • May 8 | Office Housework Dilemma (IDD Business Management, Uncategorized)
    There is just ONE step you can take TODAY that will almost certainly guarantee the successful implementation of an EHR in your IDD service business. This way is to the fastest and broadest rollout possible. Read our blog to find out what it is!
2020 (1)
  • March 15 | Planning For COVID-19 Information for Long Term Care Facilities (IDD Clinical Care, Intellectual or Developmental Disability – Character and Wellness)
    COVID-19: INFORMATION FOR LONG TERM CARE PROVIDERS The CDC and Texas HHS are reliable sources for helpful steps on how you can try and protect your staff and clients from the COVID-19 virus. As such, we will point you straight to helpful articles from these agencies so you and your team can be proactive in […]
2019 (19)
  • December 21 | Managed Care and the IDD Service Provider (IDD Business Management)
    The myth of the natural born leader can have particularly dangerous effects in the IDD/Special Needs service arena as many owners/execs struggle to lead their organizations through times of significant industry change and cut backs. Administrators in IDD care need to commit to putting in the time and effort needed to become better leaders so these companies offering vital care services to this vulnerable population do not fail.
  • September 1 | GROWING A STRONG DIRECT CARE WORKFORCE (IDD Business Management)
    The turnover rate of direct care staff (DCS) among companies providing care in the community can range from 44-166% of staff each year! Every owner/administrator knows they cannot provide services without direct care staff but very few companies have successfully managed to retain large numbers of these essential members of the healthcare team. Here we cover 10 proven strategies for successfully retaining your direct cares staff.
  • July 28 | Getting Things Done For Busy Developmental Disability Service Providers (IDD Business Management)
    Providers who serve people with intellectual or developmental disabilities are some of the busiest people I know. Here we review David Allen’s “Getting Things Done” system widely described as effective, simple, timeless and can be done anywhere, anytime on paper or even on your smartphone. Let’s get productive!
  • June 30 | Problem Solving For LTSS Providers (IDD Business Management, Intellectual or Developmental Disability – Character and Wellness)
    When was the last time you had no fires to put out at work? Have Sunday nights simply become miserable preludes to manic Monday mornings? Problems and bad habits can be changed. Changing your (work) life takes humility, maturity, thought and effort but you’re totally worth it and you can do it. And we’re here to help!
  • June 16 | Billing and Payment Review Survival Guide for IDD Providers (IDD Business Management, IDD Regulatory)
    Billing and Payment Reviews (AKA Financial Audits) don’t have to be scary events for IDD service providers. Maintaining accurate and compliant documentation at all times will help you face any auditor at any time with confidence. Let us show you how!
  • June 2 | How to Overcome Your Fear of Change at Work (IDD Business Management, Intellectual or Developmental Disability – Character and Wellness)
    Many of us desperately crave change at work — yet we are uncomfortable and terrified when it occurs. Learn how to overcome your fear of change at work and welcome it as source for career growth.
  • May 26 | Measuring IDD Service Success (IDD Business Management)
    Measuring the success of an IDD service company is critical to business growth. If you don’t know how well you’re doing compared to last year’s profits or even how you’re doing compared to your competitors then you’re missing vital information. Learn the key measures of success you should be tracking in this article.
  • May 5 | Workflow Process Improvement for Long Term Care (Uncategorized)
    Workflow improvement for long term services and supports is a do-or-die decision for all companies that serve people with IDD/Special Needs. The current industry environment of increased regulatory and documentation requirements, cost cutting and direct care staff shortages mean continuous improvements are critical.
  • April 21 | Workflow Redesign for Special Needs Agencies (Uncategorized)
    Workflow redesign is the 3rd optimization step. We create solutions to inefficiencies (see last blog), improve quality metrics and revenues as well as our capacity to serve an increased number of people with IDD.​
  • April 7 | IDD Service Workflow Analysis (IDD Business Management)
    We have learned how to prioritize which of our many business processes to map out for the biggest and quickest impact. Now we look into asking the right questions in IDD service workflow analysis so we clearly identify key problems that decrease our efficiencies and cost the company time and money! Let’s get started.
  • March 24 | IDD Service Workflow Optimization (IDD Business Management)
    Every business on earth follows repetitive processes to get work done; this includes companies serving people with IDD/special needs. Optimizing these processes is essential for the survival and growth of every business. Learn how to optimize specifically chosen processes in your business to increase profits and efficiency, decrease waste and make work more enjoyable for you, your staff and your clients.
  • March 10 | Sexual Harassment in the IDD Workplace (IDD Regulatory)
    Employers are responsible for handling complaints of sexual harassment in the intellectual or developmental disability workplace. The consequences of delayed or inappropriate response can be significant for the victim and employer.
  • February 24 | The Art Of Compromise In The IDD Workplace (IDD Business Management)
    In today’s IDD service industry, it is almost impossible to run an organization without compromising due to the complexities of dealing with state regulators, guardians, staff, colleagues, third party vendors and clients. Compromising well is a vital skill that all IDD service leaders need to acquire. Read on for more.
  • February 10 | Lessons From A(nother) Government Shutdown (IDD Business Management)
    For the IDD service provider government shutdowns can have significant direct and indirect impact. Similar to natural disaster preparedness you should ensure that your business has a well thought-out plan for dealing with government shutdowns and other high-impact financial challenges.
  • February 3 | Strategic Marketing For IDD Service Providers (IDD Business Management)
    Here we review the final step in strategic marketing for IDD service providers – the who, what and where of our marketing plan. This delineates exactly how our team will ensure that we reach the right potential clients with the right message.
  • January 27 | Setting Marketing Goals For Success (IDD Business Management)
    How do you identify candidates that possess the skills you need AND fit in with your company culture? Ask the right questions! Read on for vital issues to consider and questions to ask to help ensure you hire right!
  • January 20 | Developing Marketing Plans For IDD Companies (IDD Business Management)
    Marketing plans may seem complicated but they can be as short as one page. An IDD marketing plan seeks to answer one question. Find out what this question is AND how to draft a straightforward marketing plan tailor-made for your IDD service company.
  • January 13 | The ONE Step To SURE Success Launching Your EHR (IDD Business Management)
    There is just ONE step you can take TODAY that will almost certainly guarantee the successful implementation of an EHR in your IDD service business. This is the fastest way to guarantee rollout possible. Read our blog to find out what it is!
  • January 6 | Sex, Sexuality and People with IDD (Intellectual or Developmental Disability – Character and Wellness)
    Sex and sexuality can be difficult topics to discuss. However it is essential to assist people served to make wise choices. Here we give you practical help in addressing this vital issue while protecting your clients.
2018 (41)
  • December 16 | Finding The Right IDD Service Staff – The Interview (IDD Business Management)
    How do you identify candidates that possess the skills you need AND fit in with your company culture? Ask the right questions! Read on for vital issues to consider and questions to ask to help ensure you hire right!
  • December 9 | Finding The Right IDD Service Staff – Essential Prep​ (IDD Business Management)
    You’ve decided you need more staff for your IDD service company – great! Remember finding the right staff involves doing the prep work BEFORE you begin the search for candidates to avoid hiring catastrophes and company culture ‘misfits’. Our blog has crucial details you need to know!
  • December 2 | 7 Questions To Ask Before Hiring New Staff (IDD Business Management)
    Employees are one of the most important parts of your IDD Service enterprise. Determining if hiring new staff is the best move for your business is critical. Let’s learn what questions to ask before we put out those ads for new staff!
  • November 25 | Prioritizing Work When Everything Is An Emergency (IDD Business Management)
    IDD service providers are some of the busiest people around and it doesn’t look like things are slowing down any time soon! If you feel like you’re constantly putting out fires at work yet never getting enough done – this blog is for you! Learn about prioritizing work – taking back control of deadlines and your life!
  • November 18 | Giving Thanks For IDD Service Vendors (IDD Business Management)
    IDD service providers use vendors for encrypted email, EHRs, accounting etc. Choosing the right vendors is critical for your success. Here you’ll find out exactly what you need to know so you can hire companies or individuals that are aligned with your goals. They’ll make you want to give thanks all year round!
  • November 11 | Marketing IDD Services and Supports (IDD Business Management)
    Client choice is incredibly important in the world of IDD services and supports. This includes their choice of service provider. Marketing for IDD Providers is essential. Learn how your organization can differentiation itself from the crowd so you can serve more people with IDD with your special brand of TLC!
  • November 4 | Social Media for the IDD Service Provider (IDD Business Management)
    Social media 101 for IDD Service Providers – almost 90% of US businesses use social media for marketing. Is your IDD service agency using this vital tool as effectively as it can? Do you know the pitfalls to avoid? Read this blog for critical information that will help your business get social media done right!
  • October 28 | SPI Section C – Electronic Systems For IDD Service Providers (IDD Regulatory)
    Section C of the SPI deals with electronic systems used to house patient confidential information (inc. PHI). As this involves using cellphones, tablets, laptops, electronic voicemail etc it impacts virtually everyone. Read our blog for critical information on how to keep your patient data safe and direction on the recent cybersecurity requirements.
  • October 21 | SPI Review – Section B Part 2 (IDD Regulatory)
    Here we finish reviewing section B of the SPI (Security and Privacy Initial Inquiry). This section deals with Workplace and Workforce safeguards and practices.
  • October 14 | HHS SPI Section B Part 1 (IDD Regulatory)
    We review the first part of section B of the latest version (v2.1 06/2018) of the Texas HHS SPI which deals with Policies and Procedures! Come and learn about it so you can ensure all of bases on YOUR Policies and Procedure!
  • October 7 | SPI (Security and Privacy Inquiry) – Section A (IDD Regulatory)
    We review the latest version (v2.1 06/2018) of the Texas HHS SPI (Security and Privacy Inquiry). Fee-For-Service Long Term Care and IDD providers must have copies of this document on file with the state. Here we go over some salient points in section A.
  • September 28 | BUDDY WALK NYC NDSS 2018 (Intellectual or Developmental Disability – Character and Wellness)
    A first hand report on the 23rd Annual NYC Buddy Walk® in Central Park! The National Down Syndrome Society (NDSS) and nearly 2000 others came together to raise awareness, help gain acceptance and promote inclusion of all people with Down Syndrome.
  • September 23 | CMS EHR PROMOTING INTEROPERABILITY (IDD Business Management)
    The CMS EHR Incentive Programs has been renamed the CMS ‘Promoting Interoperability (PI) Programs’. Designed to incentivize healthcare facilities to use EHRs to achieve quality goals and making CMS payments dependent on achieving these targets. How long until YOUR IDD/Special Needs operations are affected?
  • September 16 | Top 5 Texas Home Living Citations (TxHmL) Part 2 (IDD Business Management)
    Here we review the Top 5 Principles Cited During Reviews For the Texas Home Living (TxHmL) Services. Let’s explore the top 5 most frequently-cited principles and ways Focused Software can help your company maintain compliance and avoid citations.
  • September 9 | Most Common TxHmL Citations Top 10 part 1 (IDD Business Management, Uncategorized)
    Here we review the Top 10 Principles Cited During Reviews For the Texas Home Living (TxHmL) Services. Let’s explore some of these frequently-cited TxHmL citations and principles as well as ways Focused Software can help your company maintain compliance and avoid citations.
  • September 2 | Are You Multitasking or Faulty-Tasking? (Intellectual or Developmental Disability – Character and Wellness)
    As busy IDD and special needs service professionals everyday there seems to be more things to do and then you have to remember to document having done them all! Many of us multitask as a way to try to save time. If you consider yourself a multitasking Queen (or King) read our article…..the truth will surprise you!
  • August 26 | Direct Care Staff Exodus Part 2 (IDD Business Management)
    There is a crisis in the IDD/special needs service arena – the exodus of direct support employees. The numbers of this critical group of employees is steadily dwindling even as demand increases. We look at ways to improve staff retention in this blog.
  • August 19 | Direct Care Staff Exodus Part 1 (IDD Business Management)
    There is a crisis in the IDD/special needs service arena – the exodus of direct care support staff. The numbers in this critical group of employees is steadily dwindling even as demand increases. We look at reasons for the exodus in this blog.
  • August 12 | Countdown to HCS Compliance – Citations the Top 3 (IDD Business Management)
    The top 3 principles cited during reviews of HCS agencies are varied and can come with significant penalties. We review them in-depth and include staff training and two other key areas. Can you guess what the top 3 HCS citations are? Read on!
  • August 5 | Countdown to HCS Compliance – Citations #4-7 (IDD Business Management)
    The next several principles cited (specifically #7, 6 and 4) typify the reasoning behind implementing an Electronic Health Record (EHR)– the Focused Software system. Our EHR can really make HCS compliance easy!
  • July 29 | Countdown to HCS Compliance – Citations #10,9,8 (IDD Business Management)
    Here we review the Texas Top 10 Principles Cited During Reviews: Home and Community-based Services. Let’s explore some of these frequently-cited principles and ways Focused Software can help your company maintain compliance and avoid citations.
  • July 22 | GROWING UP AS A CEO – RESPONSIBILITY (IDD Business Management)
    Learning to take responsibility for your business’s difficulties or failings can be painful. Yet it is also liberating and at the end of the day most definitely advantageous for your company’s long term success! It’s also one of the defining characteristics of the mature CEO. Read on – it will change the way you lead!
  • July 15 | 8 REASONS WHY IDD SMALL BUSINESSES FAIL (IDD Business Management)
    No-one builds an IDD service business wanting it to fail – yet many of these small businesses do. Find out the 8 most common pitfalls leading to failure and more importantly what you can do to avoid them!
  • July 8 | 5 Ways To Differentiate Your IDD Company Brand (IDD Business Management)
    What is your IDD company brand? If your answer starts ‘Ummm….’ read on. With online access to provider audit results and daily viral tweets the need for brand management among IDD service providers has never been greater! Let’s review 5 easy ways you can take control of your brand.
  • July 1 | IDD Customer Service In the Special Needs Arena (IDD Business Management)
    We try to do our best when it comes to IDD Customer Service ie serving our paying customers. That’s great but what about the large pool of customers we frequently ignore? Find out just who and what you’re missing in our blog!​
  • June 24 | Behavioral ABCs and the IDD Service Provider (IDD Clinical Care)
    Let’s review the objective functional analysis of problem behaviors with a common behavioral example that you might have come across.
  • June 17 | Sustaining Change In IDD/Special Needs (IDD Business Management)
    Sustaining change is the final yet ongoing phase of change management. It requires that leaders continue to execute, measure and improve change efforts. Part 4 of our Change management blog series covers this topic throughly. Read on!
  • June 11 | Planning For Success In IDD/Special Needs (IDD Business Management)
    Not planning for success when instituting change in the IDD or special needs industry is planning for failure. Let’s review 7 key questions to ask when planning for your next successful change endeavor.
  • June 1 | Culture of Change In IDD/Special Needs (IDD Business Management)
    Helping our staff modify their behavior is central to the success of any change effort at work. As IDD execs, we need to realize that the chances of success for our change initiatives (eg buying a new EHR) are much higher if we create a culture of change and get buy-in from our staff first. Find out how in our blog!
  • May 25 | Why Change For IDD Service Providers (IDD Business Management)
    Why change at all? Well it may surprise you to know that none of us really has much of a choice when it comes to change! The question is will the changes you make be well-thought out and intentional OR will they be forced upon you? Read on to find out more!
  • May 18 | Legacy and the IDD Professional (Intellectual or Developmental Disability – Character and Wellness)
    The daily choices we make are consequential. What legacy are you building with each action, day by day? Not just as an IDD service carer but as a leader? Or even a person? Your legacy will be based on the integrity you display to all – your consumers, your staff and even your family at home.
  • May 13 | IDD Providers Busy-ness and Business (IDD Business Management)
    Busy-ness is NOT an IDD Service badge of honor! Are you addicted to busy-ness? The work of an IDD service provider is real however no-one should be eternally busy. Read this new Focused blog to find out why unrelenting busy-ness is bad for you and what you can do to save time, effort and improve your efficiencies.
  • May 6 | The Natural Born Leader Myth in IDD Services (IDD Business Management)
    The myth of the natural born leader can have particularly dangerous effects in the IDD/Special Needs service arena as many owners/execs struggle to lead their organizations through times of significant industry change and cut backs. Administrators in IDD care need to commit to putting in the time and effort needed to become better leaders so these companies offering vital care services to this vulnerable population do not fail.
  • April 30 | Strategic Acquisitions among IDD Service Companies (IDD Business Management)
    Strategic acquisitions among IDD companies is one way to expand businesses and rapidly obtain much needed skills and/or resources. However the acquisition of another company can be as risky as it is potentially rewarding. Read our blog before you pull the trigger to avoid nasty surprises!
  • April 10 | Integrity and the IDD Professional (Intellectual or Developmental Disability – Character and Wellness)
    IDD service professionals are entrusted with the care of a vulnerable set of people. We need to portray certain personal characteristics in order to carry out these responsibilities optimally. Are you a person of character? A leader with integrity? Read our blog and find out!
  • March 20 | EHR/EMR and Quality – VP#4 (IDD Business Management, IDD Clinical Care)
    Quality standards drive the healthcare industry. People with IDD and special needs deserve consistent high quality healthcare wherever they live. In the final installment of the “Value Proposition” series we review the elusive yet eternally pursued goal of Quality.
  • March 6 | EHR/EMR vs Paper Charts – VP#3 (IDD Business Management)
    IDD companies that use paper charts for consumer info waste their most expensive resource (personnel time) daily. You’re not just paying for paper and toner! In this third Value Proposition blog – we review the true Cost of Doing Business (CODB) with paper charts versus an EHR/EMR documentation system.
  • February 20 | EHR/EMR and IDD Service Leadership VP#2 (IDD Business Management)
    The second installment in the 4 part “Value Proposition” series reviews the true leader’s role in attaining efficiency and quality standards in an IDD service agency. It also describes how the use of an electronic medical record system can help a leader keep the bottom line in control.
  • February 6 | Electronic Healthcare Record – Time is Money! VP#1 (IDD Business Management)
    Do you consciously appreciate the fact that you cannot get time back? When you consistently spend time on things that do not better you (monetarily or otherwise) you are wasting time. The first installment in this 4 part “Value Proposition” series reviews the real time, dollars and cents you save with an Electronic Healthcare Record.
  • January 23 | Successful Transition from Paper to Focused EHR (IDD Business Management)
    Implementing an EHR demands disciplined visionary leaders with clear goals and the resilience to manage change. Have you got what it takes?
  • January 9 | Compassionate Care for ALL in IDD Service! (Intellectual or Developmental Disability – Character and Wellness)
    Working in the IDD service industry very likely means that you are a care provider by profession (and probably by nature). Here we review the value of compassionate care and empathy for all…….and we mean ALL!!
Plugin by Oliver Schlöbe

Photographs: Rawpixel (Data plug in latop) and Goumbik (Businessman finger pointing)