Home     Contact Us     Careers     Client Extranet     Site Map
Our Services

Planning & Analysis

Strategic Design & Development
Technology Planning & Implementation
Web Strategy &
Training &

Tactical Execution of Privacy Assessment

Tactical methodology with major milestones and The Valla Group and Client activities are detailed below. Activities are completely customizable based on extent of engagement and Client needs/requirements.

1. Baseline understanding of organizational awareness/readiness via Customized HIPAA Privacy Questionnaire

The Valla Group Client
· Create questionnaire for layman usage · Identify target audience
· Disseminate questionnaire · Assist in customization of questionnaire to accommodate the HMNMH culture and process
· Answer follow-up questions from target audience · Support and communicate the importance of the completeness and accuracy of questionnaire responses
· Assimilate responses · Analyze validity of responses
· Follow-up on incomplete responses  
· Quantitative baseline analysis by department and responses  
· Draw baseline conclusions and provide general recommendations  

2. Conduct one-on-one HIPAA Privacy interview advisory sessions

The Valla Group Client
· Congregate like-discipline clusters · Determine key contacts for all departments
· Schedule interview times with all discipline clusters · Assist in scheduling interview times with key contacts
· Create interview questions that specifically address baseline conclusions and nature of department · Providing guidance and feedback regarding context and content of interview information
· Provide educational materials to introduce the concept of privacy and protected health information  
· Recording and systematically categorizing the information received as a result of interviews  
· Continual observation of general practices during interview discussion sessions  

Back to Top

3. Inventory Protected Health Information (PHI) Automated and Paper Systems

The Valla Group Client
· Provide educational data sheet defining what a PHI storage system is · Encourage full disclosure of all previously created systems documentation (e.g. systems Y2K documents, systems inventory, etc.)
· Solicit voluntary revelation of PHI computer systems and paper systems · Oversight committee, executive management reinforce the importance of full disclosure of information during process
· Work with IS to identify network and commonly used systems · Maintain awareness and analysis mode regarding systems and HIPAA and continue to communicate discovered information to HIPAA team
· Leverage IS data systems inventories documentation  
· Conduct sessions with discipline clusters to identify discrete and uncommon systems (one-offs) and paper systems (e.g. logs, note cards, etc.)  
· Create stratified PHI inventory in criticality/ business essential order  
· Emphasize systems that are more vulnerable regarding privacy  

4. Existing Privacy Policies and Procedures Inventory and Determination Review

The Valla Group Client
· Provide guidelines for determining which existing Policies and Procedures may need additional HIPAA language · Coordinate Policies and Procedures review team
· Collect and correlate all global health system Policies, Procedures, Consents, and Authorizations · Recruit internal expertise to participate in Policies and Procedures strategic review session
· Collect and correlate all department-specific/created Policies, Procedures, Consents, and Authorizations · Ensure all Policies, Procedures, Consents and Authorizations have been collected
· Conduct review of all employee access areas (e.g. intranet, internal systems, etc.) Policies, Procedures, Consents, and Authorizations · Provide space and supplies for Policies and Procedures strategic review sessions
· Create HIPAA comparative tool to illustrate results of analysis  
· Conduct Policies and Procedures strategic review sessions  
· Assimilate results into quantitative document to determine current state  
· Identify gaps or missing Policies, Procedures, Consents, and Authorizations  

Back to Top

5. External Business Relationships Inventory and PHI Applicability Determination

The Valla Group Client
· Educate health system staff on the definition of external business relationships, including: business associate, trading partner, chain of trust · Reinforcing importance of activity and encourage full and timely disclosure from stakeholders
· Obtain vendor/external business relationship entities from internal systems and aggregate common relationships across functions/clusters · Leverage immediate education opportunities
· Leverage Materials Management and Accounts Payable Systems to identify bulk of external business relationships · Follow up with missing demographic information
· Leverage any internal existing contract management systems · Assist with data entry
· Solicit client to identify external business relationships  
· Enter identified business relationships into proprietary Valla Group software tool for analysis  

6. Privacy Assessment and Gap Analysis Formal Documentation & Presentation

The Valla Group Client
· Identify Privacy Assessment central themes · Preview final presentation with key stakeholders who validate findings and provide feedback
· Produce formal documentation with visual, qualitative, and quantitative data · Coordinate final presentation to oversight entity

Back to Top





      Copyright © 2003 The Valla Group, Inc. All Rights Reserved.