2020 HIPAA Entity Status Assessment
CalOHII has statutory authority to ensure State Departments are compliant with the Health Insurance Portability and Accountability Act (HIPAA) regulations (45 C.F.R. §§ 160 – 164.534). This responsibility includes the periodic reevaluation of State departments to determine if they are covered entities, business associates, hybrid entities, trading partners, impacted by data content, or health oversight agencies as defined by HIPAA.
The first statewide assessment of state programs and departments was performed in 2001, with subsequent assessments performed in later years. Because of changes in federal and state law, as well as possible business process changes within departments, state entities may be affected by HIPAA differently than before. CalOHll assesses all State entities every few years in order to provide assistance in meeting the requirements imposed by HIPAA.
We are currently conducting the 2020 HIPAA Entity Status Assessment – CalOHII provides the following information to assist state entities complete their assessments.
Frequently Asked Questions:
General Questions –
Why is my organization getting this assessment?
Per our statutory authority, CalOHII has oversight responsibility for all state departments, boards, commissions, programs and other governmental units of the executive branch of state government. As a result, the HIPAA Entity Status Assessment is sent to all organizations meeting this requirement.
Does my organization have to complete the assessment, even if I know I am not covered by HIPAA?
Yes, the assessment must be completed by all state entities under CalOHII statutory authority (see question above for more information) – this ensures CalOHII can demonstrate compliance with its statutory requirement.
What if my organization doesn’t have any health information/data – do I have to complete the assessment?
Yes, CalOHII must have a completed assessment for all state entities to demonstrate compliance and ensure all entities are properly assessed on a periodic basis.
Why can’t CalOHII use the last assessment?
Because of changes in federal and state law, as well as possible business process changes within organizations, state entities may be affected by HIPAA differently than before. CalOHll assesses all State entities every few years in order to provide assistance in meeting the requirements imposed by HIPAA.
Completing the Assessment Questions –
Can I fax the assessment?
No, CalOHII would prefer all assessments are scanned and emailed. This allows proper storage for retention purposes.
Who has to sign the assessment?
This 2020 HIPAA Covered Entity assessment must be signed by a Deputy Director (or above) of your organization.
What if I have additional questions?
Please email us at OHIComments@ohi.ca.gov – include your name and phone number. One of our staff will contact you.