Compliance Review Program
Page Content Links:
- What is the Compliance Review Program?
- Who is Subject to a Review?
- What Happens During a Review?
- Tips and Tools & How to Prepare for a Compliance Review?
One of CalOHII’s primary statutory responsibilities is to monitor State Departments’ HIPAA compliance. This is achieved through conducting ongoing compliance reviews on State Departments subject to HIPAA. Our goals are to:
- Create a culture of compliance for State Departments
- Keep California’s health information safe
- Ensure health information gets into the right place when needed
What is the Compliance Review Program?
CalOHII’s focus in conducting compliance reviews is to work with State Departments to identify any gaps in Federal or State HIPAA compliance, rectify those identified areas, and to adopt best practices to protect patient’s medical information and prevent unauthorized disclosure to ensure safe transmission of medical information for patient care.
CalOHII created the Statewide Health Information Policy Manual (SHIPM), which provides practical guidance on how to follow HIPAA, the Confidentiality of Medical Information Act (CMIA), the Information Practices Act (IPA), and other applicable state and federal health information laws. SHIPM is the foundation upon which compliance reviews are based.
Who is Subject to a Compliance Review?
State Departments assessed to be Covered Entities and/or Business Associates are subject to a Compliance Review. In June 2017, CalOHII completed an assessment of all State Departments within the Executive Branch of government to determine each department’s current status – see 2017 HIPAA Assessment Results (PDF).
CalOHII has developed a schedule for the Round 1 compliance reviews – see CalOHII Compliance Program Compliance Review Schedule (Round 1) (PDF).
The Compliance Review begins with the State Department providing CalOHII with artifacts as requested via the Compliance Review Policy Request List as well as completing and submitting the Compliance Review Questionnaire within a specified time frame.
Once all information is collected from the State Department, an onsite review is scheduled and the CalOHII team conducts an onsite visit. All observations and findings are documented along with recommendations for addressing gaps. A draft document is provided to the department for review and comments before CalOHII finalizes the report.
Tips and Tools & How to Prepare for a Compliance Review?
CalOHII has prepared a number of tips, tools and templates to assist State Departments to ensure ongoing compliance as well as prepare for a compliance review.
- Tips and Tools: Risk Analysis/Assessment
- Authorization Guidance Tool
- Tips and Tools: Policy and Procedures
- Compliance Review Tool
- Compliance Review Artifact Request List
- Compliance Review Artifacts Checklists
- OCR Audit Protocol
- Corrective Action Plan Template
Accessibility Issues or Questions about the Compliance Program can be sent to:
Virginia Franco-Varela (Virginia.Franco@chhs.ca.gov)