CMS and The Office of Civil Rights takes another step in enforcing HIPAA activities by launching “ASETT”Categories: Articles
The new program is called ASETT – Administration Simplification Enforcement and Testing Tool.
This is a web based platform is for individuals or organizations to file complaints for potential non-compliance with the non-Privacy/Security provisions of HIPAA. CMS is making an effort to make the “whistle blowing “ process easier for the general public. A streamlined process to allow patients to report what they feel is a violation or misstep with their PHi and the like.
The ASETT system securely captures demographic information about the complainant and the filed-against entity, as well as details of the alleged violation, and any supporting documentation provided by the complainant and the filed-against entity. When filing a complaint, the complainant has the option to remain anonymous to the filed-against entity.
Complainants are urged to provide as much detail as possible to justify and support the allegations, and to ensure that accurate contact information is provided for the filed against entity (full names, titles, phone numbers, and email addresses). Each complaint is reviewed for validity and completeness to ensure that it can be processed. The site offers Tips to assist the accuser in documenting their compliant. (ie. Add Supporting Attachments to support your complaint. Test Transactions to support Transaction violations)
Once the contact information for the complainant and the information against entity is verified and validated, CMS will officially open a complaint. CMS will contact the filed-against entity by phone/email to notify them of the allegations and to advise them that a letter will be sent with complaint details and a request for follow-up. This exchange permits the filed-against entity to evaluate the information, conduct an internal investigation, and either dispute the allegations or develop a response indicating how the issue will be corrected.
The correction can be done either immediately by their staff, or through a process outlined by a formal Corrective Action Plan (CAP).
The CAP is created out of performing a Security Risk Assessment and documenting those items that need to be addressed/mitigated. CAPs are considered a “working or live” document since it should be referred to and updated throughout the year. Just about any audit that a covered entity will be faced with will include the delivery of a current Corrective Action Plan.
One of our services includes examining a covered entities current CAP (and Risk Assessment), to help them better understand those how to mitigate those specific risks, and help them prioritize with a plan forward. If you need additional information, feel free to contact us at www.gsgcompliance.com or 877-270-8306.
You can find more information about the ASETT web based tool with the link below.