A self-help tool to tell you the terms you need to know for Accountable FAST!
Hi and welcome to the Accountable Glossary!
Before you dive right into the info below I'd just like to clarify that the terms found on this page are specific to things found within Accountable. For General H.I.P.A.A. terms please visit the Compliance Glossary.
Quick Jump to any set of letters via the corresponding link in the table below
Accountable
An easy to use S.a.a.S. platform that simplifies the rigor of becoming HIPAA compliant.
Add a Third Party / Manage All - In this section you will find a set of options available from the 'Third Parties' section of Accountable. Here you can generate the profile for the Third Party, which is a necessary step to take before One can execute a BAA or send the vendor risk questionnaire.
Admin. - Synonymous with Privacy Officer inside Accountable, the Role of Admin. allows that person full access to Accountable. This is in contrast to the Role of Employee, where access is limited to the Dashboard.
Annual Requirements - To remain compliant under HIPAA regulation certain aspects of your compliance plan require annual maintenance. Most notably, you are required to conduct staff training and a risk assessment on an annual cadence.
Append company logo to policies - By clicking on this check box (Found under Settings > Company) you have the ability to add your logo, by default, to any policy generated within Accountable.
Assessments - A section beneath the heading of ‘Compliance’. It is seen when you click the menu option for ‘Compliance’ and is labeled ‘Assessments’. Inside ‘Assessments’ is a 7 point gap analysis and audit of your Organization that will meet the requirement for a good 50% of your S.R.A., aside from showing you plainly what needs fixing in order to deem yourself compliant.
Business Associate Agreement Template - Accountable not only ensures that we provide you with the necessary documentation to become compliant, we’ve even automated it! In order to access the template, please select your vendors profile. You may access the profile by heading to 'Third Parties', then clicking on the other company's name.
Assuming you have created a vendor profile, you will see a complete list of your vendors on the following screen. Please select the third party you wish to execute an agreement with by selecting their name.
Once the Organization has been selected from the list above, please navigate to the tab marked 'Agreements' where you can preview and execute a business associate agreement using our template.
Bulk Training Reminder - At any time you can 're-remind' employees to take any training they may have forgotten to complete. Accountable takes it one step further, though. Rather than forcing you to contact your Staff one-by-one, you can remind any number of people you like. You can even filter the trainings to quickly email only specific users for specific trainings. Try it out here.
Certifications - Upon completion of any hipaa training a certificate of this achievement will be available inside the staff member's user profile. Show it off - Put it on your website, or send it directly to LinkedIn
Change Your Password - To change your Accountable password, please navigate to 'Settings', select 'Personal Info' and scroll to the bottom of the page seen. From the bottom of the page you will see where you may update your password.
Company Signatory - There are fields which Accountable can pre-populate your Privacy Officer's information. At the same time, you may have several Privacy Officers. From here, you can specify which Privacy Officer in your Organization has their information displayed on specific documentation.
Compliance (Menu Item) - The header found in the left-hand side menu marked 'Compliance' is a place inside Accountable you will visit often. It houses your policies, procedures, assessments, data inventories and can even store any helpful information to your compliance plan that we did not provide under the Documents section.
Compliance Experts / CSM’s - Accountable employs independently trained and certified HIPAA experts to provide confidence to every client we craft a compliance plan with.
Compliance Management Dashboard - The Compliance Management Dashboard is a centralized location within the Accountable platform where admins can view their organization's compliance status, track deadlines, and report incident(s) (should they occur).
Complete Annual HIPAA Training - To ensure ongoing compliance, specific things within your compliance plan need to be addressed on a yearly basis. Most notably, you will need to train staff on policies and procedures and conduct a risk assessment.
Customize Policy Templates - Policy templates are ready and waiting adoption within Accountable. You may also add policies of your own design which are outside the scope of HIPAA. Simply navigate to 'Compliance', then 'Policies and Procedures' from the dropdown to get started.
|
 |
 |
|
 |
 |
 |
Upon reaching the Policies and Procedures page, take a look to your far-right where you see a blue button marked ' Add Policy'. When you select this button, three options appear; Use Template, Start from Scratch and Upload a PDF.
Use Template:
To utilize the policy templates provided to you by Accountable, select Use Template to view the Template Library.
Start from Scratch:
If the need arises to add your own policies, Start from Scratch supplies you with a markup window, allowing you to copy and paste the language into Accountable (in case you had been drafting the policy elsewhere like MS Word, Google Docs, ETC.)
Upload a PDF:
If you wish to add your own policies, but they are contained in a pre-formatted document, please select the bottom option of the dropdown to Upload a PDF.
Another way to access the Policy Template Library:
Please navigate to Compliance > Then, Policies and Procedures. Once there, you will see a large horizontal bar towards the top of the page which is blue in color. Now, in this blue banner, look to your right-hand side for a white button labeled, 'View Template Library'. Click this button to access the Accountable Policy template documents.
Dashboard - Accountable’s ‘One-stop-shop’ for everyone in your Organization to know what comes next, when it pertains to them specifically, for the completion of your compliance plan.
On the Dashboard as an administrator/Privacy Officer within Accountable, you will notice the contents below. We will discuss the Dashboard as seen for the user as well.
-
The road to HIPAA compliance (And how far along it you are)
-
View and change your Primary Privacy Officer (Edit permission is only available to admin/Privacy Officers of Accountable.
-
Status of Accountable policies adopted versus templates not yet adopted.
-
Your Active team members and those who are currently onboarding.
-
You can view the status of these team members with regard to their training progress.
-
Your S.R.A. progress and the elements (categorically) contained in the audit that have been completed specifically.
-
A tab for info on your Data Inventory.
-
A section for Third Parties and whether documentation is on-file for them, or not.
-
Finally, Incident Response is found to the bottom-left
Data Breach Monitoring Tool - This section beneath 'Security Monitoring' inside Accountable allows you access to a cool API run by a partner company. What this does, is display information on any known data breach occurring to let you know if, by chance, any staff member has had their information compromised. It does not need to be health info which was breached to show up here, but it is nice information to be aware of!
Data Inventory - This is a section found beneath ‘Assessments’ when One has clicked on the menu option ‘Compliance’. The ‘Data Inventory’ is an annual requirement, (aside the Assessment is it) 50% of your S.R.A., and is named very on the nose. Here, we will list any devices your Organization uses that has the capacity at any time to touch P.H.I. Let’s discuss each field found on the Data Inventory below (and beneath that are again pictures to help guide us along the way)
* Name - Left purposefully broad since its applicability can also be broad, but if all you use in your Organization is 5 laptops, then all you would list here is ‘5 laptops’.
* Inventory ID (Optional) - If you are a larger Organization who is serializing or identifying your devices in a unique manner, please fill this field. Otherwise, please feel free to skip it.
* Estimated Records - Think back maybe ten years ago. Recall how Doctors would have those large, locking bins with oodles of manilla folders and charts containing everyone’s P.H.I.? We can think of estimated records as the same thing but digitally. It is always best to answer this question with a range, so start with 0. From there, an estimate of records those devices may happen upon is all that is needed. Rough is right here. The Government is not seeking an exact number for this segment.
* Location - Can be very general in nature, as we are just displaying that we have a working knowledge of where our Data flows. For example, I reside in Queens, N.Y. If someone is filling out this Data Inventory and momentarily forgets this fact, it is entirely fine to write in New York, N.Y. You still generally know where your data is. The Government is not seeking something as specific as a street address here.
* Data Stored - Once again a bit self-explanatory and somewhat the reason you are completing this inventory at all, Data Stored is essentially the foundation of what your Organization does. Whatever your intersection as a business is with protect health info is the best answer for Data Stored.
* Risk Level - With the ability to self-apply a label of High, Medium, or Low risk we leave this segment somewhat objective and recommend you fill in what you believe is best, since you know your systems and vulnerabilities best.
* Contact Information - This should reflect the information for the person in your Organization who is either most tech savvy, or spearheading security for this effort.
* Create Inventory - A button in blue found at the bottom-right of the Data Inventory which you will want to hit after supplying all of the above information.
Documents - Is a segment found in the dropdown after One selects the menu option for ‘Compliance’. Here, you may house any documentation you wish. Please do not add anything in the section which contains any sort of P.H.I., but any other document storage you may need is available to you via this feature.
Easier Third Party Management - Accountable is able to execute B.A.A.'s from directly inside of a Vendor profile. In addition, your requirement to vet your vendors security practices can be fulfilled directly from the Third Party Profile as well. By compounding these tasks, Accountable truly does have one of the easiest solutions to achieve compliance in the Market today.
|
 |
 |
|
|
 |
Edit Policy Templates - Accountable provides policy templates to make you HIPAA compliant. Best part? They are totally customizable to your Organization. Learn more about editing policies.
Find a User
Do you have a large number of employees? When you see how many pages you might need to sift through to simply find ‘Jeremy’s’ name, do you have a panic attack? Never fear! So long as you have the individual’s email address, or even part of their name, you are able to locate them utilizing the search bar at the top of every page.
General HIPAA Video Training and Quiz + Security Awareness Video and Quiz -General HIPAA training is not only a requirement, it’s just a good thing to understand when working around sensitive patient records.
Security Awareness is another requirement. The hope after performing this training is that Workforce members will understand the basics of cybersecurity and know best how to mitigate simple breaches from occurring.
Nothing terribly intense, the video series' are short. A three question quiz is held in between each of the 5 videos to check comprehension. All answers on a page must be correct for the training to progress. However, an incorrect answer does not disqualify you, as you can keep trying until finding the correct answer.
Help - At any point when you are logged into Accountable, you can click the chat button as seen below to be connected directly to us. Of course, help is also always available to you by sending a note to support@accountablehq.com.
Incident Response Within Accountable - Incident Response is very simple to perform in Accountable, meeting your compliance requirement of allowing anyone to report a perceived HIPAA breach anonymously 24/7. To report an incident, please follow the picture below to report it.
Also, we like to help as much as possible with matters like these. After submitting your incident report, send an email to support@accountablehq.com, so we may discuss what happened and how to address it.
Invite Team Member - Found under 'People' on the right-hand side, Invite Team Member is a button in blue which you will want to click. From there, a big white window appears.
To Invite Team Members, please refer to these next steps which break down each part of the big white window.
**Pro Tip** You can add in contacts from Gmail / Microsoft via the 'Add From..' button. This allows you to seamlessly integrate Google/Microsoft contacts into Accountable.
First you will want to enter in the email address for the new user.
Next, be sure to set up the requirements. A typical user profile contains requisites for HIPAA Training, Security Awareness Training and Policy Review, as seen below.
**Another Pro Tip** Remember when there was mention that you can add in policies that you created? Should you add in policies of your own design, they will be categorized as 'Company Training'. Policy Review should always be turned on, since it refers to policies which were originally templates found inside of Accountable that you publish.
The Get Shareable Link button is my favorite part of this screen because it allows you to copy a link to your clipboard which you can then share with an employee, who (through the magical powers of the link) can set up their own profile with no fuss. For example, if your office uses slack, you can send this link to a new employee, asking them to follow it, set up a profile and complete their training all in one go.
In the bottom-right of this window, you select 'Invite X Person' to send invitations to users you listed in the white window. Users will find an invite in their email inbox which grants them Accountable access.
Limited Access - Based on user role can be granted via Accountable. We recommend that anyone not directly involved with the compliance process are assigned the Role of Employee, while folks needing further admin. access are assigned the Role of Privacy Officer.
Manage All - A section found beneath 'Third Parties' where your Vendor profile is housed. From Manage All you can control all aspects of a Third Party Profile, including editing Corporate details, executing Business Associate Agreements and conducting Vendor Risk Analysis.
Mapping Document - Accountable's Policy Mapping Document is a powerful resource when it comes time for you to review policy and procedure templates. It connects the dots for a fair question you may have asked yourself; "How do I know this is enough.... Or too much?". If you are a customer already, please reach out here if you do not have a copy!
Monitor Staff Training - With Accountable's unique method of measuring training success, any Privacy Officer will be able to determine the training status of any employee, whether the employee is done and completed, is still yet to take the training (pending), or has completed training indicated by the green check mark by their name under 'People', then 'Manage All'.
Minimum Necessary Standard - This is a practice meant to be followed throughout all businesses who work with PHI. Minimum Necessary means that the person / entity who needs to work with PHI to complete their job only has the ability to view this sensitive info for the number of patients they work with, instead of everyone in your EHR.
An example of the above - When Princess Kate Middleton first learned she had cancer and sought treatment in the U.S., her records were looked up and shared among staff members at the clinic in order to gossip and not merely to treat the patient.By Law, only those directly involved in the Princess' care should have been able to access her PHI in the first place.
Name a Primary Privacy Officer - This is the very first step taken within Accountable. Please refer here for more details.
Offboard - When deleting an employee who has left the Company from Accountable, you are not really deleting them, but archiving them. To do this, please navigate to 'People', then 'Manage All'. At this point, select the employee(s) you wish to offboard via their corresponding check box to the left.
*Important Note* - The button you need to achieve this task does not appear until the employee being offboarded has had their name checked in the box to the left.
Now that you have selected the employees to offboard, you will notice in blue to your upper-right is a link labeled 'Offboard' and when you select this there will be a confirmation prompt before the employee(s) are archived.
Onboard Call - Newly registered customers should make it a priority to schedule an initial call with a CSM, regardless of previous compliance experience. This is because you will still want a bit of a visual walkthrough of the Platform to know where to navigate to do each step in your compliance plan.
'People'
A menu option found to your left hand side. The ‘People’ section houses all the data you may ever need in relation to your Employees and their efforts within Accountable
‘People’ > ’Tags’ - Within Accountable you can segment users/employees by department. If you don’t see an applicable tag, make up your own with the ‘Add Tag’ feature!
Physical Safeguards - Are anything tangible which you can physically place around areas where PHI could be accidentally disclosed. A good example - There are special types of computer screen covers just for this reason. They allow the person in front of the computer to see the monitor with no problem, but if you stand adjacent to the computer, the screen becomes too dark to read. This is a perfect example of a Physical Safeguard.
Is a menu option found as a dropdown item after clicking ‘Compliance’ to your left hand side. Here, you will find Accountable’s ‘Policy Library, or if you have gone ahead and published some Accountable policy templates, you will see those listed upon navigating to this page. You can always explore and add more policies via the blue ‘Add Policy’ button found to your upper-right.
Privacy Officer - As required by the HIPAA Privacy Rule, you will go about naming Privacy Officers as the first action you perform in Accountable. They will have full access to each feature available in Accountable.
Question - Questions are always welcome! Please feel free to send them to support@accountablehq.com - Happy to help!
Risk Assessment - Here at Accountable we approach your risk assessment somewhat differently than what you may have experienced in the past. This is because we perform this audit toward the end of the process for you, as opposed to the beginning. This is done because by the time you are completing this within Accountable, you have already created policies, procedures and trained your staff on that documentation you've installed. In other words, allowing you to (primarily) answer yes to questions found on the audit, which will reflect very well for your Organization if ever audited.
Risk Level - Found most prominently inside of the Data Inventory and Vendors' sections, risk level is somewhat subjective. While Accountable provides you the correct answers to choose from (Low, medium or high risk), deciding how risky a vendor relationship is, in the end, at you and your Companies discretion. I will provide an example below of how I'd rate Risk Level for various types of vendors.
Seal of Compliance - Is something received by an Organization after successfully completing the rigorous process put forth by Accountable in order to become compliant. By downloading and placing this seal on your website you become a Market Differentiator. You’ll stand out in a great way. In a way which allows you to display that you hold patient privacy in such high esteem that you brought in a third party to evaluate and assist you with meeting your Federally mandated privacy requirements. While others sometimes try to pretend the Regulation isn’t there, you faced it head on and have something to both drive traffic and be proud of.
Security Awareness Video and Quiz - Basic cyber security training is not only a H.I.P.A.A. requirement, it’s just a good thing to understand when working around sensitive patient records. Nothing terribly intense, the 5 video series runs for 28 minutes. There is a total of 15 questions. A three question quiz is held in between each of the 5 videos to check comprehension. Each quiz is 3 questions. All answers on a page must be correct for the training to progress. However, an incorrect answer does not disqualify you, as you can keep trying until finding the correct answer.
Security Monitoring > Incident Response - Every Workforce member at your Organization has the right to report an incident without fear of retaliation. In addition to having the right to report these incidents, it is a requirement of the Organization to provide the mechanism which allows a workforce member to report. Fortunately, this is all achieved right inside Accountable!
Technical Safeguards - When striving to become HIPAA compliant, you are really aiming to set forth protections within 3 different categories. The first safeguards are put into place for anything 'computer-y' (Technical). This includes authentication controls, unique user IDs and encryption as just a few examples.
User
Inside Accountable a User is synonymous with a staff member.
Update Credit Card - Have a credit card expiring? No trouble! You can update it right in Accountable by navigating to Settings > Payment Settings.
Vendors - Entities that are third party to yourself, whom you pay to perform a service. By performing this service, these third partner vendors will be directly, or indirectly exposed to PHI because it is their job and why you hired them.
Vendor Management - Within Accountable is a robust repository where One can handle all the 'big stuff' when it comes to vendors in one solitary spot. We manage vendors, contacts, documentation, contracts and risk scores all within the vendor profile and will be happy to show you how you can too!
Vendor Profile / Add a Vendor
The location inside Accountable which houses specific information for each of your third party partners. This needs to happen first, before you attempt to send an agreement or risk questionnaire. You need to list the company before adding information into the system about it.
Vendor Documentation Template Management - By entering a smidge of code here, we can ensure continuity down the line without the need to add all the information one by one ourselves. See the screenshot below in order to clarify.
Vendor Risk Questionnaire - It is your responsibility to vet your vendors to ensure that they are following compliant practices. If someone is not paying attention to their security then they are a walking liability that you want to stay away from. To audit for this risk and complete the HIPAA requirement for doing so, you can query your vendors with our audit, seen below for further clarification.
From obtaining required documentation, auditing these vendors for risk, and through the administrative safeguard of having a written vendor management policy, Accountable provides all of this to you in one window!
Workforce Member - You can think of workforce member as being synonymous with staff member, or employee.
Workstation Security - Part of Physical Safeguards, workstation security deals with securing locations with computers touching PHI in a physical sense, so that a random passerby doesn't see the last 5 years of patient records.
Check out this article on how to complete your training
Still a tad confused? Please never hesitate to reach out for assistance! It's what we are here for!