Following information posted upon request. Please Participate.

Regards,
ShareHIPAA
***********************************
Hello,

My name is Walt H. Foultz, MA, MBA, and I am a doctoral candidate in
the Doctor of Public Administration program at the University of La
Verne in La Verne, California. My dissertation topic deals with the
Health Insurance Portability and Accountability Act (HIPAA). As you
are knowledgeable regarding the requirements of HIPAA, I would very
much appreciate your participation in the 26-question multiple-choice
survey.

No names of those participating in the survey, or their represented
organization will be collected or used in any way. The sole purpose
of this survey questionnaire is to support the requirement of a
Doctoral Dissertation in partial fulfillment of the Doctor of Public
Administration degree, and advance the overall industry understanding
of the effect of the HIPAA regulation.

If you are interested in the results of my study, I would be happy to
send to you the executive summary of my dissertation upon completion
of my degree. Just let me know via email at HIPAASurvey@....

Thank you very much for your participation.


SURVEY QUESTIONNAIRE

Directions for completing questionnaire:

A. Please place a mark in the area provided next to the answer that
is most correct for each question.
B. Place a mark next to only one answer for each question.
C. Return the questionnaire via email by replying to
HIPAASurvey@....

1. MY organization can best be described as a:

( ) Healthcare provider
( ) Healthcare clearinghouse
( ) Health plan
( ) Vendor
( ) Other (Please specify ___________)

2. Due directly to the HIPAA regulation, my organization has
obtained a security professional to oversee the security requirements
of HIPAA.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

3. Due directly to the HIPAA regulation, my organization now has in
place a policy and procedure for certification of the system/s in use
for processing data covered by HIPAA.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable
4. Due directly to the HIPAA regulation, my organization currently
has in place a policy and procedure regarding a chain of trust
business associate contract for use with organizations covered by
HIPAA.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

5. Due directly to the HIPAA regulation, my organization currently
has in place a written contingency plan including: applications and
data criticality analysis; data backup plan; disaster recovery plan;
emergency mode operation plan; testing and revision plan.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

6. Due directly to the HIPAA regulation, my organization has in
place a formal mechanism for processing records.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

7. Due directly to the HIPAA regulation, my organization has in
place information access controls including: access authorization
policy and procedures; access establishment policy and procedures;
access modification policy and procedures.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

8. Due directly to the HIPAA regulation, my organization conducts
internal audits.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

9. Due directly to the HIPAA regulation, my organization has in
place policy and procedures regarding personnel security issues
including: supervision of maintenance personnel by authorized,
knowledgeable person; maintenance of record of access authorization
for personnel; operating, and (in some cases) maintenance personnel
have proper access authorization; personnel clearance procedures;
system users including maintenance personnel, receiving training in
security issues..
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

10. Due directly to the HIPAA regulation, my organization has in
place security configuration management policy and procedures
including: documentation; hardware/software installation and
maintenance review and testing for security features; inventory;
security testing; virus checking.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

11. Due directly to the HIPAA regulation, my organization has in
place policy and procedure for security incidents including:
reporting procedures and response procedures.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

12. Due directly to the HIPAA regulation, my organization has in
place policy and procedure for security management including: risk
analysis; risk management; sanction policy; security policy.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

13. Due directly to the HIPAA regulation, my organization has in
place policy and procedure for terminations including: combination
locks changed; removal from access lists; removal of user account(s);
turn in keys, token or cards that allow access.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

14. Due directly to the HIPAA regulation, my organization has in
place policy and procedure for security training including: awareness
training for all personnel including management; periodic security
reminders; user education concerning virus protection; user education
in importance of monitoring log-in success/failure, and how to report
discrepancies; user education in password management.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

15. Due directly to the HIPAA regulation, my organization has in
place assigned security responsibility in writing.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

16. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding media controls including: access
control; accountability (tracking mechanism); data backup; data
storage; disposal.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

17. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding physical access controls
including: disaster recovery; emergency mode operation; equipment
control (into and out of site); facility security plan; procedures
for verifying access authorizations prior to physical access;
maintenance records; need-to-know procedures for visitors and
escort if appropriate; testing and revision.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

18. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding work station use.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

19. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding secure workstation location
requirements.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

20. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding security awareness training.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

21. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding access control including
procedure for emergency access, and at least one of the following is
included: context-based access; role-based access; or user-based
access.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

22. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding audit controls.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

23. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding authorization controls including
either: role-based access, or user-based access
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

24. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding data authorization.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

25. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding entity authorization, including
both automatic logoff and unique user identification. In addition,
at least one of the following is implemented: biometric; password;
PIN (Personal Identification Number); telephone callback; or token.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable

26. Due directly to the HIPAA regulation, my organization has in
place policy and procedure regarding communications/network controls
including both integrity controls and message authentication.
( ) Strongly Agree
( ) Agree
( ) Unknown
( ) Disagree
( ) Strongly Disagree
( ) Not Applicable