Internal Investigation

Sample Privacy Incident Questionnaire

By Melissa Andrews[1]

[Facility Name]: PRIVACY INCIDENT QUESTIONNAIRE

Reference #_______

Date: ____________

Instructions: Pursuant to [Facility] Privacy Policy: Reporting Violations and Mitigation of Harm, the [Facility] Privacy Department is responsible for conducting an investigation once a privacy incident has been discovered and/or reported. In order for a thorough investigation to be conducted, please provide all information requested below. In addition, retaliation against any person involved or believed to be involved with this investigation is a serious violation of [Facility] Human Resources Policy Anti-Harassment and Retaliation Policy, and may be cause for immediate termination of employment.

1. Employee Name:__________________

2. Employee Title: ______________________

3. Primary Department: _______________________

4. Supervisor: _____________________________________

5. Name of Patient: ___________Relationship: ____________________________

6. Do you understand that it is your obligation to provide [Facility] truthful, accurate and complete answers, and if we discover that you did not provide truthful and complete answers that it will be grounds for discipline, up to and including termination? ___Yes___No

7. Have you reviewed [Facility’s] HIPAA Privacy Policies and Procedures? ___Yes___No

8. Do you understand that any person is considered a “patient” when the person consults or is seen by a physician and/or is in this facility to receive medical care? ___Yes___No

9. Do you understand that a patient’s Protected Health Information (PHI) is confidential and may not be disclosed except with the patient’s valid, written authorization, or when necessary to provide treatment to the patient, to secure payment for the treatment services, or to enable operational support related to those services? ___Yes___No

10. Do you understand that Protected Health Information (PHI) means information records in any form or medium that identifies a patient and/or relates to the past, present, or future physical or mental health condition of the patient or relates to the payment for the health care of the patient? PHI may include, but is not limited to, the patient’s name, address, telephone number, patient diagnosis, physician’s evaluation, medical treatment, billing or other PHI. ___Yes___No

11. Were you a person called on to participate in the diagnosis and treatment of above-named patient under the direction of the attending physician? ___Yes___No

12. Were you within the course of your job duties as assigned to you by your supervisor, a person reasonably necessary for the transmission of communications regarding the above-named patient? ___Yes___No

13. Were you within the course of your job duties as assigned to you by your supervisor, a person present or necessary to further the interest of the above-named patient in consultation, examination, or interview? ___Yes___No

14. Did you access or obtain any records, or information, either hardcopy, verbal, or electronic, in order to view, know or discuss the above-named patient’s Protected Health Information? ___Yes___No

  • If yes, please explain:

15. Has anyone, other than the patient, disclosed the patient’s information to you? ___Yes___No

  • If so, who and what did they tell you?

16. Have you disclosed any of the patient’s Protected Health Information to anyone? ___Yes___No

  • If yes, with whom?

17. Do you agree and understand that you are not entitled to any information on any patient, unless you have been assigned to care or provide clerical or other support to the patient? ___Yes___No

18. Do you understand that all communications between the patient and any [Facility] workforce member are confidential and are not intended to be disclosed to a third person including members of the patient’s family? ___Yes___No

19. Do you understand that an employee or agent of [Facility] may only disclose a patient’s PHI with the patient’s, or the patient’s legally authorized representative’s, consent or written authorization? ___Yes___No

20. What Electronic Medical Records systems do you have access to?

___________________________________________________

___________________________________________________

___________________________________________________

21. Do you understand that your username and password are to be guarded and not shared with any other person and that you are not allowed to let any other person access the electronic medical record systems of [Facility] through your username and password? ___Yes___No

22. Please provide any additional information that may be helpful to our investigation into this matter:

___________________________________________________

___________________________________________________

___________________________________________________

I confirm that all above information provided, answers, and the comments I have made are truthful, complete and accurate. I also understand that if it is determined or if there is reason to believe that I have provided incorrect, misleading or false information, or that I have not conducted myself as required by [Facility] Code of Ethics and Business Conduct there will be disciplinary action up to and including termination of my employment.

Respondent’s Signature _______________________________________ Date______________

Interviewer’s Signature _______________________________________ Date______________

Witness’s Signature _______________________________________ Date______________

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings