This is where you may upload reports you receive from your IT vendors, OIG (Office of Inspector General) exclusion lists, security incidents, non-employee agreements, and miscellaneous documents you want to store for future HIPAA requirements.
Once you click on the Upload tab from your Profile page, select what type of documentation you are uploading. Select the file from your computer to upload.
NOTE: When naming your files BEFORE you upload load them, we suggest starting each file with a date.
For example: 2022 Jan IT summary report
010122 OIG Smith Mary New hire or 060122 OIG Annual report
021522 Security Incident - malware found
031522 Non-Employee - Cleaning company agreement
IT Vendors:
Request monthly reports from your IT company. Depending on the system they use, these reports will vary. Such as:
Access logs (if they provide this service)
Asset management summary
Device health report
Network audit report
Software list
OIG Exclusions list:
It is very important to make sure you do not hire anyone that has committed Medicare or Medicaid fraud or been convicted of elder abuse. Be sure to check this list before you hire new employees.
- The database only includes the name known to OIG at the time the individual was excluded, any former names used by the individual (e.g., maiden name, previous married name, etc.) should be searched in addition to the individual's current name.
- An individual with a hyphenated name should be checked under each of the last names in the hyphenated name (e.g., Jane Smith-Jones should be checked under Jane Smith and Jane Jones, in addition to Jane Smith-Jones).
- If checking only a few names, use the Online Searchable Database to search up to five names at once.
- If checking many names, consider downloading the Downloadable Database into a spreadsheet or database program. This will enable the user to use that program's search functions to crosscheck the names against the thousands of names on the LEIE. Verify the correct spelling of any names before starting a search.
- For a potential match, verify the results by entering the SSN for an individual or EIN for an entity on the Online Searchable Database. (Note: The Privacy Act prohibits the distribution of SSNs so they cannot be included in the Downloadable Database).
The OIG would like to you check this list monthly, but that is very difficult to keep up with. We recommend checking it annually for all employees. With that said, if you have an employee that is acting strange or is having financial difficulties, it is suggested to check this list more often.
To document your efforts, use the “Print Screen” button on your keyboard, then “paste” into a Word Document. When saving we recommend using a consistent format as listed above.
https://exclusions.oig.hhs.gov/
Security Incidents:
If you were to experience a security incident, these should be documented utilizing the Security Incident Form under Step 2. Examples of incidents are a lost or stolen device, malware, unusual activity in your network, suspected data breach or confirmed breach. Again, using the date format mentioned above, this will keep your documentation in chronological order.
Non-employee agreements:
When you hire a cleaning company or an intern, you should consider requiring them to sign a confidentiality agreement for a non-employee so they understand their requirements.
Miscellaneous documents:
Any other supporting documentation that could assist in on-going compliance efforts may be uploaded here. Be sure to name the files accordingly.
