HIPAA Questionnare 1 Do you have policies and procedures for ensuring the privacy of its clients' Protected Health Information (PHI)? Yes, we have written policies and procedures regarding the privacy and confidentiality of patient information.. 2 Do you have a formal privacy awareness, education and training program available to its workforce? Oriental Solutions has rolled out initial privacy training, new member orientation training, and annual in-service training for the entire workforce. 3 Have you conducted a formal assessment of the sensitivity, vulnerability security of its programs and the client PHI it receives? Yes we conduct regular extensive risk analysis and assessment relating to these issues. 4 Have you conducted a technical and non-technical evaluation of the implemented security standards? We perform a periodic evaluation of its security practices as part of its Corporate Compliance Program. 5 Do you maintain audit logs of system activity to monitor processing, sharing and transmitting of PHI? Oriental Solutions maintains system activity logs, and current review procedures enable monitoring of shared PHI. 6 Are unique user identification codes required in order to access systems that process or manipulate client PHI? Yes, all Oriental Solutions employees have unique user IDs, and only authorized users are allowed access to client PHI. 7 Do your systems used to process or manipulate client PHI automatically log out following a period of inactivity? Our new generation applications automatically log out after a specified period of inactivity. 8 Does Oriental Solutions employ a particular individual who is assigned responsibility for information security? Yes, Oriental Solutions has designated an individual for Information Security and HIPAA Compliance.