Programs
The Programs module contains tabs for Assessments, Remediation, and Open Tasks. A Program is the related Framework in The Guard: HIPAA or OSHA. Each Program has content provided by The Guard in the form of Assessments, or Self-Assessments/Audits/Questionnaires, that reflect questions related to HIPAA Controls. An Organization’s Officers/Admins answer the questions provided with a Yes/No/Not Applicable and The Guard will generate any needed Guidance based on No answers. Each Assessment must be answered completely, then Finalized to generate Remediation Plans and Open Tasks, located in the other tabs under this module.
The breakdown for each tab and functionality can be seen below.
TABLE OF CONTENTS
Assessments
The Assessments tab allows an Organization to assign related Assessments to be completed. To assign a new assessment:
Navigate to Programs > Assessments
Select Add Assessment
Select the appropriate Program, then select the appropriate Assessment
Each Assessment can be assigned to each Site/Location the Organization has or they can be assigned as “Organization-Wide”
Frequency can be set if an Assessment needs to be done continuously: One Time, Monthly, Quarterly, Biannually, or Annually – Setting a Frequency greater than One Time will automatically assign a new Assessment when the frequency parameter has been met. Frequency relies on Launch Date to reset the assessment(s).
For example, creating an Assessment with a Frequency of Annual will automatically create a new Assessment a year from the original Launch Date specified.
Launch Date can be set to launch the Assessment at a specific point in time.
If the Launch date specified is the same day that the Assessment is being created – The Assessment launches immediately.
If the Launch Date is set in the future, the Assessment will Launch in the morning of the specified date.
Lock Tasks – It is NOT recommended to use this feature, but it exists for those who wish to leverage this type of functionality. – Lock Tasks works alongside Frequency, but ONLY when Frequency has been set to something greater than One Time. When the Assessment relaunches on the frequency set, and Lock Tasks has been checked, any Remediation Plans/Tasks related to the original assessment will be “Locked” preventing any further editing or adjustments to be done.
After parameters above have been set, select Create to add the Assessment to the list
Now that an Assessment has been created, an Organization’s Officers/Admins can access the Programs module and open these Assessments from within The Guard. Each Assessment is formatted in the same way. Each question provided will provide a place for the Organization to provide an Answer, Degree of Risk Designation, Notes, and Evidence. Each question also provides the related Control and Control Description.
Control and Control Description
Each question is related to a Control in the Regulation. This “ID” or “Designation” provided references where this question comes from or what Control the question is related to.
Clicking on the ? button will expand the Control Description which provides the description of the control as found in the Regulatory Text.
Example (HIPAA Control) – 45 CFR 164.302 – This is the Control “ID”. After clicking on the ? button, The Guard displays: “A covered entity or business associate must comply with the applicable standards, implementation specifications, and requirements of the Security Rule with respect to electronic protected health information of a covered entity.”
Answers
Yes – The Organization is meeting the Control – No Remediation Plans/Tasks are generated after Finalization
No – The Organization is not meeting the Control or may be uncertain whether the Control is being met and needs more Guidance – Remediation Plans/Tasks will be generated after Finalization
Not Applicable – The Organization is Not Applicable to the Control – No Remediation Plans/Tasks are generated after Finalization
Assign – The individual providing this answer may not be the best one to give the best answer. The Guard allows an Organization’s Officers/Admins to Assign the question to another Registered User in The Guard – A Question Task will be generated and assigned to the individual specified after the Assessment has been Finalized
Degree of Risk
The Guard provides a 1-10 Scale for Degree of Risk. This is meant to be Subjective, based on the Organization’s own perspective of Risk. The Guard will provide “Default Values”, or a “baseline,” for each Question
1 = Low Risk; 10 = High Risk
An Organization’s Degree of Risk for a question/answer does not affect the Remediation Plan/Task guidance or the Policies and Procedures provided by Compliancy Group
Notes
Entirely optional. Provides for an Organization to document its thoughts more specifically as it relates to the question
Highly Recommended – If the Organization identifies a Not Applicable answer, consider providing the reasoning as to why it is Not Applicable in the Notes
Evidence
Entirely Optional
Allows an Organization to upload documentation to reflect its Answer/Compliance with the Controls
Each Assessment functions in the same way with the same intent: Answer ALL Questions, then Finalize the Assessment. However, the Assessments do NOT have a specific “life” – there is no “timer” or “deadline” enforceable by The Guard, unless set on a Frequency. When working through the Assessments from within The Guard, each time the Continue button is pressed, the content entered in that question is saved. The Assessments can also be completed in whatever order the Organization decides. Officers/Admins can jump in and out of Assessments, answering a handful of questions at a time, and The Guard will retain all information if Continue has been pressed. Once each question has been answered, the Finalize option will become selectable and the Assessment can be completed. This will immediately generate Remediation Plans/Open Tasks, which will be discussed below.
Remediation
The Remediation tab allows the Organization to manage and view any Remediation Plans that were generated from the provided No answers in the Assessments. Each Remediation Plan quotes the related Control Language and groups associated Open Tasks into one area. A Remediation Plan can be edited by Officers/Admins, if necessary. Opening a Remediation Plan will provide editable fields, as well as functional “shortcuts” to newly created tasks or automatically generated tasks.
Title – This is the Control Language – Does not need to be adjusted
Status, Site, and Program – These fields are not editable as these are Static Values assigned to the Remediation Plan when The Guard generates it. Status specifically is adjusted automatically by The Guard.
Start Date / End Date – By default, the values here are the date in which the related Assessment was Finalized. These dates can be altered, if needed.
Owner – Based on an Officers Role (Compliance, Security, or Privacy), The Guard will automatically assign Remediation content to the appropriate Officer. This can be changed, if needed.
Add New Task – Allows an Organization to create its own custom tasks and tie them to Remediation Plans alongside automatically generated Tasks provided by The Guard
Open Task Table – The table below the Add New Task heading displays all of the associated Open Tasks related to your No answers. A Task can be selected from this table and will take an Officer/Admin into the Edit Task area where more features and functionality are available. This area will be discussed below.
Notes – There is a Notes field at the bottom of the page where an Organization’s Officers/Admins can add additional information. Optional.
The Remediation “Table” which displays all the Remediation Plans can also be sorted/filtered to locate specific Remediation Plans or adjust status, when/if needed.
NOTE: Completing a Remediation Plan will automatically complete any associated Open Tasks; It is recommended to work the Open Tasks and complete these. After all associated Open Tasks for a Remediation Plan have been Completed, The Guard will complete the Remediation Plan for the Organization.
Selecting Add Plan will allow an Organization to Custom Create Remediation Plans, if needed. This provides the same functionality as listed above, but with the opportunity to set Site and Program accordingly.
Choose Action can be used to close Remediation Plans or to reopen Remediation Plans, both individually and in bulk.
The Search Field can be used to sort specific keywords or identifiers rather than combing the entire list each time. Additional filters are available as well: Site, Program, Date Range, and Status.
Open Tasks
The Open Tasks tab provides a full table view of ALL Assessment/Remediation related Tasks, as well as the functionality to create Custom Tasks. From here an Organization can manage tasks In Bulk or individually. Tasks can be individually opened and edited to reflect Notes, Target Dates and Evidence. The Tasks will also provide Related Audit Information, which provides a shortcut back to the Tasks’ Remediation Plan.
Notes – There are 2 areas for Notes:
Description Notes – This is the first Notes area. This is a basic text field where any information can be added. Recommendation: Use this field for Keywords, Status, or Organization. The notes left in this area will be visible from the Open Tasks table.
Historical Notes – This is the second Notes area at the bottom. This field will allow a note to be entered and when Add Note has been selected, the note is added to the table below AND it will specify the Date and the name of the User who added the Note (Date and Added By Columns)
Target Date – This allows an Organization to specify a “Target Date” for completion of the task. A Target Date can be adjusted once set. It is recommended that Target Dates are placed on Tasks that have been reviewed and acknowledged, but cannot yet be completed.
When leaving a “Description Note”, The Guard will require that a Target Date is specified before allowing an Officer/Admin to SAVE that Note
Evidence – The Evidence tab is located next to the bottom Notes (Historical Notes) area. Evidence allows an Organization to upload any relevant Evidence related to the task, if necessary.
Leaving a Note on an Open Task is NOT required to Complete a Task in The Guard.
All Open Tasks can be managed in the way described above. An Organization may also manage these tasks in simpler fashion from the Open Tasks Table, via the Choose Action options. These options include:
Notify Selected – This will queue a notification to be sent to the Assignee of the Task indicating they have an Assignment in The Guard which needs their attention. The Guard’s Email queue sends these notifications daily at 7-8 EST (AM & PM)
Mark Selected Complete – Allows the Organization to mark all selected Tasks as Completed. Select a Task by placing a checkmark in the checkbox on the left-hand side of the row.
Mark Selected Incomplete – Tasks may be reopened in this fashion; This also allows the reopening of multiple tasks at once, if needed
Export Selected – This allows an Officer/Admin to select specific tasks, then select this option to generate a quick CSV report of the tasks as they appear on the table.
The Choose Action functionality is also replicated in the Remediation tab.
The Filters discussed above also exist in the Open Tasks section: Site, Program, Task Type, Date Range, and Status; as well as a Search Field. The functionality for these filters works the same as on the Remediation tab, except:
Task Type – There can be multiple types of Tasks that get created in the Open Tasks tab.
Remediation – Auto-Generated by an Assessment
Question – Auto-Generated by an Assessment when a Question has been Assigned to another User to answer
Miscellaneous – Custom Tasks built by Officers/Admins
The Search Field can be a powerful tool for an Organization when viewing the Open Tasks table. The Search Field not only allows an Organization to search keywords, but it will index any Description Notes left on Tasks – making it a useful option when trying to sort different types of tasks or organization the tasks further with custom keywords or identifiers.
Related Knowledge Base Articles
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article