Patient Confidentiality

Training which will assist in the prevention of HIPAA violations

Tina Norris

Promulgate the monetary consequences of violating HIPAA

1 violation 30 violations

$100 per victim at minimum fine $1.5 million per victim at maximum fine

Complying with HIPAA

• Hospitals, physicians, and their business partners must ensure that all HIPAA privacy and security provisions are not only adopted, but are completely current as well (Withrow, 2010).

PRIVACY COMPLIANCE PROTOCOLS

What every healthcare leader should know about HIPPA privacy compliance:

Efforts should be focused on high-risk areas such as (1) information access management, (2) access control, and (3) impermissible disclosures of PHI;

Business associate agreements must be reviewed in order to verify that business associates accept the direct HIPPA obligations, and indemnify the hospital and physicians for any HIPAA violations;

All healthcare leaders must provide HIPAA training and appropriate monitoring to confirm continuing compliance (Withrow, 2010).

Privacy safeguards include (1) ensuring that all documents containing PHI are shred before their disposal and (2) ensuring that doors to medical records departments, including file cabinets, are kept locked and that which personnel are authorized to have the key or passcode is limited (Sarrico &Hauenstein, 2011).

Institute restrictions on which application and module within that application a user can access, despite the user’s having established his/her ID at logon (Sarrico & Hauenstein, 2011).

For more information on HIPAA privacy policies, go to www.tulane.edu/counsel/upco/privacy-policies.cfm. and/or to www.nyu.edu/its/policies/#hipaa. (Withrow, 2010).

SECURITY COMPLIANCE PROTOCOLS FOR ENSURING EHRS/HIES COMPLY

What every healthcare leader should know about HIPAA security compliance:

Be aware that the first documents an investigator is likely to want to see are the risk assessment and resulting policy and procedural protocols for the physical, administrative, and electronic security of ePHI (Wieland, 2010).

Draft a risk assessment analysis by which protocols for the physical, administrative, and electronic security of ePHI will be devised (Wieland, 2010).

Tighten internal compliance procedures;

Extensively conduct regular training of all employees;

Train also the employees of all provider-partners;

Have signed privacy agreements with all employees;

Extensively conduct regular audits to ensure compliance (Sarrico & Hauenstein, 2011).

For more information on drafting a risk assessment analysis pursuant to HIPAA, go to www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/radraftguidanceintro.html (Wieland, 2010).

References

• Sarrico, C., & Hauenstein, J. . (2011). Can EHRs and HIEs get along with HIPPA security requirements? . hfm (Healthcare Financial Management), 65(2), 86-90. Retrieved October 19, 2011, from EBSCOhost.

• Wieland, J. B. . (2010). Liability and the lab. HIPAA: The new enforcement culture. MLO: Medical Laboratory Observer, 42(11), 42. Retrieved October 19, 2011, from EBSCOhost.

References

• Withrow, S. . (2010). How to avoid a HIPAA horror story. hfm (Healthcare Financial Management), 64(8), 82-88. Retrieved October 19, 2011, from EBSCOhost.