In This Issue
Debra P. Jones, MS, RN,
Michael A. Scocos
Immediate Past President
Debbie McCartney, RN, MBA
Secretary / Treasurer
Jeff P. Kovacs, CPA
HEANO E-Newsletter Staff:
Deborah A. Duffy, MPA
Nancy Ross-Bell, FACHE
HIPAA & HITECH and the Impact on Organizations
It was recently published in many healthcare news outlets that the first civil fines have been levied by the Department of Health and Human Services (HHS). Cignet Health, a Maryland healthcare network, was fined a $4.3 million civil penalty for violating the HIPAA Privacy Rule. The case involved 41 patients where Cignet failed to act on a request for medical records. Not only was Cignet charged regarding the patient records, it was cited for failing to cooperate with the government, even after being served a federal subpoena. According to FierceHealthcare, $3 million of the fine was imposed for “willful neglect” (R. Seeger, Office of Civil Rights). To make matters even worse, when Cignet finally responded to the request, they delivered more than 4,000 patient records, which violated a second HIPAA regulation that states only the minimum necessary data to achieve the intended purpose of the use or disclosure is to be released.
One would assume that any provider would be keenly aware of HIPAA regulations and the potential financial and punitive impact it could have on an organization. Dina Overland, contributor to FierceHealthPayer, stated in a February 24, 2011 article that HHS is sending a very clear message that if organizations are in violation of HIPAA privacy or security laws, then they are going to be fined substantially.
This resurgence of emphasis on HIPAA compliance is fueled by the passage of the $787 billion American Recovery and Reinvestment Act of 2009 (ARRA). More than $19 billion is earmarked for a portion of the bill called the Health Information Technology for Economic and Clinical Health (HITECH) Act. There are financial rewards for compliance, but a greater importance is placed on ensuring the privacy and security of Protected Health Information (PHI). Organizations are adding the phrase “meaningful use” to their lexicons and information technology departments are working furiously to implement the proper processes and safeguards dictated by the government.
This expansion of the regulations behooves companies to develop standard operating procedures which cover the standards for all portable electronic devices in its possession including smart phones, laptops, thumb drives, etc. All of these devices must be encrypted or securely disposed of if they are not capable of being modified.
Do not limit an examination of HIPAA to within the walls of an organization or division -- query vendors and business associates. Mandate proof of compliance from all. Enter into the proper agreements or seek relationships with more proactive vendors and customers. Think about anyone who has reason to enter your facility and quesion if exposure to patient information can occur. This may include construction workers, shadow students, or inspectors. Anyone with the potential to view protected health information (PHI) must have a business agreement in place or sign an affidavit that he/she will abide by HIPAA regulations while in the facility.
A hospital in California was found to be routinely storing patient records in a broken locker outside of the hospital. Another hospital was fined because employees accessed celebrity medical record files. An employee at a facility in Long Beach memorized personal patient information and used them to set up fake cell phone accounts. While these examples run the gamut, the majority of privacy breaches are easily preventable. The investment in ensuring that a healthcare institution is compliant is well worth it considering the magnitude of fines that have been levied.
HITECH Answers. Independent EHR resources and solutions. January 2011
Overland, Dina. Take HIPAA seriously—or pay the penalty. FierceHealthPayer. February 24, 2011. www.fiercehealthpayer.com
Yin, Sandra. Feds impose first civil fine ever in HIPAA case. FierceHealthcare. Daily News for Healthcare Executives. www.fiercehealthcare.com
|Thursday, March 24, 2011|
Click here for more info and to register
Thursday, April 28, 2011
Developing Higher Performing Teams
Thursday, May 19, 2011
Ethical Challenges in Healthcare Leadership
Thursday, August 18, 2011
Service Line Development
Thursday, September 15, 2011
Thursday, October 20, 2011
Thursday, November 17, 2011