American College of Healthcare Executives
An E-Newsletter for Chapter Members Spring 2011
In This Issue

From the President's Desk
Regent's Corner
HIPAA & HITECH and the Impact on Organizations
Are You an Early Careerist???
Members on the Move/Facilities Update
Local Healthcare News
Several Windows of Opportunity Close, but Options Remain
What Should Be in Your Obligated Group?
Think Beyond the Financial Aspect of a Conflict of Interest
Break Out of a Rut and Move Ahead
Survey Staff to Curb Conflict
Ensure delivery of Chapter E-newsletter (Disclaimer)


Are you taking the Board of Governors Exam in 2011?

Not Sure Yet


Stay Connected. Keep Your Contact Info Up to Date with ACHE
HEANO Website
ACHE Job Bank

Chapter Officers

Debra P. Jones, MS, RN,

Michael A. Scocos

Immediate Past President
Debbie McCartney, RN, MBA

Secretary / Treasurer
Jeff P. Kovacs, CPA

HEANO E-Newsletter Staff:

Deborah A. Duffy, MPA

Patrick Hucko
Editor/Design Coordinator

John Nocero

Rosanne Kelley

Nancy Ross-Bell, FACHE

Vera Pereskokova

Kayla Cousineau




HIPAA & HITECH and the Impact on Organizations
Rosanne Kelley

It was recently published in many healthcare news outlets that the first civil fines have been levied by the Department of Health and Human Services (HHS). Cignet Health, a Maryland healthcare network, was fined a $4.3 million civil penalty for violating the HIPAA Privacy Rule. The case involved 41 patients where Cignet failed to act on a request for medical records. Not only was Cignet charged regarding the patient records, it was cited for failing to cooperate with the government, even after being served a federal subpoena. According to FierceHealthcare, $3 million of the fine was imposed for “willful neglect” (R. Seeger, Office of Civil Rights). To make matters even worse, when Cignet finally responded to the request, they delivered more than 4,000 patient records, which violated a second HIPAA regulation that states only the minimum necessary data to achieve the intended purpose of the use or disclosure is to be released.

One would assume that any provider would be keenly aware of HIPAA regulations and the potential financial and punitive impact it could have on an organization. Dina Overland, contributor to FierceHealthPayer, stated in a February 24, 2011 article that HHS is sending a very clear message that if organizations are in violation of HIPAA privacy or security laws, then they are going to be fined substantially.

This resurgence of emphasis on HIPAA compliance is fueled by the passage of the $787 billion American Recovery and Reinvestment Act of 2009 (ARRA). More than $19 billion is earmarked for a portion of the bill called the Health Information Technology for Economic and Clinical Health (HITECH) Act. There are financial rewards for compliance, but a greater importance is placed on ensuring the privacy and security of Protected Health Information (PHI). Organizations are adding the phrase “meaningful use” to their lexicons and information technology departments are working furiously to implement the proper processes and safeguards dictated by the government.

This expansion of the regulations behooves companies to develop standard operating procedures which cover the standards for all portable electronic devices in its possession including smart phones, laptops, thumb drives, etc. All of these devices must be encrypted or securely disposed of if they are not capable of being modified.

Do not limit an examination of HIPAA to within the walls of an organization or division -- query vendors and business associates. Mandate proof of compliance from all. Enter into the proper agreements or seek relationships with more proactive vendors and customers. Think about anyone who has reason to enter your facility and quesion if exposure to patient information can occur. This may include construction workers, shadow students, or inspectors. Anyone with the potential to view protected health information (PHI) must have a business agreement in place or sign an affidavit that he/she will abide by HIPAA regulations while in the facility.

A hospital in California was found to be routinely storing patient records in a broken locker outside of the hospital. Another hospital was fined because employees accessed celebrity medical record files. An employee at a facility in Long Beach memorized personal patient information and used them to set up fake cell phone accounts. While these examples run the gamut, the majority of privacy breaches are easily preventable. The investment in ensuring that a healthcare institution is compliant is well worth it considering the magnitude of fines that have been levied.


HITECH Answers. Independent EHR resources and solutions. January 2011

Overland, Dina. Take HIPAA seriously—or pay the penalty. FierceHealthPayer. February 24, 2011.

Yin, Sandra. Feds impose first civil fine ever in HIPAA case. FierceHealthcare. Daily News for Healthcare Executives.

Next Article
Previous Article

Thursday, March 24, 2011
Career Positioning
Fairview Hospital
Click here for more info and to register

Thursday, April 28, 2011
Developing Higher Performing Teams

April 2011
CEO Roundtable

Thursday, May 19, 2011
Ethical Challenges in Healthcare Leadership

July 2011
CEO Roundtable

Thursday, August 18, 2011
Service Line Development

September 2011
CEO Roundtable

Thursday, September 15, 2011
Physician Integration

Thursday, October 20, 2011
Patient Safety

Thursday, November 17, 2011
Annual Meeting

This e-mail was sent by the American College of Healthcare Executives on behalf of the ACHE chapter in your area. If you would prefer not
to receive any chapter newsletters via e-mail, please send a message to '' and enter "unsubscribe_chapter newsletters"
in the subject line. Please include your full name, mailing address, and affiliate ID number (if known).