American College of Healthcare Executives
An E-Newsletter for Chapter Members Spring 2011
In This Issue

From the President's Desk
Regent's Corner
HIPAA & HITECH and the Impact on Organizations
Are You an Early Careerist???
Members on the Move/Facilities Update
Local Healthcare News
Several Windows of Opportunity Close, but Options Remain
What Should Be in Your Obligated Group?
Think Beyond the Financial Aspect of a Conflict of Interest
Break Out of a Rut and Move Ahead
Survey Staff to Curb Conflict
Ensure delivery of Chapter E-newsletter (Disclaimer)


ePoll

Are you taking the Board of Governors Exam in 2011?

Yes
No
Not Sure Yet



Links

Stay Connected. Keep Your Contact Info Up to Date with ACHE
HEANO Website
ACHE Job Bank


Chapter Officers

President
Debra P. Jones, MS, RN,
NEA-BC, FACHE
jonesd13@ccf.org

President-Elect
Michael A. Scocos
mscocos@prcmedical.com

Immediate Past President
Debbie McCartney, RN, MBA
mccarde1@aim.com


Secretary / Treasurer
Jeff P. Kovacs, CPA
jpk@altapartnersllc.com


HEANO E-Newsletter Staff:

Deborah A. Duffy, MPA
Editor-in-Chief

Patrick Hucko
Editor/Design Coordinator

John Nocero
Contributor

Rosanne Kelley
Contributor

Nancy Ross-Bell, FACHE
Contributor

Vera Pereskokova
Contributor

Kayla Cousineau
Contributor

 

 

 

HIPAA & HITECH and the Impact on Organizations
Rosanne Kelley

It was recently published in many healthcare news outlets that the first civil fines have been levied by the Department of Health and Human Services (HHS). Cignet Health, a Maryland healthcare network, was fined a $4.3 million civil penalty for violating the HIPAA Privacy Rule. The case involved 41 patients where Cignet failed to act on a request for medical records. Not only was Cignet charged regarding the patient records, it was cited for failing to cooperate with the government, even after being served a federal subpoena. According to FierceHealthcare, $3 million of the fine was imposed for “willful neglect” (R. Seeger, Office of Civil Rights). To make matters even worse, when Cignet finally responded to the request, they delivered more than 4,000 patient records, which violated a second HIPAA regulation that states only the minimum necessary data to achieve the intended purpose of the use or disclosure is to be released.

One would assume that any provider would be keenly aware of HIPAA regulations and the potential financial and punitive impact it could have on an organization. Dina Overland, contributor to FierceHealthPayer, stated in a February 24, 2011 article that HHS is sending a very clear message that if organizations are in violation of HIPAA privacy or security laws, then they are going to be fined substantially.

This resurgence of emphasis on HIPAA compliance is fueled by the passage of the $787 billion American Recovery and Reinvestment Act of 2009 (ARRA). More than $19 billion is earmarked for a portion of the bill called the Health Information Technology for Economic and Clinical Health (HITECH) Act. There are financial rewards for compliance, but a greater importance is placed on ensuring the privacy and security of Protected Health Information (PHI). Organizations are adding the phrase “meaningful use” to their lexicons and information technology departments are working furiously to implement the proper processes and safeguards dictated by the government.

This expansion of the regulations behooves companies to develop standard operating procedures which cover the standards for all portable electronic devices in its possession including smart phones, laptops, thumb drives, etc. All of these devices must be encrypted or securely disposed of if they are not capable of being modified.

Do not limit an examination of HIPAA to within the walls of an organization or division -- query vendors and business associates. Mandate proof of compliance from all. Enter into the proper agreements or seek relationships with more proactive vendors and customers. Think about anyone who has reason to enter your facility and quesion if exposure to patient information can occur. This may include construction workers, shadow students, or inspectors. Anyone with the potential to view protected health information (PHI) must have a business agreement in place or sign an affidavit that he/she will abide by HIPAA regulations while in the facility.

A hospital in California was found to be routinely storing patient records in a broken locker outside of the hospital. Another hospital was fined because employees accessed celebrity medical record files. An employee at a facility in Long Beach memorized personal patient information and used them to set up fake cell phone accounts. While these examples run the gamut, the majority of privacy breaches are easily preventable. The investment in ensuring that a healthcare institution is compliant is well worth it considering the magnitude of fines that have been levied.

References:

HITECH Answers. Independent EHR resources and solutions. January 2011

www.hitechanswers.net

Overland, Dina. Take HIPAA seriously—or pay the penalty. FierceHealthPayer. February 24, 2011.  www.fiercehealthpayer.com

Yin, Sandra. Feds impose first civil fine ever in HIPAA case. FierceHealthcare. Daily News for Healthcare Executives. www.fiercehealthcare.com

Next Article
Previous Article


Thursday, March 24, 2011
Career Positioning
Fairview Hospital
5:30PM
Click here for more info and to register

Thursday, April 28, 2011
Developing Higher Performing Teams
5:30PM

April 2011
CEO Roundtable

Thursday, May 19, 2011
Ethical Challenges in Healthcare Leadership
5:30PM

July 2011
CEO Roundtable

Thursday, August 18, 2011
Service Line Development
5:30PM

September 2011
CEO Roundtable

Thursday, September 15, 2011
Physician Integration
5:30PM

Thursday, October 20, 2011
Patient Safety
5:30PM

Thursday, November 17, 2011
Annual Meeting
5:30PM



This e-mail was sent by the American College of Healthcare Executives on behalf of the ACHE chapter in your area. If you would prefer not
to receive any chapter newsletters via e-mail, please send a message to 'chapters@ache.org' and enter "unsubscribe_chapter newsletters"
in the subject line. Please include your full name, mailing address, and affiliate ID number (if known).