Norris, t week 1 discussion 2Presentation Transcript
Patient ConfidentialityTraining which will assist in theprevention of HIPAA violations Tina Norris
Promulgate the monetary consequences of violating HIPAA1 violation 30 violations$100 per victim at minimum fine $1.5 million per victim at maximum fine
Complying with HIPAA• Hospitals, physicians, and their business partners must ensure that all HIPAA privacy and security provisions are not only adopted, but are completely current as well (Withrow, 2010).
What every healthcare leadershould know about HIPPA privacycompliance: PRIVACY COMPLIANCE PROTOCOLS
Efforts should be focused on high-risk areas such as (1) information access management, (2) access control, and (3) impermissible disclosures of PHI;
Business associate agreements must be reviewed in order to verify that business associates accept the direct HIPPA obligations, and indemnify the hospital and physicians for any HIPAA violations;
All healthcare leaders must provide HIPAA training and appropriate monitoring to confirm continuing compliance (Withrow, 2010).
Privacy safeguards include (1) ensuring that all documents containing PHI are shred before their disposal and (2) ensuring that doors to medical records departments, including file cabinets, are kept locked and that which personnel are authorized to have the key or passcode is limited (Sarrico &Hauenstein, 2011).
Institute restrictions on which application and module within that application a user can access, despite the user’s having established his/her ID at logon (Sarrico & Hauenstein, 2011).
For more information on HIPAA privacy policies, go to www.tulane.edu/counsel/upco/ privacy-policies.cfm. and/or to www.nyu.edu/its/policies/#hipa a. (Withrow, 2010).
What every healthcare leadershould know about HIPAAsecurity compliance:SECURITY COMPLIANCE PROTOCOLSFOR ENSURING EHRS/HIES COMPLY
Be aware that the first documents an investigator is likely to want to see are the risk assessment and resulting policy and procedural protocols for the physical, administrative, and electronic security of ePHI (Wieland, 2010).
Draft a risk assessment analysis by which protocols for the physical, administrative, and electronic security of ePHI will be devised (Wieland, 2010).
Tighten internal compliance procedures;
Extensively conduct regular training of all employees;
Train also the employees of all provider-partners;
Have signed privacy agreements with all employees;
For more information on drafting a risk assessment analysis pursuant to HIPAA, go to www.hhs.gov/ocr/privacy/hipaa /administrative/securityrule/rad raftguidanceintro.html (Wieland, 2010).
References• Sarrico, C., & Hauenstein, J. . (2011). Can EHRs and HIEs get along with HIPPA security requirements? . hfm (Healthcare Financial Management), 65(2), 86-90. Retrieved October 19, 2011, from EBSCOhost.• Wieland, J. B. . (2010). Liability and the lab. HIPAA: The new enforcement culture. MLO: Medical Laboratory Observer, 42(11), 42. Retrieved October 19, 2011, from EBSCOhost.
References• Withrow, S. . (2010). How to avoid a HIPAA horror story. hfm (Healthcare Financial Management), 64(8), 82-88. Retrieved October 19, 2011, from EBSCOhost.