Eight Tips to Polish Your Hospital's Patient Breach Response
Editor's note: This is the third in a three-part series about breach notifications. Part one focused on how to prevent breaches. Part two tackled how to handle breaches. This installment offers some final tips if a breach occurs.
Now that you've followed protocol—the government's and your facility's—consider these final checklist items for after you respond accordingly to a breach.
They are offered by Andrew E. Blustein, Esq., partner and cochair of Garfunkel, Wild & Travis' Health Information and Technology Group in Great Neck, NY; Hackensack, NJ; and Stamford, CT:
- Incorporate lessons learned into existing procedures (were internal reporting and investigation fast and efficient?)
- Include the breach on the annual log reported to HHS
- Modify policies as necessary
- Reeducate staff members regarding lessons learned
- Look for repeating patterns (e.g., one patient area that has multiple incidents)
- Include the unauthorized disclosure on the accounting of disclosures
- Include any sanctions on the HIPAA sanctions log
- Ensure that investigation notes and reports were appropriately detailed and that they are maintained
HHS has said it will not enforce breach notification provisions until February 2010—or 180 days from the publication of the interim final rule—but HITECH states that covered entities (CE) are subject now to penalties for noncompliance.
CEs should have breach response systems in place already, says Chris Simons, RHIA, director of UM and HIM and the privacy officer at Spring Harbor Hospital in Westbrook, ME.
- CMS Seeks to 'Rapidly Reduce' Medicare Spending with $1B in Grants
- Building a Better Healthcare Board
- Case Study: Advance Care Conversations
- Patient Harm Data to Remain on Medicare's Hospital Compare Site
- Quiet ORs Better for Patient Safety
- Hard-Nosed About Physician Teamwork
- Hospital Pricing Data Dump Won't Hurt You, Yet
- CMS Releases Hospital Pricing Data
- Tavenner Confirmed as CMS Administrator
- Evidence-Based Practice and Nursing Research: Avoiding Confusion