Top HIPAA Lessons for Hospital Leaders
Editor's note: This is the second of a three-part series this week focusing on expert advice on complying with HIPAA and preparing for HITECH regulations. The HITECH compliance date for business associates to comply with the security rule is Wednesday, February 17. Part I of the series.
Don't leave all this HITECH and HIPAA stuff to the "tech folks." Hospital leaders should know by now the threat of a public relations nightmare because of a breach of unsecure personal health information (PHI)—just ask CVS.
It's a good time for the C-Suite to be involved in HIPAA compliance.
"'Security' often suggests 'techie stuff' passed off to the IT department," says Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, CPHIE, FHIMSS, of Margret\A Consulting, LLC, in Schaumburg, IL. "I believe attending to privacy and security protections should start with the CEO and trickle down to everyone, including all members of the medical staff. It needs to be an extension of the Hippocratic Oath: Do no harm and keep your mouth shut."
One good way to start is to learn from those who have not complied.
For instance, Providence Health & Services in Seattle in July 2008 reached a $100,000 resolution agreement for PHI breaches and had to implement a corrective action plan to ensure its security program.
Your organization must avoid similar problems, such as:
- Unencrypted ePHI not otherwise safeguarded lost or stolen
- Backup tapes, optical disks, and laptops—all containing unencrypted ePHI—removed and left unattended
- Exposure of ePHI for patients (386,000 in Providence's case)
- Management permitting employees to take home media containing ePHI despite a policy to the contrary
- Lack of policy and procedure enforcement, including encryption policies
- EHR Systems 'Immature, Costly,' AMA Says
- CEO Exchange: Preparing for Population Health
- Better HCAHPS Scores Protect Revenue
- Narrow Networks Cut Costs, Not Quality, Economists Say
- Advocate, NorthShore Deal Would Create 16-Hospital System
- 3 Strategies for Retaining Millennial Employees
- Interstate Medical Licensure Effort Advances
- 'Early Offer' Malpractice Programs May Spur Reform
- How to Build a Health Plan from Scratch
- Limiting choice to control health spending: A caution