Top HIPAA Lessons for Hospital Leaders
Editor's note: This is the second of a three-part series this week focusing on expert advice on complying with HIPAA and preparing for HITECH regulations. The HITECH compliance date for business associates to comply with the security rule is Wednesday, February 17. Part I of the series.
Don't leave all this HITECH and HIPAA stuff to the "tech folks." Hospital leaders should know by now the threat of a public relations nightmare because of a breach of unsecure personal health information (PHI)—just ask CVS.
It's a good time for the C-Suite to be involved in HIPAA compliance.
"'Security' often suggests 'techie stuff' passed off to the IT department," says Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, CPHIE, FHIMSS, of Margret\A Consulting, LLC, in Schaumburg, IL. "I believe attending to privacy and security protections should start with the CEO and trickle down to everyone, including all members of the medical staff. It needs to be an extension of the Hippocratic Oath: Do no harm and keep your mouth shut."
One good way to start is to learn from those who have not complied.
For instance, Providence Health & Services in Seattle in July 2008 reached a $100,000 resolution agreement for PHI breaches and had to implement a corrective action plan to ensure its security program.
Your organization must avoid similar problems, such as:
- Unencrypted ePHI not otherwise safeguarded lost or stolen
- Backup tapes, optical disks, and laptops—all containing unencrypted ePHI—removed and left unattended
- Exposure of ePHI for patients (386,000 in Providence's case)
- Management permitting employees to take home media containing ePHI despite a policy to the contrary
- Lack of policy and procedure enforcement, including encryption policies
- MU Compliance Announcement Sparks Concern, Confusion
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- Scary Financial Challenges for 2014
- Telehealth Improves Patient Care in ICUs
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- LifePoint Bolsters Presence in Michigan's Upper Peninsula
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Douglas Hawthorne—A Chance to Do Something Big
- Hospital M&A Volume Up, Value Down in 3Q
- Small Doesn't Mean Doomed