HIPAA Summit West: 1 in 4 Organizations Report Data Breaches
"Make those real," Michael Leoz, OCR deputy regional manager in San Francisco, said, referring to HIPAA privacy and security policies and procedures. "Don't just have them sit on the shelf."
Recalling a case involving a laptop left in a Boston subway car by a Massachusetts General Hospital employee, Leoz said OCR found the policies and procedures that were in place were not adequate for HIPAA privacy and security compliance. That led to a $1 million settlement and a corrective action plan.
And what good are a policy and an education plan if senior management and board members aren't on board?
One HIPAA privacy officer at the Summit said he does not have that problem. He told a story dispelling an accepted belief that hospital boards are not engaged in HIPAA compliance issues.
When the officer rolled out some online learning to his staff at his large healthcare system, he got his first notification of a completed quiz 20 minutes later.
From whom? The chairman of the board of the directors for the hospital system. That's the same chairman with whom the privacy officer meets monthly.
That's a good thing because OCR – or least its contractor, KPMG, LLP -- could come knocking starting this Fall and into next year thanks to a $9.2 million auditing plan stemming from the HITECH Act.
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- 3 Traits Personality Assessments Can't Reveal
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- CHS Hacked, 4.5M Patient Records Compromised
- Carondelet to Pay $35M to Settle Fraud Allegations
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013