Disclosure of PHI to News Outlet Leads to $80,000 Fine
The HHS Office for Civil Rights recently settled their investigation into a medical center that disclosed three patients’ protected health information to a media outlet.
This HIPAA violation included pictures of the patients and their information including diagnosis, medical status, vitals and treatment. Since no written authorization was received from their patients, this was a HIPAA violation. The medical center was fined $80,000 and required to implement a corrective action plan.
Whether you work in a Healthcare setting or not, all businesses serve clients, and keeping their information private is crucial. Keeping your workers knowledgeable and up to date with HIPAA or other compliance is vital. Our Apex Secure Managed Service Package includes access to crucial training for your entire team.
Staying HIPAA compliant is crucial for businesses in the healthcare industry to protect patient privacy and ensure the security of sensitive health information. Let’s dive into some essential tips:
Perform a Comprehensive Risk Assessment: Conduct a thorough risk assessment to identify potential vulnerabilities and risks related to patient information security. Evaluate physical security measures, employee security awareness programs, access controls, and disaster recovery plans. By understanding these risks, organizations can implement necessary controls and mitigation strategies.
Develop and Implement Policies and Procedures: Create a robust framework for HIPAA compliance by developing and documenting clear policies and procedures. These should cover guidelines for handling electronic protected health information (ePHI), employee access controls, incident response procedures, and employee training requirements. Regularly review and update these policies to stay current with evolving compliance standards and ensure that employees remain aware of their roles and responsibilities.
Provide Regular Employee Training: Ensure that all employees understand the critical aspects of HIPAA compliance. Regular training on privacy and security practices is essential. Employee awareness significantly reduces the risk of accidental or intentional breaches. Consider workshops, webinars, and ongoing education to keep everyone informed about compliance requirements.
Appoint a HIPAA Compliance Officer: Designate someone within your organization as the HIPAA Compliance Officer. This individual should stay up-to-date on any changes in HIPAA law, schedule regular training, and oversee compliance efforts.
Maintain Records of Access to Protected Health Information: Keep track of who has access to ePHI within your organization. This includes both employees and any external partners or contractors. Proper access controls are essential to maintaining compliance.
Designate Restricted Areas for Protected Health Information: Identify specific physical areas within your office where protected health information is stored or accessed. Implement security measures to restrict access to authorized personnel only.
Understand Breach Notification Requirements: Familiarize yourself with the specific protocols for handling data breaches. In case of a breach of unsecured protected health information, follow the established notification procedures. Promptly notify affected individuals, the Secretary of Health and Human Services, and, if necessary, the media.
Remember, HIPAA regulations evolve over time, so staying informed and proactive is essential. If you have any specific concerns or need further guidance, consider consulting our team here at 619IT. Give us a call at 619-282-1500 or email us at info@619IT.com