Compliance with the Health Insurance Portability and Accountability Act (HIPAA) is becoming increasingly important especially with the arrival of the HIPAA/HITECH Omnibus Rule earlier this year. So what should we look out for?
The Department of Health and Human Services has published statistics to illustrate top reasons for non-compliance. I found it useful to read through these case examples to ensure I do not make the same mistakes. Here are the top three reasons for noncompliance followed by a description of a case example I found to be common:
- Impermissible uses and disclosures of protected health information
Issue: The provider left a message on a patient’ home phone answering machine, disclosing protected health information. The patient had requested that communications be made via mobile or work phones therefore felt the provider violated HIPAA.
Resolution: The provider retrained staff on the Privacy Rule, provided additional training to specific staff whose job responsibility included contacting patients, and revised policy to clarify patient rights to reasonable requests.
- Lack of safeguards of protected health information
Issue: A provider maintained log books containing protected health information in a manner that was visible to the public.
Resolution: Maintain and implement policies and procedures to safeguard log books and train all staff on new policies.
- Lack of patient access to their protected health information
Issue: A provider denied an individual access to copies of their medical records due to unpaid dues.
Resolutions: Revise policies and procedures to reflect the individual’s right to access to medical records regardless of payment source.
A lot of the case examples I read seem fairly straightforward however it is very hard to spot when you are completing your daily tasks. A simple conversation with a peer can lead to a serious violation. It is always good to read through articles like these that can give you examples on violations that you may not have even realized existed. Simply, HIPAA and the updates to the regulations call for all medical providers alike to update and revise policies and procedures and train staff. So let us all be responsible and assess our agencies and practices for areas of non-compliance.
What are other examples you can give us?