With fines of $100 to $50,000 per HIPAA violation and jail time for knowingly violating HIPAA rules, the Health Insurance Portability and Accountability Act is no joke for health care providers. Everyone who touches patients' private health information needs to make sure they aren't committing a HIPAA violation and health care organizations need to have policies, procedures and trainings in place to keep in compliance.
This week's Clinical Documentation News Roundup brings you articles with information and advice about avoiding HIPAA violations and dealing with them if they occur.
- 3 Keys to BYOD Policy for Hospitals from FierceHealthIT: "Make the system invisible: Security and HIPAA compliance shouldn't bring cumbersome intrusions on workflow. Don't stop with personal devices: Ricks recommends desktop virtualization across the enterprise, allowing workers to access applications from any computer."
- Peeling Away the Layers of Health Data Breach Response from HealthITSecurity: "Too many organizations think that if they have words on paper, they’re done. If you don’t actually test your breach response procedures, through a table top dry run, you could end up having completely unworkable procedures when a real incident and breach occurs."
- 5 Major Ethical Violations in Therapy from PsychCentral: "This law was passed to protect all medical and mental health information from 'outsiders.' But some people claim the ACT has not stopped their employers, lawyers, etc. from requesting information on a psychiatric file. An ethical therapist will make sure that he or she protects the clinical records of clients. Therapists who do not make their policies clear on how they work with HIPAA regulated files, be sure to ask in advance."
- New Certification Program Provides "Safe Harbor" of Privacy, Security Compliance from FierceEMR: "Texas is the first state in the nation to create a formal Covered Entity Privacy and Security Certification Program to enable covered entities within the state to demonstrate their dedication to protecting patients' health information. The program, developed as part of Texas' House Bill (HB) 300 amending its Medical Records Privacy Act, also enhances consumer access to electronic health records, requires notification and authorization for electronic disclosing of protected health information (PHI), requires standards for electronic data sharing, and increases penalties for violations. The program applies to 'covered entities' as defined by Texas law."
- Nursing Informatics and HIPAA from ADVANCE: "HIPAA also presents obstacles to obtaining patient information for the purpose of tracking trends and other types of analysis that typically are allowed in other industries. For example, many retailers gather and analyze consumer information to help them market goods and services based on the behaviors and choices of their customers. Although this is an accepted practice among retail businesses, healthcare organizations cannot arbitrarily obtain and share customer (i.e., patient) data solely for marketing or other non-health related purposes. Therefore, nurses using informatics must be diligent about using data ethically to meet the medical needs of the patient. Informatics nurses also need to ensure their own education provides them with the knowledge and skills necessary to recognize, interpret, analyze, synthesize and hypothesize even limited data sets after identifiers and other private information has been removed."
To learn more about how to prevent HIPAA violations at your medical practice, hospital or other health care facility, sign up today for our Nov. 13 webinar on HIPAA risk assessment.
Logan Solutions uses a combination of clinical practice expertise and technological skill to help physician practices throughout the U.S. implement, customize and improve their ERM and Dragon Medical software systems. Contact us to find out how our clinical-practice expertise can help your practice with its clinical documentation software needs.