Archive for December, 2012
“HHS announces first HIPAA breach settlement involving less than 500 patients,” the headline reads on the OCR privacy home page.
Right now, as of 4:30 EST December 31, the link is dead. Hmm. Not sure what this is all about, but definitely curious why OCR is publicizing a “small” breach when the “large” ones — those affecting 500 or more individuals — have been getting all the attention.
Santa says hello to all HIPAA privacy and security officers out there — especially those who couldn’t be near the Christmas tree this year and are instead in their healthcare facilities today!
What do you want for Christmas? For HIPAA compliance that is? More resources? More time? Better training courses? How about a staff that fully understands the need to protect patients’ PHI?
Whatever you want, let us know, and we’ll see if Santa can take a swing back today toward your hospital and drop by your wish!
HHS launched earlier this month a new education initiative and set of online tools that provide healthcare providers and organizations practical tips on ways to protect their patients’ PHI when using mobile devices such as laptops, tablets, and smartphones.
The initiative is called Mobile Devices: Know the RISKS. Take the STEPS. PROTECT and SECURE Health Information and is available at www.HealthIT.gov/mobiledevices. It offers educational resources such as videos, easy-to-download fact sheets, and posters to promote best ways to safeguard patient health information.
“The use of mobile health technology holds great promise in improving health and health care, but the loss of health information can have a devastating impact on the trust that patients have in their providers. It’s important that these tools are used correctly,” said Joy Pritts, HHS’ Office of the National Coordinator for Health Information Technology (ONC) chief privacy officer. “Health care providers, administrators and their staffs must create a culture of privacy and security across their organizations to ensure the privacy and security of their patients’ protected health information.”
Despite providers’ increasing use of using mobile technology for clinical use, research has shown that only 44 percent of survey respondents encrypt their mobile devices. Mobile device benefits—portability, size, and convenience—present a challenge when it comes to protecting and securing health information.
Along with theft and loss of devices, other risks, such as the inadvertent download of viruses or other malware, are top among reasons for unintentional disclosure of patient data to unauthorized users.
“We know that health care providers care deeply about patient trust and the importance of keeping health information secure and confidential,” said Leon Rodriguez, director of the HHS Office for Civil Rights. “This education effort and new online resource give health care providers common sense tools to help prevent their patients’ health information from falling into the wrong hands.”
Complying with the HIPAA Privacy Rule isn’t always easy, but it can be even more complicated for assisted living facilities.
A privacy officer in Wisconsin-who oversees a critical access hospital, a skilled nursing facility, and an assisted living facility-sums up some of the difficulties. The tenants in the assisted living facility share meals and activities, and many become good friends with one another, she says.
It’s only natural that these elderly tenants share news with their friends and neighbors, but how does HIPAA come into play when they ask facility caregivers to share information? “They are a close-knit community and it is hard to keep tenants and caregivers from talking among themselves,” says the privacy officer.
While it’s not a problem for tenants to share information, the caregivers, who are workforce members of the assisted living facility, may be bound by HIPAA not to reveal tenants’ PHI.
This article is an excerpt from the January edition of the HCPro, Inc. newsletter, Briefings on HIPAA.
One columnist ponders this very question in the Washington Times. Were HIPAA laws a bit more loose, would authorities or gun-issuers have more knowledge and control over mentally ill folks who may end up with a weapon?
“There is a strong case for a modification to the HIPAA laws,” the columnist writes. “As anyone who purchases a firearm knows, part of the process is that the retailer will place a call to the ATF (Department of Alcohol, Tobacco and Firearms), which performs the instant criminal background check, providing the retailer with a yes or no answer in permitting the sale.
“The NICS should be supplemented by a medical background check. This check would not reveal any private information, but merely raise a flag from the buyer’s doctor, who would make a database entry at the time of diagnosis and/or prescription of drugs that have been proven to cause violent or suicidal thoughts and tendencies.”