Archive for HIPAA privacy
Minnesota-based Allina Health System recently fired a medical assistant at its Inver Grove Heights Clinic for inappropriately accessing medical records of 3,807 patients from February 2010 to September 2013, Pioneer Press reported.
Allina Health System includes 11 hospitals and more than 50 clinics. The privacy breach was not limited to patients seen at the Inver Grove Heights Clinic, according to Pioneer Press. The unidentified medical assistant accessed patients’ demographic, clinical, and insurance information, along with the last four digits of their Social Security numbers. There was no evidence that the medical assistant used the information for financial gain, according to the article.
Allina Health System offered complimentary identity monitoring services to affected patients, who received letters notifying them of the breach. In response to this incident, the health system is reevaluating its patient information policies and is examining computer security, Pioneer Press reported.
This is not the first time Allina Health System fired employees for snooping through medical records. In 2011, the health system terminated 32 employees for inappropriate medical record access following a mass overdose in Blaine, Minn., according to Pioneer Press.
Representative Chris Collins, R-New York, asked four security experts a series of yes–or–no questions about the Obamacare website during the House of Representatives Science, Space and Technology Committee hearing, according to Reuters. When asked if they thought the site was secure, the experts unanimously answered “no.” When asked if the site should be shut down pending the resolution of security issues, three experts said “yes” and one said he did not have enough information to respond, according to the article.
The website collects PHI including names, dates of birth, Social Security numbers, email addresses, and more.
What are your thoughts about the ongoing HealthCare.gov security issues?
The American Medical Association (AMA) has posted free HIPAA resources on its website. The AMA website offers information to aid healthcare professionals in understanding the HIPAA omnibus rule. The site explains HIPAA requirements in detail and offers tools to aid physicians and other healthcare professionals comply with the rules, including:
A Q&A in the November Briefings on HIPAA resulted in several follow-up questions from readers, many of whom thought of various scenarios when leaving information on patient voicemail may or may not be appropriate. Check out the Q&A below and let us know what information you think is appropriate to leave on a patient’s voicemail.
Q . I am concerned about leaving certain information on a patient’s voicemail, because I believe any individual listening to the message could search the physician’s name and identify the service. The following example seems vague enough to me, but I’m not positive it is appropriate: “This is Dr. John’s office calling for Adam. We want to remind you of your appointment at 10 a.m. Thursday, November 28. Please call us at 123-456-7899 to confirm. Thank you.” What information is appropriate to leave on a patient’s voicemail?
A. The message you mentioned is appropriate. It provides enough information to remind the patient about the appointment without giving any details relating to the reason for the visit. For physician offices calling about lab results, one of the following messages would be acceptable:
- “This is Dr. John’s office calling. All of your recent lab tests came back normal.”
- “This is Dr. John’s office. Please call us at 123-456-7899 for your lab results.”
Note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, vice president of health information, Baylor Scott & White Health in Temple, Texas, answered this question for HCPro’s Briefings on HIPAA newsletter.
Attend HCPro’s FREE MedicareFind webcast at 1 p.m. Eastern, Thursday November 14, to learn the most effective way to search for Medicare rules and regulations. We’ll cover several hot topics–including Part B rebilling, the 2-midnight rule, and the OPPS rule–to show you how MedicareFind can make it easier than ever to find all of the
relevant information about these rules and regulations.
Learn how your facility can comply and train smarter with these vital components:
- Proposed and final rules (e.g., IPPS and OPPS)
- LCDs and NCDs
- Transmittals, MLN Matters, and Job Aid articles
- CMS’ Medicare and Medicaid manuals
- OIG audit reports, advisory opinions, fraud alerts, and work plans
- HIPAA Omnibus Rule, Recovery Auditor issues, and legislative acts