Tip: Mitigate harmful effects following a patient privacy complaint
Compliance Monitor, January 12, 2011
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Investigating privacy complaints and applying sanctions are important aspects of compliance, but the Privacy Rule doesn’t stop there.
A covered entity must mitigate, to the extent practicable, any harmful effects it knows about if protected health information (PHI) is used or disclosed in violation of its policies. This includes violations by business associates.
In simple terms, you must take reasonable steps to lessen any harm that may have come to an individual as a result of the violation. For example, if there are concerns that individuals could become victims of identify theft because their records were found in a public dumpster, you might want to provide resources to help those individuals monitor their credit reports and even offer to pay for a year’s worth of credit reports.
This week’s tip was adapted from The Privacy Officer’s Handbook. For more information about this book, visit the HCMarketplace.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Healthcare Life Safety Compliance
Learn Life Safety Code tips and interpretations for healthcare facilities with this in-depth monthly resource.
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
The Privacy Officer's Handbook, Second Edition
Privacy and security requirements now extend to business associates and vendors of personal health records. Individuals, not...
-
Stark Law, 2nd edition: A user's guide to achieving compliance
This updated version of HCPro's Stark Law best seller, first published in 2005—and now co-authored by former CMS Stark...
-
The Compliance Officer's Handbook, 2nd Edition
This revised edition is packed with even more practical tools, case studies, tips and tools, sample audits, and sample...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Topic: CMS, OESS post new security compliance review information, checklist
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- Q/A: Coding infusions to correct low potassium levels
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- HIPAA Q&A: Level of encryption needed for email
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- CMS has reformulated payments for some bilateral procedures
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Understand the spine to code back procedures correctly
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- Searched