Corporate Compliance

Tip: Mitigate harmful effects following a patient privacy complaint

Compliance Monitor, January 12, 2011

Investigating privacy complaints and applying sanctions are important aspects of compliance, but the Privacy Rule doesn’t stop there.

A covered entity must mitigate, to the extent practicable, any harmful effects it knows about if protected health information (PHI) is used or disclosed in violation of its policies. This includes violations by business associates.

In simple terms, you must take reasonable steps to lessen any harm that may have come to an individual as a result of the violation. For example, if there are concerns that individuals could become victims of identify theft because their records were found in a public dumpster, you might want to provide resources to help those individuals monitor their credit reports and even offer to pay for a year’s worth of credit reports.

This week’s tip was adapted from The Privacy Officer’s Handbook. For more information about this book, visit the HCMarketplace.

Most Popular