Can the privacy officer be held liable if there is a privacy breach? Do we have to display our notice of privacy practices throughout our organization?
HIPAA Weekly Advisor, January 10, 2002
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: Can the privacy officer be held liable if there is a privacy breach? Do we have to display our notice of privacy practices throughout our organization?
A: I have not seen anything from the Department of Health and Human Services designating a specific individual liable for noncompliance. The privacy regulations indicate that the organization can be fined.
There is some potential under the criminal liability section, because you can't hold an organization criminally liable. It would boil down to people. That's only going to be in the most extreme circumstances, when somebody has gone off on his or her own and sold health care information for profit. Then, that person could be subject to criminal penalties.
Q: Do we have to display our notice of privacy practices, in its totality, throughout our organization, or can we just have it in one location where patients can pick it up?
A: The privacy regulations specify the content of the privacy notice, but give organizations some flexibility as far as how they disseminate the information to patients.
Organizations have to look at what would be the most effective means of communication. HHS will give further guidance to health care organizations on the content of the notice and communications with patients.
You're not going to want to take the entire notice and post it on the wall. If patients request it, you have to give them the entire notice. Calling their attention to it and making them aware of where they can get it will probably be sufficient.
Editor's note: Answered by Jill Callahan Dennis, JD, RHIA, principal of Health Risk Advantage, in Denver, and Kathleen Frawley, JD, MS, RHIA, president of Frawley and Associates, in Montclair, NJ.
The above questions are from The Greeley Company's (a division HCPro) December 10 audioconference, "The HIPAA Chief Privacy Officer.How to be successful in your new role."
Go to http://www.hcmarketplace.com/product.cfm?ID=12548 to order an audiocassette of the audioconference.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched