What steps must we follow when disciplining employees involved in a privacy breach?
HIM Connection, November 4, 2008
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
A: HIPAA requires covered entities (CE) to investigate and document all privacy and security complaints. CEs must also act to help prevent future breaches and to minimize any damage to the patient.
Many organizations have implemented disciplinary policies that address the consequences of deliberate or inadvertent failure to protect the privacy and security of patient information. For example, other facilities elect to implement a more general policy that addresses training and confidentiality statements. These general policies typically refer only to disciplinary action up to and including termination and are not specific concerning disciplinary action; details are irrelevant if the CE meets the standard.
Editor’s note: Chris Simons, RHIA, director of HIMS and privacy officer at Spring Harbor Hospital in Westbrook, ME, provided this answer. This information does not constitute legal advice. Consult your organization’s legal counsel for answers to specific privacy and security questions. This Q&A appeared in the November issue of Medical Records Briefing. For more information, click here.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Comments
0 comments on “What steps must we follow when disciplining employees involved in a privacy breach? ”
Related Products
-
HIPAA Handbook for Nutrition, Environmental Services, and Volunteer Staff:
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Coders, Billers and HIM Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- HIPAA Q&A: Level of encryption needed for email
- Identify potential Medicaid RAC target areas
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- CHANGES COMING: Key differences in nationwide rollout
- Searched