Health Information Management

What steps must we follow when disciplining employees involved in a privacy breach?

HIM-HIPAA Insider, November 4, 2008

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

A: HIPAA requires covered entities (CE) to investigate and document all privacy and security complaints. CEs must also act to help prevent future breaches and to minimize any damage to the patient.

Many organizations have implemented disciplinary policies that address the consequences of deliberate or inadvertent failure to protect the privacy and security of patient information. For example, other facilities elect to implement a more general policy that addresses training and confidentiality statements. These general policies typically refer only to disciplinary action up to and including termination and are not specific concerning disciplinary action; details are irrelevant if the CE meets the standard.

Editor’s note: Chris Simons, RHIA, director of HIMS and privacy officer at Spring Harbor Hospital in Westbrook, ME, provided this answer. This information does not constitute legal advice. Consult your organization’s legal counsel for answers to specific privacy and security questions. This Q&A appeared in the November issue of Medical Records Briefing. For more information, click here.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Comments

0 comments on “What steps must we follow when disciplining employees involved in a privacy breach?

 

Most Popular