Health Information Management

Pitfalls at physician practices

HIM-HIPAA Insider, January 19, 2009

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, a privacy, security, and compliance consultant with Rebecca Herold & Associates LLC in Van Meter, IA, lists the following common HIPAA violations she sees regularly in physician offices. Check your practice against this list to see if your staff commits the same common violations, and if so, address these problems in advance during training:

  • Not providing the notice of privacy practices (NPP), even though they require patients to sign a statement indicating they had been provided with, and read, the NPP.
  • Not having documented internal information security and privacy policies for staff members to follow.
  • Exposing PHI to anyone within the office facilities (e.g., patient file folders left out on the check-in desk unattended, patient file folders left in the wall pockets outside examination rooms with health information facing out and visible, etc.)
  • Healthcare workers calling out the full names of patients in the waiting room or in front of other patients.
  • Not obtaining consent from patients to film them and then use the video, or to tape audio with them for marketing purposes.
  • Selling prescription information to marketing and pharmaceutical companies, often as an additional revenue stream.
  • Not providing any training or ongoing awareness communications, or providing training just once, and never again. 
  • Insecure disposal of PHI, such as unshredded into open and publicly available trash bins, into the trash dumpster behind the office building, etc.
  • Not documenting or retaining information about PHI changes and access for the required six years.

Editor’s note: This is an excerpt from a story that will appear in the February edition of Health Information Compliance Insider, an HCPro, Inc. newsletter. Read more about HICI.

Comments

0 comments on “Pitfalls at physician practices

 

Most Popular