• E-mail
• Print
• RSS

Tips for revising your HIPAA internal sanctions policy

HIM Connection, February 23, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• Work together. Work in conjunction with your HR department, said Dena Boggan, CPC, CMC, CCP, HIPAA privacy/security officer at St. Dominic-Jackson (MS) Memorial Hospital. Boggan spoke during HCPro’s December 2009 audio conference “HIPAA Internal Sanctions: Adapt Your Policy to Comply with the HITECH Act.” Collaborate with HR when considering enforcing sanctions, as the degree of the sanction depends on the employee’s history as well as the situation. Is there a previous infraction in the employee’s file? If so, does it pertain to privacy or something else? What level of sanction is appropriate for the employee? Different factors can help determine the appropriate sanction level to impose for a particular violation.
• Use general terms. Instead of only listing specific situations in your policy, include general terms such as:
  • “Will generally”
  • “Including but not limited to”
  • “May result” instead of “will result”
  • “Policy” instead of “guideline”
• Consider what to include in your sanction guidelines. Nancy Davis, MS, RHIA, director of privacy/security at Ministry Health Care, a Catholic integrated healthcare system based in Wisconsin, who also spoke during the audio conference, said guidelines should include the following:
  • A reason or purpose
  • Applicable personnel
  • Failure-to-comply statement
  • Tier descriptions
  • Process for determining appropriate sanction

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• E-mail to a Colleague
• Print
• RSS
• Archive