Health Information Management

Tips for revising your HIPAA internal sanctions policy

HIM-HIPAA Insider, February 23, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

As healthcare organizations begin adapting their HIPAA internal sanctions policies to comply with new HITECH requirements, many privacy and security officers wonder where to begin.
 
The following are some tips for creating your policies:
  • Work together. Work in conjunction with your HR department, said Dena Boggan, CPC, CMC, CCP, HIPAA privacy/security officer at St. Dominic-Jackson (MS) Memorial Hospital. Boggan spoke during HCPro’s December 2009 audio conference “HIPAA Internal Sanctions: Adapt Your Policy to Comply with the HITECH Act.” Collaborate with HR when considering enforcing sanctions, as the degree of the sanction depends on the employee’s history as well as the situation. Is there a previous infraction in the employee’s file? If so, does it pertain to privacy or something else? What level of sanction is appropriate for the employee? Different factors can help determine the appropriate sanction level to impose for a particular violation.
  • Use general terms. Instead of only listing specific situations in your policy, include general terms such as:
    • “Will generally”
    • “Including but not limited to”
    • “May result” instead of “will result”
    • “Policy” instead of “guideline”
  • Consider what to include in your sanction guidelines. Nancy Davis, MS, RHIA, director of privacy/security at Ministry Health Care, a Catholic integrated healthcare system based in Wisconsin, who also spoke during the audio conference, said guidelines should include the following:
    • A reason or purpose
    • Applicable personnel
    • Failure-to-comply statement
    • Tier descriptions
    • Process for determining appropriate sanction
Editor’s note: For more tips, view the March 2010 issue of Briefings on HIPAA.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular