TIP: Address these areas in an internal investigation
HIPAA Weekly Advisor, April 5, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Consider these factors during any internal HIPAA privacy breach investigation:
- Intent. Were a staff member’s actions intentional or accidental? Was the breach a result of the staff member’s curiosity or concern? Was there personal gain or malicious intent? A staff member who accessed a patient’s medical record to sell information to a tabloid newspaper would incur greater sanctions than a colleague who inadvertently left information visible on a computer monitor.
- Risk potential. Did a patient suffer financial, reputational, or some other type of harm? (HHS’ breach notification interim final rule includes guidance asks the same question using the concept of “harm threshold”). Did the organization suffer harm resulting in regulatory action, including penalties and fines, or licensing, legal, and reputational problems? “Even the simplest mistakes could result in harm to the organization,” said Nancy Davis, MS, RHIA, director of privacy/security at Ministry Health Care, an integrated healthcare system based in Wisconsin.
Editor’s note: These tips were adapted from an article in the March 2010 edition of the HCPro, Inc. newsletter, Briefings on HIPAA. Look for more tips in next week’s HIPAA Weekly Advisor.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched