• E-mail
• Print
• RSS

TIP: Address these areas in an internal investigation

HIPAA Weekly Advisor, April 12, 2010

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Consider these factors during any internal HIPAA privacy breach investigation:

• Level of knowledge. How much training and education does the staff member have with respect to patient privacy and security expectations? Has this individual completed new employee orientation that addresses patient privacy and security responsibilities? Has he or she received job-specific privacy and security education and enhanced training, if applicable? Has this individual completed confidentiality and computer access agreements? Additionally, consider factors such as whether a language barrier exists.
• Performance history. What is the staff member’s performance history? Does he or she have a record of similar privacy/security violations with application of corrective actions or sanctions? Does a history of other non-related violations contribute to a cumulative effect? Your assessment may differ depending on the circumstances. Is this an employee with 20 years of service and an unblemished record or a troublesome staff member who has created many problems?
• Sanction history. Review your organization’s sanction history to ensure that you are being consistent with respect to levels of discipline, said Nancy Davis, MS, RHIA, director of privacy/security at Ministry Health Care, a Catholic integrated healthcare system based in Wisconsin. What is your organization’s history of corrective actions for similar occurrences?

Editor’s note: This is the second group of tips adapted from an article in the March 2010 edition of the HCPro, Inc. newsletter, Briefings on HIPAA. Last week’s HIPAA Weekly Advisor included these tips.


 

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive