- Home
- » e-Newsletters
Maximize your time when training upper management
HIPAA Training Advisor, May 29, 2008
They are the leaders of your hospital community—sometimes intimidating, and other times just hard to sit down.
But upper management staff members (e.g., the CEO, chief financial officer [CFO], and vice president of finance) may not completely understand their role in the protection of PHI. So make the time, even if it’s for a few hours each year, to drive home the importance of HIPAA and the affect they can have in running a tight ship.
Karen Geller, RN, JD, manager of regulatory activity at New York Presbyterian Hospital (NYP) in
“CEOs, CFOs, boards of trustees, and boards of directors are being held to understand what’s happening in their organization, and they’re going to be responsible for anything that is done incorrectly in their organization,” says Geller. “Whether it’s a HIPAA violation or whether it’s billing or coding irregularities, they need to know about it.”
Ideally, you should retrain your upper management staff about HIPAA every six months. However, the reality is that you may be lucky to get their time once per year, so you shouldn’t waste their time on information that is not relevant to the daily operations of the organization, says Geller. Condense what you can and focus on the important and practical aspects of the law.
One important aspect to tackle is how to handle VIPs in your hospital. It doesn’t matter whether it’s the president or a city councilperson; only the authorized staff members should have access to PHI. This can be a significant challenge for hospitals because it is human nature to be curious about others, especially those with whom staff members are familiar. But needlessly looking at PHI is inappropriate—even if the upper management staff members mean well in their actions.
“For instance, Michael Jordan comes into your hospital and he’s registered as Mike Jones. Now word trickles in most places. The bigger they are, the bigger the trickle,” Geller says. “But it really is a breach of HIPAA to pay a visit, for me to just drop in and say, ‘Hi, I’m the CEO and I heard you’re here. Please let me know if there’s anything I can do for you.’ ”
Many hospitals now have a protocol for handling VIPs, particularly the larger metropolitan organizations. “They have a VIP mechanism for getting those people in, and there may be a way of getting the information to the appropriate place, or the patient or their representatives may ask to see the CEO or the CFO or somebody else like that,” Geller says. “But as a general rule, if it’s your neighbor or your mother or anyone else that you may think you know, you are not authorized to go in and pay a visit or make a phone call to them or send them a letter just because they’re in your institution.”
Geller reminds her upper management staff that HIPAA doesn’t only apply to electronically stored and paper records; it also applies to verbal communication. One example is if a patient complains to a CEO about poor care. “That should stop with the CEO, except when [he or she] has to refer it to whoever is going to do the investigation,” Geller says. “The CEO can’t go home and talk to his wife about it. If it’s his daughter’s old boyfriend, he can’t go home and talk to his daughter about her old boyfriend. These things have to stay within the authorized circle of people.”
Under certain circumstances, upper management staff members may need to access specific medical records. In the event of a bad outcome or a complaint about poor care, it may be the staff member’s responsibility to conduct an investigation. HIPAA permits this because the managerial staff members need the information to do their jobs.
But it is always better to be safe than sorry, Geller says. She recommends that the staff member speak directly to the patient to request permission to view his or her medical record for the purposes of the investigation.
However, it’s important to stress that this access is temporary and limiting. If a patient is complaining about quality of care from his or her hospital visit last week, staff members involved in the investigation should not review prior hospitalizations as part of the investigation.
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- Running an effective peer review committee meeting
- HealthDataInsights posts new issues for medical necessity claims
- Sneak Peek: Effort underway to establish caseload benchmarks
- Q/A: Coding for telescopic intraocular lens
- New FAQ posted on storing laryngoscope blades
- Tip: Perform your own internal investigation prior to government audit
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- What does case-mix index mean to you?
- HHS task force: Consider privacy, security with text messages
- Q/A: Coding for telescopic intraocular lens
- Q/A: Correct use of modifier -PT
- Tip: Correctly code bilateral pain management procedures
- "Wall fountains" may be spreading Legionnaires to patients, visitors
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- COT basics to best
- Searched