• E-mail
• Print
• RSS

Stay on the right side of the law: Make sure to hold staff accountable for HIPAA violations

Nurse Leader Weekly, April 18, 2003

Want to receive articles like this one in your inbox? Subscribe to Nurse Leader Weekly!

You hear one of your nurses violate a patient's privacy. You may be tempted to ignore a minor violation, but if you do so, your facility could be held accountable. That's why it's important to develop and follow a policy for employee sanctions.

"If we don't sanction someone, and we know that he or she violated someone's privacy, the Office for Civil Rights could come in and throw the book at us," says Sue Dill, RN, MSN, JD. Dill is the privacy officer and vice president of legal services for Memorial Hospital of Union County, in Marysville, OH.

Every facility should have a policy that includes sanctions to impose when staff members violate patients' privacy. The policy must be uniform and applied across the board, whether it's the chief executive officer or someone from the housekeeping staff who commits a violation, Dill says.

"It's also important to point out to staff that the penalties for violations could be up to $50,000, one year of imprisonment, or both for wrongful disclosure of PHI," says Dill. "But even though sanctions for privacy violations are covered by HIPAA, hospitals and other providers should have always had them, because there's a ton of case law out there."

TIP: Memorial Hospital rewrote many of its policies and procedures for HIPAA. But even before HIPAA, the organization made new staff members read an education packet on confidentiality and sign it prior to beginning work.

"During orientation, new employees get more confidentiality training, and they get continuing education at an annual inservice," she says.

At the inservice, staff are required to sign another written acknowledgement that they've read and understood the hospital's confidentiality policy. The hospital includes sanctions in its confidentiality policy, which it stores with all other policies in public folders in Microsoft Outlook, so staff can easily access it.

"Sanctions include, but are not limited to, termination," Dill says. "The policy says that any violation regarding confidentiality will be subject to disciplinary procedures, and violations determined to be of a serious nature can lead to immediate termination." The policy also requires all employees to attend an annual inservice on security and confidentiality.

Adapted from: Briefings on HIPAA, www.hcmarketplace.com/Prod.cfm?id=162&S=ENMW.

Want to receive articles like this one in your inbox? Subscribe to Nurse Leader Weekly!

• E-mail to a Colleague
• Print
• RSS
• Archive