Health Information Management

Top HIPAA lessons for hospital leaders

HIM-HIPAA Insider, February 22, 2010

Don’t leave all this HITECH and HIPAA stuff to the “tech folks.” Hospital leaders should know by now that a public relations nightmare can result from a breach of unsecure personal health information (PHI)—just ask CVS.

It’s a good time for the C-Suite to be involved in HIPAA compliance.

“‘Security’ often suggests ‘techie stuff’ passed off to the IT department,” says Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, CPHIE, FHIMSS, of Margret\A Consulting, LLC, in Schaumburg, IL. “I believe attending to privacy and security protections should start with the CEO and trickle down to everyone, including all members of the medical staff. It needs to be an extension of the Hippocratic Oath: Do no harm and keep your mouth shut.”

One good way to start is to learn from those who have not complied.

For instance, in July 2008 Providence Health & Services in Seattle reached a $100,000 resolution agreement for PHI breaches and had to implement a corrective action plan to ensure its security program.

Read the full story on HIPAA Update.

Most Popular