HIPAA breach that set the compliance ball rolling

Last year was pretty big in the world of HIPAA privacy and security violations, and the remainder of December was no exception.

DURHAM, N.C., March 17, 2014 /PRNewswire-iReach/ -- Nearly 1,000 patients of the five-hospital Riverside Health System in southeast Virginia got a notification stating that they were being informed of a privacy violation that is been going on for the last four years.

Photo - http://photos.prnewswire.com/prnh/20140317/MN83524

As stated by Daily Press account it has been reported that an employee, who practiced as a licensed nurse, accessed the Social Security numbers and electronic medical records of 919 patients from September 2009 through October 2013.

HIPAA Privacy Rule has been under changes; penalties for violations have significantly increased, audits of compliance are becoming more commonplace, particularly following privacy and security breaches.  Some of the changes brought about by the HITECH Act enhances patient rights, but impose technical and procedural burdens on the entities that must comply. Existing policies and procedures should be evaluated to ensure they meet the current requirements, and it is equally as important to consider how your policies will need to be modified to meet the proposed new rules for access and accounting of disclosures, as well as the new restrictions on some disclosures that used to be allowed.  Plus, all entities should be aware of the new enforcement and audit requirements so that they can understand what is at stake with non-compliance.

The random HIPAA Compliance Audit program has had a year of trial audits, and those audits have been a trial for the entities that received them. The US Department of Health and Human Services has reviewed the results of that work and the new HIPAA audit program is being revived in Fiscal Year 2014.  USDHHS has published the protocol used for the 2012 HIPAA audits by the HHS contractors, so now it is possible to prepare for an audit in a better way.  Nearly any health care covered entity may be subject to an audit; all entities need to know what kind of information they'll need to provide and how to prevent issues that could lead to violations and fines.

The new HIPAA rule calls for audits irrespective of a complaint or breach, whereas previously, audits had been performed only at entities that reported a breach or had a complaint filed against them. Now the HHS Office for Civil Rights (OCR) can show up anytime to perform an audit, and your organization will need to provide a response in less than fifteen business days. Surviving a HIPAA audit becomes much easier if you knowing what questions have been asked in at prior HIPAA compliance audits.

The new HIPAA rules have higher fines, including mandatory minimum fines of $10,000 for willful neglect of compliance. For this reason, it's more important to be ready for an audit, as officials have publicly stated that enforcement is now a priority.

The HIPAA Omnibus Update rules contain numerous changes to HIPAA Privacy, Security, and Breach Notification rules that will need to be reflected in every health care-related organization's policies and procedures. Several policies and procedures will need to be reviewed and updated to meet the new requirements. Some of the most significant changes have been made to individual rights under HIPAA that must be reflected in an entity's HIPAA policies and Notice of Privacy Practices (NPPs).  All HIPAA Covered Entities should also have updated their policies, procedures, and Notices of Privacy Practices to reflect the changes by September 23, 2013.  Violations are also subjected to the enforcement that can include fines up to $50,000 per day.

Included are new requirements having to do with various fundraising activities and a perfect opportunity to opt out, along with the new requirements for individuals to provide an appropriate authorization for the sale of PHI, the new rights of access to electronic records, with the new rights to restrict certain disclosures, and also the rights of notice in the event of a breach. Health Plans have also undergone changes related to the Genetic Information Nondiscrimination Act (GINA) that must be reflected in their policies and notices.

Reimbursed marketing activity that may have been permissible without authorization from the individual under the old rules now requires authorization.  Policies on Breach Notification and incident handling need to reflect the new way of determining whether or not a breach is reportable. And HIPAA Business Associates are now covered under the regulations, requiring them to have a full set of HIPAA policies in place, and covered entities' policies should reflect the change.

Covered entities that use electronic health records (EHRs) will have to meet new access and disclosure rules now. New regulations around the anticipated release of electronic records have created new burdens that your EHR and your medical records department should deal with. Also, in case, you are required to have a HIPAA Notice of Privacy Practices, you will need to update that to show all the latest rights that patients will now have, such as the existence of electronic copies, new rights to restrict disclosures, and much more.

There is a series of productive and informative webinars on the above mentioned rules and notifications, conducted by expert Jim Sheldon-Dean. To attend these webinars please visit http://www.audioeducator.com/hot-topics/hipaa.html

AudioEducator brings the most compelling list of audio conferences on wide array of healthcare topics—medical coding, billing to CPT changes, E/M Modifiers to OIG work plan, Affordable Care Act to ERISA, RAC updates to fee schedule, Electronic Health Record system to ICD 10 transition, HIPAA and more. Get trained from the comfort of your home or office without spending a penny on travel. Pick a format of your choice for training— live conference/On Demand/ CD/ PDF transcripts and start learning.

To learn more about other updates events for more than 24 specialties, please visit http://www.audioeducator.com

We have enabled a special discount of 10%. Use coupon code SAVE10 to get your discount, Applicable on all purchases. For further query you can call our customer support as mention below.

Media Contact: Adam K, Audio Educator, 1-866-458-2965, customerservice@audioeducator.com

News distributed by PR Newswire iReach: https://ireach.prnewswire.com

SOURCE Audio Educator



2014

Tags

Banking & Financial Services, Insurance, Health Care & Hospitals, Health Insurance, Federal & State Legislation



More

View all


Featured Video

Need Help