Does your group have a zero-tolerance coverage for violations of affected person privateness? If not, maybe current occasions point out the worth of getting such a coverage.
In an instance of HIPAA coverage enforcement, Tucson’s College Medical Heart has fired three staff this week for violating affected person privateness. The hospital reported that three employees have been dismissed for inappropriately accessing the medical information of sufferers concerned within the excessive profile taking pictures rampage that concerned Consultant Gabrielle Giffords. This incident resulted within the dying of six folks and left Consultant Giffords in essential situation.
Insurance policies and procedures ought to clearly point out that affected person privateness have to be protected. That features limiting entry to well being info to those that have a have to know.
Schooling is essential in your group. Workers ought to have coaching about HIPAA upon rent and yearly thereafter. Coaching subjects ought to cowl affected person privateness, safety, and the way the regulation and guidelines apply to an individual’s particular person work setting.
Entry to info have to be restricted to the individual’s have to know based mostly on their position. This role-based entry must be reviewed yearly as part of your compliance program.
You additionally should be capable to observe who has accessed protected well being info. Entry logs will present you who has checked out a affected person’s file. I think about it was these entry logs that led to the invention of staff accessing the information on the College Medical Heart in Tucson. With out entry logs, you won’t be able to inform in case you have had a breach.
Your insurance policies should additionally embrace a sanctions coverage. Sanctions don’t essentially must be “zero-tolerance” insurance policies for any form of error. There could also be occasions when one thing occurs that was a easy mistake. Nonetheless, in case you have a zero tolerance coverage, be able to comply with via with it by dismissing workers after they violate the coverage.
Within the case of a excessive profile case just like the one in Arizona, zero-tolerance is the wisest alternative. There may be far an excessive amount of threat that this info might be accessed for all of the flawed causes. In the long run, accessing a affected person’s info for any cause aside from what’s required to supply well being care is flawed. Accessing it with the potential of private achieve, promoting it to media, and so forth., is completely unacceptable. Notice there may be nothing to counsel that’s what occurred with this specific breach; it’s, nonetheless, the next threat of such an issue when you’ve gotten excessive profile sufferers.
In the long run, having a zero-tolerance coverage at your group, and being certain you implement it, protects everybody and reveals you’re critical about affected person privateness. It could additionally defend you need to it’s important to defend your self in courtroom or to the federal government within the case of a breach.
Coaching is essential. Have you ever carried out your annual HIPAA coaching with workers this yr?