TriPoint Healthcare Solutions

Advising, Educating, and Operationalizing Privacy and Security in Healthcare

The HIPAA Holiday List

by Leave a Comment

The HIPAA Holiday List 

Colorful red gifts with Christmas balls isolated on white

Everyone is frantically searching the shelves of the stores, trying to find that perfect gift for their loved ones to make them smile and cheer during the holiday season.  Kids are scrambling to put their perfect list together of the must have toys and gadgets that they need.  Holiday music is on the radio.  It is the perfect season for fun, laughter, and joy.  Excitement looms for the close of another year and the fresh start of the upcoming year.

HIPAA is also putting together a list as we near the end of the year – the list of “must haves” and “should do’s” regarding privacy and security in healthcare.  HIPAA is wondering how many data breaches will occur in the next year and if new regulations will be published regarding privacy and security in healthcare.  One thing is for certain, the HIPAA Holiday List is a MUST review for all healthcare organization to be prepared and successful as 2014 closes down and 2015 starts fresh and new.

The HIPAA Holiday List

  • Risk Assessment & Risk Management
    • Complete a thorough and accurate risk assessment for your organization, clearly identifying potential threats and vulnerabilities to protected health information. With the risks to your organization identified, come up with clear and concise processes to mitigate and reduce the risks. Consider new controls, policies and procedures, and/or technology for your organization.  Healthcare organizations should assure that both the risk assessment outcomes and risk management processes are clearly written out in a format best suitable for the organization.
  • Policy and Procedure Evaluation
    • Evaluating of policy and procedures is a top need for HIPAA this year. Not only is it important to review your policies and procedures to assure that they are up to date and accurate with current practices within your organization, it is equally important to assure that the practices and processes defined are being followed within an organization.  As necessary and appropriate, update policies and procedures and assure that they are available for the appropriate people of the workforce.
  • Workforce Education
    • When was the last time that you educated your workforce on privacy and security within your organization? Not only is it important for your workforce members to understand what regulations exist for privacy and security on a state and federal basis, it is also important that they understand the policies and procedures created by your organization to assure they are meeting the expectations for privacy and security compliance.  Don’t forget to document the education that happened and any updates that you send out!
  • Notice of Privacy Practices and Access Rights
    • Have you taken the time to update your Notice of Privacy Practices to include all the information from the Omnibus Rule of 2013? Does is clearly define the access rights of your patients and how their information will be used and disclosed?  If you are not confident that your Notice of Privacy Practices meet the requirements of the regulations, it is time to review and update the information and content.  Don’t forget to replace all the old Notice of Privacy Practices with the new one – including posting it to your website, if applicable.  Additionally, healthcare organizations should assure there are clearly written policies and procedures for the management and oversight of the patient’s access rights to their protected health information.
  • Breach Notification Timeliness & Notification Content
    • The 60 day countdown begins on the date of discovery. Sure, it seems like a lot of time, but in reality 60 days flies by in the blink of an eye.  Healthcare organizations should review the current breach notification processes to assure investigations are being completed and notifications are timely and prompt within the 60 day window defined by the regulations.  When a breach happens, healthcare organizations need to assure they are providing written notification to the affected parties and that the content includes the required information for notification.  Healthcare organizations should assure that they are keeping a copy of the notification letter, a list of who was notified, and when they were notified for burden of proof documentation.

Help make dreams come true for HIPAA and your organization this year!  Review the HIPAA Holiday List and check it twice.  Going into 2015 feeling confident about your organization’s HIPAA compliance program will make EVERYONE cheer with joy!

Happy Holiday Season!

Danika

HIPAA and the Holidays

by 1 Comment 

Turkey

‘Tis the kick off to the holiday season.  Time for families and friends to gather and celebrate one another, be thankful for life’s blessings, and eat way too much!  It is time to catch up and reminisce about the past year and all the fun and challenges that were faced.  With so many people working in healthcare, it is also easy to talk about that challenging and difficult patient you had, or how you did the right steps to save someone’s life.  While it is important to talk about work and all the good and bad that comes with it, keep in mind the privacy and security of patient information as you are celebrating the holidays.

So let’s celebrate HIPAA – Thanksgiving Style

T – Treat protected health information with confidentiality and integrity

H – Have a good time discussing successes but leave out the PHI details

A – Always remember that protecting patient information is a foundational duty

N – Never use patient identifiable data outside of work purposes

K – Kindly remind others to keep PHI private if it comes up in a discussion

S – Save the details for the medical record, where patient information should stay

G – Gossiping never leads to good outcomes – especially involving patient information

I – Imagine how the patient would feel knowing their PHI was disclosed during a holiday meal

V – Vow to respect the patients and remove PHI from conversations

I – Insulting patients by releasing and sharing PHI never has good outcomes

N – Nobody needs to know patient information unless they are involved in the care and treatment

G – Give all patients of healthcare the feeling of security knowing their information won’t be shared

Protecting patient information needs to happen both inside and outside the walls of work. Any information that you learn or gain for your day to day job duties about a patient, needs to stay confidential and not be released to others.  Information accidentally or inadvertently shared during a meal or during basic discussion can lead to a data breach, which impacts so many people including the healthcare organization, the patient, and the people sharing and/or receiving the information.

So, as we gather this holiday season, remember what the Hippocratic Oath states:

“What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.”

Happy Thanksgiving!!!!!!!

Recent Posts

Connect With Us

TriPoint Healthcare Solutions
dbrinda@tripointhealthcaresolutions.com
Phone: 612.325.9742
Fax: 763.322.5027