Health Information Compliance Alert
OOPS! FESS UP TO ERRONEOUS DISCLOSURES
PDF
Being a covered entity means sometimes having to say you're sorry And when you add the accounting of disclosures provision to the mix, you've got all the more reason to notify and apologize to the affected individual for the error. According to David Ermer, an attorney with Gordon & Barnett in Washington, erroneous disclosures are considered accountable disclosures under HIPAA. But your responsibilities to the patient shouldn't just end there, says Donna Padnos, a senior management consultant with The Superior Consultant Company in Holly Springs, NC. In addition to logging the accidental PHI disclosure, your organization should contact those affected and let them know what happened and what you're doing to correct the mistake, she advises. If you're up front about the error, then your patient won't have to first learn of your mistake from the accounting report. As an example, Padnos refers to an August 2000 incident involving HMO-giant Kaiser Permanente. A programming glitch at a Kaiser facility in Maryland caused over 800 e-mails containing sensitive health information to be sent to the wrong recipient. Immediately after the error was spotted and fixed, Kaiser began contacting every single member affected by the accidental disclosure and apologized to them.
Nobody likes having to admit mistakes, but when your mistakes involve the accidental disclosure of an individual's protected health in-formation, you need to be forthcoming with your mea culpas.
What this means is if that your organization should mistakenly send out a patient's PHI to an unintended recipient, then you must be sure to record the incident in the patient's accounting log - after you've corrected the error, of course.
Padnos applauds Kaiser's response as a good model for any covered entity dealing with an accidental PHI disclosure: "Rather than sweeping it under the rug, you're actually up front, declaring it, letting them know that you're sensitive to their privacy, albeit you made a mistake."
Health Information Compliance Alert
- Transactions:
Flood Of Non-Compliant Claims Too Much For CMS
CMS's contingency plan intends to soak up October's TCS deluge The Centers for Medicare & [...] - Encryption:
Follow These 5 Tips When Choosing An Encyrption Solution
Looking for an HIPAA encryption solution that works for your organization but doesn't break the [...] - Encryption:
Encryption Doesn't have to cost an armful
Solutions that work for the little guy
Even the smallest covered entities can obtain safe and [...] - HIPAA Humor
- The Third Degree:
READER QUESTIONS ANSWERED
A HIPAA CHAIN OF COMMAND?
We're a large hospital and but we have employed a HIPAA [...] - Conferences:
Conference Calendar Corner
Take a look below at some of the informative HIPAA seminars and conferences in your [...] - COMPLIANCE STRATEGIES:
OOPS! FESS UP TO ERRONEOUS DISCLOSURES
Being a covered entity means sometimes having to say you're sorry
Nobody likes having to admit [...] - SECURITY:
Get Staff Rolling With Role-Based Access Control
Stop unauthorized PHI disclosures before they start with 'RBAC'
If you don't limit the amount of [...] - Sample Training Document:
For HIPAA Rookies, Offer HIPAA-Lite
While the training of residents, medical students, nursing students and other medical trainees is considered [...] - Enforcement Update:
Complaints Soar - So Why Is Concern Low?
OCR claims many complaints simply 'misunderstandings'
The recent spate of complaints levied against covered entities over [...] - Financial Strategies:
Accounting For Disclosures Doesn't Require An Accountant
Consider your costs when assessing your accounting of disclosures fee
Sure, the first one's free, but [...] - HIPAA Quiz:
Can You Identify HIPAA's Identifiers?
By now you should be able to recognize a potential privacy rule violation in your [...] - Heatlh Information News:
Catch Him If You Can! Phony Doc
A 70-year-old man currently serving a 12-year sentence on his fourth conviction for impersonating a [...]