Health Information Compliance Alert
HOW DO YOU HANDLE AN ON-SITE PRIVACY RULE INVESTIGATION?
PDF
Question: We're adding to our privacy compliance handbook a section on how to respond to a phone call from an investigator with HHS' Office for Civil Rights. What should we include in our instructions?
Answer: If the OCR suspects an entity of a violation, the enforcement agency will make direct, verbal contact with your organization. Make sure you get in touch with the OCR immediately upon receiving their message, advises William Pierce, a spokesperson with HHS. If you receive a message from the OCR, contacting them immediately to address the complaint will earn you some good credibility.
Don't panic--just cooperate: The worst thing you can do if you receive a call from OCR is panic. Sure, it'd be frustrating to receive a call like this, but remember: OCR knows that sometimes a violation sent by an angry patient really isn't a privacy rule violation at all. The agency's first goal is to determine what violation, if any, occurred.
If a violation did happen, they want to know why. The best thing you can do is answer OCR's questions as honestly and as fully as possible. After that OCR will work with you to fix any problems and to ensure that a privacy breach doesn't occur again. After all, the complaint could've arisen from "a simple mistake or error--or it could be a lack of knowledge [about the privacy rule]," says Pierce.
Also, keep in mind that OCR must show "clear cause and motivation" when it submits a complaint to the DOJ. As long as you cooperate with the agency and answer all of the investigator's questions, you shouldn't have to worry about any on-site investigations, much less incurring a fine, assures Pierce.
Straight from the source: Pierce sums up OCR's enforcement goals with some advice for covered entities: What OCR really wants is for you to know what you're supposed to do and to implement it. Remember: "The ultimate goal of the privacy rule is to protect an individual patient's medical records. Everyone shares that goal. Nobody's working at cross-purposes here," Pierce tells Eli.
Health Information Compliance Alert
- Compliance Update:
Stay Penalty Free By Redoubling Your Privacy Compliance Efforts
Health systems struggle to comply, survey suggests.
Once your HIPAA privacy program's in place, you may [...] - Compliance Tool:
Got It Covered? Audit Your HIPAA Policies With This Checklist
Quiz your security officers to be sure.
For compliance, be sure your privacy policies cover the [...] - YOU BE THE SECURITY EXPERT:
HOW DO YOU HANDLE AN ON-SITE PRIVACY RULE INVESTIGATION?
Question: We're adding to our privacy compliance handbook a section on how to respond to [...] - Training Strategies:
Use Your Risk Assessment As A Training Tool--Here's How
Compliance gaps can become training opportunities.
Conducting a thorough risk assessment is essential to protecting both [...] - Security Strategies:
'Scrub-A-Dub-Dub'--Take These Steps To Sanitize Your PHI
Don't scrap old computers before performing vital safety checks.
Covered entities, be forewarned: If state organizations [...] - Transactions Tool:
Survey Helps You Save Time And Money With Software Vendors
Stay tech savvy and HIPAA compliant with this checklist.
If you don't ask the right questions [...] - Privacy Strategies:
3-Step Process Helps Ensure HIPAA-Compliant Psychotherapy
For mental health care, let cooler heads prevail with patient notes.
While HIPAA doesn't require providers [...] - READER QUESTIONS:
SHOULD WE REPORT BOTH WRONGFUL AND INCIDENTAL DISCLOSURES?
Question: What is the difference between a wrongful and an incidental disclosure of protected health [...] - READER QUESTIONS:
KNOW WHEN JOB NECESSITATES RETRAINING
Question: When an employee changes jobs within your facility--say, from temp to permanent--what responsibility do [...] - READER QUESTIONS:
CAST A CRITICAL EYE ON RESEARCH REQUESTS
Question: A visiting doctor wants to use our patients' medical information in an article she [...] - INDUSTRY NEWS:
Providers Warm Up To Payer-Based EHRs
Carriers bring more providers on board with clinical quality assurance.
President's orders: All insurers, providers and [...]