Health Information Compliance Alert
Should We Fess Up To All Erroneous Disclosures?
PDF
Read the situation below and decide how you would handle it before you compare it to our expert's advice.
Answer: Nobody likes having to admit mistakes, but when your mistakes involve the accidental disclosure of an individual's protected health information (PHI), you need to be forthcoming with your mea culpas.
And when you add the accounting of disclosures provision to the mix, you've got all the more reason to notify and apologize to the affected individual for the error. According to David Ermer, an attorney with Gordon & Barnett in Washington, erroneous disclosures are considered accountable disclosures under HIPAA.
What this means is if that your organization should mistakenly send out a patient's PHI to an unintended recipient, then you must be sure to record the incident in the patient's accounting log -- after you've corrected the error, of course.
But your responsibilities to the patient shouldn't just end there, says Donna Padnos, a senior management consultant with The Superior Consultant Company in Holly Springs, NC.
Best strategy: In addition to logging the accidental PHI disclosure, your organization should contact those affected and let them know what happened and what you're doing to correct the mistake, she advises. If you're up front about the error, then your patient won't have to first learn of your mistake from the accounting report.
As an example, Padnos refers to an incident involving HMO-giant Kaiser Permanente. A programming glitch at a Kaiser facility in Maryland caused over 800 e-mails containing sensitive health information to be sent to the wrong recipient. Immediately after the error was spotted and fixed, Kaiser began contacting every single member affected by the accidental disclosure and apologized to them.
Padnos applauds Kaiser's response as a good model for any covered entity dealing with an accidental PHI disclosure: "Rather than sweeping it under the rug, you're actually up front, declaring it, letting them know that you're sensitive to their privacy, albeit you made a mistake."
Health Information Compliance Alert
- Privacy:
Follow 3 Tips When Handling Patient Privacy Concerns at Your Organization
Hint: Paper files can be breached just as easily as electronic files. You may be [...] - You Be The Security Expert:
Should We Fess Up To All Erroneous Disclosures?
Read the situation below and decide how you would handle it before you compare it [...] - NPP Strategies:
Untangle The Intricacies Of OHCAs And NPPs
Learn how OHCAs can slay the NPP beast. Knowing how to address HIPAA's notice of [...] - Security Tool:
Use This Checklist On Your Next Walkthrough
Are you overlooking these crucial security breaches? Conduct a walkthrough to quickly and easily monitor [...] - Electronic Health Records:
Keep These EHR Issues At Top-of-Mind to Ensure You're Staying Compliant
An EHR can make your life easier, if your staff training is comprehensive. Your electronic [...] - Reader Questions:
Minimum Necessary Applies To Patients' Names
Question: Is it OK to call out full names in a waiting room? Can you [...] - Reader Questions:
Solve This Drs Dilemma
Question: If the patient asks for a copy of her medical records, should the records [...] - Reader Questions:
How Should We Account For Worker's Comp Disclosures?
Question: Workers' compensation disclosures are not listed as being exempt from the accounting requirement. I'm [...] - Industry News:
Data Security: Is It Really There In Healthcare Organizations?
No, if the latest HIMSS report is to be believed. Are our PHI and other [...]