Your First Big HIPAA Privacy Breach?

As the HIM Circle initiative continues to expand, the peer support community is proving to be more helpful than ever as changes to HITECH, HIPAA, and ICD-10 come along. 

One of the big issues emerging from our research with HIPAA Privacy and the new breach notification  rules relates to the use of copy machines that your department or traditional ROI vendors may be using. 

This short report by CBS News shows how one covered entity (Affinity Health Plan) had a massive HIPAA Privacy breach related to their copy machines.  In response, they had to notify the government, the media, and over 400,000 individuals.  (Excerpt from the HITECH Breach Notification Interim Final Rule at bottom)

See the report here:

After following up on the story, we believe that the healthcare group in the video did a great job of handling the situation after it came out.  Now all of us in HIM have a Clear call to action to avoid putting our patients and facilities at risk. 

Criminals have no doubt also seen the report, so if you use a large copier/printer/fax machine to make paper copies of records for patients, providers, or 3rd party requestors, your patient’s PHI may be at risk.

We’ve developed some guidelines for our partner HIM Departments and members of our Health Information Exchange to help protect their PHI:

1)      If your copier/printer lease is ending soon, make sure you talk to your service provider about ways they plan on protecting the information stored on the machine’s hard drive.  You may want to involve your IT department in the discussion.

2)      If your copier/printer has been switched out lately due to the end of a lease, technical problems, etc., then you may want to check and see what precautions were taken and what happened to the machine after it left your department.  It may still be carrying the PHI of your patients on the hard drive.

3)      If your department or traditional ROI vendor use a large copy/printer/fax machine to make or send HIM Circlecopies of records, you may want to consider switching to our Health Information Exchange program we started to meet HITECH requirements for electronic disclosure to patients/requestors. 

The new Health Information Exchange technology that we are providing to hospitals/clinics for free is not only helping maintain compliance with new HITECH requirements, but will help avoid PHI being stored on hard drives on your department and ROI vendor machines.

For paper, the exchange uses small high speed Fujitsu scanners that send the information directly to a secured exchange site, bypassing the need to copy, or fax information.  For paperless records, our system is able to get records directly from the EMR, bypassing the need to use the big copier/printer machine and the associated costs of paper and ink.

If you’re curious how the system works, email me at Aaron@ClearMedicalSolutions.com and I would be happy to share more information with you. 

4)      If you are buying a new copier/printer, some models have security options that clear the hard drive after every scan.  As the video mentioned, it’s about $500.  However, the cost of not taking the precaution could add up to even more in fines, hassle, and lost patients if a problem were to occur.

To see what others think about this topic, visit http://www.HIMfacebook.com or http://www.LinkedHIM.com for discussions.

__________________________

Excerpt from the HITECH Breach Notification Interim Final Rule

“The regulations, developed by OCR, require health care providers and other HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals.  Breaches affecting fewer than 500 individuals will be reported to the HHS Secretary on an annual basis. The regulations also require business associates of covered entities to notify the covered entity of breaches at or by the business associate.” 

Read more…

http://bit.ly/tyWB3

About the Author:  Aaron lives in Milwaukee, WI with his wife and two children and is the President & CEO of Clear Medical Solutions.  When he’s not leading new initiatives, he periodically takes on interim leadership or consulting projects.  He also enjoys teaching, speaking, writing, and sharing his passion for people and their healthcare.

Advertisements

One Response to Your First Big HIPAA Privacy Breach?

  1. […] As the HIM Circle initiative continues to expand, the peer support community is proving to be more helpful than ever as changes to HITECH, HIPAA, and ICD-10 come along.  One of the big issues emerging from our research with HIPAA Privacy and the new breach notification  rules relates to the use of copy machines that your department or traditional ROI vendors may be using.  This short report by CBS News shows how one covered entity (Affinity Healt … Read More […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: