Posted By Monique Dever On April 19, 2016
By now most people are familiar with the term HIPAA (Health Insurance Portability and Accountability Act). It has been around since 1996, and even more enforced since 2001 with the onset of the Privacy Rule. It has become a critical factor in protecting patients’ health information.
There are thousands of breaches filed every year, most of which were not intentional, however breaches nonetheless. 95% of these case are resolved by the Office of Civil Rights (OCR) and usually the OCR will require the covered entity to revise its policy and/or other corrective actions as justified per breach. Intentional misuse or disclosure of PHI is a different situation. These cases are referred to the Department of Justice for criminal investigation.
According to the Department of Health and Human Services, the top 5 issues investigated by the OCR fall into the following categories:
1. Impermissible use and disclosure of PHI (protected health information)
2. Lack of safeguards of PHI
3. Lack of patient access to their PHI
4. Lack of administrative safeguards of electronic PHI
5. Use or disclosure of more than the minimum necessary PHI
Understanding how to avoid common mistakes can help prevent huge fines and disruption to your agency.