How would Your Practice Protect Kim’s Information?

Recently, several employees of Cedars Sinai Medical Center were fired for improperly accessing the Protected Health Information (PHI) of Kim Kardashian (a reality TV personality) who went through her entire pregnancy with cameras in tow.  You can be pretty confident that Kim will lament this invasion of her privacy for several episodes.

Regardless of the cameras and dissemination of information by the patient, the covered entity has no choice but to protect Kim’s PHI under the HIPAA Security and Privacy standards.  This incident is a teachable moment for your practice and your staff, and a warning for both.

What are Your EHR Plans for the Next 12 Months?

The next twelve months present serious EHR scheduling challenges to medical practices.  You need to manage and consider the critical path needed to maintain your EHR strategy and tactics.  The key issues follow:

Should you be using Email for Patient Service?

The HIPAA Security Rules allow you to communicate with emails that include Protected Health Information as long as the patient acknowledges and accepts the risks associated with email.  The key question is should you?

Should You Take a Second Look at Your Business Associates?

The HIPAA Omnibus rules significantly affect Business Associate (BA) relationships and will require an adjustment to your Business Associates Agreement (BAA).  Indeed, you may need to take another look at your BAAs, contractual relationships and even your vendor strategy.

How Do You Perform An Appropriate Security Risk Analysis?

The Meaningful Use Measures include a Security Risk Analysis.  The Security Risk Analysis evaluates your practice’s compliance with the HIPAA Security Standards.  Failure to complete the Security Risk Analysis can prevent you from collecting the EHR incentive and/or risk the EHR Incentive you do receive in the event of an audit. 

In a disturbing number of situations, practices are not properly completing the Security Risk Analysis.

Will HIPAA Omnibus’ Impermissible Disclosure and Use Standards Complicate Your Compliance Efforts?

The HIPAA Omnibus Rules, released in January 2013, will dramatically affect how you manage and deal with the impermissible disclosure and use of Protected Health Information (PHI).  Indeed, the new HIPAA Omnibus rules place a burden on your healthcare organization to analyze and document your review of potential PHI breaches.  As a practical matter, your healthcare organization could be looking at substantial problems complying with these requirements unless you strengthen your monitoring strategy.