IAC 2024 - IA Fast Track to Search Focused AI Solutions
Norris, t week 1 discussion 2
1. Patient
Confidentiality
Training which will assist in the
prevention of HIPAA violations
Tina Norris
2. Promulgate the monetary consequences of violating
HIPAA
1 violation 30 violations
$100 per victim at minimum fine $1.5 million per victim at maximum fine
3. Complying with HIPAA
• Hospitals, physicians, and their business
partners must ensure that all HIPAA privacy
and security provisions are not only
adopted, but are completely current as well
(Withrow, 2010).
4. What every healthcare leader
should know about HIPPA privacy
compliance:
PRIVACY COMPLIANCE PROTOCOLS
5. Efforts should be focused on
high-risk areas such as (1)
information access
management, (2) access
control, and (3) impermissible
disclosures of PHI;
6. Business associate agreements
must be reviewed in order to
verify that business associates
accept the direct HIPPA
obligations, and indemnify the
hospital and physicians for any
HIPAA violations;
7. All healthcare leaders must
provide HIPAA training and
appropriate monitoring to
confirm continuing compliance
(Withrow, 2010).
8. Privacy safeguards include (1)
ensuring that all documents
containing PHI are shred before
their disposal and (2) ensuring that
doors to medical records
departments, including file
cabinets, are kept locked and that
which personnel are authorized to
have the key or passcode is limited
(Sarrico &Hauenstein, 2011).
9. Institute restrictions on which
application and module within
that application a user can
access, despite the user’s having
established his/her ID at logon
(Sarrico & Hauenstein, 2011).
10. For more information on HIPAA
privacy policies, go to
www.tulane.edu/counsel/upco/
privacy-policies.cfm. and/or to
www.nyu.edu/its/policies/#hipa
a. (Withrow, 2010).
11. What every healthcare leader
should know about HIPAA
security compliance:
SECURITY COMPLIANCE PROTOCOLS
FOR ENSURING EHRS/HIES COMPLY
12. Be aware that the first
documents an investigator is
likely to want to see are the risk
assessment and resulting policy
and procedural protocols for the
physical, administrative, and
electronic security of ePHI
(Wieland, 2010).
13. Draft a risk assessment analysis
by which protocols for the
physical, administrative, and
electronic security of ePHI will
be devised (Wieland, 2010).
19. For more information on
drafting a risk assessment
analysis pursuant to HIPAA, go
to
www.hhs.gov/ocr/privacy/hipaa
/administrative/securityrule/rad
raftguidanceintro.html (Wieland,
2010).
20. References
• Sarrico, C., & Hauenstein, J. . (2011). Can EHRs
and HIEs get along with HIPPA security
requirements? . hfm (Healthcare Financial
Management), 65(2), 86-90. Retrieved
October 19, 2011, from EBSCOhost.
• Wieland, J. B. . (2010). Liability and the lab.
HIPAA: The new enforcement culture. MLO:
Medical Laboratory Observer, 42(11), 42.
Retrieved October 19, 2011, from EBSCOhost.
21. References
• Withrow, S. . (2010). How to avoid a HIPAA
horror story. hfm (Healthcare Financial
Management), 64(8), 82-88. Retrieved
October 19, 2011, from EBSCOhost.
Notes de l'éditeur
“Willful neglect” signifies lack of correction within 30 days, and carries the maximum fine, which might have to paid by the violator (s), including business associates, rather than necessarily by the employer (Withrow, 2010).