Compliance Corner
January 28th is international Data Privacy Day. This is an international celebration designed to promote awareness of Internet privacy and education about best privacy practices.
As we know, compliance starts at the top with no one in an organization exempt from complying with rules, regulations or policies. Recently, in California, ethical and legal concerns are being raised when two executives released a patient’s chart to a news outlet.
If you were moving your workstation to a new location, who would you call to help with the move? If you were trying to create a patient report and needed help, who would you call? If you needed a password reset, who would you call?
Welcome to 2012! Every new year, we make resolutions based on self-improvement: lose weight, exercise more, and stop using a cell phone while driving, and so on. For Anthelions, we can also focus on self-improvement at work by seeking out our policies and following them every day.
As we all know, a security incident involving a patient’s electronic protected health information (ePHI) is very serious and needs to be reported immediately to the Global Compliance Officer (Paula Ciotti) and/or the Global Security Officer (Armando Orta) for appropriate action. What if the security incident involves a large number of patients? What actions would need to be taken immediately, within the first few days and then thereafter?
The National eHealth Collaborative is a public and private partnership whose primary goal is to enable the secure and interoperable health information exchange (HIE) on a nation-wide basis to advance health and improve healthcare. The Collaborative hosted a webinar on November 14th for HIE leaders to discuss the complexities of privacy and patient consent and it was surprising as to what was seen as an obstacle to success.
In May, we reported that a lawsuit seeking class action status was filed in West Virginia on behalf of 3,600 patients who had their protected health information breached due to a security flaw in a database at Charleston Area Medical Center.
On January 15, 2009, the U.S. Department of Health and Human Services (HHS) released two Federal rules that have had major impact to all of us in healthcare – the adoption of the ICD-10 code sets and implementation of updated standards for electronic healthcare and pharmacy transactions. Both of these rules came with compliance dates: the updated transaction standard must be live by January 1, 2012; and the ICD-9-CM nomenclature used to report healthcare diagnoses and procedures would be replaced by ICD-10 as of October 1, 2013.
Over the past year, as many as 2,000 patients may have received incorrect forms of medication following discharge from five hospitals in Rhode Island, all operated by Lifespan. The patients were prescribed timed-release medications but may have received the regular form of the medication instead.
It was reported earlier this month that a New England dermatology system with offices in four cities lost 2,200 patient records when someone stole a computer flash drive from an employee’s car. The flash drive was in a computer bag which was stolen from the employee’s locked car while the car was parked at the employee’s home. It is not clear whether the flash drive was encrypted.
