Compliance Corner
Does compassion play a role when complying with the HIPAA privacy and security rules? Can a patient’s information be used or disclosed in a way that would violate HIPAA if the intention was to help the patient access healthcare services? Please consider these questions as you read the following:
Last month, Emory Healthcare in Atlanta, Georgia began notifying 315,000 patients that back-up discs containing their protected health information – including Social Security numbers – was lost. The discs contained data from an information system deactivated in 2007 on patients treated between September 1990 and April 2007.
We all know that the stronger our passwords, the harder it is for hackers to break them. If you have a password that is easy to guess, that does not contain a combination of letters, numbers and special characters, that contains a sequence of letters or numbers (e.g., 12345), change it now before you read any further!
On February 3rd, St. Elizabeth’s Medical Center in Boston, Massachusetts, which is part of the Steward Health Care System, was notified by an individual who reported finding papers from the hospital blowing through a field near the Boston airport. The papers contained cashier’s receipts for credit card payments made by five patients at St. Elizabeth’s surgical day center and other outpatient services.
The California (CA) Department of Child Support Services (CSS) recently announced that four computer storage devices containing the personal information for about 800,000 adults and children in the CA child support system were lost during a disaster simulation last month.
On Tuesday, The Kansas City Star in Topeka, Kansas, reported that hundreds of patients’ medical records were found in a paper-recycling bin outside an elementary school in the Kansas City area. The records contained the names, birth dates, Social Security numbers and health histories for more than 1,000 patients.
In last week’s Compliance Corner, we discussed the settlement between the Department of Health and Human Services (HHS) and Blue Cross Blue Shield of Tennessee (BCBST) that resulted from potential HIPAA violations.
This week marks the 14th annual National Consumer Protection Week in which various consumer protection and other governmental groups teach consumers about how to better secure and protect their financial information.
The medical records of more than 21,000 hospital patients at two California hospitals may have been inadvertently made public online.
A nurse was recently fired by Titus Regional Medical Center in Mount Pleasant, Texas for accessing information on patients that she was not authorized to view. The hospital decided to notify 108 patients in a letter which warned them of a slight risk of identity theft, although most of the records the nurse accessed did not contain Social Security numbers.
