Are You Hip to HIPAA?
Ignorance is no defense when it comes to protected health information.
Y
ou could be violating HIPAA
and not even know it. Consider
this scenario: A patient sched-
uled to receive an injection at 10 a.m.
doesn't receive the injection until 11
a.m. Yet the nurse documents in the
patient's record that the injection was
administered as scheduled. Honest
oversight, right? Wrong. It's a HIPAA
violation that could come back to
haunt you.
Ignorance is no defense against Health
Insurance Portability and Accountability
Act violations. Nor is a lack of training.
Your staff has likely been trained in
patient privacy and protected health information (PHI), but slip-ups still
happens.
• A 12-physician dermatology practice group paid $150,000 for
alleged HIPAA violations arising out of a lost, unencrypted flash drive
containing PHI. The group also was required to implement a correc-
tive action plan.
• A 5-physician cardiology group reached a $100,000 settlement as a
result of a multiyear, ongoing failure to comply with the HIPAA priva-
cy and security requirements by posting clinical and surgical appoint-
ments for patients on a publicly accessible Internet-based calendar.
• An orthopedic clinic agreed to pay $750,000 for potentially violating
a HIPAA privacy rule by sharing PHI for about 17,300 patients to a
potential business partner without first executing a business associate
2 0 • O U T PA T I E N T S U R G E R Y M A G A Z I N E • J U L Y 2 0 1 7
Legal Update
Shaun Sever, RN, BSN, ALNC
• NO CHANGE Even the most innocuous and well-
meaning correction to a patient record could land a
surgical facility and its staff in hot water.
Pamela
Bevelhymer,
RN,
BSN,
CNOR