Monthly Archives : November 2014

HIPAA Cautionary Tales

Knowing what is happening in the world of HIPAA “mistakes” can be beneficial to you as a pharmacy owner.

HHS press releases tell the following stories:

content-mistakesMobile devices, full of unencrypted records, are being stolen. A USB drive was taken from the car of an Alaska Department of Health and Social Services employee. Thieves took a laptop from a Concentra Health Services facility in Missouri and from a QCA Health Plan employee’s car in Arkansas. “’Covered entities and business associates must understand that mobile device security is their obligation,’ said Susan McAndrew, OCR’s deputy director of health information privacy. ‘Our message…is simple: encryption is your best defense against these incidents.’” Penalties on these violations totaled $3,675,220.

Someone at Idaho State University’s Pocatello Family Medicine Clinic disabled firewall protections on its server. It was 10 months before the clinic realized that the records of 17,500 patients were unsecured. “’Risk analysis, ongoing risk management, and routine information system reviews are the cornerstones of an effective HIPAA security compliance program,’ said OCR Director Leon Rodriguez.” ISU agreed to pay $400,000.

This story is my favorite because it is so egregious and, unlike the other examples, low tech. It seems a physician was retiring and Parkview Health System, Inc. was thinking about purchasing a portion of her practice. Parkview took custody of medical records for 5,000 to 8,000 patients. Nine months later, Parkview employees, knowing that the doctor wasn’t home, “left 71 cardboard boxes of these medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue.” Parkview agreed to pay $800,000.

Moral of the stories: Everyone who touches health records must be educated on HIPAA rules and think about the effects of their actions…even the Parkview drivers.

For more information about  HIPAA and other pharmacy compliance solutions for your pharmacy, call PRS at 1-800-338-3688 and speak with one of the Specialists. Also, stop back here for additional posts on compliance issues and what you need to know as a pharmacy owner.


HIPAA Compliance: You’ve Got to Be More Careful

Are you taking your pharmacy’s  HIPAA Compliance seriously?

hP2-300x225I’m sure you’ve heard about the million-dollar settlements that Rite Aid and CVS paid for HIPAA violations. Here’s a January 2, 2013 headline you may have missed: HHS announces first HIPAA breach settlement involving less than 500 patients. The Hospice of North Idaho agreed to pay $50,000 for a breach of unsecured electronic protected health information (ePHI).
The HHS Office for Civil Rights (OCR) doesn’t just investigate the big pharmacy players, it is tasked with enforcing HIPAA for every US citizen, including your customers. While OCR still spends most of its resources following up on complaints, last summer it began Phase 2 of its random audit program. This phase looked at a randomly selected pool of covered entities AND their business associates. Auditors found that more than 39% of the problems with Privacy Standards compliance were attributed to a lack of awareness of the requirements. Further, they found that the smallest covered entities struggled with compliance under all three of the HIPAA Standards: Security Rule, Breach Notification Rule, and Privacy Rule.
OCR lists, in order of frequency, the five most common compliance issues it investigates:
1. Impermissible uses and disclosures of protected health information;
2. Lack of safeguards of protected health information;
3. Lack of patient access to their protected health information;
4. Uses or disclosures of more than the minimum necessary protected health information; and
5. Lack of administrative safeguards of electronic protected health information.
Everyone in your pharmacy needs to know the HIPAA rules. More importantly, they need to know how to follow them. You and your employees must have solid policies and procedures and be vigilant in sticking to them. It only takes one customer, competitor, or employee to make a complaint to OCR that could get you into big financial trouble.

For more information about  pharmacy compliance solutions for your pharmacy, call PRS at 1-800-338-3688 and speak with one of the Specialists. Also, stop back here for additional posts on compliance issues and what you need to know as a pharmacy owner.