NEWS

HIPAA Cautionary Tales

Knowing what is happening in the world of HIPAA “mistakes” can be beneficial to you as a pharmacy owner.

HHS press releases tell the following stories:

content-mistakesMobile devices, full of unencrypted records, are being stolen. A USB drive was taken from the car of an Alaska Department of Health and Social Services employee. Thieves took a laptop from a Concentra Health Services facility in Missouri and from a QCA Health Plan employee’s car in Arkansas. “’Covered entities and business associates must understand that mobile device security is their obligation,’ said Susan McAndrew, OCR’s deputy director of health information privacy. ‘Our message…is simple: encryption is your best defense against these incidents.’” Penalties on these violations totaled $3,675,220.

Someone at Idaho State University’s Pocatello Family Medicine Clinic disabled firewall protections on its server. It was 10 months before the clinic realized that the records of 17,500 patients were unsecured. “’Risk analysis, ongoing risk management, and routine information system reviews are the cornerstones of an effective HIPAA security compliance program,’ said OCR Director Leon Rodriguez.” ISU agreed to pay $400,000.

This story is my favorite because it is so egregious and, unlike the other examples, low tech. It seems a physician was retiring and Parkview Health System, Inc. was thinking about purchasing a portion of her practice. Parkview took custody of medical records for 5,000 to 8,000 patients. Nine months later, Parkview employees, knowing that the doctor wasn’t home, “left 71 cardboard boxes of these medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue.” Parkview agreed to pay $800,000.

Moral of the stories: Everyone who touches health records must be educated on HIPAA rules and think about the effects of their actions…even the Parkview drivers.

For more information about  HIPAA and other pharmacy compliance solutions for your pharmacy, call PRS at 1-800-338-3688 and speak with one of the Specialists. Also, stop back here for additional posts on compliance issues and what you need to know as a pharmacy owner.