Why University of California at Los Angeles Health System is now taking patient privacy seriously
July 8, 2011
The Department of Health and Human Services (HHS) announced today that the University of California at Los Angeles Health System has agreed to settle potential violations of HIPAA for $865,500. Click here to see Press Release. The settlement comes after complaints were received and investigated by the Office of Civil Rights on behalf of two celebrity patients who received care at the health system and for whom employees of the health system repeatedly and without reason looked at their electronic health information. Subsequent investigation revealed such was somewhat common practice at the health system.
Of course, this is an extreme example of egregious behavior at a health system, however, the conduct and end result should not be overlooked, but instead a reminder to treat patient health information with care. Under HIPAA you are required to maintain patient confidentiality through appropriate policies and procedures. Further, you are required to reasonably restrict access to patient information to only those employees with a valid reason to view the information.
There is no reason to give patients another way to cause trouble for you and your practice; failing to adhere to policy requirements under HIPAA is just adding additional exposure to your practice. In conjunction with your HIPAA policies and procedures, which you should have implemented and disseminated when required to patients, you should also have in writing applicable practice policies such as financial policies, etc., for patient access. I’ve found that oftentimes clients are lazy about maintaining, updating and implementing policies and procedures. The problem is that failing to adhere to these requirements may actually end up biting you. Agencies are on the prowl checking; the Office of Civil Rights does have the ability to assess monetary damages if you fail to protect patient information or if you do not have a proper Security Policy in place protecting electronic use and transmission of EHR.
While remaining in compliance may have gotten harder as more and more regulations have been put into place over the years, what has gotten easier is for patients to make complaints. Complaints are taken from almost every agency covering almost every reason you can think of for complaining by patients against providers. Avoid having to deal with unnecessary distractions/liabilities by making compliance a priority. To check out the policies we have available for customization and what we charge for them, click here. Otherwise, call me to discuss your specific needs.
Copyright © 2011 by Kirschenbaum & Kirschenbaum, P.C.
All Rights Reserved. This email is provided for news and information purposes only and does not constitute legal advice or an invitation to an attorney-client relationship. While every effort has been made to ensure the accuracy of the information contained herein, Kirschenbaum & Kirschenbaum PC does not guarantee such accuracy and cannot be held liable for any errors in, any reliance upon this, or losses caused by the information. Under New York’s Code of Professional Responsibility, this material may constitute attorney advertising. Prior results do not guarantee a similar outcome.
Contact Jennifer at Jennifer@Kirschenbaumesq.com or at (516) 747-6700 x. 302.
at a residency/fellowship program?
Contact Jennifer directly at (516) 747-6700 x. 302 or at Jennifer@Kirschenbaumesq.com