HIPAA Breaches & Desk Audits
What is a breach?In simple words, the loss of patient protected health information, either printed or electronic.
How common are breaches within pharmacies?There are two types of pharmacies and pharmacy owners,The first are the ones who know they have had a breachThe later are the ones who have had a breach and don’t know about it
How can I have a breach and not know about it?Simple, has your pharmacy clerk ever given a patient another patient’s medication?
That is a breach
Can you give me examples of breaches?Pharmacy is robbed and the will call bin is stolenPharmacy is robbed and the server is stolenStaff pharmacist has a laptop stolenDelivery driver has their vehicle stolen which is full of prescriptions to be deliveredBilling manager has a jump drive with patient files for billing to work at home and loses it on the bus
What do I do when a breach occurs?First, don’t panicGet the factsComplete a Potential Breach Evaluation and a Risk AssessmentDetermine whether the breach is reportable or non-reportable to HHS/OCRDocument everything
What are OCR Desk AuditsTested in 2016Launched on January 1, 2017Notification via U.S. Mail and EmailAlso conducting no notice on-site inspections
What is the OCR asking for?Notice of Privacy Practices (date must be after 07/01/2013)Risk AnalysisRisk Management PlanDisaster Recovery Plan/Contingency PlanAnnual Privacy and Security AssessmentsRandom Policies and Procedures
On-Site InspectionsSame as above, but in personFirst question is to the person at your counter, normally your clerkCan I have a copy of your Notice of Privacy Practice?They have to know the answer and provide the NOPP
Penalties for Non-complianceFines up to 1.5 Million Dollars
Is there help available to pharmacies?Yes, but you get what you pay forYou can buy a set of policies and procedures, but if you have breach, especially a reportable breach:
Will the consultant stay with you when you need them the most?Will they charge you extra?Will they provide the correct advice?
How do you know how to pick a consultant?Ask your peersAsk hard questions about how they have handled client breaches and inspectionsDo you get detailed answers from the consultant?Do you referrals from multiple people?
CONTACT: Office: 724-357-8380
Website: www.rjhedges.com
See omnystudio.com/listener for privacy information.Learn more about your ad choices. Visit megaphone.fm/adchoices
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More