hipaa is heating up!!
TRANSCRIPT
HIPAA IS HEATING UP!!
CAN YOU GUESS THE CELEBRITY???
HIPAA GONE BAD?
This patient’s hospital was fined for doing the right thing- despite reporting the privacy breach and taking immediate disciplinary action.
This patient’s hospital is one of few that has sophisticated monitoring technology in place to detect privacy violations.
BUSTED FOR SNOOPING• 218-bed facility• 2 fired• 13 resigned instead of facing
termination• another 8 disciplined• Despite privacy training-
personnel still snooped• Under new rules, states now have
the authority to make examples of workers and hospital itself.
Multiple employees snooped into this record Multiple violations Multiple penalties 80 tiny fingers- 80 tiny toes Famous for being Miracle Mom
LOS ANGELES, California (CNN) -- The hospital where a California woman gave birth to octuplets in January has been fined $250,000 by the state because nearly two dozen medical workers, including doctors, illegally viewed her medical records, according to state health officials.
The California Department of Public Health on July 16 issued an "administrative penalty" of $187,500 after determining that KP Bellflower failed to prevent unauthorized access to the family's confidential patient medical information.
CNN NEWS: “24 EMPLOYEES WERE INVESTIGATED FOR VIOLATIONS OF HEALTH CARE PRIVACY LAW - HIPAA
I KNOW THAT 100% PREVENTION OF THESE TYPE OF VIOLATIONS IS IMPOSSIBLE. NURSES NEED ACCESS TO PATIENT RECORDS. SETTING ACCESS RIGHTS ON PATIENT INFORMATION TOO TIGHT COULD COST HUMAN LIVES. WHAT IF AT THE CRUCIAL MOMENT IN PATIENT'S TREATMENT, A NURSE IS DENIED ACCESS TO A PATIENT FILE? THEREFORE, WHERE YOU CANNOT 100% PREVENT ACCESS TO INFORMATION, YOU MUST MONITOR ACCESS TO INFORMATION. AND IF THOSE PEOPLE ABUSE THEIR ACCESS PRIVILEGES, YOU DISCIPLINE THEM.
A complete basketball buff, he played with the Kentucky Basketball Team way back in 1979.
Vogue magazine has had only two men on their cover- this guy was one of them!
Not only is he one of Hollywood’s greatest stars, but he also has a large heart. He offer $1 million towards hurricane relief. Further, he donated his Oscar gifts to raise money for Hurricane Katrina victims. Incidentally, one gift included a Tahitian pearl necklace!
Hollywood calls him ‘Gorgeous George’. Dr. Doug Ross
40 Palisades Medical Center employees were investigated – and more than two dozen suspended without pay – for allegedly leaking Clooney's and girlfriend Sarah Larson's private medical records to the media.
She auditioned to play Allie Nelson in The Notebook, but lost the part to Rachel McAdams.
At age seven she won $50,000 in a singing contest. She is from Kentwood Louisiana She has one Grammy award (won in 2005) and has
six nominations: two nominations each in the 2000, 2001 and 2003 ceremonies. She also has had a total of 16 MTV Video Music Award nominations.
She spent time in rehab- now back on tour- and not with the Ringling Brothers
Biggest Influence: Madonna Birth Date: December 2, 1982 This mother of 2 shaved her head- and went to
rehab
CIRCUS TOUR UNFORTUNATE CUT
CAN YOU GUESS THIS ONE?
Best selling poster girl – of all time Red swimsuit Best known for her role in 1970’s television series Lost her battle with cancer this year Perhaps the enactment of _________Law,
legislation making it illegal for medical staff, or others who may have access, to leak private medical information to the media, whether they are paid for that information or not, will be something good to come out of the anguish she has had to endure.
“FORMER MEDICAL CENTER EMPLOYEE HAS BEEN INDICTED FOR SNOOPING IN THE MEDICAL RECORDS OF THE STAR AND SELLING THE INFORMATION TO TABLOIDS”
1947-2009
"It is my personal belief that what Lawanda Jackson is most guilty of is being a pawn," Fawcett wrote. "She worked in a hospital system that did not provide strong enough deterrents to stop their employees from breaching their patient's medical records -- which made it all the easier for the tabloids to financially induce ... her to invade my privacy as well as the privacy of others."
Hospital Leak Goes Deeper Than FarrahAOLFiled Under: TV News(June 9) - In early April, an employee from the UCLA Medical Center was indicted after selling several celebrities' medical records, including Farrah Fawcett's, to the National Enquirer. But the leaking of information to tabloids may have started long before.
NEW SHERIFF IN TOWN. . . . .
WASHINGTON – HHS has delegated the authority for the administration and enforcement of the HIPAA Security Rule to the Office for Civil Rights.
The OCR's administration and enforcement of the security rule, which had previously been delegated to the Centers for Medicare and Medicaid Services, will eliminate duplication and improve the department's efforts to ensure that health information privacy is protected.
STIMULUS BILL AMENDSHIPAA
Included as part of the federal stimulus bill known as the American Recovery and Reinvestment Act of 2009 (“ARRA”) is Title XIII, the “Health Information Technology for Economic and Clinical Health Act” or the “HITECH Act.”
The HITECH Act contains a sweeping expansion of HIPAA privacy and security regulations. These changes will affect more businesses in more ways than ever before.
BU
SIN
ESS A
SSO
CIA
TES
….an individual or corporate "person" that: performs on behalf of the SMC any function or activity involving the use or disclosure of PHI.
Pre-ARRA Rule: BAs were not directly subject to the HIPAA
Privacy and Security Rules. Rather, their duties arose out of their BA Agreements.
Revise BAAs to incorporate expanded Privacy and Security Rule obligations. Civil and criminal penalties now apply
directly to BAs.
BREACH NOTIFICATION
Notice Required to Individuals:Within 60 days of discovery of a breach, the
Privacy Officer must provide notice via first class mail
“Breach” generally is the unauthorizedacquisition, access, use or disclosure of PHI
thatcompromises the Privacy or Security of thatinformation, excluding certain unintentional orinadvertent disclosures.
Pre-ARRA Rule: No affirmative obligation to notify individuals or HHS of a breach of Privacy or Security Rules. Rather, SMC’S obligation to mitigate any harm caused by a breach.
Notice to HHS & local media! Sept. 2009In any case in which 500 or more persons are
affected by a breach, the covered entity must provide notice to major local media outlets
GREATER ENFORCEMENT!ADDITIONAL ENFORCEMENT POWER RELATED TO
VIOLATIONS OF PRIVACY & SECURITY RULES*LAWS NOW REQUIRE HHS TO CONDUCT AUDITS
Health Information Technology American Recovery and Reinvestment Act (Recovery Act) Implementation Plan Office of the National Coordinator for Health Information Technology
Funding Table Total Appropriated (Dollars in Millions)
Privacy and Security* $ 24.285
National Institute of Standards and Technology (NIST) 20.000
Regional HIT Exchange 300.000
Unspecified 1,655.715
Total, Health Information Technology $ 2,000.000
*Note: This dollar figure, $24,285,000, includes an estimated $9.5 million for audits by the Office for Civil Rights and the Centers for Medicare & Medicaid Services.
Minimum per Violation Annual Maximum
Minimum Penalties“Did not know” Tier A $100
“Reasonable cause” Tier B $1,000
“Willful neglect” Tier C $10,000
“Uncorrected violation” Tier D $50,000
Maximum Penalties
Tier A $25,000
Tier B $100,000
Tier C $250,000
Tier D $1,500,000
HHS is required to distribute portions of the collected penalties to personsFINANCIAL INCENTIVE!!!
ARRA: PROVISIONS CHANGES DUE
August 2009: Breach notification provisions and PHI breach notification
February 2010: Business Associates and Marketing
August 2010: Minimum Necessary and Prohibition on sale of electronic health records/PHRs.
January 2011: Accounting for Disclosures
February 2011: Enforcement for ‘willful neglect’
MEDICAL IDENTITY THEFT IS THE FASTEST-GROWING THEFT IN AMERICA
SMC HAS IMPLEMENT A WRITTEN IDENTITY THEFT PREVENTION PROGRAM TO DETECT, PREVENT, AND MITIGATE IDENTITY THEFT
2 TYPES OF THEFT
IDENTITY MEDICAL
BOTH TYPES HARM YOU IN DIFFERENT WAYS
IDENTITY: IS A HASSLE & CAN HURT FINANCIALLY
MEDICAL: CAN KILL
INACCURATE INFORMATION CAN CAUSE AN UNWARRANTED ADVERSE ACTION
What if a patient were given a medication that reacted with a serious blood disorder because a thief’s diagnosis and treatment had intermingled with the real patient’s record, that stated - no allergies?
To detect identity thieves using personal
information at your institution Preventing medical identity theft can
save patients’ lives.
FTC’S RED FLAG RULES
Warning from consumer reporting agencies Suspicious documents Suspicious personal information Inconsistent with external information
sources Documents provided for identification appear
to be altered Fraud or active duty alert included in
consumer report
PROVIDERS AND PLANSHealthcare providers such as SMC along with health
plans may become secondary victims
Providers may unknowingly submit incorrect precertification or claims and accompanying health information to health plans to justify treatment or payment for the health service rendered
A provider may be forced to write off expenses related to the medical identity theft
Hidden expenses incur in employees rescinding claims and working numerous hours with the victim to correct and mitigate further risk