Transcript

Capstone Video: HIPAA Compliance Analysis

[ Music ]

>> Gap analysis right?

>> Right.

>> Do me a favor and summarize it, I don’t have time to read this right now.

>> Sure. I did a random sweep of floors and public areas looking for violations for both HIPPA and our own internal policies regarding protected health information.

>> And.

>> I was not impressed. In a lot of places I found monitors turned to face the public. I found patient records left unattended. I could have picked them up and read them and there was nobody even around to stop me. In a lot of areas I found fax machines placed inappropriately and almost everywhere I went staff were discussing PHI in public areas.

>> It’s been pretty much my experience as well.

>> And what I find most disturbing is that a lot of the employees don’t really seem to care because once I’ve determined that they were discussing PHI in a manner which could clearly be heard by others, I would bring it to their attention and I’d get not resistance but sometimes they’d roll their eyes, or sigh just a little too loud.

>> Kind of like it was some burden you were placing on for reminding them to keep patient information confidential.

>> Exactly.

>> So in your option are we seriously out of compliance?

>> That’s right.

>> That’s what I was afraid of.

>> When you read that you’ll see that I’ve made some suggestions of ways to address these problems. The thing is that nine times out of ten this is just carelessness so it’s like if someone’s careless how do you make them care?

>> Good question. How do you make them care?

>> I think it has to start off with more training. You know we instituted these policies and then HIPPA came along and we probably didn’t provide enough training.

>> So you’re recommending mandatory training? We first need to make sure that everyone knows exactly what constitutes protected health information.

>> Right. I’m guessing that not everyone realizes what a broad definition that is. Then we have to stress not leaving PHI in public areas. We have to work with each station to make sure that their fax machine is set up in an appropriate area and then we have to turn those work station monitors around to where the public can’t see them I don’t care if we have to nail them in place.

>> I’d like to see penalties in place for employees that don’t comply with PHI policy. That might provide some incentive for them to do what’s right.

>> Well, we can certainly do that but I was hoping it wouldn’t come to that and that we could stick to positive reinforcement. Even so, I’ve put some suggestions for that in the report.

>> Set up a proposed training schedule by department and run it by me. This can’t wait.

>> You got it.

1.Why is it important for health information managers to possess a fundamental understanding of the HIPAA law?

2.What HIPAA violations can you identify from the HIM director’s description?

3.What steps need to be taken to address each violation?