HIPAA Breaches & Desk Audits
What is a breach?
In simple words, the loss of patient protected health information, either printed or electronic.
How common are breaches within pharmacies?
There are two types of pharmacies and pharmacy owners,
The first are the ones who know they have had a breach
The later are the ones who have had a breach and don’t know about it
How can I have a breach and not know about it?
Simple, has your pharmacy clerk ever given a patient another patient’s medication?
That is a breach
Can you give me examples of breaches?
Pharmacy is robbed and the will call bin is stolen
Pharmacy is robbed and the server is stolen
Staff pharmacist has a laptop stolen
Delivery driver has their vehicle stolen which is full of prescriptions to be delivered
Billing manager has a jump drive with patient files for billing to work at home and loses it on the bus
What do I do when a breach occurs?
First, don’t panic
Get the facts
Complete a Potential Breach Evaluation and a Risk Assessment
Determine whether the breach is reportable or non-reportable to HHS/OCR
Document everything
What are OCR Desk Audits
Tested in 2016
Launched on January 1, 2017
Notification via U.S. Mail and Email
Also conducting no notice on-site inspections
What is the OCR asking for?
Notice of Privacy Practices (date must be after 07/01/2013)
Risk Analysis
Risk Management Plan
Disaster Recovery Plan/Contingency Plan
Annual Privacy and Security Assessments
Random Policies and Procedures
On-Site Inspections
Same as above, but in person
First question is to the person at your counter, normally your clerk
Can I have a copy of your Notice of Privacy Practice?
They have to know the answer and provide the NOPP
Penalties for Non-compliance
Fines up to 1.5 Million Dollars
Is there help available to pharmacies?
Yes, but you get what you pay for
You can buy a set of policies and procedures, but if you have breach, especially a reportable breach:
Will the consultant stay with you when you need them the most?
Will they charge you extra?
Will they provide the correct advice?
How do you know how to pick a consultant?
Ask your peers
Ask hard questions about how they have handled client breaches and inspections
Do you get detailed answers from the consultant?
Do you referrals from multiple people?
CONTACT: Office: 724-357-8380
Website: www.rjhedges.com
See omnystudio.com/listener for privacy information.
Learn more about your ad choices. Visit megaphone.fm/adchoices
view more