 |
|
Privacy Report Among these, as noted in the report “Online, on Message, on Duty: Privacy Experts Share Their Challenges,” are the following: • employee education and the review of access policies to preserve the privacy and security of information; • the ability of privacy officers to continue resolving issues with differing federal and state privacy laws while correcting HIPAA misinformation and addressing medical identity theft and portable device security; • preparation and a proactive approach to privacy and security, which are • ensuring that an organization’s privacy and security function effectively while promoting good communication and collaboration. “An organizational commitment keeping patients’ health information private and secure is key. ... A critical element is enforcement of sanctions when breaches or attempted breaches occur,” says Jamie Husher, RHIA, CHPS, the HIM director and privacy officer at The Evangelical Lutheran Good Samaritan Society in Sioux Falls, S.D. “Facilities demonstrate a continued commitment to privacy and security of patient information by naming it an organizational priority and demonstrating such. A sound training program, including ongoing awareness, is critical,” says Husher. Husher says case studies or scenarios that are reported in the media can be helpful in bringing privacy and security to life. Also, applying the information to the employee’s job helps him or her understand the need to maintain patient information in a private and secure manner, says Husher. For example, Good Samaritan Hospital practices safety and security daily, such as disposing of protected health information (PHI) in special green bags. “We have done it for a good while, so it’s standard operating procedure. During our safety inspections, proper disposal of PHI is checked. Problems are reported for follow-up and correction,” says Mangin. Access to patient records varies depending on the format—paper, electronic, or hybrid. Limiting access also depends on the format. An EHR is typically controlled through role-based security access, limiting the amount of information someone can access based on his or her job function, explains Husher. Differing state and federal privacy laws are a concern, as it can be difficult to interpret and apply the laws, understand the differences between the laws, and stay current with changes, says Husher. “HIPAA currently allows state laws that are more stringent to take precedence. … Some states require patient authorization before releasing any information, even for treatment purposes—this puts up a roadblock to quick access of information by caregivers. HIPAA allows the release of health information for treatment without an authorization. When a state continues to require an authorization, this prevents the prompt exchange of patient information needed for timely patient care,” says Mangin. “Collaboration, collaboration, collaboration,” says Husher of working toward successful compliance. “There is so much happening in healthcare—it takes a team approach and the need to work together to stay in continued compliance.” — Mary Anne Gates is a medical writer based in the Chicago area. |
|
|||
