Three corrective action plans demonstrate OCR’s expectations for HIPAA compliance. Equip the patient-facing team to meet OCR’s HIPAA Right of Access Initiative
Continue readingAvoiding up to $1.5 million a year in Privacy Rule penalties may be easier than you think.
Avoid up to $1.5M a year in Privacy Rule penalties and investigations. Information blocking oversight team for effective healthcare regulatory compliance.
Continue readingHIPAA Right of Access initiative results in serious enforcement actions
OCR’s HIPAA Right of Access Initiative drives investigations and enforcement settlements. Four settlement examples and remedies.
Continue readingPrivacy protection: When our colleagues are our patients
How can you protect personal health information (PHI), medical records, and patient communication when the provider is also the patient?
Continue readingGet ready to comply with strict new privacy regs [or pay big fines]
New rules from the Health and Human Services (HHS) department put stricter guardrails on how and when healthcare organizations provide access to PHI.
Continue readingThe Pandemic Is No Excuse: Enforcement Actions Taken by the Office for Civil Rights
We’ve known that enforcement actions were going to pick up again, even though many regulations are still waived or modified during the public health emergency. In the past few months, several decisions have been rendered by the Office for Civil Rights (OCR) which prove the point. Hospitals and other healthcare organizations need remain cautious and cognizant of exactly which regulations are being enforced, and make sure that existing procedures and policies are being followed.
Religious Rights
For example, OCR resolved a complaint against Prince George’s Hospital Center of the University of Maryland Medical System (UMMS). The complaint was raised by a woman who wanted to have a priest attend her critically injured husband during the pandemic. Despite the priest’s willingness to wear any necessary personal protective equipment (PPE), he was refused entry. UMMS implemented a new policy guaranteeing “adequate and lawful access to chaplains or clergy” in order to resolve the complaint.
A second religiously-based complaint was also resolved recently by OCR. In this complaint, filed by a civil rights group, a medical student at Staten Island University Hospital (SIUH) in New York City was ordered to shave his beard, which he kept for religious reasons. The hospital stated that this was in order to ensure his N95 respirator mask had a tight seal around his nose and mouth, even though he had passed a fit test. In resolving the complaint, SIUH provided the student with a Powered Air Purifying Respirator (PAPR) as a religious accommodation.
Privacy
OCR also recently resolved a HIPAA-based complaint. Lifespan Health System Affiliated Covered Entity (Lifespan ACE) in Rhode Island agreed to pay OCR $1,040,000 and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to the theft of an unencrypted laptop. Not only did the laptop contain electronic protected health information (ePHI) for 20,431 individuals, OCR found systemic noncompliance with HIPAA, including lack of encryption on laptops and a lack of device and media controls.
A Warning for Compliance
All these enforcement actions took place during the COVID-19 pandemic. The presence of the pandemic is not being taken as a reason for not proceeding with enforcement action. Compliance professionals need to be very aware of what regulations still apply, and how their organizations are continuing to stay within the scope of existing regulations.
See YouCompli in Action
Easier, faster, more effective compliance is possible
Faster Compliance Using “Command Signals”
You don’t want to waste time on regs that don’t matter to you! Whether it’s a new reg from the Office of Civil Rights (OCR), the Centers for Medicare & Medicaid Services (CMS), or your state’s Health Department, one of the 1st steps required for compliance is gauging the new regs’ relevance to your organization. […]
Continue reading