Why Perform a HIPAA Privacy Risk Assessment?
The best answer to this question may be obvious...but it's the law! Aside from that, there are several good reasons to performing a HIPAA Privacy Risk Assessment in your oﬃce. A risk assessment can help you to identify where your Protected Health Information (PHI) lies in your organization. From equipment to ﬁles, there is PHI being stored everywhere....so, protect yourself. Here are three good case studies from our blog that are perfect examples of why you must perform a risk assessment:
PHI for Personal Gain
A licensed practical nurse (LPN) pled guilty to wrongfully disclosing a patient's health information for personal gain. The woman faces a maximum of ten (10) years imprisonment, a $250,000 fine or both. Having shared the patient's information with her husband, the husband contacted the patient and told the patient that he was going to use the information against him in an upcoming legal proceeding.
Employees & Facebook
A temporary employee at a California hospital posted a picture of someone's medical record to his Facebook page and made fun of the patient's condition. Details of the health data breach indicate that the temporary employee, who was provided by a staffing agency, shared a photo on his Facebook page of a medical record displaying a patient's full name and date of admission.
Fined $100K for Calendar
A five-physician practice became the first small practice to enter into a resolution agreement that included a civil money penalty over charges that it violated the HIPAA Privacy and Security Rules. A complaint was filed alleging that the practice was posting surgery and appointment schedules on an Internet-based calendar that was publicly accessible.
Don't let your oﬃce be another case study. Talk to our experts at Dexcomm to discuss additional privacy safeguards to help protect against a breach or our HIPAA Remediation Services.