This time it was paper...BD
The box contained information about lab tests and insurance approvals as well as other medical issues. The documents are not medical charts, but do contain patient names and contact information. Under HIPAA guidelines, documents such as the ones found are supposed to be kept confidential and then shredded before being disposed of.
At the time the Post first interviewed Dr. Padilla, he said the office followed HIPAA guidelines very carefully and that the rule in the office was to shred all documents being disposed of. He said he didn’t know how the box ended up in the trash bin and speculated it might have been accidentally thrown out by the building’s cleaning crew.
Dr. Padilla spoke to the Post on Monday and said he was trying to figure out what had happened.
“The action we take all depends on how the material got into the Dumpster in the first place,” Dr. Padilla said. “That’s what we want to find out. We have a process in place to prevent this from happening.
It is having said that until today 2007 many of healthcare organizations are unaware of what exactly the HIPAA rules and regulations are for. With the growing incidence of privacy breaches the compliance authorities should need to put more efforts bringing awareness about the HIPAA compliance and should try to make it easy and cost effective for organization to get HIPAA compliant. Very recently I came across one tool which I really find more helpful. This tool will help many organizations for multitask compliance achievement. A crosswalk between different regulations poster from Symantec is a very useful tool. This poster is crosswalk between: Sarbanes Oxley, HIPAA, Payment Card Industry (PCI), GLBA, NERC standards CIP and PIPEDA (Canada) http://www.compliancehome.com/symantec/compliance.html
ReplyDeleteIt makes you wonder where is HIPAA these days? Did it go away?
ReplyDelete