Move fast and hard after breach
Once a privacy breach occurs with a patient's medical records, the risk manager must act quickly and decisively, says Layna Cook, JD, an attorney specializing in health care risk management with the law firm McGlinchey Stafford in Baton Rouge, LA. The Health Insurance Portability and Accountability Act (HIPAA) requires mitigation when a violation occurs, Cook notes.
It also requires documentation of an unauthorized disclosure of the patient's health information in the patient's record, she says. While the privacy rule does not require a covered entity to report the nonauthorized disclosure to the patient, in many instances it is the best course of action, Cook says. "For instance, there is a strong possibility that unauthorized access to Britney Spears' medical information may result in private health information being provided to the press," she says. "In such a situation, it may be best to notify the patient of the unauthorized disclosure."
Risk managers should be heavily involved in the investigation following a breach, says Steve Gravely, JD, a partner at the law firm Troutman Sanders in Richmond, VA, and head of its health care practice. The advent of electronic health records in recent years often makes these investigations easier since there is electronic tracking of all who access the medical record, Gravely notes. Maintaining that kind of trail would have been virtually impossible with paper records, he says
"Risk managers are experienced with conducting investigations quickly and efficiently and should certainly be involved with the privacy officers in evaluating what caused the breach and who was involved," he says. "When employees are responsible for the breach of health information, the hospital must take disciplinary action promptly. In serious cases, termination might be the most appropriate response."
Sources
For more information, contact:
- Layna Cook, JD, McGlinchey Stafford, Baton Rouge, LA. Telephone: (225) 382-3635. E-mail: [email protected].
- Steve Gravely, JD, Troutman Sanders, Richmond, VA. Telephone: (804) 697-1308. E-mail: [email protected].
You have reached your article limit for the month. Subscribe now to access this article plus other member-only content.
- Award-winning Medical Content
- Latest Advances & Development in Medicine
- Unbiased Content