It is about time! I just hope that the snoopers got enough money from passing on private medical information about the involved celebrities – they are going to need it for their defense. At lease the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) handed down a penalty of sizable value and ordered the University of California at Los Angeles Health System (UCLAHS) to submit a corrective action plan to close the holes in its compliance with the rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.
This reflects the policies and procedures required by HIPAA and lets hospitals and medical offices know that the HHS is serious about enforcing the rules. Covered entities must reasonably guard medical records from prying eyes. Employees that chose to disregard these rules must be sanctioned, i.e. either authorized under strict rules, or penalized for violations. All employees must be aware of the rules and trained about the confidential nature of private medical records.
UCLAHS is responsible for the actions of its employees and must now train said employees in meaningful policies and procedures, including audit trails to insure access is by authorized personnel only. There must also be a clear plan in place to deal with employees that choose to violate the rules. Casual viewing of patient health information is unacceptable and against the law and employees can be prosecuted. OCR will continue to vigorously enforce the protections.
This is also an important reason to check your records once the new addition allowing patients of obtain a list of people viewing their records and for what purpose. I blogged about this a short time ago and you may read about it here. The press release about the UCLAHS violation can be read here.
No comments:
Post a Comment