A HIPAA violation occurs when a covered entity or business associate compromises an individual’s personal health information (PHI). This could be from a lack of awareness, training, or appropriate safeguards of PHI. Whether large or small, willful or negligent, HIPAA violations can be damaging to any hospital or medical practice and the patient or patients affected.
Yes. If an employee believes that a HIPAA violation has occurred, they should report it to their supervisor or their HIPAA Privacy Officer. The HIPAA Privacy Officer will need to conduct an investigation and a risk assessment to determine if the violation needs to be reported. In addition, action should be taken to ensure that the cause of the breach is corrected and whether or not any policies or procedures need to be updated, including if any additional staff training may be necessary. If no such action is taken, the matter can be escalated, and a complaint can be filed with the HHS Office for Civil Rights. https://www.hhs.gov/hipaa/filing-a-complaint/index.html
There is no standard process for what happens after a HIPAA complaint is filed; therefore, the process will vary from organization to organization. However, the HIPAA policy states that complaints should be documented, and employees should receive acknowledgment of the complaint and a timely response. If this does not happen, employees have the right to escalate the complaint to HHS´ Office for Civil Rights.
One of the top reasons for HIPAA violations is a lack of employee training. Employees who receive regular training are far less likely to make mistakes when it comes to compliance. HIPAA regulation states that training should occur – when a new employee is hired, whenever changes are made to the regulations, and periodically to ensure comprehension of HIPAA requirements.
If you have questions about HIPAA your HIPAA requirements or healthcare compliance, contact the experts at MedSafe. MedSafe is the nation’s leading one-stop resource for outsourced accreditation and healthcare compliance solutions. For over 20 years, we have been providing peace of mind to hospital groups, private practices, and their business associates. Our suite of onsite and online training services, including OSHA, HIPAA, Corporate Compliance and Code Auditing better equip your practice with the necessary tools and skills to achieve and maintain regulatory billing compliance. MedSafe takes a hands-on approach and works directly with your team to uncover issues and define suitable solutions. Learn more by visiting www.medsafe.com.