Access Now: AORN COVID-19 Clinical Support

Archive July 2017 XVIII, No. 7

Legal Update: Are You Hip to HIPAA?

Ignorance is no defense when it comes to protected health information.

Shaun Sever

Shaun Sever, RN, BSN, ALNC


correction to a patient record NO CHANGE Even the most innocuous and well-meaning correction to a patient record could land a surgical facility and its staff in hot water.

You could be violating HIPAA and not even know it. Consider this scenario: A patient scheduled to receive an injection at 10 a.m. doesn't receive the injection until 11 a.m. Yet the nurse documents in the patient's record that the injection was administered as scheduled. Honest oversight, right? Wrong. It's a HIPAA violation that could come back to haunt you.

Ignorance is no defense against Health Insurance Portability and Accountability Act violations. Nor is a lack of training. Your staff has likely been trained in patient privacy and protected health information (PHI), but slip-ups still happens.

  • A 12-physician dermatology practice group paid $150,000 for alleged HIPAA violations arising out of a lost, unencrypted flash drive containing PHI. The group also was required to implement a corrective action plan.
  • A 5-physician cardiology group reached a $100,000 settlement as a result of a multiyear, ongoing failure to comply with the HIPAA privacy and security requirements by posting clinical and surgical appointments for patients on a publicly accessible Internet-based calendar.
  • An orthopedic clinic agreed to pay $750,000 for potentially violating a HIPAA privacy rule by sharing PHI for about 17,300 patients to a potential business partner without first executing a business associate agreement. Under HIPAA rules, covered entities cannot disclose PHI to unauthorized persons, and the lack of a business associate agreement left patients' sensitive health information vulnerable to misuse or improper disclosure.

Protect yourself
HIPAA penalties are based on the level of negligence, with a maximum penalty of $1.5 million per violation. When determining penalties, the Office for Civil Rights takes into account the length of time a violation persisted, the number of people affected, the nature of the PHI exposed and the organization's willingness to assist with the investigation. A long-running violation could have overwhelming financial repercussions, and it may also lead to the censorship of nurses, nursing management, administrators and even physicians.

New to Outpatient Surgery Magazine?
Sign-up to continue reading this article.
Register Now
Have an account? Please log in:
Email Address:
  Remember my login on this computer

advertiser banner

Other Articles That May Interest You