Question

My phone at home kept ringing and I could tell it was a FAX. It was from a hospital in our area. My fax on my printer answered it automatically. It was a patient's physical exam results being faxed to someone, but it didn't say "who" it should be going to on the cover sheet. I felt the hospital and employee were actually lucky it came to me rather than to someone who would violate this patient's privacy. I sent the FAX back with a "professional" note with it. I titled it HIPAA Violation in order to get their attention.  

I informed them I would mail the original back. I thought about shredding it, but felt it would be a good learning experience as to why you should CHECK a fax number before hitting send on the Fax machine. Same holds true for emails, right?

About an hour after I faxed back the document, I received a phone call from the Compliance Officer of the hospital. They informed me about the processes and actions they were taking. I was pleased that they called me and talked about what processes they were going to follow through with. They had already called the patient to inform them of the error and breach of HIPAA, etc. They were in the process of talking with the employee and discussing disciplinary action. They were also going to hold inservices with all employees to review privacy practices.

The processes they discussed with me are right in tune with what we teach/discuss in this class, and what you will learn to do when you enter the healthcare field. Think about the rules of faxing and HIPAA.

Answer 1

The HIPPA privacy rule establishes national Standards to protect individuals medical records and other personal information and applies to health plans, health care clearinghouses and those health care providers that conduct certain health care transactions electronically.

Broadly speaking, the HIPPA security rule requires implementation of three types of safeguards:

. Administrative

. Physical

. Technical

If you must use fax communication, you must follow some safeguards;

1) Never let incoming faxes sit on publicly available fax machine.

2) Dump your manual faxing machine and use a HIPPA compliant cloud fax service.

3) Always use cover pages when faxing.

4) Keep an audit trail.

A breach in HIPPA is defined as the acquisition, access,use or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information.

HIPPA violation can be prevented by;

1) Never disclose passwords or share login credentials.

2) Never leave portable devices or documents unattended.

3) Do not text patient information.

4) Don't dispose of PHI with regular trash.

5) Never access patient records out of curiosity.

6) Don't take medical records with you when you change job.

Also ,HIPPA breaches can be handled by : investigating, mitigating and reporting.