A patient underwent diagnostic testing in the hospital where she was employed. She received a copy of the laboratory results, and when she read them, she noticed that a physician had noted her employee status. Does this violate HIPAA?
The HIPAA security rule requires this type of assessment. However, many healthcare organizations have never completed a risk assessment, have not kept it up to date, or have failed to address all necessary areas of risk.
Cascade Healthcare Community, a three-hospital health system headquartered in Bend, OR, was one of those CEs that found itself under the microscope.
Unfortunately for Cascade, a virus invaded part of its computer system in December 2007, exposing the data of more than 11,500 donors and landing the healthcare system in the headlines.
Memorial Hermann Healthcare System (MHHS) in Houston includes nine acute care hospitals, one children's hospital, three long-term acute care hospitals, three specialty care hospitals, 21 regional affiliates, a home health agency, a retirement/nursing center, 10 ambulatory surgery centers, 21 imaging centers—and only one HIM department.
Prior to July 1, 2008, however, that was not the case. MHHS' medical records/HIM departments used to be facility- based. Each hospital had its own medical records department, its own coders, and its own vendors. But MHHS' leadership recognized that in an era when cost savings are a must, this model was not as efficient as it could be. A restructuring of the department was in order.
Untreated mental conditions can prevent patients from properly managing physical health, thus causing the patient to be readmitted to the hospital, which is why case managers should coordinate mental and physical treatments.