Q Can a mental health and alcohol and chemical dependency treatment health center e-mail and text PHI between healthcare providers and between field caseworkers and patients? We have implemented a secure messaging solution, but it is the organization's policy to prohibit sending PHI via e-mail or text.
The death of an infant at an Illinois hospital made national news in June 2011. Genesis Burkett passed away due to a series of errors tied to human use of the hospital's EHR systems. (The infant was born prematurely to parents who had been trying to conceive for years, and had thrived after months in neonatal intensive care until he was killed by a massive sodium chloride overdose. (You can read more about the case in the Chicago Tribune at http://tinyurl.com/8xtdqrp.)
The dice were rolled and, surprise, you got a letter in the mail from the OCR. You were selected for a HIPAA compliance audit-one of 150 the OCR will conduct in 2012 via its contractor KPMG, LLP.
HIPAA privacy and security officers often spend a lot of time and effort protecting their healthcare organization from the threat posed to its PHI by outsiders. Most organizations do a pretty good job of recognizing the threats to critical assets from outside their own perimeter. However, they must also not ignore the threat that comes from those inside the organization, said Randall F. Trzeciak, who spoke at the Fifth HIPAA Summit West in September in San Francisco.
Briefings on HIPAA has obtained a copy of the $9.2 million contract with KPMG, LLP, the company OCR hired to conduct HIPAA compliance audits. The contract reveals some details about what healthcare organizations can expect when the audits begin.
Patients may have easier access to laboratory results under an HHS proposed rule, "CLIA Program and HIPAA Privacy Rule: Patients' Access to Test Reports," released in September.
