Breaking Compliance News Blog

HIPAA Hazard: Forgetting the Boss

Posted by Margaret Scavotto, JD, CHC on 3/9/16 7:30 AM

Find me on:

The Hazard.

Most providers routinely train employees on HIPAA—but many forget the boss. Individuals in a leadership position are even more likely to be asked about patients by the media. And yet many providers skip training at the executive level because they don’t want to be a bother. It is in everyone’s best interests, including the boss’s, to make HIPAA training a bother. 

The Example.

A medical center entered a $275,000 HIPAA settlement after two senior level executives discussed a patient’s medical care with the media, without the patient’s authorization. In addition, senior management shared information about the patient’s condition, diagnosis and treatment with the entire workforce by email. 

What You Can Do.

  • Ask yourself: Who attends HIPAA training? What about the CEO? The Board? Doctors? Who is most likely to speak with the media?
  • It can be tempting to leave execs out of training because we know they’re busy, but be careful when it comes to compliance, including HIPAA. They might not come to your 7 am in-service, but find a way to get them the info they need.
  • Include all employees, including management, leaders and executives, in HIPAA training. These individuals help set the tone of your organization, and can lead employees to HIPAA compliance—if they know what to do.
  • Keep in mind that HIPAA education for leadership might need to be done a little differently than HIPAA education for patient care staff. Tailor education content, including hypotheticals wherever possible, to the specific HIPAA situations your audience might encounter.

Free  HIPAA Checklist




Topics: Penalties and Enforcement, HIPAA

    Privacy Policy           Terms of Use