and security rules (osmag.net/
vkV7JQ), and those that reveal deficiencies may be expanded into on-
site audits or more detailed inquiries into all of a facility's HIPAA prac-
tices.
With patient complaints and enforcement actions on the rise, orienta-
tion sessions and annual refresher courses may not be enough to keep
your facility on the right side of the law. In addition to continuously
monitoring compliance, you may need to take the extra steps of indi-
vidually training affected staff members as needed, such as after a pri-
vacy breach incident. Delivering periodic reminders of HIPAA's obliga-
tions and protections via facility-wide e-mails can also help to promote
awareness of, and avoid, common privacy pitfalls.
OSM
Ms. Dornfeld (ldornfeld@bracheichler.com) is an attorney in the health law
practice group at Brach Eichler in Roseland, N.J., where she represents providers
in corporate, transactional and regulatory matters.
S E P T E M B E R 2 0 1 6 • O U T PA T I E N TS U R G E R Y. N E T • 3 7