agreement. Under HIPAA rules, covered entities cannot disclose PHI to
unauthorized persons, and the lack of a business associate agreement
left patients' sensitive health information vulnerable to misuse or
improper disclosure.
Protect yourself
HIPAA penalties are based on the level of negligence, with a maxi-
mum penalty of $1.5 million per violation. When determining penal-
ties, the Office for Civil Rights takes into account the length of time a
violation persisted, the number of people affected, the nature of the
PHI exposed and the organization's willingness to assist with the
investigation. A long-running violation could have overwhelming
financial repercussions, and it may also lead to the censorship of
nurses, nursing management, administrators and even physicians.
Any person who comes in contact with protected health information
at your facility is required to abide by HIPAA policies. Make sure your
physicians and staff know the guidelines and the risks of not adhering
to them. Keep in mind that recent nursing graduates may have spent
more time studying HIPAA than tenured nurses.
HIPAA gives patients more control over their health information.
They can request a copy of their electronic medical record in elec-
tronic form. Patients who pay out of pocket in full can instruct their
healthcare provider to refrain from sharing information about their
treatment with their health plan (including Medicare). Patients can
also set new limits on how information can be used and disclosed for
marketing and fundraising purposes, and prohibit the sale of their
health information without their permission.
OSM
Ms. Sever (shaun@splegalnurse.com) is the founder and
president of SP Legal Nurse Consulting in Eaton Rapids, Mich. She is also a
retired U.S. Army sergeant with 20 years of service.
J U L Y 2 0 1 7 • O U T PA T I E N T S U R G E R Y. N E T • 2 1