How to Discipline an Employee for a HIPAA Violation
Vložit
- čas přidán 8. 06. 2024
- You found out recently that one of your employees committed a HIPAA violation.
Although all of their background knowledge from the training you gave them on the law tells them what is and isn’t allowed, they made a mistake. Their error could end up costing your organization thousands of dollars in fines and a loss in your reputation as a healthcare provider.
You’re facing a dilemma in this situation, though, because you put in a lot of time and resources into this employee and they’re one of the most valuable members of your team.
As a manager or administrator of a healthcare organization, you have a lot of responsibility placed on you to ensure your team is proactive and productive. However, every once in awhile certain circumstances will present themself that put you in a hard spot. Among those is a HIPAA violation.
Depending on the infraction, your organization might face a penalty so big that it could force you to close your doors. Worse yet, jail time isn’t off the table either.
But there’s also a sociology aspect to it as well. You don’t want your employees to clean out their desk and leave on the spot because you chewed them out, that won’t help your organization grow.
So what should you do when you face this dilemma?
LINKS:
____________________________________________
etactics.com/blog/hipaa-viola...
____________________________________________
Believe it or not, employee discipline for a HIPAA violation depends on the type of breach that occurred. Breach definitions and their recommended disciplinary action should exist within your policy manual.
There are three levels of a breach that we’ve defined, each of which has its own employee penalty; Level 1: Unintentional, Level 2: Curiosity or Concern With No Personal Gain, Level 3: Personal Gain or Malicious Intent.
First, let’s go over the proper discipline for a level 1 or unintentional breach.
A level 1 breach occurs when one of your employees accidentally or carelessly accesses, uses, discloses, or otherwise misuses protected health information (PHI). These are the minor breaches such as; Talking about PHI in. public spaces of your organization like elevators, lobbies, cafeterias, and printer rooms. Leaving PHI open or available for others to access like at an unlocked computer or left on an unattended desk. Mailing patient bills and statements to the wrong address. And attaching PHI to emails without encryption services.
Of course, I want to emphasize that no HIPAA breach is minor by nature. However, what’s important to understand is that level 1 breaches aren’t in any way malicious or done by a repeat offender.
So what do you do for a level 1 breach?
At this level, you most likely won’t have to report the breach to the Department of Health and Human Services (HHS). But they do still require some form notification and corrective actions. At any rate, disciplinary action for a level 1 breach isn’t severe in nature. You shouldn’t terminate or suspend an employee over a level 1 breach unless they’re a frequent, repeat offender.
Instead, employee discipline for a level 1 breach should include an oral or written warning, coaching, and retraining.
Believe it or not, these simple “punishments” will go a long way since it’s not an overly complicated violation.
When we get into a level 2 breach, discipline starts to get a little more severe.
You might be wondering, “Why would someone want to snoop into the PHI of people at your organization out of curiosity?” Actually, this type of violation happens more often than you might think.
Level 2 violations happen when a team member; Accesses a family members PHI, Accesses the PHI of a high-profile patient, Gossips about PHI outside of the organization.
Even to the most skilled compliance or human resources manager, coming up with the appropriate disciplinary action on the spot for a HIPAA violation isn’t realistic. There are too many factors involved.
But by classifying different levels of severity and defining their penalties through a policy, you’re making the process easier and more efficient. Compliance can’t happen without policies. HIPAA breaches happen at a rate of 1.4 times per day. So even if you haven’t experienced a violation, it’s important that you know how to handle them properly, including how to discipline your employees.
It’s not easy to discipline your employees for something they did on accident, but you simply can’t let HIPAA violations slide.
► Reach out to Etactics @ www.etactics.com
►Subscribe: rb.gy/pso1fq to learn more tips and tricks in healthcare, health IT, and cybersecurity.
►Find us on LinkedIn: / etactics-inc
►Find us on Facebook: / etacticsinc - Jak na to + styl
What if a board member, not an inployee,does a level 1 violation ? Like a county board member at a public board meeting having a constituent having a complaint about mental health services being denied to a patient .
The employee who disclosed my PHI got no disciplinary action given to him he actually told an third-party my phi with disregard for my privacy rights ocr is a Joke now he's currently a substance abuse counselor were he can disclose others phi.
If a class two privacy happen to an the employees what happens to their future and their records of this information
This just happened to me.
What can happen if a doctor abuses his power and gives the manger/supervisor permission to look into another employees medical records /violation of HIPAA LAW /PHI knowing the doctor is not the primary doctor of that employee.
How will you explain further if you disobey the Hipaa violation, such as informing the member's husband regarding a rejected claims but no Auth. Of Representation? You assisted call without the patients verbal's permission due to husband insisting for you to inform them what is going on to its wife's account, But in your end you just wanted to help the member so that the patient can get its medication.
This person is level 15 everything this person has said happened to me and no help from any agency not ocr not oag not oca none of them.