Because of familiar relationships that develop within home settings, I/DD providers may be especially prone to innocent disclosures of private health information that can lead to costly fines and unwanted publicity. Like ignorance, federal enforcers of privacy rules won’t accept innocence as an excuse. Currently, DD providers are among 364 organizations currently under federal investigation for privacy infractions.
Residential services providers should be aware that they must hold business associates to high standards for protecting the private health information of clients. What this means is that you must make sure contractors and vendors are protecting private health information that may be accessible to them in the course of doing business with you.
In a recent memo, the U.S. Office for Civil Rights (OCR) raised this question: Is your Business Associate prepared for a security incident?
When it comes to enforcement of privacy rules, you can’t hide behind a cloak. That is the message of a recent federal settlement with the Archdiocese of Philadelphia. The Diocese recently agreed to pay $650,000 to settle potential violations under the Health Insurance Portability and Accountability Act (HIPAA), relating to the theft of a mobile device containing protected health information for 412 nursing home residents. Take note: We’re talking about a single incident of a stolen device.