How You Can Protect Patient Information and HIPAA Compliance

Posted by Team PracticeForces on Dec 3 2014


PracticeForces CEO, Kunal Jain, hosted a healthcare panel for hundreds of independent physicians and small practices in the Tampa Bay area.

During the panel, Jain discussed with the top area doctors on topics such as ObamaCare, Medicare HMOs, HIPAA compliance and the role of private practice to protect patient information. 

Kunal Jain, CEO, PracticeForces:

In a glitch towards the technology side (I am reading this out of a story picked from Internet), a 4.8 million dollar lawsuit has been made out of a stolen laptop from a hospital. Just think: the hospital has nothing to do with the laptops. Their employees used them, and one was stolen from an employee's home.

That’s a 4.8 million dollar lawsuit and 1.9 million dollar settlement after an unencrypted laptop was stolen from a facility. According to the OCR report and office of OCR, fines can now total 1.5 million dollars per HIPAA violation; the agency appears to be shifting to a more punitive enforcement approach. 

In the last six weeks alone, there were more than 10 million-dollar settlements over HIPAA breaches. Of course, entrepreneurship opportunities come with challenges, and that we have to deal with.

Does anybody have any thoughts on how to prevent these kinds of settlements, or how to prevent these huge liabilities, which are generating out of entrepreneurship technology?

Dr. Jawahar Taunk, MD, Gastroenterologist:

I do not know that I will have answer to that, but at a physician’s level, you can do certain things, like have a HIPAA compliant officer trained every year. You can make sure your IT guy is compliant with the HIPAA.  If you are transporting information from hospital to office, or office to surgery center, make sure it is password protected.

Kunal Jain:

As practice owners and physicians, how do you make sure that the people you hire comply with these things, use these technological tools, and do what they are supposed to do? That is the biggest challenge. You are a doctor busy in different things, but when it comes to employees and vendors, this is where the most of these things happen. It gets out of hand… it does not get out of hand. It goes out of your employees' hands, and it goes the employees who work from home or remotely work.

Dr. Rajan Naik, MD, JSA Healthcare:

I use this simple example: every day, I get six faxes from a company in Kansas City stating that a patient has asked for diabetic supplies. “Doctor, will you please sign?” Then, the next three faxes come and a patient needs a knee brace; “can you prescribe a knee brace?” The other faxes come, and I call the company and ask “where do you get this data?” They say “no, no, your patient called.” So, I call the patient; all the patients.  “No, Dr. Naik, I never called them.” I got a blank call. “Hi, you have diabetes, you are taking Metformin… we can supply you strips to your home, delivered.”

So, somebody stole this patient's data from either my office, my billing company or the pharmacy, and it is a major problem. We need to stop it, but I do not know how to stop it, or who does it. This happens everyday in my practice. I sometimes call the company, but they are all fraud people. I do not how to prevent it.

Radha Bachman, ESQ, Shareholder at Carlton Fields Jordan Burt:

I have an interesting story about this. Actually, my father is in medical practice as a client of mine and of my firm. About three years ago, I called him and asked if he had done HIPAA training for his staff recently. “You know, we need to get that scheduled. I will come down. I will not charge you my travel time. It is a discount for the family member and I will come down and do your training, and it will be an hour at lunch time, or something like that.” His response was “we do not care about HIPAA, HIPAA is not important, tell us how to make more money. By coming down to do your presentation, I will invite some of my friends over and we will talk about how to make more money in our practice.”

Some of the settlements have come about, and they are very widely publicized for a particular reason; to prevent these kinds of issues and to encourage compliance with the HIPAA Regulations. Recently, I got a call from him during work hours where he says, “we need to get that HIPAA compliance training scheduled. That is really important. There are some of our staff who have not had it done, and so certainly there has been a shift at the government level in terms of the patient privacy issues.”

I mean, HIPAA has been around the long time, and high tech came about with the ACA. There is some new regulations there, and enforcement is really at an all time high. They are not just looking at large hospitals systems; they are looking at small practices, and they are looking for people to make complaints.

They are incentivizing, not necessarily financially, but for a number of patients out in the community who look for opportunities to deal with, whether they get money or do not get money. It puts the physicians in the spotlight, and so I have tried to tell my clients that what you do not want is to be in the news for not protecting patient's privacy. There is a stigma attached to that, which you really cannot ever get rid of. Anytime someone goes your practice, the first thing that is going to come up is the settlement that you entered into. I think it is very important that practices take HIPAA seriously.

When I say that, I do not mean to an extreme, because that is the other challenge I see with clients; they get to a point where it is “do not tell anybody anything, ever,” and that is obviously not a good approach for patient care. This is especially true in the mental health space. There has been a lot of discussion at the government level about it. What I would tell you is: always use common sense when making decisions about whether to disclose information, and certainly have an understanding of HIPAA.

You need to make sure that your staff is trained, and that they understand the importance of it. Not only one time, but with ongoing support. In the long run, I think it is a very small investment, yet is basically an insurance policy if the government ever decides to investigate.


Request a Consultation

Topics: private practice, HIPAA, medical practice

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all