March 02, 2017

HIPAA Breaches & Desk Audits - Pharmacy Compliance Guide

31 minutes

What is a breach?

In simple words, the loss of patient protected health information, either printed or electronic.

How common is breached within pharmacies?

There are two types of pharmacies and pharmacy owners,

The first are the ones who know they have had a breach

The latter are the ones who have had a breach and don’t know about it

How can I have a breach and not know about it?

Simple, has your pharmacy clerk ever given a patient another patient’s medication?

That is a breach

Can you give me examples of breaches?

Pharmacy is robbed and the will-call bin is stolen

Pharmacy is robbed and the server is stolen

Staff pharmacist has a laptop stolen

The delivery driver has their vehicle is stolen which is full of prescriptions to be delivered

Billing manager has a jump drive with patient files for billing to work at home and loses it on the bus

What do I do when a breach occurs?

First, don’t panic

Get the facts

Complete a Potential Breach Evaluation and a Risk Assessment

Determine whether the breach is reportable or non-reportable to HHS/OCR

Document everything

What is OCR Desk Audits

Tested in 2016

Launched on January 1, 2017

Notification via U.S. Mail and Email

Also conducting no notice on-site inspections

What is the OCR asking for?

Notice of Privacy Practices (date must be after 07/01/2013)

Risk Analysis

Risk Management Plan

Disaster Recovery Plan/Contingency Plan

Annual Privacy and Security Assessments

Random Policies and Procedures

On-Site Inspections

Same as above, but in person

The first question is to the person at your counter, normally your clerk

Can I have a copy of your Notice of Privacy Practice?

They have to know the answer and provide the NOPP

Penalties for Non-compliance

Fines up to 1.5 Million Dollars

Is there help available to pharmacies?

Yes, but you get what you pay for

You can buy a set of policies and procedures, but if you have breached, especially a reportable breach:

Will the consultant stay with you when you need them the most?

Will they charge you extra?

Will they provide the correct advice?

How do you know how to pick a consultant?

Ask your peers

Ask hard questions about how they have handled client breaches and inspections

Do you get detailed answers from the consultant?

Do you referrals from multiple people?

...more

View all episodes

By RJ Hedges

March 02, 2017

HIPAA Breaches & Desk Audits - Pharmacy Compliance Guide

31 minutes

What is a breach?

In simple words, the loss of patient protected health information, either printed or electronic.

How common is breached within pharmacies?

There are two types of pharmacies and pharmacy owners,

The first are the ones who know they have had a breach

The latter are the ones who have had a breach and don’t know about it

How can I have a breach and not know about it?

Simple, has your pharmacy clerk ever given a patient another patient’s medication?

That is a breach

Can you give me examples of breaches?

Pharmacy is robbed and the will-call bin is stolen

Pharmacy is robbed and the server is stolen

Staff pharmacist has a laptop stolen

The delivery driver has their vehicle is stolen which is full of prescriptions to be delivered

Billing manager has a jump drive with patient files for billing to work at home and loses it on the bus

What do I do when a breach occurs?

First, don’t panic

Get the facts

Complete a Potential Breach Evaluation and a Risk Assessment

Determine whether the breach is reportable or non-reportable to HHS/OCR

Document everything

What is OCR Desk Audits

Tested in 2016

Launched on January 1, 2017

Notification via U.S. Mail and Email

Also conducting no notice on-site inspections

What is the OCR asking for?

Notice of Privacy Practices (date must be after 07/01/2013)

Risk Analysis

Risk Management Plan

Disaster Recovery Plan/Contingency Plan

Annual Privacy and Security Assessments

Random Policies and Procedures

On-Site Inspections

Same as above, but in person

The first question is to the person at your counter, normally your clerk

Can I have a copy of your Notice of Privacy Practice?

They have to know the answer and provide the NOPP

Penalties for Non-compliance

Fines up to 1.5 Million Dollars

Is there help available to pharmacies?

Yes, but you get what you pay for

You can buy a set of policies and procedures, but if you have breached, especially a reportable breach:

Will the consultant stay with you when you need them the most?

Will they charge you extra?

Will they provide the correct advice?

How do you know how to pick a consultant?

Ask your peers

Ask hard questions about how they have handled client breaches and inspections

Do you get detailed answers from the consultant?

Do you referrals from multiple people?

...more

Share HIPAA Breaches & Desk Audits - Pharmacy Compliance Guide

Sign up to save your podcasts

HIPAA Breaches & Desk Audits - Pharmacy Compliance Guide

HIPAA Breaches & Desk Audits - Pharmacy Compliance Guide