Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reputation Management Surviving a HIPAA Breach or Audit Carolyn P. Hartley, MLA President, CEO Physicians EHR, Inc Former VP, Media Relations Presented.

Similar presentations


Presentation on theme: "Reputation Management Surviving a HIPAA Breach or Audit Carolyn P. Hartley, MLA President, CEO Physicians EHR, Inc Former VP, Media Relations Presented."— Presentation transcript:

1 Reputation Management Surviving a HIPAA Breach or Audit Carolyn P. Hartley, MLA President, CEO Physicians EHR, Inc Former VP, Media Relations Presented to MGMA October 7, 2013

2 What to Do in the Event of a Breach Applies to all Covered Entities

3 Make Plans Before It Happens A breach will happen OCR Audit of a complaint is more internal Internal policies and workforce management OCR Response to a breach is more external Internal policies, workforce management, reputation management tionrule/breachtool.html tionrule/breachtool.html Preparation is preventive medicine for a potentially hostile environment. “Hope is not a strategy.” © 2013 Physicians EHR, Inc.

4 Breach & Crisis Outline Manage the Message The Notice Breach Triage – was this really a breach? Notice and processes that serve as infrastructure for content Methods of notification Working with OCR Processes to Support The Notice Internal Layers Processes that support the letter Working with law enforcement (oral and written) People to Include on Your Team Ideal Team Attorney Insurance Agent If relationship with reporter © 2013 Physicians EHR, Inc.

5 Crisis Behavior Finger pointing. Blame. “Not my fault.” Internal loss of productivity, organizational instability, question documentation Reputation management: Customer (patient) management Regulatory management: How forthcoming do we need to be vs what is expected of us? Art of dealing with bad news. © 2013 Physicians EHR, Inc.

6 First Response Breach Get the Facts. Pre-build a first response “First let’s find out what really happened.” “Get our breach response team on the phone.” “I’m sorry this happened to you. Let’s talk about how we will move forward.” Don’t lie and undermine the situation. © 2013 Physicians EHR, Inc.

7 © 2011 Physicians EHR, Inc. 7

8 The Notice: Content for Notification Dear Patient, This is what happened Dates of event and discovery Description of what was breached For example: name, SS#, date of birth, account number, insurance number Recommend steps patients should take to protect themselves What you are doing to investigate the breach Contact info for patients to learn more © 2013 Physicians EHR, Inc.

9 The Breach: Initial Triage What happened? Who, what, when, where, why? Open Breach file, document everything Identify PHI Get Details Attorney Identify whether this is breach Insurance Agent – put on notice Administrator / Practice Manager Bring Policies & Procedures Contact Lead Team © 2013 Physicians EHR, Inc.

10 The Notice Internal Processes Which patients? (How identified? Using audit trails?) Contact info? Patients / Personal Reps Dear Patient Date discovered What was stolen, what PHI did it contain? How many affected? This happened © 2013 Physicians EHR, Inc.

11 The Notice Internal Processes Policies currently in place Did individual violate policy? Sanctions, Training Document actions Additional risk management Safeguards already in place Research Medical Identify Theft Processes Response to unhappy patients How individuals Should Protect Themselves © 2013 Physicians EHR, Inc.

12 The Notice Internal Processes Identified all affected individuals Arrange professional monitoring, including establishing an account. Manage any incidents that arise from stolen records Establish hot line – who takes calls? Trained in what to say? What We Are Doing Contact bank, monitor accounts Alert credit agencies Medical Identify Theft Procedures How individuals Should Protect Themselves © 2013 Physicians EHR, Inc.

13 Breach Timeline (1+ Individuals Affected) First knowledge of breach Identify affected individuals, send notice via 1 st class mail or phone If 10 or more Pts cannot be located, post notice on website & notify media If more than 500, notify HHS Maintain log of all breaches, file with HHS at end of year © 2013 Physicians EHR, Inc. Day 1Days End of year

14 Consumers: Still a Sleeping Giant Patient Rights Accounting of Disclosures Omnibus Rule: from EHR For TPO Request Amendment Alternative Communication File a Complaint Access, Copy EHR Summary of Care QI Dictation EHR – generated Diagnosis Breach Less than 500 © 2013 Physicians EHR, Inc.

15 Unresolved Policy Issues How will privacy for mental health, substance abuse be secure in Health Information Exchanges? How will Behavioral Health privacy requirements be impacted by Patient Centered Medical Homes & ACOs? How can Behavioral Health providers be included in Meaningful Use incentives? © 2013 Physicians EHR, Inc.

16 Questions, Comments © 2013 Physicians EHR, Inc.

17 Resources Confidentiality of Alcohol and Drug Abuse Patient Records: Title 42 eCFR idx?c=ecfr&sid=02b3d b503b8d4ba0111d0e35&tpl=/ecfrbrow se/Title42/42cfr2_main_02.tpl idx?c=ecfr&sid=02b3d b503b8d4ba0111d0e35&tpl=/ecfrbrow se/Title42/42cfr2_main_02.tpl Step by Detailed Step Guidance on EHR Implementation, “Solutions in Behavioral Health” by Jordan Oshlag content/uploads/2010/12/Responding-to-a-Breach pd content/uploads/2010/12/Responding-to-a-Breach pd Office for Civil Rights New Jersey Division of Association of Health Agencies Behavioral Health EMR by Ken Gersing, MD, Director of Clinical Information Services, Dept. of Psychiatry, Duke University Med Center bebb724f087a2314ab bebb724f087a2314ab © 201 Physicians EHR, Inc.

18 Thank you! Carolyn Hartley, CHP, MLA PH: x103 © 2013 Physicians EHR, Inc.


Download ppt "Reputation Management Surviving a HIPAA Breach or Audit Carolyn P. Hartley, MLA President, CEO Physicians EHR, Inc Former VP, Media Relations Presented."

Similar presentations


Ads by Google