When it comes to HIPAA breaches, the number of providers, insurers and business associates failing to safeguard patient health info is so staggering it has many organizations looking to place blame. But according to Adam H. Greene, partner at Davis Wright Tremaine, LLP, there’s no clear culprit.
“I apologize, but I’m not going to be able to answer the question today of who is at fault during a HIPAA breach,” Greene told attendees during a HIMSS16 session Wednesday on understanding the function of HIPAA breaches. “The government hasn’t yet decided.” The truth is that it’s tough to navigate HIPAA issues once you take into account the network of health care operations, he added. It’s complicated with many specifications.
The problem is that many healthcare leaders are not accurately reporting what HIPAA constitutes as breaches. This is a HIPAA violation in and of itself that usually goes unchecked. According to Greene, it comes down to providers needing to understand that anyone who accesses protected health information (PHI) must have a valid reason to do so, which includes staff and business associates.
Furthermore, health care leaders cannot assume that all connected entities are HIPAA compliant. Adding to the complexity and confusion are individual state laws concerning medical data breaches, Greene said. Organizations struggle to determine the relevant laws, and whether or not they are being broken.
“You have to be sensitive to the fact that state laws versus HIPAA, (sic)” he added. “You have to look at both. State laws focus on unauthorized access, like computer data. This differs from HIPAA, which extends to user exposure.”
What healthcare leaders need to focus on to avoid breaches altogether is ensuring “Everyone understands what protected health information is and that’s there’s guidance, (sic)” he said. “The focus here isn’t that this is the correct answer versus this is wrong answer.” It’s about getting everyone on the same page.
Fill In The Form Below for industry news, and information about our services, events, webinars and more.