Risk Management on the PRMS Blog

In the July 14th issue of the New England Journal of Medicine, there was a review article titled “State of Telehealth.” In it, Drs. Dorsey and Topol describe the following three current telemedicine trends: “The first is the transformation of the application of telehealth from increasing access to health care to providing convenience and eventually reducing cost. The second is ...

The Office of Civil Rights (OCR) has announced its latest and largest HIPAA settlement to date.  Advocate Health Care will pay a settlement amount of $5.55 million and adopt a corrective action plan to bring a lengthy OCR investigation to an end.  In 2013, the Illinois-based health system first notified OCR of the theft of four unencrypted desktop computers, collectively housin ...

Did you notice the recent Washington Post headline “The American Psychiatric Association issues a warning: No psychoanalyzing Donald Trump?” The article included many examples of psychologists and physicians (including one psychiatrist) who have never evaluated celebrities but have nonetheless commented on their mental health. No matter how tempting, especially given the someti ...

The Federal Trade Commission (FTC) has asserted jurisdiction and, after some back and forth, found liability on the part of a laboratory for failure to protect data on its computer networks, resulting in breach of patient confidentiality. The lab’s data security practices were found to be unfair, in violation of the Federal Trade Commission Act. Here’s how the case unfolded: ...

Last week, Banner Health, one of the largest health systems in the country, posted notice of this year’s most substantial health care data breach.  A cyber attack affecting as many as 3.7 million patients, employees, beneficiaries, and customers was discovered almost a month after initially taking place on June 13, 2016.  The breach included patient names, addresses, and soci ...

A frequent call to our risk management helpline involves medical record retention. My standard advice of “retain as close to indefinitely as reasonably possible,” is typically met with resistance. I completely understand that paper records take up space, and it is expensive to securely store the records. However, the old saying is true – your record is your defense. One inquiri ...

Earlier this month I commented on a Los Angeles hospital’s computer system that was taken over by hackers, and the criminals demanded a ransom payment in bitcoin to release the electronic medical records.   The hospital ended up paying the ransom in 40 bitcoins (approximately $17,000), as demanded by the criminals. In that post I shared some technical advice from the Office of ...

Background: Under HIPAA’s Breach Notification Rule, individuals must be notified if their protected health information (PHI), which includes demographic and medical information, has been improperly accessed or disclosed. However, if the information is encrypted consistent the National Institute of Standards and Technology (NIST) guidance, using the Advanced Encryption Standa ...

1.  Encrypt! Admittedly, this lesson should have been learned quite some time ago. In 2014, one-third of Office of Civil Rights’ (OCR) resolution agreements were related to the improper disclosure of protected health information (PHI) due to the theft of an electronic portable device.  In 2015, half of OCR’s case resolution agreements involved the theft of portable devices.  W ...

Join our panel of PRMS risk managers on the first Friday of every month for “On Our Minds®.”  You can listen in as they discuss: Emerging trends in psychiatry Current events that may impact your practice Advice on protecting you, your patients and your practice New risk management publications and educational articles And more!     Clients: to listen live, visit P ...