Assessment Of The Organization's Compliance With Hipaa Regarding The Use And Disclosure Of Phi For Research
1789 Words8 Pages
1. What do you want to review and why to begin your assessment of the organization’s compliance with HIPAA regarding the use and disclosure of PHI for research? My initial review would begin with conducting a risk assessment involving these areas:
a. Patient HIPAA agreements – I would review the organization patient HIPAA information release forms to ensure that the form follows the laws and regulations provided by HHS. Covered entities must comply with HIPAA rules requirements protecting the privacy and security of patient’s health information and must provide patients with rights regarding access to their healthcare records.
b. EHR agreements - A covered entity or business associate must comply with the applicable…show more content… Physical safeguards is the implementation of policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed which Disposal and Media Re-Use, areas mandatory to be addressed. Technical safeguards includes the implementation of policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights. Requirements include: Unique user identification, Emergency Access Procedures amongst other recommended areas for compliance. I would seek and review these policies to ensure the organization is being compliant. Noncompliance in this area could be detrimental for both the organization and for the patients serviced. If PHI is breached at the organization and there is no established procedure that would ensure corrective action immediately, HHS could impose hefty fines, patients may be notified and could file complaints as well.
c. Annual Compliance Programs – Annual or more frequent compliance reviews are essential to ensure that the employees understand the organization’s requirements to stay compliant with the state and federal guidelines required for healthcare operations. Every compliance program should