Avoiding HIPAA Violations

Michael L. Smith HeadshotBy Michael L. Smith, JD, RRT

Every respiratory therapist knows that the Health Insurance Portability and Accountability Act (HIPAA) requires hospitals and health care providers to maintain the confidentiality of their patients’ protected health information (PHI). RTs may not know that the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) is investigating HIPAA violations and imposing sanctions on hospitals and other covered entities for violations. RTs also may not know that the Department of Justice is criminally prosecuting particularly egregious HIPAA violations.

HIPAA violations still occur despite the fact that we have years of training and experience in protecting patient privacy. Hospitals and health care systems take HIPAA violations seriously and frequently terminate employees for those violations. RTs can avoid violating HIPAA, and the consequences associated with a violation, by avoiding the following mistakes.

Never use a patient’s PHI for personal gain. Unfortunately, this example is not too obvious to include here. A nurse in Arkansas pled guilty to criminal charges of deliberately misusing a patient’s PHI for personal gain. The nurse provided PHI on a patient to her husband so that her husband could use the information in a lawsuit involving the patient. The nurse pleaded guilty to wrongful disclosure of the patient’s health information. Another hospital employee inCalifornia pleaded guilty to selling celebrity medical information to at least one media outlet. Numerous celebrity medical records were involved, but the prosecuting attorney did not release the names of the celebrities.

Never snoop in a patient’s medical records. A hospital inHouston fired 16 employees for snooping into the medical records of an acquaintance out of curiosity. A hospital inArkansas suspended a doctor and fired two employees who snooped into the records of a local newscaster to satisfy their own curiosity. RTs should know that hospitals track the computer activity of their employees and their medical staff. Those same hospitals fire employees who inappropriately access patient records.

Never share PHI with people who have no legitimate reason to know the information. The OCR investigated a hospital and an employee in its surgical department based upon that employee providing a surgery schedule to a hospital supervisor. The surgery schedule included the name and PHI of one of the supervisor’s employees who was scheduled for surgery. The supervisor had no legitimate reason to know about his employee’s PHI.

Never share your computer passwords and log on information. Most hospitals have a policy requiring their employees to keep their computer passwords and log on information confidential. Those same hospitals are monitoring their employees’ computer activity using those same passwords and log on information. RTs who share their passwords and log on information with other people will eventually be required to explain instances of inappropriate access to PHI and the violation of their hospitals’ policies.

Never leave a computer unattended without logging off of the computer. Many hospitals have written policies requiring employees to log off their computers before leaving those computers unattended. RTs should not leave a computer unattended without logging off even if their hospital does not have a written policy.

Never communicate PHI to a patient by a method that the patient has not approved. RTs should confirm where their patients have authorized them to leave PHI. The OCR has investigated complaints against health care providers who left telephone messages including PHI at a patient’s home telephone number when the patient gave specific instructions to only be contacted through a cellular number.

Never discuss a patient’s PHI in such a manner that other individuals with no right or need to know the information can overhear the information. A hospital disciplined two of its employees for discussing a patient’s PHI with the patient in the waiting room, which allowed other patients and visitors to overhear the discussion. The patient’s complaint was investigated by the OCR, which found the hospital employees did not take reasonable efforts to avoid the disclosure of PHI. RTs are often treating patients in emergency rooms and other areas that do not provide the best privacy. Only discuss what you absolutely must discuss with the patient in order to provide care. If possible, those patients should be moved to a more private area before discussing PHI.

Never leave a patient’s paper records open and available for prying eyes. Paper records containing PHI are still common and will continue to exist for the foreseeable future. RTs need to remember that HIPAA requires hospitals and health care providers to have reasonable safeguards in place to protect patient records including paper records. RTs should follow their employer’s policies and procedures on paper records including the policies on the destruction of paper records.

RTs can avoid violating HIPAA by only accessing the records they need to provide appropriate care to their patients and by using reasonable safeguards to protect those patient records.

Michael L. Smith, JD, RRT is board certified in health law by The Florida Bar and practices at The Health Law Firm in Altamonte Springs, Florida. This article is for general information only and is not a substitute for formal legal advice.

 

This article was originally published in Advance for Respiratory Care and Sleep Medicine.

By |2024-03-14T10:00:25-04:00June 1, 2018|Categories: In the Know, The Health Law Firm Blog|Tags: , , , , , |Comments Off on Avoiding HIPAA Violations
Read More

Patient-supplied Respiratory Equipment in the Hospital

The Health Law Firm Michael L. SmithBy Michael L. Smith, JD, RRT

Hospitals and respiratory therapists regularly receive requests from patients asking to use their own respiratory therapy equipment in the hospital. Chronic pulmonary patients are generally reluctant to change their treatment regimen and may request they be permitted to continue using their home ventilators or positive airway pressure units in the hospital. Generally, hospitals should not allow patients to use their own medical equipment.

Patient-supplied medical equipment poses numerous risks for hospitals and their RTs. Patient supplied equipment may be a different model than what the hospital’s RTs and other staff routinely use, which can contribute to errors in the equipment and alarm settings. The hospital may not have compatible parts to ensure that the patient-supplied equipment remains functional during the patient’s hospital stay.

Another risk for the hospital and its staff exists because the patient may not have properly maintained the medical equipment. The hospital and its staff cannot easily determine whether the patient-supplied medical equipment has been regularly serviced, including any necessary modifications based upon recalls. While a particular piece of equipment may appear well maintained on the surface, it could have numerous deficiencies that are almost impossible to detect by the hospital and its staff.

The hospital and its staff may be assuming significant legal liability by allowing patients to use their own medical equipment. Patient-supplied medical equipment that malfunctions could conceivably cause injury to multiple patients and hospital staff. Consequently, hospitals should avoid allowing patients to use their own medical equipment in the hospital.

Despite the risks, most hospitals still allow the use of at least some patient-supplied medical equipment under certain circumstances.

Whenever the hospital elects to allow patient-supplied medical equipment, it should involve the hospital’s counsel, risk manager, and all the necessary hospital departments in the process.

Most hospitals that allow patient-supplied medical equipment have some type of policy on the use of that equipment. Those policies should require written approval from the patient’s physician stating that the patient-supplied equipment is suitable based upon the patient’s current medical condition. Every policy also should require notice to all the clinical and non-clinical departments necessary to ensure the equipment is in good working order and safe to operate. Every piece of electrical equipment must be thoroughly checked for electrical safety, usually by the hospital’s biomedical department.

Whenever the hospital agrees to allow patient-supplied medical equipment, the hospital should have the patient sign a waiver that explicitly states that the hospital is not assuming any liability for the equipment. The waiver also should permit the hospital to use substitute equipment in the event the patient-supplied equipment fails or the patient’s condition changes. Unfortunately, the hospital probably cannot completely absolve itself of any liability for patient-supplied medical equipment, even when the patient signs a waiver.

In the event the patient-supplied equipment fails, the hospital staff will need to intervene and provide appropriate care to the patient, even if the patient assumed all responsibility for the equipment. The hospital staff also will need to regularly check to confirm that the equipment is functioning properly and that the medical equipment remains appropriate for the patient’s condition. Of course, the hospital staff must document their regular assessment of the patient-supplied medical equipment.

Michael L. Smith, JD, RRT is board certified in health law by The Florida Bar and practices at The Health Law Firm in Altamonte Springs, Florida. This article is for general information only and is not a substitute for formal legal advice.

This article was originally published in Advance for Respiratory Care and Sleep Medicine.

By |2024-03-14T10:00:25-04:00June 1, 2018|Categories: In the Know, The Health Law Firm Blog|Tags: , , , , , , |Comments Off on Patient-supplied Respiratory Equipment in the Hospital
Read More

Florida Respiratory Therapist Arrested for Alleged Elder Abuse

1 Indest-2008-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

A Lee County, Florida, registered respiratory therapist at HealthPark Medical Center in Fort Myers, Florida, was arrested and charged with battery on an elderly patient. The respiratory therapist was arrested by the Attorney General’s (AG) Medicaid Fraud Control Unit (MFCU). The arrest was announced by the AG on February 14, 2014.

To read the news release from the AG, click here.

Respiratory Therapist Accused of Fracturing Patient’s Hand.

According to the AG, the respiratory therapist allegedly abused a 68-year-old intensive care unit patient by severely bending his fingers back resulting in a bone fracture in the patient’s hand, while the man’s arms were restrained.

The respiratory therapist is charged with battery on a person over the age of 65, which is a third-degree felony. If convicted, the alleged abuser faces a minimum sentence of three years in prison and up to $10,000 in fines.

MFCU Conducted Investigation.

The MFCU’s investigation led to the MFCU issuing a warrant for the respiratory therapist’s arrest. The case will be prosecuted by the Lee County State Attorney’s Office.

According to the AG, in addition to Medicaid fraud, the MFCU investigates abuse, neglect and exploitation of elderly or disabled people in health care facilities.

Contact Health Law Attorneys Experienced in Handling Medicaid Audits, Investigations and other Legal Proceedings.

Medicaid fraud is a serious crime and is vigorously investigated by the state MFCU, the Agency for Health Care Administration (AHCA), the Zone Program Integrity Contractors (ZPICs), the FBI, the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (DHHS). Often other state and federal agencies, including the U.S. Postal Service (USPS), and other law enforcement agencies participate. Don’t wait until it’s too late. If you are concerned of any possible violations and would like a confidential consultation, contact a qualified health attorney familiar with medical billing and audits today. Often Medicaid fraud criminal charges arise out of routine Medicaid audits, probe audits, or patient complaints.

The Health Law Firm’s attorneys routinely represent speech therapists, occupational therapists, vocational therapists, therapy groups, physicians, dentists, orthodontists, medical groups, clinics, pharmacies, assisted living facilities (AFLs), home health care agencies, nursing homes, group homes and other healthcare providers in Medicaid and Medicare investigations, audits and recovery actions. To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

What do you think of these charges? Please leave any thoughtful comments below.

Source:

Florida Attorney General. “Lee County Man Arrested for Elder Abuse.” My Florida Legal. (February 14, 2014). From: http://bit.ly/1o6vq0J

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

 

 

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

By |2024-03-14T10:00:55-04:00June 1, 2018|Categories: Medicaid Fraud Control Unit, The Health Law Firm Blog|Tags: , , , , , , , , , , , , , , , |Comments Off on Florida Respiratory Therapist Arrested for Alleged Elder Abuse
Read More
“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A.
The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 2022 The Health Law Firm. All rights reserved.
FacebookInstagramLinkedInTwitterYouTube
Toggle Sliding Bar Area
Go to Top