Today everyone in the healthcare industry is aware of the impact of HIPAA, (the Health Insurance Portability and Accountability Act) on their daily activities. Protection of patient privacy is a paramount concern as release of patient information can have serious consequences for the patient as well as the provider. While every healthcare worker has an awareness of these regulations, few realize how easily an infraction of policy can be committed, and the associated risk to management is significant.
Of greater concern is how easily the most innocent act can be judged a violation of patient privacy rights.
One particular incident involved the taking and posting of baby pictures in a hospital maternity ward. Years ago, this would have been encouraged and everyone would have agreed that this was the appropriate thing to do. After all, what proud parent would not want their baby's picture posted for all to see? Well, the mother who did not want her parents, or perhaps an ex-husband to know is just one example.
But-it was just posted in the maternity ward-who else would even see it? Potentially, millions of people, and that is not a complete exaggeration at all. Social media is everywhere and available to virtually everyone. We have all heard of Face book and YouTube videos going "Viral" and even the simplest seemingly insignificant pictures and videos can take off in a global exchange that makes the term viral seem an understatement.
An innocent photo of a coworker at a healthcare institution resulted in the termination of several workers, one a doctor. A seemingly harmless photo of an ER patient who was intoxicated led to further problems for another facility.
And another was a appallingly graphic photo of a man who was stabbed in a nursing home showing the man's throat cut.
With so much at stake, this adds yet another layer to the scenario of risk management that healthcare management needs to address. The point of the above examples is that photos we used to regard as innocent, of general interest or amusing take on a whole new meaning when electronic media is factored in. This goes far beyond the protection from the willful invasion of privacy such as giving patient files to un authorized persons or institutions as the original intent of HIPAA undoubtedly was, as we must now consider well intended and accidental violations of privacy. These are the dangerous pitfalls as they are totally unpredictable until a letter arrives advising a hospital or healthcare institution that they are under litigation by a patient.
It is unfortunately only then that some healthcare managers realize that there may be a gaping flaw in their risk management strategy.
What then is the solution? Clearly training and awareness are a major component in risk management, but no amount of training can be completely depended upon when the slightest error can cause far reaching consequences.
Fortunately, there are financially prudent and cost effective products available to help mitigate or eliminate the exposure. The difference is that these policies are focused on a specific risk which is HIPAA violation, such as regulatory infractions, accusations of fraud and privacy issues. The cost of these policies relative to the potential financial exposure is nominal and a growing number of facilities acknowledge these tools as a fundamental part of their risk management strategy.
Gallagher Healthcare is the nation’s number one medical malpractice broker in the nation, and offers coverage in many areas of healthcare. Gallagher also offers a wide variety of insurance types tailored to specific client needs. Our newest offering covers patient privacy and regulatory issues and was developed to address a very real and growing aspect of healthcare provider exposure and risk.