As patients continue requesting access to their Protected Health Information (PHI) in greater numbers, removing barriers to access continues to be one of the hottest topics in compliance. In addition to adding complexity to the process of disclosing PHI, this increased demand for access, and the accompanying U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) guidelines for providing easy access, has had the negative side effect of increasing breach risk.
To mitigate this rise in breach risk, healthcare organizations can standardize PHI disclosure processes and procedures across their organizations. As we gear up for the annual HCCA Compliance Institute, here are some things to keep in mind:
OCR Guidance Promotes Patient Access to Health Information
Under the new OCR guidance, healthcare organizations cannot create barriers or unreasonably delay patient access to health information. For example, one of the most common compliance mistakes is requiring patients or their personal representatives to submit HIPAA-compliant authorizations when requesting PHI.
Small Scale Privacy Breaches Are Also a Threat
Increased access for patients can also lead to an increase in small scale breaches affecting less than 500 patients at a time. Unlike more attention-grabbing cybercrimes or device thefts, breaches occurring during normal Release of Information (ROI) processes are far more common, and just as devastating to healthcare organizations.
MRO research has found as many as 40 points of disclosure within healthcare organizations, and with the growing number of requests flooding a changing market, risk will continue to rise as organizations attempt to handle the higher volume. Standardizing and centralizing PHI disclosure management is key to combating these breaches.
HIPAA Audits are in Play
OCR Phase 2 HIPAA audits are in motion and include Business Associate desk audits and HIPAA Breach Notification and Security Rule compliance evaluations. HIM and compliance professionals alike are eager to learn the findings of these audits, and we look forward to sharing what we learn as soon as more information is available.
To learn more about these hot compliance topics, visit MRO at booth #325 at this year’s HCCA Compliance Institute. Fill out the form to schedule your meeting.