Texas Employee Fired for HIPAA Violations…Then THIS Happened
This is one of those examples of a potential HIPAA violation that seems more fiction than reality.
The Texas Tribune reports that Tracy Ryans was fired from the Texas Health and Human Services Commission for alleged misconduct to do with not ensuring the security of sensitive protected health information (PHI, which is any demographic information that can be used to identify a patient).
When her former employer mailed her boxes, she thought they’d contain the contents of her desk. Instead, the boxes contained hundreds of state assistance applications. These documents included Social Security numbers, green card certificates, billing statements, check stubs, and copies of driver’s licenses. Ironically, Ryans was allegedly fired for HIPAA violations, yet her former employer may have committed related violations, too.
Ryans contacted the appropriate authorities and ensured that the information was safely returned to the Texas Health and Human Services Commission.
At the time of this TT report, it’s uncertain whether this breach will result in a HIPAA violation and ensuing monetary penalties. The damage that could have potentially been done to these hundreds of patients had the information gotten into the wrong hands will never be known.
What Can You Do to Prevent Potential HIPAA Violations?
To ensure that data in transmission is kept safe and secure, all HIPAA-responsible organizations such as behavioral health professionals must have effective HIPAA policies and procedures in place. These policies and procedures are meant to create unified systems for handling data to ensure the privacy, security, and integrity of PHI. However, even with proper policies and procedures in place, errors like this potential Texas HIPAA violation can still occur. In those cases, HIPAA regulation mandates that health care organizations have incident management processes in place.
In the event that a breach occurs because of simple human error or a cyber-security incident, a HIPAA incident management can guide your organization through the necessary steps to report the incident to the Department of Health and Human Services, notify affected patients, and remediate the implications.
Compliancy Group gives behavioral health professionals confidence in their HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. Compliancy Group’s team of expert Compliance Coaches® field questions and guide users through the implementation process, taking the stress out of managing compliance. The Guard is built to address the full extent of HIPAA regulation, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, behavioral health professionals can focus on running their practice while keeping their patients’ data protected and secure. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!
Basic Telehealth Legal Issues: Rules, Regulations & Risk Management
Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!