Articles tagged with: patient’s privacy

HIPAA — Are Healthcare Providers doing their own Version of Captain America’s 70 year “Sleep?”

 

hipaa-complaint

     One of my favorite of the recent spate of Marvel superhero movies is “Captain America: The First Avenger”.  In that movie, Captain America fights Red Skull to protect earth from utter destruction.  One scene near the end of the movie actually makes me think of HIPAA.  Captain America awakens in a 1940s-style hospital room. Deducing from an outdated radio broadcast that something is wrong, he flees outside and finds himself in present-day Times Square, where S.H.I.E.L.D.  Director Nick Fury informs him that he has been “asleep” for nearly 70 years.
     When we discuss HIPAA with healthcare providers, we find that many simply do not take it very seriously.  The “teeth” of HIPAA regulations seem not to have been vigorously enforced in the past, leading many providers to believe there is little reason to worry about the details, thinking it was all bark, but no bite. As time has gone by, while some physicians and groups have tried to stay updated and compliant, many have taken no steps whatsoever, actually creating more chaos.  For example, when we first moved back to Missouri a few years ago, my wife took our kids to the doctor for the first time, and she was asked to fill out one form and put all the kids’ names on it, so that the practice could request their records from Michigan.  When the Michigan office got the form they then informed my wife that she had to fill out a form for each child to request records.  However, our new Missouri doctor said that the Michigan office was just being “overly cautious,” and that the one form should have been all that they needed.  We finally got the kids records, but it was rather difficult when one practice took HIPAA seriously and the next office did not.
     Within the last few years or so, the Department of Health and Human Services seems to be putting much more emphasis on the “bite” of HIPAA, and essentially to try to wake up those ignoring the HIPAA legislation from their Captain America “sleep”.  In 2014, HHS started conducting audits to find out whether covered entities were complying with the law.  The audits found that only 2-5% of those audited were actually in full compliance with HIPAA.  After this report, the Office of Inspector General (OIG) recommended that HHS begin implementing a permanent audit program to ensure compliance with HIPAA.  The enforcement efforts of these two agencies are effectively waking up many who are covered by HIPAA from their Captain America “sleep”, but just like in the movie, that awaking is not a relaxed, easing out of bed, but a cold slap-in-the-face type of awaking.
     As the enforcement efforts expand, HHS began another round of audits this year, and will actually be increasing the number of audits that will be conducted. Several covered entities have received notification that they are among the first round to be audited.  As random audits take place, every doctor, group, hospital, clinic, and other covered entities required to comply with HIPAA must awaken from their Captain America “sleep” as well, or they could face massive fines being imposed upon them for non-compliance.
     When we speak with doctors about HIPAA, most tell us that the law is simply an annoyance with which they would prefer not to hassle.  When we explain our detailed system for providing complete HIPAA compliance protection, many simply rely upon the fact that they “have never been audited before”, so they assume that they’re safe and won’t ever be audited. We point out that, just as it is too late to buy malpractice insurance after one has been sued, it likewise makes no sense to take chances on HIPAA compliance by waiting to see what happens.  The “sleep” from which they may awaken the day an auditor shows up in their office will be a harsh and sudden, and far too late to prepare for what might come from the audit being conducted. Likewise, many also seem to believe that if they are audited, they are either already compliant enough, or that any fine assessed against them will not be significant. That belief tends to ignore the very statistics (noted above) regarding how few providers have actually been found to be in compliance through the audits already conducted.
     While the details of HIPAA law are rather complex, it is pretty straight-forward about some of the basics — what it is you need to have and need to do — to comply with HIPAA.  You must have a HIPAA policy and procedure manual specific to your practice (so those who buy generic “manuals” on the internet are still asleep, as those simply do not constitute full compliance).  You must fully train every person on your staff on those policies and procedures at least twice a year (and you can’t “sleep” through this process with a short pamphlet for the staff to read). Likewise, you must conduct a thorough risk analysis at least twice a year to look for vulnerabilities and make sure you’re staying in compliance. Given that this is the hardest part of HIPAA compliance generally, one can see why physicians haven’t “awaken” to this part of the process.
     Those who are subject to HIPAA laws need to continually monitor the ever-changing regulations to stay aware of any updates or revisions that need to be made to their manual, training materials, and the type of risk analysis to be conducted.  There is a lot to do to stay in full compliance and it is clearly time for physicians and healthcare entities to wake from their sleep in order to be ready. Otherwise, that awakening will seem much like it did for Captain America, with a shock-to-the-system type of reaction the day the auditors appear.
#confidential #dentist #doctors #HIPAA #liability #medical practice #medical records #patient’s privacy

 

Nothing posted on Evidentiary Matters is to be considered legal advice or advertising.
The choice of a lawyer is an important decision and should not be based solely upon advertisements.

Save

Save

Save

How NOT to Utilize Social Media In Business

              Over the past few years, there has been a growth in the number of websites that allow customers, clients and patients to critique companies, services, and professionals, as well as an increased ability for people to use social media to express opinions, even anonymously. Since those with “gripes” tend to be more likely to get up on the internet soapbox, and reviews, therefore, may lean more negatively than supportive, at least one individual has gone on the offensive. A New York dentist, Stacey Makhnevich, required all of her patients, including Robert Lee, to sign an agreement preventing them from making public comment about her services. Interestingly, in “return” for this restraint of speech, Dr. Makhnevich promised not to do something that the law actually already requires of her, that being, not to exploit certain loopholes in the Health Insurance Portability and Accountability Act (“HIPAA”) with regard to patient privacy. How NOT to Utilize Social Media In Business

               Mr. Lee had a toothache and sought treatment from Dr. Makhnevich. Before treatment, however, she required that he sign this privacy agreement.  He did.  He was then personally billed almost $5,000 for dental services when the doctor’s office neglected to bill the insurance company for reimbursement. This put Mr. Lee on the hook for the entire bill, much to his surprise.  When Lee sought copies of his dental records, Dr. Makhnevich referred him to a third-party company which demanded $200 for a copy of his records. Not surprisingly, Mr. Lee was unhappy about this incident, and recounted his experiences on several websites where such reviews are accepted from the public.  He criticized Makhnevich for overcharging him, refusing to submit billing to his insurer, and told about the issue with the medical records, all of which were apparently true statements of fact.  In response, Dr. Makhnevich sent Lee a demand letter threatening to sue and seeking $100,000 in damages.  She then began issuing invoices to Lee charging $100 per day for “copyright infringement” which stated that a 1.5% late charge and a service charge of $20 would be imposed if not paid within 7 days. 

               Lee filed a pre-emptive suit in federal court.  Dr. Makhnevich responded with a motion to dismiss, taking the position that there was no controversy.  The court rejected this argument and denied the dentist’s motion to dismiss, citing the dentist’s aggressive attempts to enforce the agreement, using choice words and phrases such as “ridiculous, and “specious,” and one not often seen in judicial opinions…“wishful thinking.”  Mr. Lee’s case therefore remains pending before the court. 

               Although it may be tempting to try to use the force of law to fend off public criticisms of a business, profession, or service, it is certainly not clear that such a heavy-handed approach would be effective in that regard.  In fact, such efforts will invariably become public themselves, and are likely to be viewed as bad faith attempts to suppress one’s “freedom of speech” and hide honest opinions about poor service or conduct.  Dollar-for-dollar, it would seem that a business or professional would likely get a better return from an investment into efforts designed to improve customer service, rather than suppression of customer speech. After all, clients or customers who are unhappy are going to ultimately have their say, and clearly have a right to their opinions and to publicize them, whether via the internet, the water cooler, a social gathering or up on a real soapbox in the public square. Better that they should have a very simple and limited issue of general dissatisfaction than to be able to say that the business is trying to shut them up.

We will follow Mr. Lee’s case as it develops to see if the Judge makes good on his prophetic statement that this dentist’s arguments may be wishful thinking.  Lee v. Makhnevich, No. 11 Civ. 8665 (PAC), (S.D. New York, March 27, 2013).

Nothing posted on Evidentiary Matters is to be considered legal advice or advertising.  

The choice of a lawyer is an important decision and should not be based solely upon advertisements.