This page contains a Flash digital edition of a book.


Stop Security Breaches

Make it a priority to protect patient health information. BY ROB KURTZ


SCs have many compelling rea- sons

to protect patient health

information (PHI) and abide by the Health Insurance Portability and Ac- countability Act of 1996 (HIPAA) Privacy and Security Rules, says R. Michael Scarano Jr., partner and vice chair of the health care industry team for Milwaukee, Wisconsin-based law firm Foley & Lardner LLP. “The obvious reason is there are big

fines if they don’t do it,” Scarano says. “There have been fines in the million dollar-plus range for conduct that was egregiously in violation of these laws, even though it may have not been inten- tional conduct. There’s also the ethical reason. Even if the law did not impose big penalties, patients have an expecta- tion of privacy and protecting people’s privacy is the right thing to do.”

There are a number of other reasons

as well, says Leeann Habte, an associate with Foley & Lardner and member of the firm’s health care industry team. “If a security breach involves 500 or more individuals, then your state or local me- dia has to be notified, so there’s going to be bad publicity. You could also be sued by the patients affected. That depends on if your state law allows the patients to bring a civil action.” “Providers are required to do what

they can to mitigate the breach, and that might involve buying identity theft in- surance for everyone who is affected,” Scarano adds.

By understanding recent HIPAA

rule changes, learning how security breaches occur and taking effective measures to protect PHI, ASCs will put themselves in a better position to avoid

these ramifications, while maintaining a reputable image and the trust of their patients.

Recent Law Changes HIPAA rules have undergone signifi- cant changes during the last few years, says Mary Sturm, RN, senior vice presi- dent of clinical operations for Surgical Management Professionals, a Sioux Falls, South Dakota-based ASC and surgical hospital management, consult- ing and development company. “As an adjunct to the stimulus pack-

age—the American Recovery and Re- investment Act of 2009—that Presi- dent Obama put out in 2009, we got the Health Information Technology for Economic and Clinical Health (HI- TECH) Act,” Sturm says. “It took the existing HIPAA rules and regulations from 1996 and really amped them up in terms of the requirements for conduct- ing investigations of potential HIPAA breaches, notifying consumers of the

The advice and opinions expressed in this article are those of the individuals who provided information for this article and do not represent official Ambulatory Surgery Center Association policy or opinion.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38
Produced with Yudu -