Takeaway for ASCs: As ASCs con- tract with several outside entities for various business and technology pro- cesses, they must have a stringent con- tractor vetting policy and sound busi- ness associate agreements. When an ASC gives an external individual or organization access to its patient infor- mation, it must consider that external agent to be a potential vulnerability as part of a HIPAA risk analysis.

Allergy Associates What Happened: Allergy Associates, a small (three doctor) practice in Con- necticut, specializes in treating patients with allergies. A former patient con- tacted a local television about a dispute with an Allergy Associates’ doctor, and the reporter then contacted the doctor for comment. In the discussion with the reporter, the doctor impermissibly dis-

closed the patient’s PHI. Allergy Asso- ciates agreed to pay a $125,000 settle- ment and undertake a corrective action plan that included two years of monitor- ing for HIPAA compliance.

Takeaway for ASCs: As with any medical entity, there is always the chance that a news organization might come to an ASC enquiring about a specific patient or interaction. ASCs should always place the highest pri- ority on patient privacy rights, regard- less of how disclosing information might affect the news story. In the case of Allergy Associates, the com- pany’s privacy officer had specifically instructed the doctor to not respond to the media or say, “no comment.” Fur- thermore, no disciplinary or correc- tive action was taken after the doctor had impermissibly disclosed informa- tion to local news. ASCs should take

care to write and enact internal policies regarding contact with the media and provide regular training to all clinical staff about the impropriety of any PHI disclosure regardless of the news story.

ASCA provides many resources

to help ASCs remain compliant with HIPAA. The page dedicated to HIPAA Resource can be found under the Fed- eral Regulations section of ASCA’s main site. It provides background on the act itself, as well as the four key pro- visions: privacy, security, breach notifi- cation and enforcement. ASCA’s facil- ity and corporate members also have free access to the HIPAA Workbook for ASCs, a comprehensive resource for designing, updating and evaluating HIPAA compliance programs. For more information or for ques- tions and concerns, write Alex Taira at

Strengthen your commitment to patient safety and continuous quality improvement

Adherence to rigorous standards of care and safety will help to ensure you deliver quality every day —1,095 days of your accreditation cycle

For 40 years AAAHC has advanced the standard of ambulatory health care through a quality-focused, peer-based, and educational accreditation process. We provide facilities with relevant standards and education to integrate into the patient care environment and conduct onsite evaluation to assess ongoing compliance. To transform your ambulatory health care, visit or call 847.853.6060.

Ongoing Engagement / Excellence & Relevance / Accelerated Readiness / Accountability / Surveyor Expertise



Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34