Presentation is loading. Please wait.

Presentation is loading. Please wait.

3.04 HIPAA Compliant Employee Sanctions: A Fair and Objective Approach Frank Ruelas, MBA Director, Corporate Compliance Gila River Health Care Corporation.

Published byAbner Gallagher Modified over 8 years ago

Similar presentations

Presentation on theme: "3.04 HIPAA Compliant Employee Sanctions: A Fair and Objective Approach Frank Ruelas, MBA Director, Corporate Compliance Gila River Health Care Corporation."— Presentation transcript:

1 3.04 HIPAA Compliant Employee Sanctions: A Fair and Objective Approach Frank Ruelas, MBA Director, Corporate Compliance Gila River Health Care Corporation Sacaton, Arizona Presenter:

2 “It's about time law enforcement got as organized as organized crime. - Rudolph W Giuliani Some views on enforcement… National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA 2

3 Maintains awareness Increases participation Aids decision making Deterrent effect Add Visibility to Enforcement Activities 3 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

4 Equitable E-E-E-Essential Elements of the Sanctions Policy Education Enforcement Expedient 4 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

5 45 CFR 164.530(e)(1) 45 CFR 164.308(a)(1)(ii)(C) Applies to Privacy and Security Coordination aspects - Privacy Officer - Security Officer - Compliance Officer 5 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

6 Key Point # 1: Define Violation Levels or Categories Level I Level II Level III Type I Type II Type III Group I Group II Group III 6 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

7 Level I / Type I / Group I Lack of training Inexperience Accidental Unintentional No harm no foul Training Counseling 3 Strikes Model Cause or MotivationSanction Activity 7 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

8 Level II / Type II / Group II Curiosity Concern Compassion Carelessness Documentation - Warning - Counseling Notice Admin leave Probationary Period Corrective Action Plan (CAP) Cause or MotivationSanction Activity 8 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

9 Level III / Type III / Group III Malicious Intent Financial Gain Termination Cause or MotivationSanction Activity 9 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

10 Key Point # 2: Identify Examples for Each Violation Level or Category 10 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

11 Level I / Type I / Group I Clerical error Technical error Judgment error Possible themes Examples Originals left on copier or fax Unopened mail left unattended Email address error PHI sent to similar named patient PHI in conversation overheard Desk or work area left unsecured Computer files erased Computer temporary files not deleted Document not placed in shred bin Phone messages overheard Computer screen left unattended 11 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

12 Level II / Type II / Group II Unauthorized Not job related Stealth mode Possible themes Examples Checking on patient condition Copying information as a favor Accessing patient test results Installing software Experimenting with computer Using someone else’s password Providing access to someone else Deleting information from network Not following policy or procedure 12 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

13 Level III / Type III / Group III Disgruntled Theft Maliciousness Possible themes Examples Selling patient addresses e-Broadcasting patient info Intentionally altering PHI 13 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

14 Key Point # 3: Link the Violation to the Sanction Activity and Provide Disciplinary Recommendation Provides a high level of objectivity Aids in achieving long term consistency “Surprise” factor is reduced (eliminated) 14 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

15 Key Point # 4: Request and Document Activities Performed by Other Departments Identifies sanction “creep” Validates level of follow through Completes file 15 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

16 Key Point # 5: Under development at print deadline, more to follow… 16 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

17 Summary: Enforcement is a critical activity Sanctions should be applied consistently Remember that mistakes will happen and people learn from mistakes that they make Email: fruelas@grhc.org 17 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Download ppt "3.04 HIPAA Compliant Employee Sanctions: A Fair and Objective Approach Frank Ruelas, MBA Director, Corporate Compliance Gila River Health Care Corporation."

Similar presentations

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA Training: Health Insurance Portability and Accountability Act.

HIPAA Training: Health Insurance Portability and Accountability Act.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
The Health Insurance Portability and Accountability Act - HIPAA

The Health Insurance Portability and Accountability Act - HIPAA
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
LMC 2005 1 WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.

LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.

Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act

Health Insurance Portability and Accountability Act
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training

Similar presentations

Ads by Google