Printer Friendly, PDF & Email

The overcoming equation: Guiding an organization through HIPAA mishaps

Kathleen J. DiGregorio ( is Compliance Analyst at Guidehouse Managed Services – Healthcare Segment in Gardena, CA.

You are a compliance professional on the day a fine has been imposed on your organization for a serious Health Insurance Portability and Accountability Act (HIPAA) violation. Credit monitoring services have been made available to the patients whose protected health information (PHI) data were disclosed. Senior leadership and account executives have contacted clients to relay the details before they read it online while the legal department is preparing an online media statement. This is a rare event, yet you have to be prepared for the post-recovery period within the organization. A more familiar event is you, as the same compliance professional, have a meeting with the human capital department to talk with a valued, tenured team member about another avoidable and careless mistake reported first to the client by a Centers for Medicare & Medicaid Services (CMS) employee. Because this is the third HIPAA incident in six weeks by the same team member, the repeated incidents have called into question your organization’s ability to process this new client’s claims error-free and in accord with their standard of work. To remain consistent with organizational disciplinary guidelines, you issue a final written warning, and this team member will likely take the news very hard because they won’t be eligible for the long-hoped-for promotion to team lead or a merit increase for six months.

Both events present opportunities for compliance to move into action mode by assisting your organization after HIPAA mishaps of varying degrees while partnering with human capital and leadership to invest in empathy and understanding to create a positive shift while team members continue to work in an emotionally sensitive atmosphere.

This document is only available to members. Please log in or become a member.