Q/A: Someone Broke into My Office. What do I do Now?
April 23rd, 2018 - Wyn Staheli, Director of Research
My office was broken into last night. I use electronic health records, but we do store some protected health information for my patients in paper files. These files are not secured, so the burglars did have access to them. It did not appear that the files were touched as the burglars were looking for cash. What responsibilities to I have to my patients in a situation like this? Do I need to contact them and advise them that their PHI could have been compromised?
Regardless of whether or not you think that there was a breach, HIPAA mandates that you do a Breach Risk Assessment and document the results including police reports of the incident.
Depending on the results of that risk assessment, you would then take whatever is considered the appropriate steps. To be perfectly honest, even if it looks like they did not open the file cabinets, you do NOT have definitive proof (unless you have fingerprinting done on the cabinets or a video tape showing that they did not enter that area) that the burglars did not view PHI.
At the minimum, you need to notify your patients that there was a potential breach of PHI along with an explanation of why you believe it is only a potential breach. Comprehensive instructions can be found in Chapter 1.6 the Complete & Easy HIPAA Compliance publication which is available in the online store. It also includes a downloadable HIPAA Breach Risk Assessment document.
NOTE: Your state may also have breach notification rules so you would need to check with your state to see if their standards are more stringent than HIPAA regulations.
TIPS: Take some proactive steps now to minimize potential problems in the future.
1. Invest in some locking file cabinets and/or video surveillance cameras. Compared to the costs of breach fines, it is worth the investment.
2. Do a Security Risk Assessment today - if you haven't already done one this year. They are required to be conducted annually. It will help you identify potential areas of concern which need to be addressed. CompliantChiro.com offers an online risk assessment. For a manual version, see the Complete & Easy HIPAA Compliance publication.
If you have questions or comments about this article please contact us. Comments that provide additional related information may be added here by our Editors.
Latest articles: (any category)Artificial Intelligence in Healthcare - A Medical Coder's PerspectiveDecember 26th, 2023 - Aimee Wilcox
We constantly hear how AI is creeping into every aspect of healthcare but what does that mean for medical coders and how can we better understand the language used in the codeset? Will AI take my place or will I learn with it and become an integral part of the process that uses AI to enhance my abilities? Specialization: Your Advantage as a Medical Coding ContractorDecember 22nd, 2023 - Find-A-Code
Medical coding contractors offer a valuable service to healthcare providers who would rather outsource coding and billing rather than handling things in-house. Some contractors are better than others, but there is one thing they all have in common: the need to present some sort of value proposition in order to land new clients. As a contractor, your value proposition is the advantage you offer. And that advantage is specialization.ICD-10-CM Coding of Chronic Obstructive Pulmonary Disease (COPD)December 19th, 2023 - Aimee Wilcox
Chronic respiratory disease is on the top 10 chronic disease list published by the National Institutes of Health (NIH). Although it is a chronic condition, it may be stable for some time and then suddenly become exacerbated and even impacted by another acute respiratory illness, such as bronchitis, RSV, or COVID-19. Understanding the nuances associated with the condition and how to properly assign ICD-10-CM codes is beneficial.Changes to COVID-19 Vaccines Strike AgainDecember 12th, 2023 - Aimee Wilcox
According to the FDA, CDC, and other alphabet soup entities, the old COVID-19 vaccines are no longer able to treat the variants experienced today so new vaccines have been given the emergency use authorization to take the place of the old vaccines. No sooner was the updated 2024 CPT codebook published when 50 of the codes in it were deleted, some of which were being newly added for 2024.Updated ICD-10-CM Codes for AppendicitisNovember 14th, 2023 - Aimee Wilcox
With approximately 250,000 cases of acute appendicitis diagnosed annually in the United States, coding updates were made to ensure high-specificity coding could be achieved when reporting these diagnoses. While appendicitis almost equally affects both men and women, the type of appendicitis varies, as dose the risk of infection, sepsis, and perforation.COVID Vaccine Coding Changes as of November 1, 2023October 26th, 2023 - Wyn Staheli
COVID vaccine changes due to the end of the PHE as of November 1, 2023 are addressed in this article.Medicare Guidance Changes for E/M ServicesOctober 11th, 2023 - Wyn Staheli
2023 brought quite a few changes to Evaluation and management (E/M) services. The significant revisions as noted in the CPT codebook were welcome changes to bring other E/M services more in line with the changes that took place with Office or Other Outpatient Services a few years ago. As part of CMS’ Medicare Learning Network, the “Evaluation and Management Services Guide” publication was finally updated as of August 2023 to include the changes that took place in 2023. If you take a look at the new publication (see references below),....