The most award winning
healthcare information source.
TRUSTED FOR FOUR DECADES.
HIPAA Regulatory Alert
'Badge buddy' provides HIPAA info
All staff have access to compliance hotline
Even before headlines highlighted large fines for HIPAA violations, the compliance department at New York University (NYU) Langone Medical Center in New York City decided to be proactive to meet the enhanced requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act.
"With the stringent timeframes for the reporting of potential breaches set in HITECH, we want to make sure employees understand the importance of contacting our office immediately," explains Nancy Dean, JD, MPA, CHC, CHRC, vice president of audit & compliance privacy officer for NYU Langone. In addition to training sessions for all employees, the staff developed a "badge buddy" that ensures all employees can easily reach the compliance office when needed.
"The badge buddy is a small, plastic card that attaches to an employee's name badge," says Dean.
The card includes telephone numbers for a compliance helpline to answer compliance questions as well as a separate helpline for protected health information and HIPAA privacy concerns. "Everyone always has their name badge, and the badge buddy ensures that they always have our information as well," Dean says.
The card also includes a short list of reasons to call the protected health information (PHI) helpline such as having a laptop stolen, finding unsecured patient information, or sending a fax with patient information to the wrong number, she adds.
The badge buddies have led to about 70 calls from employees since the program was implemented in early 2010, says Dean. Samples of calls include questions about whom to call to shred documents and whether receipt of a fax from outside the hospital that was meant for someone else was a HIPAA violation, she says. "In the case of receiving a fax in error, it provided a good teaching moment as we explained to the employee that since we did not generate the fax, we were not liable," she says. "In fact, the calls we get on the helplines help us tailor our ongoing education to address the most frequently misunderstood issues," she adds.
Although the key to consistent compliance with HIPAA privacy and security regulations is ongoing education, it is essential to adapt educational messages and reflect what is important, Dean says. "We need to keep education meaningful and fresh," she says. "Otherwise, people stop listening because they are not hearing anything new."