Q/A: Someone Broke into My Office. What do I do Now?

by  Wyn Staheli, Director of Research
April 23rd, 2018

Question 
My office was broken into last night. I use electronic health records, but we do store some protected health information for my patients in paper files. These files are not secured, so the burglars did have access to them. It did not appear that the files were touched as the burglars were looking for cash. What responsibilities to I have to my patients in a situation like this? Do I need to contact them and advise them that their PHI could have been compromised?

Answer
Regardless of whether or not you think that there was a breach, HIPAA mandates that you do a Breach Risk Assessment and document the results including police reports of the incident.

Depending on the results of that risk assessment, you would then take whatever is considered the appropriate steps. To be perfectly honest, even if it looks like they did not open the file cabinets, you do NOT have definitive proof (unless you have fingerprinting done on the cabinets or a video tape showing that they did not enter that area) that the burglars did not view PHI.

At the minimum, you need to notify your patients that there was a potential breach of PHI along with an explanation of why you believe it is only a potential breach. Comprehensive instructions can be found in Chapter 1.6 the Complete & Easy HIPAA Compliance publication which is available in the online store. It also includes a downloadable HIPAA Breach Risk Assessment document.

NOTE: Your state may also have breach notification rules so you would need to check with your state to see if their standards are more stringent than HIPAA regulations.

TIPS: Take some proactive steps now to minimize potential problems in the future.

1. Invest in some locking file cabinets and/or video surveillance cameras. Compared to the costs of breach fines, it is worth the investment.

2. Do a Security Risk Assessment today - if you haven't already done one this year. They are required to be conducted annually. It will help you identify potential areas of concern which need to be addressed. CompliantChiro.com offers an online risk assessment. For a manual version, see the Complete & Easy HIPAA Compliance publication.

Q/A: Someone Broke into My Office. What do I do Now?. (2018, April 23). Find-A-Code Articles. Retrieved from https://www.findacode.com/articles/q-a-someone-broke-into-my-office-what-do-i-do-now-34613.html

© InnoviHealth Systems Inc

Article Tags  (click on a tag to see related articles)


Publish this Article on your Website, Blog or Newsletter

This article is available for publishing on websites, blogs, and newsletters. The article must be published in its entirety - all links must be active. If you would like to publish this article, please contact us and let us know where you will be publishing it. The easiest way to get the text of the article is to highlight and copy. Or use your browser's "View Source" option to capture the HTML formatted code.

If you would like a specific article written on a medical coding and billing topic, please Contact Us.


contact

innoviHealth Systems, Inc.
62 East 300 North
Spanish Fork, UT 84660
Phone: 801-770-4203 (9-5 Mountain)
Email:
free demo
request yours today
pricing
for any budget
sign IN
welcome back!