Soundcast - Podcast Responsive Theme

HIPAA Breaches & Desk Audits

What is a breach? In simple words, the loss of patient protected health information, either printed or electronic. How common […]

March 03, 2017 Community Pharmacy, Law of the Land, Politics & Industry Trends

What is a breach?

  • In simple words, the loss of patient protected health information, either printed or electronic.

How common are breaches within pharmacies?

  • There are two types of pharmacies and pharmacy owners,
  • The first are the ones who know they have had a breach
  • The later are the ones who have had a breach and don’t know about it

How can I have a breach and not know about it?

  • Simple, has your pharmacy clerk ever given a patient another patient’s medication?
    • That is a breach

Can you give me examples of breaches?

  • Pharmacy is robbed and the will call bin is stolen
  • Pharmacy is robbed and the server is stolen
  • Staff pharmacist has a laptop stolen
  • Delivery driver has their vehicle stolen which is full of prescriptions to be delivered
  • Billing manager has a jump drive with patient files for billing to work at home and loses it on the bus

What do I do when a breach occurs?

  • First, don’t panic
  • Get the facts
  • Complete a Potential Breach Evaluation and a Risk Assessment
  • Determine whether the breach is reportable or non-reportable to HHS/OCR
  • Document everything

What are OCR Desk Audits

  • Tested in 2016
  • Launched on January 1, 2017
  • Notification via U.S. Mail and Email
  • Also conducting no notice on-site inspections

What is the OCR asking for?

  1. Notice of Privacy Practices (date must be after 07/01/2013)
  2. Risk Analysis
  3. Risk Management Plan
  4. Disaster Recovery Plan/Contingency Plan
  5. Annual Privacy and Security Assessments
  6. Random Policies and Procedures

On-Site Inspections

  • Same as above, but in person
  • First question is to the person at your counter, normally your clerk
  • Can I have a copy of your Notice of Privacy Practice?
  • They have to know the answer and provide the NOPP

Penalties for Non-compliance

  • Fines up to 1.5 Million Dollars

Is there help available to pharmacies?

  • Yes, but you get what you pay for
  • You can buy a set of policies and procedures, but if you have breach, especially a reportable breach:
    • Will the consultant stay with you when you need them the most?
    • Will they charge you extra?
    • Will they provide the correct advice?

How do you know how to pick a consultant?

  • Ask your peers
  • Ask hard questions about how they have handled client breaches and inspections
  • Do you get detailed answers from the consultant?
  • Do you referrals from multiple people?


CONTACT: Office:  724-357-8380