Pharmacy HIPAA Compliance Policies Procedures

Pharmacy HIPAA compliance policies and proceduresDo you have Pharmacy HIPAA compliance policies and procedures at your pharmacy? Are your employees HIPAA certified? HIPAA (Health Insurance Portability and Accountability Act) is always a topic of discussion when patients start asking their pharmacists and physicians for the receipts of their medical expenditures for tax purposes. This usually starts happening in late November and December, plus continues all the way to April 15th. These receipts are considered to be a part of a patient’s medical records and their release (what information and to whom it is released) should be covered in your pharmacy’s policies and procedures manual. Additionally, it is wise to get your staff training on dealing with patient confidentiality and even have them become HIPAA certified. Now is the time to make sure that your employees understand exactly what HIPAA compliance really is, plus gives you the time to update your P & P manual and get your staff properly trained and certified in regards to your pharmacy operation being HIPAA compliant.

Verdict Against Walgreens Upheld by the Indiana Court of Appeals

It has been almost three years now since the $1.4 million dollar verdict against Walgreens was upheld by the Indiana Court of Appeals. The court had ruled against Walgreens Pharmacy and one of its pharmacists who shared confidential medical information regarding a patient. The court based the award on the fact that they had violated HIPAA restrictions and broken the patient’s rights to privacy and confidentiality, thus resulting in harm to the individual and his family. That ruling was the initial decision handed down by an Indiana State Court holding a healthcare company or provider liable for an employee violating the Health Insurance Portability and Accountability Act, but there have since been others. Many Pharmacists still remember back in 2009 when the CVS drug chain agreed to pay $2.25 million to settle for HIPAA violations regarding the inappropriate disposal of prescription bottles and receipts that were considered to be violations of HIPAA standards and rules.

Patients Own Their Medical Records

It must also be pointed out that legally patients own their medical records. More and more patients and consumers are aware of this right and requesting their medical records from their doctors, hospitals and pharmacies. Previously, in the “paper age”, obtaining them was a costly, time consuming process. However, in this age of electronic medical records (and digital data storage and retrieval), obtaining one’s medical records is easily accomplished. A recent survey reported that over 97 percent of hospitals and over 82 percent of physicians utilize electronic records for their patients. So the public’s expectation is that they are “quickly” entitled to this information, plus it should be provided without hesitation and inexpensively (as compared to just a decade ago). In a good article in The Peoples Pharmacy, patients are encouraged to obtain their medical records and can even download and print a free “drug safety questionnaire” to take to their pharmacists and physicians to fill out.

Pharmacy Operations and HIPAA

HIPAA’s Privacy Rule basically was put in place to safeguard a patient’s protected healthcare information (PHI). Additionally it mandates that a patient has access to their own medical records and that patients have the right of ownership regarding their own healthcare information. These HIPAA Privacy Rules apply to everyone who “manages health care transactions”, and the point to be noted is that this includes pharmacies, pharmacists and the entire pharmacy staff.

The Rules

Suffice it to say that the rules are complex regarding a patient’s protected healthcare information (PHI). The basis of HIPAA and the HIPAA Privacy Rules simply stated is that pharmacies must get signed authorization from patients prior to service that allows the pharmacy to use their PHI during their care, plus allows the patient to access their PHI. Yet there are exceptions, exclusions, provisions from other acts (such as the Clinical Laboratory Improvement Act) that have turned the good intentions of HIPAA into a legal “quagmire” for the pharmacy and pharmacist. Just a few that were noted in some excellent articles (including a well explained discussion in Pharmacy Times):
–  Exclusions to a patient’s PHI (when it could harm the individual or others) include psychotherapy notes, legal documents, or laboratory results prohibited under the Clinical Laboratory Improvement Act (CLIA).
– Another exclusion is if the patient is not able or unavailable to agree or object in instances where disclosure is required by law, public health oversight, or child abuse or neglect.
–  PHI must be disclosed regardless of patient’s authorization to the U.S. Department of Health and Human Services (HHS) during an investigation.
– Additionally there are situations when a pharmacy or a pharmacist may disclose a patient’s PHI without the patient’s consent under certain treatment, payment or operations “instances”.

Reporting Violations and Possible Fines

HIPAA violations must be reported to the Department of Health and Human Services (HHS). If a violation affects more than 500 patients, then HHS must be notified within sixty (60) calendar days. If less than 500 patients are affected by a violation, you may notify HHS no later than sixty (60) days after the end of that calendar year. Fines range from a minimum of $100 per violation up to $1.5 million.

What Should You Do Regarding HIPAA Compliance

The answer is simple: Develop good Policies and Procedures. Don’t delay – do it now! Then educate your staff on how to implement and follow them. Train yourself and your staff on the law and do not tolerate violations of your Policies and Procedures.
In the past, it was common practice for a pharmacist or pharmacy staff member to share the personal prescription records of patient with the patient’s family members or even friends out of concern or in an attempt to help. Yet now such actions are violations of laws and can result in lawsuits, fines and negative publicity for your pharmacy business operation. Perhaps it’s time to have a comprehensive Pharmacy Business Review of your entire operation by an objective and experienced third-party pharmacy consulting firm.

About Healthcare Consultants

As always, please contact us here at HCC if you have any questions regarding development of policies and procedures related to HIPAA Compliance. If you already have HIPAA policies and procedures in place, perhaps a review by an objective (and experienced) third party is a good idea? With over 29 years in the pharmacy consulting business, HCC can assist you with expert advice in any area of your pharmacy business or practice. With a full-time staff of in-house Pharmacy Consultant specialists, HCC can answer any questions that you may have in all pharmacy settings. Contact us online or call us today at 800-642-1652 for a free consultation.


Share This:
Facebooktwitterpinterestmail

Pharmacy HIPAA Violations Rise – Develop Policies and Procedures

Pharmacy HIPAA Violations Rise – Develop Policies and Procedures:

Pharmacy HIPAA violations are on the rise again and the primary reason centers around the ever increasing digital and electronic platforms (such as EMR and other digital patient data records). There definitely has been increased scrutiny by the OCR in looking into patient privacy violations (and also increased penalties being seen including substantial fines and strict documentation and retraining mandates). The Health Insurance Portability and Accountability Act of 1996 privacy rule centers around the protection of patient confidentiality, and a new system of routine audits for major healthcare providers began this year (according to Law360).

Pharmacy Times had a recent article citing the Major pharmacy chains as the biggest HIPAA offenders, with two of the nation’s leading pharmacy chains (CVS and Walgreens) having the most violations. A ProPublica investigation revealed that CVS had a reported 204 complaints and Walgreens 183. Other pharmacy chains also made the top 10 list of offenders, with Walmart being reported 71 times and Rite Aid pharmacy 48. The most commonly reported violations included pharmacy staff speaking far too loudly, compromising patient confidentiality, and dispensing prescriptions to the wrong patients. It is important to note that the infractions led to 30 financial penalties (plus a lot of bad publicity!).

Large Hospitals have recently been fined extremely large financial penalties for more serious transgressions. A prime example is the $750,000 fine that University of Washington Medicine had to pay out in December 2015. According to the HHS, the Hospital was fined following a major patient records leak with well over 90,000 patient records compromised by malicious malware that was opened in an email by a nurse. The records contained highly sensitive patient information such as patient birthdays and Social Security numbers. The biggest reason cited for the fines was actually the fact that they failed to produce, develop and implement a comprehensive set of policies and procedures to comply with the HIPAA rules. It was also noted that the staff was not provided adequate training in dealing with HIPAA requirements. Keep in mind also that along with the fines, bad publicity results in business severely suffering in almost all scenarios!

Does your Pharmacy have policies and procedures regarding HIPAA requirements in place? If so, when was the last time that they were reviewed by a qualified HIPAA Compliance Expert or Pharmacy Consultant? Additionally, do you provide adequate and documented training yo your staff regarding HIPAA? If the answers to any of these questions is no, we strongly urge you to call HCC today for a free consultation at 800-642-1652.

Healthcare Consulting is a full service Pharmacy Consulting firm that has been in business for over 27 years. HCC has been helping pharmacies plan, prepare and deal with issues such as HIPAA compliance since 1989. Just a few examples of our services include:

– Development of Policies and Procedures (including HIPAA Compliance and Documentation)
– Employee Training
– Patient Consultation Documentation
– Pharmacy Management Consultation

Although we all hope that we will never personally deal with such HIPPA violations, be prepared! HCC’s motto has always been that the old cliche “an ounce of prevention is worth a pound of cure” especially applies to running a Pharmacy business. Contact us on line or call us today for a Free Consultation at 800-642-1653 to discuss how we can help you.


Share This:
Facebooktwitterpinterestmail