Q/A: Someone Broke into My Office. What do I do Now?

April 23rd, 2018 - Wyn Staheli, Director of Research
Categories:   Compliance   HIPAA|PHI   Practice Management  
0 Votes - Sign in to vote or comment.

Question 
My office was broken into last night. I use electronic health records, but we do store some protected health information for my patients in paper files. These files are not secured, so the burglars did have access to them. It did not appear that the files were touched as the burglars were looking for cash. What responsibilities to I have to my patients in a situation like this? Do I need to contact them and advise them that their PHI could have been compromised?

Answer
Regardless of whether or not you think that there was a breach, HIPAA mandates that you do a Breach Risk Assessment and document the results including police reports of the incident.

Depending on the results of that risk assessment, you would then take whatever is considered the appropriate steps. To be perfectly honest, even if it looks like they did not open the file cabinets, you do NOT have definitive proof (unless you have fingerprinting done on the cabinets or a video tape showing that they did not enter that area) that the burglars did not view PHI.

At the minimum, you need to notify your patients that there was a potential breach of PHI along with an explanation of why you believe it is only a potential breach. Comprehensive instructions can be found in Chapter 1.6 the Complete & Easy HIPAA Compliance publication which is available in the online store. It also includes a downloadable HIPAA Breach Risk Assessment document.

NOTE: Your state may also have breach notification rules so you would need to check with your state to see if their standards are more stringent than HIPAA regulations.

TIPS: Take some proactive steps now to minimize potential problems in the future.

1. Invest in some locking file cabinets and/or video surveillance cameras. Compared to the costs of breach fines, it is worth the investment.

2. Do a Security Risk Assessment today - if you haven't already done one this year. They are required to be conducted annually. It will help you identify potential areas of concern which need to be addressed. CompliantChiro.com offers an online risk assessment. For a manual version, see the Complete & Easy HIPAA Compliance publication.

###

Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.


Latest articles:  (any category)

CMS and HHS Tighten Enrollment Rules and Increase Penalties
October 1st, 2019 - Wyn Staheli, Director of Research
This ruling impacts what providers and suppliers are required to disclose to be considered eligible to participate in Medicare, Medicaid, and Children's Health Insurance Program (CHIP). The original proposed rule came out in 2016 and this final rule will go into effect on November 4, 2019. There have been known problems ...
Federal Workers Compensation Information
October 1st, 2019 - Wyn Staheli, Director of Research
When federal employees sustain work-related injuries, it does not go through state workers compensation insurance. You must be an enrolled provider to provide services or supplies. The following are some recommended links for additional information about this program. Division of Federal Employees' Compensation (DFEC) website Division of Federal Employees' Compensation (DFEC) provider ...
E-Health is a Big Deal in 2020
September 16th, 2019 - Chris Woolstenhulme, QCC, CMCS, CPC, CMRS
The new 2020 CPT codes are on the way! We are going to see 248 new codes, 71 deletions, and 75 revisions. Health monitoring and e-visits are getting attention; 6 new codes play a vital part in patients taking a part in their care from their own home. New patient-initiated ...
Chiropractic 2020 Codes Changes Are Here
September 9th, 2019 - Wyn Staheli, Director of Research
There are some interesting coding changes which chiropractic offices will want to know about. Are codes that you are billing changing?
Q/A: Is the Functional Rating Index by Evidence-Based Chiropractic Valid?
September 9th, 2019 - Wyn Staheli, Director of Research
Question Is the Functional Rating Index, from the Institute of Evidence-Based Chiropractic, valid and acceptable? Or do we have to use Oswestry and NDI? Answer You can use any outcome assessment questionnaire that has been normalized and vetted for the target population and can be scored so you can compare the results from ...
List of Cranial Nerves
September 3rd, 2019 - Find-A-Code
Cranial nerves are involved with some of our senses such as vision, hearing and taste, others control certain muscles in the head and neck. There are twelve pairs of cranial nerves that lead from the brain to the head, neck and trunk. Below is a list of Cranial Nerves and ...
So How Do I Get Paid for This? APC, OPPS, IPPS, DRG?
August 21st, 2019 - Chris Woolstenhulme, QCC, CMCS, CPC, CMRS
You know how to find a procedure code and you may even know how to do the procedure, but where does the reimbursement come from?  It seems to be a mystery to many of us, so let's clear up some common confusion and review some of the main reimbursement systems.  One of the ...



About Codapedia by InnoviHealth Systems Contact Us Terms of Use Privacy Policy Advertise with Us

Codapedia™ by InnoviHealth Systems™ - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain) - Fax (801) 770-4428

Copyright © 2009-2019 Find A Code, LLC - CPT® copyright American Medical Association