Help with HIPAA Compliance
Help with HIPAA Compliance
Helping you understand the complexities of compliance under the HIPAA Security and Privacy Rules. Our team of experts in regulatory compliance can answer any questions you may.
Colington Consulting

HIPAA Security Compliance: What is Your Sanction Policy?

3/31/2014 11:02:05 AM   |   Comments: 0   |   Views: 3948

Sanction policy? It sounds like what one country would do to another country to apply political pressure. Regrettably, that is the terminology the government is using when it comes to this section of HIPAA Security Rule compliance. The sanction policy (CFR 164.308(a)(1)(iii)(C) must be part of the overall security management process.  

Maybe a better way to approach this requirement is to think of it as your office disciplinary policy. Appropriate sanctions must be in place so that your entire staff understands the consequences of failing to comply with security policies and procedures in order to prevent a breach of patient records from occurring. You should provide examples of potential violations of office policy and procedures along with your office disciplinary actions. As a prerequisite to employment, have employees sign a statement of adherence to your current policies and procedures in place. Make it clear for all to understand.

If disciplinary action must be taken, it may be helpful to follow what I call my three D’s.

  1. Be DECISIVE. Whoever in your practice is enforcing policy and procedures (most likely the designated HIPAA Security Official) will need to take immediate action. Do not delay.

  2. Be DIRECT. Let your employee know this is not personal. Your practice has a requirement to protect patient records. You should reference any documentation provided in your security awareness training to remind the employee of his/her obligations.

  3. Practice DUE DILIGENCE. It is incumbent that there be written policy in place and all staff be aware of your office requirements. You must be consistent in the way you enforce these critical policies, no matter who in your practice is at fault.

Should your practice be the focus of a HIPAA compliance review, a lot of attention will be placed on your sanction policy. Your sanction policy must be included in your HIPAA Risk Management Plan. It is always recommended you review and update sanction policy and procedures on a regular basis.

Author: Jay Hodes is the President of Colington Security Consulting LLC and the former Assistant Inspector General for Investigations at the U.S. Department of Health and Human Services, Office of Inspector General.  In that position he supervised over 200 Special Agents and professional support staff responsible for health care fraud and medical identity theft investigations throughout the eastern United States.

His company provides assistance with HIPAA Security Rule compliance by conducting risk assessments and writing practice specific risk management plans.  The assessments identify vulnerabilities and risks; determine the potential impact and provide a gap analysis action plan to prevent unauthorized access, tampering and theft. 

Please contact Jay with any questions you have at jhodes@colingtonsecurity.com.

 

More Like This

Total Blog Activity

731
Total Bloggers
8,629
Total Blog Posts
2,791
Total Podcasts
1,236
Total Videos

Sponsors

Townie Perks

Townie® Poll

Do you rent or own your office space?
  

Site Help

Sally Gross, Member Services
Phone: +1-480-445-9710
Email: sally@farranmedia.com

Follow Dentaltown

Mobile App

WITH DENTALTOWN . . . NO DENTIST WILL EVER HAVE TO PRACTICE SOLO AGAIN®

WWW.DENTALTOWN.COM - WHERE THE DENTAL COMMUNITY LIVES®

9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 · Phone: +1-480-598-0001 · Fax: +1-480-598-3450
©1999-2019 Dentaltown, L.L.C., a division of Farran Media, L.L.C. · All Rights Reserved