Providers can deal with possible HIPAA violations through 3 retaliatory methods.
Preparing your plan of action for a potential violation just got a little easier.
In the March 25 Federal Register, the Centers for Medicare & Medicaid Services lays out steps to take if someone claims you have breached the Health Insurance Portability and Accountability Act. Effective April 25, if CMS decides to investigate a complaint, it will first request that the provider voluntarily submit one of the following within 30 days:
A statement demonstrating compliance.
A statement setting forth the basis for its disagreement with the allegations.
A corrective action plan.
Watch out: Providers that fail or refuse to provide information could get slapped with a subpoena. If investigators find a violation does exist, the provider could be looking at civil money penalties, CMS says.
If a provider cooperates, that will most likely mean periodic reports to CMS, allowing staff to be interviewed and supplying additional documents and materials.
Note: Even if CMS rejects an accuser's complaint, the agency says it may "continue its investigation."
The Bottom Line: As the security deadline approaches, providers should get all personnel hip to the practice's disaster plan. To read more, go to
www.access.gpo.gov/su_docs/fedreg/a050325c.html.