Corporate and General Liability




© Springer International Publishing Switzerland 2016
Lewis A. Hassell, Michael L. Talbert and Jane Pine Wood (eds.)Pathology Practice Management10.1007/978-3-319-22954-6_17


17. Corporate and General Liability



Lewis A. Hassell , Michael L. Talbert  and Jane Pine Wood 


(1)
Department of Pathology, University of Oklahoma Health Sciences Center, 940 Stanton L. Young Blvd., BMSB 451, 73104 Oklahoma City, OK, USA

(2)
McDonald Hopkins, LLC, 956 Main St., 02638 Dennis, MA, USA

 



 

Lewis A. Hassell (Corresponding author)

Email: lewis-hassell@ouhsc.edu


 

Michael L. Talbert

Email: michael-talbert@ouhsc.edu


 

Jane Pine Wood

Email: jwood@mcdonaldhopkins.com


Keywords
LiabilityInsuranceBusiness operationsRiskHIPAAProtected health information (PHI)Directors and officers insuranceEmbezzlement



Case: Organizational Risk

Dr. Roberts is the only neuropathologist in his group that serves three neurosurgeons, one of whom occasionally operates on tumor cases. When Dr. Roberts travels for meetings, he makes himself available to do remote consultation on frozen sections using scanned whole-slide images of the frozen section viewed on a mobile device and a cell phone for verbal reporting of his opinion. While traveling in Asia, he is asked to consult on a case when he is in the waiting area of a busy airport. People on both sides of him can readily view the images of the slide and the information on the label of the slide.

Is this a reportable Health Information Privacy and Accountability Act (HIPAA) violation that subjects the practice to risk?

What kinds of policies might be put in place to manage that risk while not restricting Dr. Roberts’ ability to view the images wherever he is?

Discussion: There are issues here that could place the organization at risk and create a need to have policies about using mobile devices and accessing patient data in public places, on phones, tablets, or other tools.

Storage of personal health data on such devices has proven a very costly risk for several high-profile institutions as well as individual medical practices when such devices were lost or stolen and a security breach needed reporting. The HIPAA imposes rather stiff penalties for even inadvertent release of patient medical information to unauthorized persons, a liability that is not covered by most general business insurance. Prevention in the form of good practices, solid policies, training, and awareness is critical to escaping the potentially large fines for release of protected health information (PHI) . A number of notable large institutions have received negative press and faced liability following the loss of electronic media such as hard drives, laptops, or other media containing even seemingly innocuous patient-identifiable data such as admission dates, accession numbers, zip codes, etc. Federal law requires practices to have HIPAA policies in place, as do quite a few states. Every practice should have an HIPAA privacy and security officer who is responsible for ensuring that appropriate practices and policies have been implemented, and who can assist in coordinating a response in the event of a possible privacy breach.

Only gold members can continue reading. Log In or Register to continue

Related posts:

  1. Practice Sales and Mergers
  2. Disaster Risks and Preparedness Planning
  3. Opportunities and Entrepreneurism
  4. Revenue Cycle Management

Stay updated, free articles. Join our Telegram channel
Tags:
Oct 29, 2016 | Posted by in PATHOLOGY & LABORATORY MEDICINE | Comments Off on Corporate and General Liability

Full access? Get Clinical Tree
Get Clinical Tree app for offline access