As a former association executive for the RIM industry this story makes me shake my head and wonder. After 20 years of HIPAA, the passage of FACTA, actions and rule making by the FTC, the creation of certifications by NAID and PRISM, hundreds and hundreds of conferences, seminars, shred schools and countless other activities how can there still be business owners who don't know they are breaking the law by throwing sensitive health care and financial information in the trash?
Where should government, industry and association experts have been focused in order to ensure these requirements were known and understood? How did the word not reach this operator? How did the purchasing managers involved in outsourcing this material not understand all the necessary steps to ensure that the confidentiality and security of patient information was maintained? Did they inspect? Did they ask for any verification regarding chain of custody for materials designated for destruction? Did their RFP require witnessed destruction? It is fine to blame this company for breaking the law, which they did, but I wonder if those organizations who are charged with educating the industry should not be taking a moment to reflect on this situation with an eye toward increasing the effectiveness of their approaches.
In February I spoke at an association management conference in Florida. I heard stories of associations of all kinds having much difficulty cutting through the noise to communicate this kind of critical information. We live in an age of distraction. Our signal is just one more noise to a recipient who does not understand the penalties associated with ignorance of the law. This company has suffered a self-inflicted wound that could have been prevented by a 30 minute webinar. The media attention is only the beginning. This event will bring not only the Illinois AG knocking on their door but also HHS OCR and possibly the FTC. It is very possible that this company will not survive.
A tiny amount of education - a sliver of awareness created by a vendor, prompted by a more complete RFP, exposed through participation in a low or no cost resource like this listserv and this breach would not have happened. I hope those on this list who sit on chapter and association boards and others who may be in a position to lead or educate can use an unfortunate incident like this to review the critical role their organizations play and that they will resolve to improve their methods for sharing important information like this while also pointing the way toward where to go for more of it.
Best wishes,
Jim
Jim Booth, CAE
Records & Information Management Practice Leader
Brightstone Insurance Services, LLC
Direct – 919.323.3266
Direct Fax – 914.636.0802
Main - 877.862.4755 x 3266
[log in to unmask]
www.brightstoneins.com
Please Note: Coverage cannot be placed, bound or altered without confirmation from a Brightstone Representative.
Confidentiality Notice: This e-mail (including any file attachments) is for the sole use of the intended recipients - not necessarily the addressees, and may contain confidential and/or privileged material. You are hereby notified that dissemination, disclosure, distribution, duplication, or other use of this transmission by someone other than an intended recipient or an intended recipient's designated agent is strictly prohibited. If you are not an intended recipient or believe you have received this transmission in error, please return this e-mail using a reply command and then delete all copies. Also please notify the sender by calling 877-862-4755. Thank you.
Please consider the environment before printing this e-mail
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
