Assignment task:
The release of information (ROI) function at Delaney Hospital is outsourced to Green Release Company. Green Release Company handles all release of information activities, including providing computer equipment and personnel to track the release of records. The company is a small family-owned business that focuses on high integrity and getting the records released in an expedited manner. Unfortunately, the chart release software used by Green Release Company is quite outdated. The software was created when the company started to provide services. The software has never been replaced because it has always been reliable and met Green Release Company's needs.
Gina, Quality and privacy Director at Delaney, recently performed a HIPAA audit on all privacy and security-related processes. One of the key services that Gina reviewed in the HIM department was the release of information function. Gina was satisfied with the audit and found that Green Release Company was compliant in nearly all areas. One concern that Gina discussed with Cesar, HIM Director, involved the software that Green Release was currently using.
Gina explained that the accounting of disclosure requirements was not all being logged appropriately in the system. HIPAA requires all covered entities to establish a tracking mechanism and reporting process that includes the following: date of disclosure, name, and address of the entity or person who received the PHI, description of the PHI disclosed, and statement of reason for disclosure.
During her audit, Gina felt that there was no true description of the PHI disclosed being populated in the description section of the software. She felt this could be a risk because the description is not typed out for tracking purposes. Gina proposed to Cesar that a requirement be placed on the description cell so that the person entering the request would not be able to bypass entering the description. This would help ensure that the description is populated correctly on every request. Cesar agreed that this would be an easy fix and that it is much better to be certain the data is required on every request. Cesar agreed to contact his representative at Green to determine the next steps to make this system change.
Q1. Why does Gina perform regular audits such as the accounting of disclosure review?
Q2. Green Release Company is an external company providing services. Do you think Delaney Hospital and other -hospitals using their services should verify that Green Release Company's systems and processes follow HIPAA?
Q3. When Cesar contacts Green Release Company, how do you think he will approach the topic? What can Cesar do if Green Release Company refuses to make the updates to the system?