Communication Training and Curriculum Development

AoD Exercise...Question 1

  • 1.  AoD Exercise...Question 1

    Posted 12-24-2019 08:29 AM
    Marcia writes:
    If you find you have a REPORTABLE Breach- then it is true that you are notifying the individual as a matter of course. 
    Where do you house that letter?

    My response.  If you have a reportable breach, then as indicated in that phrase, the breach notification requirements are triggered.  This includes notifying the affected individual as described in the HIPAA regulations.  (Lines 2043 - 2114)

    I often find that organizations maintain folders, spreadsheets, databases, etc where they store scanned copies of the breach notification letters.

    ► We don't fail unless we quit! ◄
    --------Frank Ruelas---------
    SCCE Membership

  • 2.  RE: AoD Exercise...Question 1

    Posted 12-24-2019 10:01 AM
    In our software package (internally developed) we can create HIPAA notes and scan documents. We would scan the documents, prior to mailing, into the system attached to the individual whose information was disclosed. We do not keep paper records. Though we have summary spreadsheets pertaining to incidents, they generally do not contain detailed (individual level) information. Just summary like dates, counts, stuff like that. We definitely have separate electronic documents all about the incident, research, and resolution, that do contain detailed information about the individuals.

    Carl Russell
    Compliance Analyst, CHPC
    Delta Dental of Idaho

    Anything I say is my sole opinion and not of my company.

    SCCE Membership

  • 3.  RE: AoD Exercise...Question 1

    Posted 12-26-2019 09:49 AM
    We keep a numbered folder for each HIPAA case that contains all documents for that particular investigation. We scan the signed breach letter that was sent to the patient(s) in that file folder. I also keep a spreadsheet that mirrors the questions asked when reporting the  breach to HHS at the end of the year. This allows me to pull the info. very quickly as I wait until the end of the year to report for breaches under 500.

    Savannah Knuettel
    Compliance Officer
    Galen Medical Group

    The views expressed herein are my own and do not represent those of my employer or clients. They are not meant to constitute legal advice or create an attorney-client relationship.

    SCCE Membership