Sometimes, we just need to toot our own horn. We are pleased to note that EMR Legal remains undefeated going up against the Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”) in a complaint investigation brought by a patient.
The facts of the case were roughly as follows. Apparently, the provider, because of space limitations, had stored medical records in see-through containers in the employee restroom. The records were not locked up in a cabinet or other storage device, but the restroom was usually kept locked, and signs warned, “Employees Only.” A patient had to use the restroom urgently, saw the records, and complained to OCR. She did not look at the protected health information (“PHI”), and the data was not compromised.
Nonetheless, OCR opened a formal investigation, which could have resulted in a civil money penalty (“CMP”). With help from EMR Legal, who submitted a written response and the required documentation, such as the practice’s written risk analysis, OCR dismissed the complaint. It did suggest, however, that the practice take another look at this security issue to avoid a security incident that could compromise the data.
The lesson here is that, if you ever receive a letter from OCR opening an investigation into a HIPAA complaint, contact EMR Legal immediately. The fastest way to reach us is by email to jon@veteranspress.com and alice@veteranspress.com. The safest way to reach us is to email both of us in case one of us is out of town presenting seminars or conducting onsite consulting and training or presenting webinars. We want to help you. It is what we do.