A recent $5,500 fine imposed by the Office of Civil Rights (OCR) on a North Texas dentist is the epitome of a camel’s-nose-under-the-tent storyline.
Said dentist had a patient upset that his PHI was displayed on the computer screen in an operatory for what he felt was an inappropriate amount of time. The patient filed a complaint with OCR, and a two-day investigation ensued.
The five-minute timeout on the computer screen wasn’t considered excessive. But the investigator discovered two significant violations. First, the Notice of Electronic Disclosure form was not posted in the office as required by law. That resulted in a $500 fine. In addition, the office had no HIPAA policies and/or procedures in place to protect their patients’ Protected Health Information (PHI). The fine for that was $5,000.
HIPAA and OSHA compliance share two traits. First, neither are optional; they’re the law. Second, a practice owner is one anonymous phone call away from an investigation. As you can see, complying with requirements pays long-term dividends.