EPISODE · Mar 2, 2017 · 31 MIN
HIPAA Breaches & Desk Audits - Pharmacy Compliance Guide
from R.J. Hedges Podcast · host RJ Hedges
What is a breach? In simple words, the loss of patient protected health information, either printed or electronic. How common is breached within pharmacies? There are two types of pharmacies and pharmacy owners, The first are the ones who know they have had a breach The latter are the ones who have had a breach and don’t know about it How can I have a breach and not know about it? Simple, has your pharmacy clerk ever given a patient another patient’s medication? That is a breach Can you give me examples of breaches? Pharmacy is robbed and the will-call bin is stolen Pharmacy is robbed and the server is stolen Staff pharmacist has a laptop stolen The delivery driver has their vehicle is stolen which is full of prescriptions to be delivered Billing manager has a jump drive with patient files for billing to work at home and loses it on the bus What do I do when a breach occurs? First, don’t panic Get the facts Complete a Potential Breach Evaluation and a Risk Assessment Determine whether the breach is reportable or non-reportable to HHS/OCR Document everything What is OCR Desk Audits Tested in 2016 Launched on January 1, 2017 Notification via U.S. Mail and Email Also conducting no notice on-site inspections What is the OCR asking for? Notice of Privacy Practices (date must be after 07/01/2013) Risk Analysis Risk Management Plan Disaster Recovery Plan/Contingency Plan Annual Privacy and Security Assessments Random Policies and Procedures On-Site Inspections Same as above, but in person The first question is to the person at your counter, normally your clerk Can I have a copy of your Notice of Privacy Practice? They have to know the answer and provide the NOPP Penalties for Non-compliance Fines up to 1.5 Million Dollars Is there help available to pharmacies? Yes, but you get what you pay for You can buy a set of policies and procedures, but if you have breached, especially a reportable breach: Will the consultant stay with you when you need them the most? Will they charge you extra? Will they provide the correct advice? How do you know how to pick a consultant? Ask your peers Ask hard questions about how they have handled client breaches and inspections Do you get detailed answers from the consultant? Do you referrals from multiple people?
What this episode covers
What is a breach? In simple words, the loss of patient protected health information, either printed or electronic. How common is breached within pharmacies? There are two types of pharmacies and pharmacy owners, The first are the ones who know they have had a breach The latter are the ones who have had a breach and don’t know about it How can I have a breach and not know about it? Simple, has your pharmacy clerk ever given a patient another patient’s medication? That is a breach Can you give me examples of breaches? Pharmacy is robbed and the will-call bin is stolen Pharmacy is robbed and the server is stolen Staff pharmacist has a laptop stolen The delivery driver has their vehicle is stolen which is full of prescriptions to be delivered Billing manager has a jump drive with patient files for billing to work at home and loses it on the bus What do I do when a breach occurs? First, don’t panic Get the facts Complete a Potential Breach Evaluation and a Risk Assessment Determine whether the breach is reportable or non-reportable to HHS/OCR Document everything What is OCR Desk Audits Tested in 2016 Launched on January 1, 2017 Notification via U.S. Mail and Email Also conducting no notice on-site inspections What is the OCR asking for? Notice of Privacy Practices (date must be after 07/01/2013) Risk Analysis Risk Management Plan Disaster Recovery Plan/Contingency Plan Annual Privacy and Security Assessments Random Policies and Procedures On-Site Inspections Same as above, but in person The first question is to the person at your counter, normally your clerk Can I have a copy of your Notice of Privacy Practice? They have to know the answer and provide the NOPP Penalties for Non-compliance Fines up to 1.5 Million Dollars Is there help available to pharmacies? Yes, but you get what you pay for You can buy a set of policies and procedures, but if you have breached, especially a reportable breach: Will the consultant stay with you when you need them the most? Will they charge you extra? Will they provide the correct advice? How do you know how to pick a consultant? Ask your peers Ask hard questions about how they have handled client breaches and inspections Do you get detailed answers from the consultant? Do you referrals from multiple people?
NOW PLAYING
HIPAA Breaches & Desk Audits - Pharmacy Compliance Guide
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Jan 2, 2026 ·47m
Dec 21, 2025 ·46m