Sanction Guidelines for Privacy and Security Breaches

CHICAGO, May 5, 2009—Numerous reports about healthcare privacy and security breaches have thwarted efforts to build the consumer trust that is needed for health reform. It is critical for organizations to uphold the confidentiality of the health information they create and maintain, but sanctions for these breach incidents range from gentle reminders to unspecified disciplinary action to termination of employment or contract, according to the practice brief  in the May issue of the Journal of AHIMA.

Sanction Guidelines for Privacy and Security Breaches brings awareness to the need for a united industry message of seriousness and responsibility toward the handling of breach events. It offers recommendations for the internal application of sanctions related to information privacy and security breaches and methods for sanction management within organizational policies.

This article discusses how sanctions should be categorized according to the nature of the privacy or security incident for reporting purposes, trending and corrective action determinations. Also included are two sanctioning models that demonstrate categories and mitigating factors:  

• Categories of privacy incidents- Creates categories defining the significance and impact of the privacy or security incident to help guide corrective action and remediation steps.
• Multifactor model- The organization takes corrective action and bases remediation on the highest level of category indicated. A chart identifies three categories of severity across four areas of risk.

Additionally, recommendations are listed to clearly define key terms and policy and procedure directives and expectations within sanction policies.

 Read the complete practice brief in the May issue of the Journal of AHIMA or online at journal.ahima.org.

About AHIMA

The American Health Information Management Association is America’s leading professional society whose mission is to “improve healthcare by advancing best practices and standards for health information management and [serve as] the trusted source for education, research and professional credentialing.” AHIMA represents more than 53,000 specially educated HIM professionals who serve healthcare and the public by managing, analyzing and utilizing data vital for health system management. www.ahima.org