Whistleblower or Auditor…which is scarier?
In the news right now is the release by WikiLeaks of all sorts of classified government documents.
How did WikiLeaks get all of this information?
It appears an Army Private who was an Intelligence Specialist made copies of this information and is handing it over to WikiLeaks.
Why would he do this?
He didn’t get paid for this information.
Also recently in the Wallstreet Journal was a recount of a “Whisleblower’s Long Journey”. This article retraces a Glaxo-SmithKline manager’s journey to a $96 Million whistleblower payout.
The gist of this article is two-fold.
- This manager was doing the “right thing” in not letting the company cover up sub-standard medical manufacturing processes
- Anybody on your staff who knows that your company may not be fully compliant could become a whistleblower.
Add this comment from a lawyer, “We’re gearing up, we’re going to be very devoted to this topic”, and any medical practice that is not HIPAA compliant should be shaking in their boots at the thought of terminating an employee.
So the question is: would you rather have a HIPAA Auditor show up at your front door OR have a disgruntled staffer become a whistleblower?
HIPAA compliance is the law…a federal law.
The problem is, Health and Human Services (HHS) has laid out these regulations, stated the fines, yet very little action has been taken.
Why follow a law that isn’t being enforced?
As the HIPAA regulations are updated or as new laws like the HITECH Act are created…with each iteration, the fines become larger.
But until enforcement actually happens, many physicians are not moved by the talk of large fines.
The smart business people are taking action.
Just as a physician carries malpractice insurance just-in-case, so should a medical practice ensure they are completely HIPAA compliant.
For many offices, much of HIPAA is actually being implemented to some degree.
The challenge is, there is no formal plan they follow.
In its infinite wisdom, the HHS has created a complex web of regulations.
Just like when filing medical reimbursement claim, if you don’t have everything in order, you risk not getting the payment.
With HIPAA, you can have the best of intentions, but if you are not following the rules, you can be fined large sums of money.
If a disgruntled employee is aware of this, they stand to get a percentage of any fine the government lays upon your practice…it’s like they get a bonus for getting fired.
The smart move is to get HIPAA compliant as quickly as possible.