Tuesday, September 13, 2011

Own the problem. Make it Right.

“Records are neither good nor bad. They just are. Records are neither good nor bad. They just are. Records are neither good nor bad. They just are,” muttered Hansel and Gretel as they reviewed the records of consumed children meticulously kept by the terrible Witch and contemplated their fate of swimming in the cauldron of boiling water.

I am asked all the time about building records programs and “dealing” with litigation proactively. I tell them REALLY clearly to refrain from managing information based upon what may be relevant in litigation, audit or investigation in the future. In other words, don’t architect a RIM program to proactively destroy what you think will hurt you down the road. Build a RIM program for maximizing business value. If something hurts you later on, your lawyers will need to deal with it later.

A pharmaceutical company scientist communicates in email about the efficacy of a drug compound, calling it into question based solely on her personal opinion but no science. Not the right place to question a drug compound efficacy (as drugs are always subject to lawsuits and this piece of evidence will no doubt be unearthed and serve as “proof” of substandard drug quality) but it now exists and may be relevant and discoverable down the road. Good policies, thorough training, and vigilant compliance efforts can deal with a lot of risk exposure but in the end if you hire knuckleheads, then they may hurt your organization.

I read a recent article in “Rolling Stone” magazine about the “The Catholic Church’s Secret Sex-Crime Files.” Among other things, the article is about what the church did wrong in hiding records of child molestation and covering up crimes by Church officials. What struck me about the article is that the author focused on the fact that the Church has kept meticulous files on so many molesters and how it covered up the crimes, over decades. Adding insult to injury, the Church has also kept the files in a place called the “Secret Archive”. This is example is not about faith or my beliefs on such a travesty - simply poor business practices.

You need to keep records of your business. You would want to track bad acts of your employees so you can correct behavior. You would likely keep records of claims made for harm caused by your business or its employees. But referring to the records you don’t want to expose to the world about child molestation and the cover up that ensued for years as “secret archives” makes you look like you know you have something to hide.

Whether a pharmaceutical company or the Church, good business is documented in good record keeping. Build it for transparency. Built it to support all the good business you do. And when records hurt the organization, don’t sweep it under the rug. Own the problem and make it right.

Thursday, September 8, 2011

HIPAA Violations - There Are Consequenses

“There are no consequences. There are no consequences. There are no consequences.” And soon thereafter the Wicked Witch of the West “witch slapped” the Kansas smile right off of Dorothy.

A guy was recently charged with violating the Health Insurance Portability and Accountability Act of 1996(HIPAA), which carries a maximum penalty of 10 years in prison, and a fine of $250,000.

As the story goes, confidential medical records were found in a dumpster which apparently belonged to Avalon Centers Inc., a former eating disorder clinic. The defendant is charged with taking the confidential records. However, he claims he did not look through the records that he took and that he did not take any patient files. So for his “innocent until proven guilty” attitude, he is being charged with improperly obtaining and disclosing individually identifiable health information.

Dorothy, Are You Kidding Me!