The Department of Health and Human Services, Office for Civil Rights (OCR) recen

Question

The Department of Health and Human Services, Office for Civil Rights (OCR) recently conducted complaint investigations and compliance reviews of TJW Healthcare and found them to be non-compliant in some areas of their operations. Four violations were found that were not due to willful neglect and the company was fined $400,000 ($100,000 per violation). What measures would you recommend for TJW Healthcare to ensure that so such violations do not occur in future? This question is deliberately open-ended because it is not stated where the violation occurred. This could have occurred on the CC side and/or in the cloud. In your answer, you should discuss how you would leverage the CSA with the CP to reduce the chances of this happening in future. Answers should be one to two paragraphs.

Explanation / Answer

As we know the health related information is a highly sensitive. TJW Healthcare might have been found non compliant with respect to these factors :

1. Leakage of Patient's Personal information: There might be a voilation that it is being leaked to the pharma companies, research firms,etc. Office for Civil Rights (OCR) must have noticed the same as it comes as a sensitive data and human right that medical history should be confidential. So TJW Healthcare might have been fined here. To ensure no such voilations occur in future, TJW Healthcare should keep this information in a secured database which could only be accessed by the authorized personnel only.

2. Vulnerabilities in Drug database : It might be that the drug database is not accurate and up to date which leads to serious health issues to the public. In case the drug database shows wrong information, the wrong drugs can be given to patients. This might have caused them fine. To avoid this TJW Healthcare should update their drug database and verify it is accurate. Periodic chceks are recommended as well as database should only be maintained by authorized personnel only.

3. Public clud used for storage : TJW Healthcare might have used the public cloud to store the sensitive healthcare information which will lead to fines. To avoid such situations, TJW Healthcare should ensure that the cloud used for storage is protected.

4. Unauthorized access to Patient data :It should only be accessed by the authorized persons only. There might be a possibility that unauthorized users like service desk, etc are able to view the patients medical data. This will lead to voilation of civil rights and lead to voilation. To avoid this in future, the proper user profiling and security on the database should be implemented. The access should be provisioned as per the user profile only.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.