Please complete Case Study 4-7 - Investigating Privacy Violations in your Case S

Question

Please complete Case Study 4-7 - Investigating Privacy Violations in your Case Studies in HIM book. (McCuen, Charlotte, and Nanette B. Sayles. Case Studies in Health Information Management. Stamford, CT: Cengage Learning, 2014. Print)

The expectation is that you will discuss ALL of the question and the points of the law and how they apply. Once you have done that please explain how you would have handled this situation.

A few sentences will not be accepted. Please include citations.

Case 4-7 Investigating Privacy Violations:

There have been several potential privacy incidents reported to your facility in the past week. Your job is to investigate these incidents to determine if they are truly privacy violations. If there are violations, decide what should be done.

Research each of the privacy incidents described in the following list. Determine which ones are privacy violations. Determine to whom the privacy violation should be reported to and the timing required for the notifications.

The expectation is that you will discuss the question and the points of the law and how they apply. Once you have done that please explain how you would have handled this situation.

Identify the specific action(s) appropriate to address the following situations.

1. Some alcohol and drug abuse records were inadvertently left accessible via the internet. Fifty patients were affected.

2. A patient overheard a physician telling another patient’s family that the cancer has spread to the surrounding lymph nodes. The physician was talking in a low voice in a corner of the hallway.

3. A hacker accessed the lab system and viewed multiple records.

4. A single form from a different patient was sent to the requesting patient.

5. A computer was not logged off and a visitor looked up his mother’s PHI.

6. A monitor is turned toward the reception desk so that anyone who is walking by can see it.

7. A patient complained that his ex-wife looked at his record and told his girlfriend that he had human immunodeficiency virus (HIV).

8. A patient’s lab test was left lying out on the counter of the staff workroom. Staff were in and out of the room all day.

9. A patient’s radiology report was left lying out on the counter of the nursing unit, patients and their families walked by this counter and also came to the counter to talk to staff.

Explanation / Answer

1.The Confidentiality of Alcohol and Drug Abuse Patient Records (CFR Title 42: Part 2) regulation specifies restrictions concerning the disclosure and use of patient records that include information on substance use diagnoses or services.

2.Patient names and addresses are protected health information (PHI) under HIPAA and may not be shared without authorization from the patient.

3.Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well.

Through a careless mistake, someone releases information to the wrong patient. This sometimes happens when two patients have the same or similar name.

4.The Health Insurance Portability and Accountability Act is a federal law that restricts access to and use of a patient's health information. If a person suspects their privacy rights have been violated by a hospital, physician's office or other entity covered by HIPAA, they can file a complaint with the Office for Civil Rights.

5.Unprotected storage of private health information - A good example of this is a laptop that is stolen. Private information stored electronically needs to be stored on a secure device. This applies to a laptop, thumbnail drive, or any other mobile device.

9.HIPAA requires health care workers to protect patient privacy. Employees who do not comply can face disciplinary action. Privacy violations can occur in many different ways. A nurse and physician discussing patient information in a crowded elevator is a verbal violation of patient privacy. Faxing personal health information to the wrong number is another example of a privacy breach. Criminal penalties for wrongful disclosure can be as high as $250,000 and up to 10 years in prison. Healthcare workers are educated regularly on HIPAA guidelines.

In a world where identity theft is unfortunately common, access to patient information must be highly restricted. HIPAA prioritizes patient privacy.

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.