Assignment - HIF Ch. 9
docx
keyboard_arrow_up
School
Saint Paul College *
*We aren’t endorsed by this school
Course
000489
Subject
Health Science
Date
Dec 6, 2023
Type
docx
Pages
3
Uploaded by ElderSalamanderPerson919
MEDS 1420-91:
Health Information Foundations
Name:
Alece Collins
Chapter 9:
Data Privacy and Confidentiality (30 points)
Associate Degree Competencies:
I.2
Apply policies, regulations, and standards to the management of information
II.1 Apply privacy strategies to health information
II.3 Identify compliance requirements throughout the health information life cycle
Instructions for Assignment
:
First, you will want to read Chapter 9 from your textbook and then
read/complete the following real-world case exercise(s) 9.1 and 9.2.
Please use MS Word (to type complete your assignment), save, and upload to the corresponding
drop-box within D2L by the due date/time as indicated by your syllabus.
Laurie A. Rinehart-Thompson, JD, RHIA, CHP, FAHIMA
Real-World Case 9.1
Health Insurance Portability and Accountability Act (HIPAA) privacy breaches are of great concern and
they occur too frequently. The Office for Civil Rights (OCR) in the Department of Health and Human
Services reported in December 2018 that a critical access hospital in Colorado reached a settlement
via a resolution agreement to pay $111,400 to HHS and to adopt a corrective action plan because it
allowed a former employee to have continued remote access to ePHI, affecting 557 individuals. No
business associate agreement had been signed with the former employee (HHS 2018b).
This case highlights that actions as simple as immediately terminating access to systems upon
employment separation can avoid breaches. Procedures that incorporated a routine termination
process would have prevented an incident of this nature.
The fact that this incident involved a critical access hospital, which is small by definition and in
comparison, to its multi-hospital healthcare system counterparts, demonstrates that breaches and
penalties resulting from breaches do not occur in large organizations only. Covered entities and
business associates of all types and sizes can commit breaches and be penalized for
them.
Real-World Case Questions
1.
Identify steps/strategies that a privacy officer could have taken to prevent this breach?
●
A privacy officer could implement policies and procedures and provide privacy training
and raise awareness among the health information professionals in the HIM
department.
2.
Articulate how would you have responded to the breach had it not been prevented at your
organization?
●
If a breach occurred at my organization I would investigate how and why the breach
happened. I would have contacted authorities or reported it to my supervisor
immediately. To avoid breaches in the future, if a privacy officer is not in the department,
I would hire a privacy officer who has a lot of knowledge with PHI safety and security,
would be able to train and ensure PHI safety to staff.
3.
Should small healthcare organizations be charged fines for non-compliance with HIPAA?
Justify your response regarding compliance requirements.
●
Of course, all organizations should be responsible for the safety and security of PHI. It
is important to keep records safe and secure at all times. If not, individuals' PHI can be
misused and get into the wrong hands. If this can not happen in a small health care
organization then it would be impossible for a larger healthcare organization to do the
same. Everyone should be held accountable when dealing with protected health
information so there are less data breaches.
Real-World Case 9.2
Anndorie Cromar is a medical identity theft victim. A pregnant woman used Cromar’s medical identity
to pay for maternity care at a nearby hospital. Because the infant was born with drugs in her system,
the state’s child protective services (CPS) assumed she was Ms. Cromar’s infant and threatened to
take Ms. Cromar’s four children away. It required a DNA test to get her name off of the infant’s birth
certificate, but years to get her health records corrected. “That first stage was the most terrifying thing
I’ve ever experienced in my life, getting the call from CPS and having them say, ‘We are coming to
take your kids’” (Andrews 2016).
Medical identify theft is not detected and stopped readily like financial fraud, where the bank or
credit card company calls when they see suspicious charges on a person’s account. Consumers
therefore need to be particularly vigilant about information that can be stolen to commit medical
identity theft: personal, medical, and insurance information.
Additionally, consumers should not post information about medical treatments on social media. A
criminal could use that information, along with other personal data located online, to create a complete
and accurate profile by which to exploit the victim. Once the perpetrator’s and victim’s medical
information are intertwined, it is much more difficult to undo than simple financial identity theft cases.
Further, because medical identity theft involves a person’s health profile, it cannot be shut down as
quickly as a credit card number can (Andrews 2016).
Andrews, Michelle. 2016 (August 25). The Rise of Medical Identity Theft. Consumer Reports.
https://www.consumerreports.org/medical-identity-theft/medical-identity-theft/
Real-World Case Questions
1.
As the health information supervisor in the above case, identify 2 strategies (not provided
above) that you can recommend to avoid becoming a victim of medical identity theft?
●
Never share your information on the phone or via email unless you initiate the conversation or
can verify that the person contacting you isn't a fraudster.
●
Shred old documents that have your personal information on them.
2.
Justify why should healthcare organizations be interested in financial identity theft?
●
Healthcare organizations should be interested in financial identity theft because if the victim
decides to sue, the organization will be held responsible by paying a huge sum of money as
compensation.
3.
Identify the potential impact/result of medical identity theft regarding a patient’s care?
●
The individual receiving care might get the wrong treatment and care. Which can lead to death
or serious injury. Also causing unnecessary charges to the patient if the treatment is
unecessary.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help