Chapter 9 Assignment

docx

School

Mountain Empire Community College *

*We aren’t endorsed by this school

Course

226

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

2

Uploaded by DukeLightningOctopus26

Report
Table data 1 HIM 226 02/08/2024 Chapter 9: Assignment Between January 1, 2013, and June 30, 2013, an employee at Montefiore Medical Center, a non-profit hospital system based in New York City, breached the protected health information of 9.35 million individual patients at the medical center. The medical center was notified by the New York Police Department in May of 2015 that evidence had been found of criminal HIPAA violations at the medical center. Patients’ protected health information had been stolen by an employee at the center. An investigation was launched revealing that the employee had unlawfully accessed the medical records of 12,517 patients, copied their information, and sold the information to identify thieves. Montefiore Medical Center notified the Office for Civil Rights about the breach on July 22, 2015. The OCR informed the medical center that they had initiated an investigation to decide whether the center was compliant with HIPAA Rules. During the investigation, OCR found that the center had failed to conduct accurate and thorough risk analysis for the potential risks and vulnerabilities to confidentiality, integrity, and availability of personal health information. The center had failed to implement procedures to review the records of activity in the information system and failed to implement hardware, software, or procedural mechanisms to record and examine activity in the information systems. Montefiore Medical Center chose to settle the allegations with no admission of wrongdoing and agreed to implement a corrective action plan which includes Conducting accurate and thorough assessment of the potential security risks and vulnerabilities to the confidentiality, integrity, and availability of all it’s personal health information; develop a
Table data 2 written risk management plan to address any security risks; develop and implement a plan to implement hardware, software, and/or procedural mechanisms that record the activity in the information systems containing PHI; review and revise their current Privacy and Security Rules policies and procedures; and distribute the revised policies and procedures to the workforce and provide training to them over the new policies and procedures. Reference: https://www.hipaajournal.com/montefiore-medical-center-malicious-insider-hipaa-penalty/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Zero Trust Discovery Questions.docx
DCS Vertiv Kick off.pptx
Group project- Assignment #1 (Part A).docx
Academic Security Policy Assignment.docx
Chapter 1.docx midterm.docx
Chapter 9 Case Study.docx
Chapter 8 Web Assignment.docx
IoT Product Development Group Project - Overview.docx
IoT Restaurant Product Development Group Project - Overview (2).docx
IoT Hospital Product Development Group Project - Overview.docx
IoT High Value Evidence Product Development Group Project - Overview (1).docx
IoT High Value Inventory Product Development Group Project - Overview.docx