HIM dept breach

docx

School

University of Cincinnati, Main Campus *

*We aren’t endorsed by this school

Course

2015

Subject

Medicine

Date

Feb 20, 2024

Type

docx

Pages

5

Uploaded by MagistrateSkunkPerson851

Report
HIM Department Breach Courtney C. Miller Health Information Systems, University of Cincinnati – Clermont HCMT1005: Intro to Health Information Professor Jacob Schaefer September 22, 2023
In the scenario provided, the audit trail shows a few areas in which the privacy policy may have been violated. First, it is important to note the job duties and responsibilities of those who were reviewed within the audit. The coders involved in the review of the politician's chart are responsible for gathering pertinent documentation from various members of the healthcare team to assign appropriate diagnostic or procedural codes which are then used to submit for reimbursement (Medical Coder, 2021). A medical transcriptionist is someone who listens to healthcare professional recordings and transcribes them into reports that are uploaded to an electronic health record (Clevland Clinic, 2023), and a file clerk is responsible for organizing medical records using various methods such as scanning, uploading, or filing (Penn Medicine, 2022). Three of the five employees listed in the scenario were working remotely from home workstations. When working from home the risk of privacy policy violations is always present as the environment is not as controlled as a health care facility. The coder known as N. Northwest accessed the patient's record on October 16 th , the day the record was coded. He accessed and read the electronic health record which was appropriate as he needed to determine which information would need to be coded, he modified the encoder which is his job, and read lab and radiology reports which also is appropriate and essential for the coding position. The second coder, L. Easton, accessed the patient's electronic record the day after it was already coded and although there were no modifications made, is still a cause for concern as there was no reason for that to be done after the chart was already coded.
The transcriptionist, S. Southward, accessed the patient's records the day additional documentation was scanned into the electronic health record. The timing of the access isn’t necessarily inappropriate as the additional documentation could have been something needing to be transcribed. Southward read the electronic health record and made modifications within the transcription system which were both appropriate actions however the modifications made to the radiology reports were not. E. Downey, a file clerk, accessed the patient’s records on the day additional documentation was scanned into the system and did so from a nurse’s station. Downey accessed the record itself, lab results, and radiology reports but did not modify anything and simply read the information. The fact that the file clerk accessed this patient record the day after the record was entered is cause for alarm along with the location of the actions as typically file clerks do not have access to nurses’ stations. Lastly, W. Upton, another file clerk, accessed the record of the day additional information was scanned into the system which was appropriate as scanning the information is a component of the file clerk's job duties. Upton read the electronic health record which was an appropriate action and modified the tracking system which were both appropriate actions for the position. The first course of action that should be taken with even the slightest concern that there was a privacy policy violation would be to contact the organization's Privacy Officer. Once the concern is brought to the attention of the privacy officer, they must begin an investigation to determine if a violation occurred and if so the details of the violation. If the results of the investigation do indicate a privacy policy violation the privacy officer would notify the patient. However, in this case, since the patient is deceased, an appointed individual would be notified. In addition, the breach would need to be reported to the Office for Civil Rights per the Breach Notification Rule and must be done without hesitation (Alder, 2017). Those who violated the Privacy Policy should be terminated immediately and a training refresher should be provided to all staff. The Privacy Officer should also review the current
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
regulations within the organization to ensure those surrounding the privacy policy are clear along with the consequences that would take place as the result of a similar situation. References Alder, S. (2017, November 14). How to handle a HIPAA privacy complaint . HIPAA Journal. https://www.hipaajournal.com/handle-hipaa-privacy-complaint/ Cleveland Clinic. (2023). What is a medical transcriptionist? Cleveland Clinic. https://my.clevelandclinic.org/health/articles/25245-medical-transcriptionist Medical Coder. (2021, November 24). Important duties and responsibilities of medical coder . Medical Coder. https://www.medicalcoder.in/duties-and-responsibilities-of-medical-coder/ Penn Medicine. (2022). Medical records clerk in woodbury heights, new jersey, united states . Careers.pennmedicine.org. https://careers.pennmedicine.org/jobs/12879935-medical-records- clerk#:~:text=The%20primary%20purpose%20of%20the

Related Documents

CHLH 260 Quiz 3.pdf
Excel Capstone Project.xlsx
WEEK 4 SOAP NOTE NU623.docx
Mammography - A Special Imaging Method in Medical Radiology.pdf
Pediatric Development.docx
Synergy-Disc-Project-Part-1.docx
FoodPoisonCaseStudyCH.docx
3-2final.docx
Cardiology Case.docx
D027 CCM1 Phase3 3c Patient Tx Plan.docx
deliverable 1.docx
The Burning Clinical Question_PICOT Elements and Research Question.pptx