Response to Compliance Management Scenario Compliance management in a complicated and ever expanding portion of the Health Information Management (HIM) field. As federal, state and local laws are created and revised, HIM professionals must stay current of not only the regulations but also the consequences of non-compliance. Along with federal, state and local laws, attention must be paid to the guidelines of various accreditation and credentialing bodies. Scenario Mistakes, Type of Violation and Preventative Solution There are several mistakes made in the provided Compliance Management Scenario. These mistakes include the nurse’s public announcement of the issue, Sue’s access of the chart to discover information about the patient’s diagnosis, …show more content…
This type of disclosure is an organizational violation, but could also lead to legal ramifications as well. Incidental disclosure of protected health information is not considered to be a “violation of the HIPAA medical privacy regulation provided the covered entity has applied reasonable safeguards” (Hatton, 2003) to help prevent them. This error also has the potential to cause distrust in the patient that the nurse is transporting, causing them to lose faith in the company. The nurse stopped Sue in the hallway (a public space), while transporting another patient, to tell Sue that there was an issue. The nurse made no attempt to keep the issue private and rattled of the details in front of the escorted patient, even though the situation was not an emergency or life threatening. This, in turn, lead to the incidental disclosure of Joseph Stevens’ health information. To help prevent this mistake in the future, Sue and the compliance officer should work together to institute training that educates employees on incidental disclosure and how to minimize the occurrence. Another aspect of this mistake, is that Sue did nothing to dissuade the nurse from continuing the discussion in front of the patient and in a public space. Sue should have invited the nurse to come to her office …show more content…
“A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.” (Office for Civil Rights (OCR), 2013) This definition accurately describes what took place in Mr. Steven’s situation. Sue should have taken the time to reach out to Mr. Steven, not only to inform him of the breach (which should also be done in writing,) but also to let him know that the situation was being handled in an appropriate manner. This would have helped Mr. Steven’s view of the practice and also may have helped him not to lose faith in the organization. Not notifiying the patient of the breach is a legal violation of the HIPAA law(s.) It is also an organizational
According to the US department of health services the most common HIPAA violation in hospitals is the impermissible uses and disclosures of protected health information. A prevalent scenario is when a health care worker accesses files of patients who are not under the worker’s care. Anyone that is not directly related to the patients’ health care or insurance is not allowed to access the patients’ health records. This can be prevented by having all employees participate in HIPPA training after a direct violation of the policy along with mandatory training before their employment. Another preventive measure is informing workers, upon employment, that electronic medical records indirectly allow for monitoring the use and misuse of patient files.
The act is meant to followed by the rules, but the state can change certain thing according to the way it believes HIPAA should be done. If someone were to commit theft, he or she would have to pay thousand in fines and be sentenced to ten years of imprisonment. The hospitals and medical institutes must call, mail, email, or use the media to inform the victims that his or her information is a risk. They will have up to 30 days to contact everyone involved or an additional 30 if he or she is having trouble finding a large number of people or if the police have to become part of the solution.
HIPPA Breaches A Common Legal Issue in Healthcare When it pertains to patient health information discretion is paramount. Protecting patients from threats that could endanger their rights is essential and the primary reason for safeguarding their personal information is to secure the interest of the individuals who are entrusting the organization with their information. There are however breaches to individuals’ private health information. In the healthcare field one common legal issue is HIPPA and data breaches.
1- HIPAA Enforcement rule became stricter Because of the lack of compliance from many covered entities with HIPAA privacy and security rules, the enforcement rule is procreated. The Department of Health and Human Services HHS is given the power by the enforcement rule to look for any unauthorized access of PHI (Protected Health Information) in any covered entity against HIPAA Privacy rule. In the same time the enforcement rule gave The Department´s Office for Civil Rights the qualification to apply a criminal charge as penalties against HIPAA violation and for a person who commits an illegal act, who fail to introduce corrective measures within 30 days. 2007: CMS announced the deadline for compliance with the National Provider Identifier (NPI) It is mandated by HIPAA, that all health care providers use their NPI, which is an individual identification number, to identify themselves.
Nurses and doctors take the oath to protect the privacy and the confidentiality of patients. Patients and their medical conditions should not be discussed with anyone who is not treating the patient. Electronic health records are held to the same standards as nurses in that information is to be kept between, and shared only with the immediate care team. HIPAA violations are not taken lightly nor are the violation fines cheap. Depending on the violation, a hospital can be fined from $100 to $50,000 per violation (National Nurse 2011 p 23).
Understanding HIPAA laws, following them and reporting violations safeguard confidential
Unfortunately HIPAA violations happen every year in our country. In fact, a situation happened in a New York-Presbyterian Hospital and Columbia University Medical Center on May 7th 2010. The HIPAA violation happened after the electronic health records of 6,800 patients ended up on Google for the world to see. The United States Department of Health and Human Services (HHS) who are responsible for HIPAA enforcement laws deeply investigated this case. It was discovered that a Columbia University physician who developed applications for New York-Presbyterian Hospital and Columbia University, attempted to deactivate a personally owned computer server on the network containing electronic protected health information (ePHI).
The hospital employee failed to keep protected health information secure and violated the patient’s privacy. Unauthorized information concerning the patients’ medical condition and treatment plan were released to an unauthorized contact phone number and person. Applying administrative safeguards to protect the organization's health information covers security objectives, such as confidentiality, which was breached in this particular case. The patient’s privacy rights and HIPAA law were violated because the health care organization provided an unauthorized disclosure and ignored the patient’s specific communication request. The patient had specifically provided an alternative contact number at her work, and the hospital failed to accommodate
HIPAA Violation rocks hospital! An employee at St. Charles Health system accessed over 2400 patients’ medical records over a two-year period because they were curious. We all know that curiosity killed the cat and now it may have direr consequences for this curiosity seeker and the hospital system. HIPAA Violation without intent to commit fraud The employee who viewed the protected health information (PHI) without a legitimate reason to do so is in jeopardy of large civil fines, loss of their respective clinical license and criminal prosecution.
There was an obvious breach of duty by the nurse who was doing a procedure on the wrong patient. The nurse should have correctly identified Dr. McKey before continuing with the enema.
Code Black If you have ever been to the ER for a non-life-threatening emergency, then you are aware of the long wait times associated. This is a common complaint amongst patients and many do not understand the reasons behind it. Code Black is a documentary that attempts to show the drawbacks of our current health care system by taking viewers into a public hospital.
The nurses and faculty that violate the privacy rule will face severe consequences such as civil and criminal penalties. For example, when violations occur, $100 to $25,000 per year will need to be paid off depending on the situation. Not only that, but going to prison can also be added depending on what and how the information was released (Wimberley et al., 2005, 489). Taking the time to correctly deliver the process of not releasing confidential information is needed, so there wouldn’t be any consequences or violations to the privacy
The code of ethics is important—providing nurses with the knowledge of exactly what to do in certain situations. The code of ethics for nurses make the nurses’ job easier because the provisions promote knowledge, team collaboration which makes caring for patient almost effortless. In contradiction, the third provision states imply that “nurses advocate for, and protects the rights, health, and safety of the patient” (Lachman et al., 2015). The third provision could present with a dilemma when it comes to whistle blowing. Whistle blowing is described as “telling the truth about individuals or systems that are harming or potentially could harm patients, regardless of personal outcome” (Hopper 2011).
These mistakes include the nurse’s public announcement of the issue, Sue’s access of the chart to discover information about the patient’s diagnosis,
A breach in security can cost healthcare organizations thousands of dollars. A failure in the measures implemented to protect electronic health information can also affect the healthcare organization patients. A data breach compromises patients name, address, social security numbers, as well as patient treatment information. Patients are put at risk of experiencing insurance fraud and identity theft. Per Aggarwal, Jamsed, Ozair, and Sharma, Prime Health Care Services Inc., paid $275,000 to settle a federal investigation for a violation of patient privacy (2015).