Mercy Hospital and HIPAA Case Study
Evan Lee went to the emergency room at Mercy Hospital after he badly cut his hand on the job as a stock associate in a retail store. Evan's manager went to the hospital to check on Evan, but he had already been released. Evan's manager approached the nurse's station, identified herself, and asked for information on Evan's case.
The nurse on duty had only been on the job for one week. The supervising nurse had been called away from the station to deal with a critical patient. Unsure of what to do, the nurse on duty asked Evan's manager to wait until the supervising nurse returned. Evan's manager became emotional and explained that she was worried Evan would sue the store if he was badly hurt, and that she would lose her job. To help calm down Evan's manager, the nurse pulled Evan's file up on her computer screen and showed her the attending physician's comments on his case.
When Evan returned to work after a few days, he was beset with questions from his manager, who was curious about which medications were most effective for depression. When he confronted his manager, Evan discovered that his manager saw his electronic file and read that he was taking anti-depressants. In response, Evan contacted the Office for Civil Rights in the U.S. Health and Human Service Department to file a claim against Mercy Hospital for violating his privacy.
After investigating Evan's claim, the Office for Civil Rights determined that Mercy Hospital violated privacy rules and standards established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by unlawfully sharing his private medical information. These violations extended past Evan's case to hundreds of other patients. Mercy Hospital was fined $10,000 for non-compliance. In response to its HIPAA violation, Mercy Hospital took several steps to ensure its future compliance. These steps included notifying patients of privacy practices, training staff on proper procedure, appointing a privacy officer, and establishing safeguards against distributing patient information to unauthorized parties.
1.How does HIPAA serve to protect patient rights?
2.What areas of the organization did HIPAA compliance impact?
3.Do you agree with the fine levied against Mercy Hospital? Why, or why not?
1. How does HIPAA serve to protect patient rights?
HIPAA protects information your doctors, nurses, and other healthcare providers put in an individual's health record, conversations between doctors and nurses pertaining to your health conditions and treatments and billing information (Department of Health and Human Services, 2007). In other words, nobody can get your health information without written consent prior to the information being released. This information includes any personally identifiable information. Your health information cannot be used or shared without your written permission unless this law allows it. For example, without your authorization, your provider generally cannot give your information to your ...
HIPAA protects information your doctors, nurses, and other healthcare providers put in an individual's health record, conversations between doctors and nurses pertaining