Explore BrainMass
Share

HIPAA security breaches

This content was STOLEN from BrainMass.com - View the original, and get the already-completed solution here!

To date, a total of 804 large breaches of protected health information (PHI) affecting over 29.2 million patients' records have been reported to the Department of Health and Human Services since 2009.
You are the Corporate Compliance Officer for your health organization and you have just been notified that an unknown party has "hacked" the main computer server and your organization's PHI has been breached by the theft of several facility laptop computers. Over 5,000 of the patients your organization serves are impacted. As a result, you have to explain to the Senior Leadership, the Board of Directors, the affected patients, and the public:

[a] what you plan to do about the breach? And [b] how you plan to prevent this breach from reoccurring?

1. Define breach of PHI by the federal government's standards including what federal laws dictate the health care organization's responsibility to protect electronic health information.
2. Explain to Leadership and the Board how this breach was allowed to occur. In other words, what went wrong and why?
3. Define what course of action should be taken to notify the Individual patients affected and the public of this breach that would incur the least amount of panic. Include any federally mandated course of action.
4. Develop an action plan [including safeguards] to prevent a PHI Breach from reoccurring at your health organization. Include both electronic and paper safeguards.

I need this to be at least 3-4 pages with 4 APA format references...please!

© BrainMass Inc. brainmass.com October 17, 2018, 1:02 pm ad1c9bdddf
https://brainmass.com/health-sciences/issues-in-health-care-delivery/hipaa-security-breaches-599631

Attachments

Solution Preview

http://www.duanemorris.com/alerts/new_HIPAA_breach_notification_rule_may_prove_costly_for_HIPAA-covered_entities_4728.html
http://www.hipaasecurenow.com/index.php/blog/page/21/
http://www.hhs.gov/
http://www.dataprivacymonitor.com/enforcement/hhs-ocr-director-leon-rodriguezs-dialogue-on-hipaahitech-compliance/

1. Define breach of PHI by the federal government's standards including what federal laws dictate the health care organization's responsibility to protect electronic health information.

Breach of PHI as defined by the federal government standards that govern breaches are detailed in the Breach Notification Rule wherein healthcare organizations are mandated to provide notice to patients and others of a "breach," or disclosure of unsecured protected health information (PHI) if their organization is a covered HIPAA entity. A breach is represents protected health information within a healthcare organization that is rendered unusable, readable, or decipherable to unauthorized individuals. This breach can occur as a result of theft, internet piracy through the unsecured networks, and by malfeasance on behalf of employees.

The responsibility for healthcare organizations to protect electronic information begins with the Breach Notification Rule. In 2013, the federal government modified the definition of "breach" as well as the risk-assessment approach that healthcare organizations. To ensure that no breaches have occurred, the Security Rule requires healthcare organizations covered by HIPAA satisfy a number of general standards such as applying ...

Solution Summary

HIPAA security breaches are examined.

$2.19
Similar Posting

HIPAA Professional Writing

Annotated Bibliography
Mary Raju
06/29/15
Cheryl Hamilton

Natale, M. Samuel. 2008. Exceeding our grasp: Curricular change and the challenge to the assumptive world. Journal of Business Ethics, 83(2), 127-131. Retrieved from http://link.springer.com/article/10.1007%2Fs10551-009-0141-x#page-1

In "Exceeding our grasp: Curricular change and the challenge to the assumptive world" the author talks about a qualitative methodology to analyze assumptions as part of the culture and translations into ethical behaviors. The author argues that decision making is all the same and that the decisions create meaning. So the value of HIPPA is to help people guard and use health information appropriately. The article focuses on physicians. It links risk management and controlling the requirements of HIPPA together. It also manages to create ethical concerns and risk management into reasons for dissatisfaction or satisfaction among physicians. It calls for physicians to reexamine their own assumptions about the world and take actions that will reduce dissatisfaction while meeting the new demands of the field in terms of technology, rules, and ethics. While it does not focus specifically on HIPPA, it does put the act within a context of a broader scope of requirements that all have ethical and economic impacts on the lives and work of physicians, including HIPPA and the advancement of social insurance. This article uses only eight references. It is main value is in the linkage to other economic and risk management tools required or needed to day. This article supports my paper by providing that HIPPA is meant to protect from health insurance and health information being used without proper authority. Samuel M Natale is a professor and department chair of AU University. His target audiences for this article were physicians.

Maradiegue, Ann. (2002). Applying HIPAA to minors. Nurse Practitioner. Retrieved from http://www.medscape.com/viewarticle/456472_6

This article addresses the issues with HIPPA and the application towards minor patients. The article is older, but it does show some of the outstanding issues when dealing with health information and children. From the beginning of the law's creation, there has been the problem of privacy and a parent's right to access. Minors cannot always give consent for treatment without the consent of their parents. The article, while not providing empirical data or a deep study, does raise some issues for people who must follow HIPPA laws. A provider should have knowledge of not only HIPPA, but parental rights and state laws concerning both as they may be in conflict or not conforming in exactly the same manner. Disclosure to the parent was still allowed at all levels in the 2002 changes. This is particularly concerning if the parent is not the minor's legal guardian or other personal representative. It leads to ethical concerns about the rights of minors to have their personal information controlled by them, and what information the minor can access within the medical field. It also concerns who can have access to their information without their consent, and where confidentiality for minors actually stands. The author shows concern for the possibility of states creating more restrictive laws that HIPPA does not address or allows. This article support my paper by providing the difficulty for minors to obtain or access health services is a potential hazard to their health and society in the future, especially in terms of information regarding issues of teen pregnancy and choices the child may have. Ann Maradieque is a professor in the nursing department at George Mason University. Her target audiences were minors.

Jensen, K. Bradley. (2007) HIPPA, privacy, and organizational change: a challenge for management. ACM SIGCAS Computers and Society. Retrieved from http://www.cs.virginia.edu/~clc5q/publications/2008SIGCSE.pdf

With the changes and greater need for security, HIPPA provides some specific challenges for management and this spills over into the IT issues. Programs must be able to provide both the security and risk management making them tactical and operational, but they must also provide strategic aspects as well. For most companies, this requires an organizational change to bring together the needs of IT and security with management and their needs. The methodology of this article helps to define the need for privacy with patients, the security demands for IT, and the management needs for running the company. Managers may have to learn new ways to work with both the systems, who has access to the information, and how to use it within the privacy laws established by the state and federal governments. The interviews conducted for the study showed that security and privacy were more reactions to external concerns such as laws rather than being integrated as part of the ongoing business. Interviewees did not find the organizations proactive in terms of HIPPA concerns. This is an area that needs to be further studied and concerns and models developed to help organizations make the organizational changes needed before security becomes a concern. This article supports my paper talking about security breaches and companies can lose valuable information along with respect and clients when breaches occur. Bradley K. Jensen is a principal partner business at Microsoft. His target audiences were managers in this article.

Erin McCann. (2014). 4 year long HIPPA breach uncovered. Retrieved from http://www.healthcareitnews.com/news/four-year-long-hippa-data-breach-discovered.

In this article, "four yearlong HIPPA breach uncovered," the author talks about 1,000 of its patients are being notified of privacy breach discovered in random health system audit, that continued for four years in five-hospital in southeast Virginia. The practical nurse inappropriately accessed the records has had their employment terminated. HIPPA covered entities and, more recently, business associates can be fines up to $50,000.00 due to willful neglect that goes uncorrected. Entities could face $10,000.00 per violation due to willful neglect when the violation is properly addressed. This article support my paper privacy breach and looking at ways to improve monitoring program with more automatic flags to protect patients. Erin McCann is managing editor at Healthcare IT News. She covers healthcare privacy and security, meaning full use, ambulatory care and healthcare policy. Her target audiences were health care employee.

Chris Dimick. (2010). Californian sentenced to prison for HIPAA violation. Retrieved from
http://journal.ahima.org/2010/04/29/californian-sentenced-to-prison-for-hipaa-violation/
In this article, "Californian sentenced to prison for HIPAA violation," the author talks about how an immigrant access to celebrities medical records without knowing it's a federal crime. Hupin Zhou who is a cardiothoracic surgeon sentenced to federal prison for violating HIPAA. This article supports my paper by accessing confidential records without a valid reason or authorization. The authors target audiences were health care employees. Chris Dimick is an editor-in-chief of the Journal of American Health Information Management Association.

Along with my paper, the comparison of all three article talks about the role of HIPPA and who is responsible for patient privacy and security. The HIPPA law is to make it easier for people to keep health insurance, protect the privacy and safety of healthcare information and help the healthcare are industry control administrative costs. HIPPA is to protect the security and confidentiality of protective health information.

Reference:

Dimick,Chris.(2010). Californian sentenced to prison for HIPAA violation. Retrieved from
http://journal.ahima.org/2010/04/29/californian-sentenced-to-prison-for-hipaa-violation/

Jensen, K. Bradley. (2007) HIPPA, privacy, and organizational change: a challenge for management. ACM SIGCAS Computers and Society. Retrieved from http://www.cs.virginia.edu/~clc5q/publications/2008SIGCSE.pdf

Maradiegue, Ann. (2002). Applying HIPAA to minors. Nurse Practitioner. Retrieved from http://www.medscape.com/viewarticle/456472_6

Erin McCann. (2014). 4 year long HIPPA breach uncovered. Retrieved from http://www.healthcareitnews.com/news/four-year-long-hippa-data-breach-discovered

Natale, M. Samuel. (2008). Exceeding our grasp: Curricular change and the challenge to the assumptive world. Journal of Business Ethics, 83(2), 127-131. Retrieved from http://link.springer.com/article/10.1007%2Fs10551-009-0141-x#page-1

View Full Posting Details