HIPAA Violation

Many healthcare professionals and organizations have not been following the regulations set forth by HIPAA. Whenever violations of HIPAA’s privacy or security laws occur the organizations responsible must be held accountable resulting in a fine or penalty. Penalties provide incentive for organizations to guarantee patient privacy and security. Recently, certain people have failed to follow through with the laws and restrictions and were forced to accept the penalty. This paper will provide three real examples of such HIPAA violations as well as solutions or ways each violation could have been prevented.

1. Mrs. Smith had a pregnancy test. Mr. Smith called Mrs. Smith’s physician and requested a copy of Mrs. Smith’s test results. Can/Should the physician release the results of the pregnancy test to Mr. Smith over the phone? (Use law and ethics to defend your answer) Why or why not?

When the referral is received from a physician outside the healthcare provider’s network, paper medical records relating to the health issue are requested, including office notes and test results. After the patient’s paper medical records are received by the scheduling office, the scheduler manually reviews the records for the diagnosis and reason for the referral to determine how to appropriately schedule the office visit. For example, if the patient recently suffered a stroke, the patient would be scheduled with a stroke specialist rather than a general neurologist.

I would tell patients who inquire about passed patients would be that "I will find out where they are or what has happen to them" and will get with back with them. It is important for me not to release too much information because of HIPAA rules. Releasing personal or medial information without a written consent can get me in big trouble. If I know its a close friend I will ask the family if its ok for me to tell the patient who ask about their relative's condition or whereabouts. Its always better to ask for permission to release information that way your not breaking any privacy rules.

The HIPAA Rules require that when a HIPAA covered entity a provider, a plan, a clearinghouse or a business associate of a covered entity uses or discloses PHI, or when it requests PHI from another covered entity or business associate, the covered entity or business associate must make "reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request." (Duane Morris LLP , 2013) Under the HIPAA Rules, covered entities and business associates are required to identify which workforce members need access to what kind of PHI to carry out their job functions. In addition under the HIPAA Rules, covered entities and business associates are required to establish protocols that define the minimum necessary amount of PHI for routine uses, disclosures and requests, and how to apply the minimum necessary standard with respect to non-routine uses, disclosures and requests. Minimum necessary violations should be investigated and, if appropriate, reported according to the new breach notification rules. Business associates may be directly liable for minimum necessary standard violations. Covered entities may be liable for business associates' minimum necessary standard violations.

During this research, there has been a collection of data that had been connected to the instances of HIPAA violations within the United States. There are various cases that have been reported through patients and employees where very personal medical information has been exposed unlawfully for personal gain. These cases have not only put a company at reputational risk. But these cases can also place a patient and or healthcare company in a terrible financial stipulation. This thesis will include a series of charts and tables that describe the fluctuation of such cases involving different examples of HIPAA violations. Not only will there be data of these instances but there will be illustrations of how both patients and healthcare employees exemplify HIPAA violations. These cases will be verified from an external and internal evaluation. Suggestive protocol will be demonstrated to guide one along to ensure the possibility of another case of HIPAA violation is prevented. Protocols and examples are being credited by diverse information.

In any medical office the medical professionals have to be very careful not to violate HIPAA laws. To make sure these violations don't happen the MA needs to make sure that:

Aaron, you have demonstrated knowledge of Department policies and procedures and pose questions when concerns arise. You have demonstrated an understanding and practice of HIPAA laws as is evident in your ability to remain confidential with all investigations despite ongoing inquiries from those that are not authorized including Reporters and various family members. Aaron, you have demonstrated knowledge of the Department’s goals and also Division programs as evidenced by your investigative plans including requests for HCBS, assistance with Medicaid applications and reinvestigations, and care plan or provider changes. Many of these cases required follow up after case closure which you completed thoroughly. Throughout your hotline investigations,

Dr. Patterson’s office called to give patient Sara Martin her results, but her husband answered and asked to relay the message. As a doctor, she cannot give out patient’s information to anyone but the patient. In this situation Dr. Patterson should explain to the husband that information can only be released to the patient and; although he is the husband she would have to sign an information release form. If this information where to get released and she did not want anyone else to know , this would be a HIPAA violation and there can be fines to pay and may lose her

The article I found about a HIPAA breach in confidentiality involved a Walgreens pharmacist in Indiana. The pharmacist looked up the prescription history of someone her husband had previously dated. She then shared the information she found with her husband who in turn tried to use the information in a paternity suit. The lady whose information was accessed complained to Walgreens officials. As a result the pharmacist was given a written warning and required to retake training regarding HIPAA rules. The Marion Superior Court jury found Walgreen's responsible for the actions of their employee. They ordered Walgreens to pay $1.44M in damages and the Indiana Court Of Appeals upheld the decision. I looked on the Kentucky State website about

As a medical assistant, we all know that we commit errors daily, as well as other people. As a medical assistant, I know that it is very important to follow the rules and procedures to prevent any incidents from happening. All of us know that if failure to follow the rules correctly, it will or can lead to harm. One thing to keep in mind, is that we must always take advantage of all the advice our doctors give us, if not you will fail to keep your patients safe. It our responsibility as an MA to take precautions. Let me cite an incident about a medical assistant that committed an error on a physician.

TALKED TO ANGELA ABOUT THE CELL PHONE POLICY AND THAT SHE HAD ALREADY SIGNED IT. ALSO TOLD ANGELA THAT CELL PHONE IS NOT IS NOT TO BE UNDER THE COUNTER. MUST BE ON SILENT OR VIBRATE ONLY IN THERE POCKET OR PURSE. IF NEED TO CHARGE MUST BE IN THE BACK. IF IS A CALL THAT HAS TO BE ANSWER THEY CAN IN THE BACK WHILE THERE IS NO

The clinic should spend the necessary time and money on this process to extend the lives of the patients in our clinic.  It is worth the effort, and it comes at little cost to put the proposal into action.  Our patients and their

The assistant did not ask my mom to wash her hands or wear gloves; which I am sure I don’t have to remind you is a health violation. The most concerning part was when she did not have my mother wear any form of protection! The assistant took two x-rays while my mom was holding the piece in my aunt’s mouth, all without any protection. My mother is recovering from cancer and having her so openly exposed to radiation is frightening. This was a very unsafe and unsanitary situation. I was very appalled when I heard what had happened at your office today. This should not have happened; it was unprofessional and unsafe. I was going to call your office, but being as upset as I am, I decided to send this email instead. What occurred today at your place of business was unacceptable as it endangered the health of my recovering mother and caused inconvenience to my elderly aunt. It is my hope that this will not happen again to my family or any other family that chooses to use your dental services. My question to you and your associates is: What corrective action are you going to take not only for my aunt’s case, but also to prevent any future hazardous events for other patients? No patient should have an experience where methods are used that are dangerous and bring concern the family of the

You did a really good job on your post this week. The banning of phones on the units is an interesting topic. I have been on clinical rotations close to a year now and I hardly see nurses on their phones. I do not think nurses should be treated like kids in grade school. These are highly educated professionals that should know how to separate work from personal life. During my rotation this week, my nurse used several ways of communication to get hold of her physician, but was unsuccessful until she used her cellphone to text the physician. In my opinion, banning cellphones is not necessary. Thank you for sharing your