HIPAA Scenario Security Assignment On HIPAA Incidents

HIPAA ScenarioSecurity Assignment On Hipaa Inci

Read through the description below, then use your knowledge of health information and healthcare systems to answer the questions that follow. Scenario: You are the HIPAA privacy officer at your facility. Last week you received a phone call from Dana, an LPN at your facility, who asked to file a HIPAA incident report. Dana reported that she believes her ex-boyfriend, Johnny, an EMT, is snooping in her electronic medical records. She explained that Johnny frequently transports patients to your facility’s emergency room (ER). During your investigation, you met with ER Director Lucinda Traverino, RN, who indicated that after a report is provided by an EMT on the transported patient, care is handed off, and the ambulance team departs. Since Johnny does not use the hospital’s system as an EMT, there appears to be no HIPAA violation from that activity. You logged the issue and closed it without findings. Later, you received a call from Ms. Traverino, reporting that Johnny also works part-time at the hospital as a Phlebotomy Lab instructor, working only a few hours a month. You confirmed Johnny’s last name is Yeager, and your investigation becomes more complex.

Paper For Above instruction

1. To confirm Johnny’s employment status at your hospital, you call the Human Resource department.

2. Johnny is confirmed as working as a Phlebotomy Lab instructor; you call the Information Systems department to determine if he has access to the computer system.

3. Since Johnny has a computer login and the investigation requires further data, you record the information so far in the HIPAA Investigation log before proceeding.

4. To learn Johnny’s work schedule, you contact the Laboratory director.

5. Using Johnny’s schedule, you request a security audit to find his activity in the computer system.

6. If the audit shows Johnny accessed Dana’s medical record, it indicates unauthorized access, which is a HIPAA security violation.

7. You examine Dana’s master patient index, which lists her account numbers, and analyze the audit findings to determine if Johnny accessed her information.

8. The purpose of the security audit is to establish whether Johnny accessed Dana’s Protected Health Information (PHI).

Following the investigation, you complete a HIPAA Incident Determination Checklist to evaluate whether an actionable violation occurred. Mark relevant questions, select the appropriate follow-up section (one or two), and provide your conclusion with a signature.

References

  • Furrows, R. E., et al. (2020). Healthcare Law and Ethics. Jones & Bartlett Learning.
  • Rothstein, M. A. (2019). Protecting patient privacy and confidentiality: Challenges and opportunities. The Journal of Law, Medicine & Ethics, 47(2), 237-241.
  • Office for Civil Rights (OCR). (2023). HIPAA Privacy Rule and Security Rule. Retrieved from https://www.hhs.gov/hipaa/for-professionals/security/index.html
  • Cohen, I. G., & Mello, M. M. (2019). HIPAA and the Regulation of Health Data. The New England Journal of Medicine, 380(3), 208-215.
  • McGraw, D. (2018). Building public trust in uses of Health Data. Nature Biotechnology, 36(1), 13-15.
  • HealthIT.gov. (2021). Security guidelines and best practices for Protecting Health Information. Retrieved from https://www.healthit.gov/topic/security-and-privacy
  • Gostin, L. O., & Hodge, J. G. (2021). US Public Health Law in the Age of Pandemics. JAMA, 326(4), 329-330.
  • Patil, V., & Kulkarni, S. (2020). Cybersecurity in Healthcare: Challenges and Solutions. Journal of Medical Systems, 44, 119.
  • Silvers, C. (2019). Ethical considerations in health information technology. American Journal of Bioethics, 19(6), 50-54.
  • Harvard Health Publishing. (2022). How Hospitals Protect Patient Data. Retrieved from https://www.health.harvard.edu

Related Assignments