Incident Investigation Report

.docx

School

Lewis University *

*We aren’t endorsed by this school

Course

BSAN-676

Subject

Philosophy

Date

Feb 20, 2024

Type

docx

Pages

2

Uploaded by MajorMagpie4121

Report
Incident Investigation Report Three-Part Test for Determining PHI Protected Health Information (PHI) is determined by a three-part test: The information can identify a person. The information states the patient's past, present, or future physical or mental health or condition. The information is transmitted or maintained in any form or medium by a covered entity or its business associate. Test Part 1: Identifiers The document contains several HIPAA identifiers, including gender, age, and residence. These identifiers can be used to identify, contact, or locate a single person. Therefore, the first part of the test is met. Test Part 2: Health Information The document contains health information about the individual, specifically that the gentleman is scheduled for a sigmoidoscopy. This information pertains to the individual's present health condition. Therefore, the second part of the test is met. Test Part 3: Transmission by a Covered Entity The information was being transmitted by a covered entity, in this case, the nurse who is an employee of the healthcare organization. Therefore, the third part of the test is met. Breach Determination A breach is defined as the acquisition, access, use, or disclosure of unsecured PHI in a manner not permitted by HIPAA Rules In this case, the information fell out of the nurse's pocket and was read by a bystander, an unauthorized disclosure of PHI. Therefore, there was a breach (HIPAA Violation)
Four-Factor Risk Assessment The four-factor risk assessment is used to determine the probability that PHI has been compromised. The factors include: The nature and extent of the PHI involved, including types of identifiers, and the likelihood of re-identification. The unauthorized party who used the PHI or to whom the disclosure was made. Whether PHI was acquired or viewed. The extent to which the risk to the PHI has been mitigated. In this case: The PHI involved includes gender, age, residence, and health information. Given the small population of Anytown, Ohio, there is a high likelihood of re- identification. The unauthorized party is a bystander who found the document. The PHI was viewed by the bystander. The extent to which the risk to the PHI has been mitigated is unknown based on the provided information. Based on these factors, there is a high risk that the PHI has been compromised and must be reported
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help