Case Study: HIPAA Violation

“Medical malpractice occurs when a hospital, doctor or other health care professional, through a negligent act or omission, causes an injury to a patient. The negligence might be the result of errors in diagnosis, treatment, aftercare or health management.” (Admin) One of the most common type of claims that pharmacies face are negligence claims. Negligence is one of the categories that falls under the area of law called Torts. In the Hundley v Rite Aid case, a tort was filed for injuries that were sustained by Gabrielle Hundley after she took medication from an incorrectly filed prescription. The case involved a jury trial verdict involving Gabrielle Hundley, a minor child, against Howard Jones, the pharmacist, and the Rite

For this week’s discussion I have read the article assigned this week regarding HIPAA violations. I will summarize the case against the physician and what the HIPAA law states. I will also discuss what the penalties are for a HIPAA violation and if this physician could have faced further charges.

HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs. Under HIPAA, patients have the right to access and control their health records. In order to safeguard protected health information (PHI, or patients’ individually identifiable information), health care providers must restrict access to the information and have patients’ permission to disclose it.

1. Mrs. Smith had a pregnancy test. Mr. Smith called Mrs. Smith’s physician and requested a copy of Mrs. Smith’s test results. Can/Should the physician release the results of the pregnancy test to Mr. Smith over the phone? (Use law and ethics to defend your answer) Why or why not?

The law that prohibits unauthorized access of patients charts is HIPAA. HIPPA is the Health Insurance Portability and Accountability Act of 1996. HIPPAS number 1 priority is to keep patients Health Medical Records protected and confidential.

When the referral is received from a physician outside the healthcare provider’s network, paper medical records relating to the health issue are requested, including office notes and test results. After the patient’s paper medical records are received by the scheduling office, the scheduler manually reviews the records for the diagnosis and reason for the referral to determine how to appropriately schedule the office visit. For example, if the patient recently suffered a stroke, the patient would be scheduled with a stroke specialist rather than a general neurologist.

I would tell patients who inquire about passed patients would be that "I will find out where they are or what has happen to them" and will get with back with them. It is important for me not to release too much information because of HIPAA rules. Releasing personal or medial information without a written consent can get me in big trouble. If I know its a close friend I will ask the family if its ok for me to tell the patient who ask about their relative's condition or whereabouts. Its always better to ask for permission to release information that way your not breaking any privacy rules.

The HIPAA Rules require that when a HIPAA covered entity a provider, a plan, a clearinghouse or a business associate of a covered entity uses or discloses PHI, or when it requests PHI from another covered entity or business associate, the covered entity or business associate must make "reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request." (Duane Morris LLP , 2013) Under the HIPAA Rules, covered entities and business associates are required to identify which workforce members need access to what kind of PHI to carry out their job functions. In addition under the HIPAA Rules, covered entities and business associates are required to establish protocols that define the minimum necessary amount of PHI for routine uses, disclosures and requests, and how to apply the minimum necessary standard with respect to non-routine uses, disclosures and requests. Minimum necessary violations should be investigated and, if appropriate, reported according to the new breach notification rules. Business associates may be directly liable for minimum necessary standard violations. Covered entities may be liable for business associates' minimum necessary standard violations.

When the referring PCP or specialist office faxes the patient’s medical records, one patient’s paper medical records can unintentionally become attached to another patient’s medical records, which is an example of a HIPAA violation of unwilling negligence (Iron Mountain, 2015). This can occur when several patients are referred to a specialist at the same time, and medical records for all patients are received through one fax transmission, requiring careful examination and separation of health records. To prevent paper medical records of one patient inadvertently becoming attached to the medical records of another patient when received by fax, all pages of the health record must be reviewed upon receipt and checked for the patient’s identification

In any medical office the medical professionals have to be very careful not to violate HIPAA laws. To make sure these violations don't happen the MA needs to make sure that:

HIPAA, which is the Health Insurance Portability and Accountability Act of 1996 give Blue Cross Blue Shield of Tennessee members’ rights to protected personal health information (PHI). The way HIPAA works is that it creates national standards to protect a person’s medical records as well as their personal health information (https://www.hhs.gov/hipaa/for-professionals/privacy/). Members are given more control over their health information and holds violators accountable with civil and criminal penalties that can be imposed if the member’s rights are violated. When employees are hired into Blue Cross Blue Shield of Tennessee, they are required to sign a confidentiality agreement adhering to the HIPAA laws making them accountable if any violations

What law prohibits the unauthorized access of patients charts? HIPPA Law (HIPPA) The Health Insurance Portability and Accountability Act. The HIPPA law was created to a national standard to protect all privacy of patient's personal health documents and medical records.

The therapist has to be ready for whatever the outcome of his decision may be. The biggest thing will be the breach of confidentiality, but he is protected by law. It is better for him to report the client to the 3rd party or official and nothing occurs, then to not report the client, and someone

BJACH, PAD HIPAA Compliance Officer (Mrs. Marshall) monitors compliance to Safeguarding Personally Identifiable Information (PII). The HIPAA Compliance conducts walk through on clinical section, utilizing a checklist that covers all areas of the practices. The HIPAA Compliance Officer uses the results of the inspections to give feedback to the clinics. In addition, the HIPAA Compliance Officer tracks or monitors on a monthly basis, all training within the facility and send out notifications when certificates are about to be expired.

If I was in Andrea’s position, I would not use my smart phone to video tape the seizure activity of the patient. Under no circumstances should any nurse utilize his or her smart phone for such procedure. Let me reiterate because some of the content of this post is similar to my previous discussion. In this scenario, it might appear that the nurse is insubordinate but she has that given right to advocate for her patient; this is what a prudent nurse would and should do. As for the HIPAA that was implemented in 1996, does this rule apply to Andrea? Absolutely, (Hebda & Czar, (2015, p. 235) stated that “the HIPAA Privacy Rule was crafted to protect the privacy of people who seek healthcare.” Andrea needed consent but