Discuss Hipaa
discuss hipaa
Hipaa Compliance| Things To Know About Breach Notification
What should your healthcare organization do if a nurse hands a patient someone else’s discharge papers but promptly discovers the error and retrieves the protected health information? Would it have to report as a breach of unsecured PHI under HIPAA notifications?
Well, it depends on the situation would not amount to a breach if the nurse can reasonably conclude that the patient could not have read or otherwise retained the information. But if the patient turned the corner and was out of sight for some time and the discharge orders included a sensitive diagnosis, say for instance HIV, and the facility was in a small community or the nurse had reviews the discharge orders with the patient – these could certainly trigger the breach notification requirements.
The breach notification requirements, which are required by HITECH act, apply to a breach of unsecured PHI that poses a significant risk of financial, reputational or other harm to the affected person. Securing electronic PHI requires encryption that meets HHS’ specified standard; but you cannot secure PHI in paper records. The rule however does discuss rendering PHI in paper records as unusable when the records are no longer required. Most people interpret this as requiring cross-hash-shredding or incineration.
The rule will help covered entities to determine whether a breach of unsecured PHI poses significant risk of harm to the affected individuals. If you realize that it does not pose such a risk, then you don’t have to report it. The risk analysis is a change in the regulation based on what’s in the HITECH act. If you do determine that a breach poses a significant threat, the facility needs to notify the affected individual. Apart from this, if the breach of unsecured PHI involves more than 500 individuals in any jurisdiction, then the facility also has to notify HHS media.
Discuss any violations of HIPAA privacy rule that may have occurred.?
Paula Patients attorney asks Dr. Bob for medical records about Paula’s car accident and promises to provide a written authorization from Paula later. Dr Bob gives the attorney Paula’s entire file, including her records about treatment for HIV. Discuss any violations of HIPAA privacy rule that may have occurred.
I am stuck on this part of my homework? Please help..
The written authorization from Paula should have been signed BEFORE the medical records were given to the attorney. The only part of the medical record that should have been given to the attorney were the ones pertaining to the car accident.
Commercial Compliance: HIPAA
