What´s HIPAA Breach Notification Rule?

1142 Words5 Pages

The HIPAA Breach Notification Rule requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission (FTC), apply to vendors of personal health records and their third party service providers, pursuant to section 13407 of the HITECH Act. . ("Privacy HHS.gov," n.d.) An example of this rule is a hospital disclosed protected health information to an employer about an employee without authorization. To correct the actions the Office for Civil Rights required the hospital to revise its procedures on patient authorization prior to release of protected health information …show more content…

She was a respiratory therapist who worked at a 72-bed hospital in Oregon; Ohio called ProMedica Bay Park Hospital. She “was authorized to access individually identifiable health information and protected health information of certain respiratory patients,” not of other hospital patients (McGee, 2015). She had accessed practically 600 patients protected heath information (PHI), but it topped out at 596 patients. During May of 2014, “ProMedica began notifying the affected patients that their records were inappropriately accessed between April 1, 2013, and April 1, 2014,” many of whom were frightened and had felt uneasy thereafter (McGee, 2015). The situation was made aware to U.S Department of Health and Human Services, who has since then posted her case onto their “Wall of Shame.” All healthcare professionals, whether it is the receptionists all the way up to the owner of the hospital, are going to have heard about HIPAA at some point in their employment. The punishment is pretty hefty, so that is probably why there are only a couple of cases with violations of HIPAA resulting in criminal severities. The legalities of breaching PHI “to a third party carries a jail term of up to 10 years in addition to a maximum fine of $500,000 if the disclosure is made …show more content…

Organizational managers are the ones who plan, organize, lead, and control what resources they have. On top of all of that, they are also responsible for enacting HIPAA into their day to day routine. HIPAA is clearly a huge deal, so the employees must understand what it is and what it entails so they do not turn out like Jamie Knapp. First off, the manager must teach employees about how to secure medical records. Not only do records need to be kept from people outside the workplace, but also from employees that aren’t authorized to see the information. The Small Business Chronicle states that “employees who handle health-related information must also maintain a log that details any release or transfer of information” (Symes, 2016). Obviously the records need to be kept in a safe place. If they are paper files, they should be kept in a filing cabinet which requires a key. If they are saved electronically, there needs to be a password in order to access the files. There needs to be a password to the computer workstation, but also a password that is used to access just the health information. A manager in the health industry needs to give training to all new employees about the company’s policies, rules, and regulation, but the employees also need training on HIPAA’s policies. If you don’t give proper training, and the employee discloses information, “you may be found liable for the disclosure and may then be sued by