The Health Insurance Portability and Accountability Act (HIPAA)

24/7 Homework Help

Stuck on a homework question? Our verified tutors can answer all questions, from basic math to advanced rocket science!

Write a comment,changes or additions you would’ve made differently. The Health Insurance Portability and Accountability Act (HIPAA) regulates Protected Health Information (PHI) such as the private, personal, and sensitive information found in patients’ health records in order to protect patient privacy (Furrow et al., 2015).

In the given scenario, the patient’s privacy was violated constituting a breach of the HIPAA Privacy Rule as the information given to her daughter met the required elements of involving PHI, involved a covered entity, and there was unauthorized use, access, or disclosure of PHI by a covered entity (Summary of HIPAA, 2013).

The PA released the patient’s private and personal information of the HIV results and other non-related medical information to the patient’s daughter, though clearly the HIPAA form stated to only contact the patient through her work number and no other person was listed as a permissible HIPAA confidant. This involved a covered entity as well as the PA was at work performing regular duties.

The PA was also in violation of Impermissible Disclosure (Human and Health Services, n.d.) by giving the test results, diagnosis, and concerns for follow up treatment to the patient’s daughter as well. Again, the daughter was not listed as a confidant and was contacted on a phone number that was not to be used to contact the patient regarding medical information.

In addition, the receptionist breached the HIPAA Security Rule and Privacy Rule by faxing the results, although unintentionally, to the patient’s place of work and without a cover sheet, thus disclosing the information to everyone in the patient’s work office.

The practice can be held vicariously liable for the actions of both the PA and receptionist as the scenario clearly meets the required elements of being employed by the institution, committing a wrongful act, and committing the act while at work within the scope of their employment (Furrow, et al., 2015).

These violations could have been prevented with regular HIPAA training and implementing procedures to decrease the chance that these actions could have been taken. For example, annual refresher HIPAA training could have been provided, listing only the phone number at which the patient wanted to be contacted, and programming the number to the Health Department into the fax machine or faxing electronically, again, with a pre-programmed number.

The consequences for these violations could include monetary fines ranging from $100 per violation and up to $50,000 per violation and $1.5 million per year (Hecker & Edwards, 2014).

In addition to fines, there could be future civil suits against the employees and the organization. As the Compliance Officer, I would propose the following remedial actions:

1. Suspend both the PA and receptionist until they complete a thorough HIPAA training program.

2. Initiate immediate HIPAA training for all employees and require an annual refresher training.

3. Implement pre-programmed numbers for the Health Department and other frequently used medical offices into the computer and/or fax machine.

4. Have the contact numbers and listed confidants clearly and easily accessible to employees and require the employees to check this information prior to calling any patient or giving any patient information over the phone.

Hire a competent writer to help you with

The Health Insurance Portability and Accountability Act (HIPAA)

troublesome homework