Hipaa Violation

Course digest Rough Draft MGH HIPAA violation case Jennifer Brummage medical exami ground exam checkup Law and Ethics In the health disturbance business, there ar certain standards and laws that ache been displace in place to defend our long-sufferings and their in-somebody health randomness. When a health keeping facility fails to nurse their tolerants confidential selective education, the US governance may get mired and facilities may be forced to succumb huge sums of m stary in fines, and risk damaging their re dropation. The Health Insurance Portability and answerableness Act (HIPAA) was established in 1996.This Act was put into place in order to improve the capability and effectiveness of the health c atomic number 18 system. The HIPAA law includes a Privacy rule and a Security Rule. hospitals, Doctors, and employees in the medical field are expected to embrace the national standards and aim to keep patient information confidential. When a hospital or medical employee fails to fall in the standards preen, lawsuits can ensue and they can be fined deep sums of money relating to the sequent.The Privacy Rule establishes national standards to protect individuals medical drops and other someoneal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Privacy rule requires entrance safeguards to protect personal health information. The rule likewise gives patients rights over their health information, including rights to examine and obtain a copy of their health records.The Security protects individuals electronic personal health information that is created, received, utilise or maintained by a cover entity. The Security rule requires appropriate administrative, physical and practiced safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The Office fo r Civil rights (OCR) is responsible for enforcing the HIPAA standards. When a disorder is filed, it is the job of the OCR to investigate. OCR may also conduct shape retrospects to determine if the health organization is in conformation with the HIPAA laws.When the OCR accepts a complaint from an individual, they give nonify the person and the covered entity named in it. Then both parties forget submit information about the incident. The OCR will review the information to determine whether or not a violation has occurred. When violations yield occurred and have been proven, the US political science will impose a fine that they check appropriate. When Health organizations such a private medical practices, hospitals, and clinics fail to meet the standards described in the HIPAA act, investigatings, mischievousness press, and fines are surely to follow.There have been a total of cases in the past few age that have been investigated for HIPAA violations. One of the more rece nt and exceedingly publicized cases was that of momma General Hospital (MGH). On butt on 6, 2009 is was describe that an employee of MGH had removed(p) from the hospitals premises a brochure of documents that include the private healthcare information (PHI) of approximately one hundred and ninety both patients. The employee had removed the folder from the hospitals medical records room, so that she could bring her work home with her in order to complete some paperwork.The information that was included in these files were documents that had billing encounter forms that contained the names of the patients, their get out of birth, social security numbers, addresses, phone numbers, medical record number, the patients diagnoses and proposed course of treatment, their provider and the providers address and phone numbers. The folder also contained documents that included the practices daily office order of business for three days and the medical record number for 192 patients.The employee was aware that she was not permitted to remove this confidential information from the hospital premises. In doing so, she violated the HIPAA law. On March 9, 2009, the employee who removed the documents from the hospital was commuting to work on a underpass hire. According to the complaint that was filed, the employee had removed the folder containing the documents from her bag and placed them in the crapper beside her. The documents were not in an envelope and they were bound single by a rubber band. Upon exiting the train, the MGH employee left the documents on the subway train.The documents were never recovered. This incident was later reported to the Office of Civil rights (OCR) by a patient who was communicate by the hospital that his medical records had been disjointed by an employee and left them on a subway train. The One hundred and ninety two patients involved had been patients of the hospitals Infectious Disease outpatient practice, which includes HIV/ assi st patients. The item that the patients involved in this case were potentially AIDS patients, made the violation that much more serious.Investigators had to ware in to account that these people had their medical records lost, and in those records were their phone numbers and addresses and possibly their place of employment. If these documents overleap into the wrong hands, the potential for destroying the patients lives was very high. Had a person with malicious intent got ahold of their information, they could have harassed the patient and possibly spread their personal information around, which could have had devastating consequences. The Office of Civil Rights began their investigation of Massachusetts General following the March 2009 Complaint.Because of the potential violations that MGH faced, they concur to pay the joined State Government $1,000,000 to dissolve potential fines. MGH is one of the nations handsomest and oldest hospitals. The Hospital is highly regarded and respected, and many hospitals took notice when the investigation into potential HIPAA security law violations began. In addition to agreeing to pay the United States Government one million dollars, the hospital and the General Hospital Corporation agreed to peculiarity a Resolution Agreement with the United States incision of Health and Human Services (HHS).The agreement necessitate that the hospital develop and implement a wide set of policies and procedures to safeguard the loneliness of its patients. In write this resolution agreement, it was the HHS hope that other hospitals and clinics throughout the nation would recognize that the OCR is very serious about investigation every claim that is filed with them. The OCR wants other hospitals to see that if a violation has occurred and a patients secretiveness has been violated, there will be consequences.The OCR wanted to prove an eccentric out of Massachusetts General Hospital. In addition to the fines and the signing of the resolution agreement, OCR and HHS asked MGH to enter into a Corrective Action Plan. The HHR wanted the hospital and its employees to not only be held responsible and made an example out of, they also wanted the hospital to hike the awareness of its employees. The Corrective Action Plan (CAP) was knowing to develop and implement a comprehensive set of policies and procedures that ensure the patients private health information is protected whenRemoved from the hospitals premises. It was to ensure that the employees were trained and informed of the new policies and procedures so that future mis necessitates could be prevented. The hospital was also required to have the conductor of Internal Audit Services of Partners HealthCare organisation Inc. to serve as an internal monitor who will conduct assessments of MGHs compliance with the CAP and ply semi-annual reports to the HHS for a 3 year period. It was the mis render of one person that caused so many changes in MGHs system.It was a costly mistake, but ultimately is has helped the United States Government make hospitals aware that if the standards set are not followed then there will be consequences. The HIPAA laws that are set in place are meant to protect patients. Even the US Government and the employees of MGH are someones patients, and they would also want their privacy respected. Hospitals across the nation, private practices, doctors and healthcare facilities should take notice, they charter to make sure their employees are trained and informed of the policies and procedures regarding patients privacy and security.Every hospital in the nation should raise their own standards so that they are above the ones set for them. Patients will take notice and be appreciative and more trust when receiving care. In conclusion, this HIPAA violation could have possibly been prevented had MGH employ the Action Plan in the beginning. The hospital should have had a program that required all employees to take prio r to starting work with the hospital. Had the employee that left the documents on the subway been through a syllabus on HIPAA laws and the correct way of handling PHI, maybe the incident never would have occurred.Hospitals should hold a class as part of the hiring process to thoroughly train their employees on this issue. It could be used as a preventive measure and save the hospital from large fines in the future. References * FierceHealthcare. com, HIPAA violations. Feb 25 2011 (54198) * HHS. gov. News Release MGH HIPAA violation. Feb 24 2011 * US Department of Health and Human Services. HIPAA Law, July 19, 2011 * Zigmond J, advance(a) Healthcare, ISSN 0160-7480, 2011 Feb 28 Vol. 41 (9), pp. 13 * http//www. hhs. gov/ocr/privacy/hipaa/ mind/index. html