4004-1

profileyayi_tha84
HIPAA-VilaHealth.docx
Home>Nursing homework help>4004-1

HIPAA

The day after the medication error, B. Moore’s mother signs in at the front desk to get her visitation pass. As she is standing at the front desk, she overhears an inappropriate conversation between Ida Feeney, the unit secretary, and a nurse from a different unit of the hospital.

Ida Feeney and Brenda Turner

Ida Feeney: Did you hear about the Moore kid? It’s a good thing they caught that right away. She’s small for her age, and that insulin could have really done a number on her.

Brenda Turner: Jeez, how much did they give her?

Ida Feeney: Well, she wasn’t supposed to have any. But I forget the actual dose. I’ll look in the EHR later, but I think it was pretty high.

Brenda Turner: Wait, is it Belinda Moore?

Ida Feeney: Yes, why?

Brenda Turner: I think she’s in a gymnastics class with my daughters!

Now that you have observed this inappropriate conversation, answer the following questions about HIPAA regulations.

Question 1: Which regulatory agency is responsible for overseeing the HIPAA privacy and security rule?

Your response:

This question has not been answered yet.

Incorrect.

Correct Answer: U.S Department of Health and Human Services.

The Joint Commission is an independent regulatory agency. It is not part of the U.S. government, and it does not have the authority or responsibility to enforce privacy and security rules.

Incorrect.

Correct Answer: U.S Department of Health and Human Services.

While the DEA is a U.S. government regulatory agency, its purpose is not to oversee the HIPAA privacy and security rules. Its primary responsibility is to enforce controlled substances laws.

Correct!

The U.S Department of Health and Human Services Office of Civil Rights is responsible for enforcing the HIPAA privacy and security rules.

Incorrect.

Correct Answer: U.S Department of Health and Human Services.

While CLIA is a U.S. government regulatory body, its purpose is not to enforce the HIPAA privacy and security rules. CLIA’s purpose is to ensure laboratory testing quality.

Question 2: How would the health care organization’s privacy officer determine whether others who were not involved in the patient’s care had viewed her medical record?

Your response:

This question has not been answered yet.

Expert Response: Health care experts on the HIPAA privacy and security rules indicate the best way to determine whether a patient’s medical record was accessed inappropriately is to conduct file audits. These audits may include, but are not limited to:

· Random file reviews to determine who has recently accessed a patient’s medical record and if this access was warranted.

· Reviews of business associate contracts.

· Audits of disclosures in accordance with the privacy notice, along with the organization’s adherence to confidential communications protocols.

Question 3: Health care experts on the HIPAA privacy and security rules indicate the following as the most appropriate sequence to follow in addressing the potential HIPAA violation.

1. Meet with B. Moore’s mother to document the details of her complaint.

2. Inform risk manager of the potential violation.

3. Audit B. Moore’s medical record to determine who has accessed it during her stay.

4. Interview involved employees.

5. Determine whether any discipline is warranted.

6. Educate staff about the HIPAA rule.

Your response:

This question has not been answered yet.

Correct!

Investigations collect as much information as possible. Information and data collected in the investigation will help the privacy officer to determine whether an actual breach occurred, ensure that all aspects of the complaint have been examined, and minimize risks to the organization and the patient.

Incorrect.

Correct Answer: True

Investigations collect as much information as possible. Information and data collected in the investigation will help the privacy officer to determine whether an actual breach occurred, ensure that all aspects of the complaint have been examined, and minimize risks to the organization and the patient.

Question 4: Identify the most common penalties employees may face if they are found in violation of HIPAA.

Your response:

This question has not been answered yet.

Expert Response: Health care experts on the HIPAA privacy and security rules indicate that failure to comply with HIPAA may result in civil and criminal penalties. Violations of the law include those that are unknowing, reasonable cause, or willful neglect — both corrected and uncorrected. The most common penalties employees face when they are found to have violated HIPAA rules include:

· Monetary penalties ranging from $100 to $1.5 million.

· Prison sentences up to 10 years.

· Disciplinary action, up to and including termination.

Question 5: How would a privacy officer determine whether this is an isolated event or a trending issue? Why is this an important part of the investigation?

Your response:

This question has not been answered yet.

Expert Response: Health care experts on the HIPAA privacy and security rules recommended these best practices to determine whether potential HIPAA violations are isolated events or trending issues:

· Conduct random audits to determine whether this employee or others have been accessing the medical records of patients who are not under their care.

· Perform reviews of patient and family complaints.

Determining whether HIPAA violations are isolated events or trending issues is an important part of this investigation, because this information will reveal whether the health care organization needs to implement tighter security procedures. Likewise, it may need to do more to educate staff about HIPAA security rules. If the organization fails to take action to reduce the number of these events that occur, it could be subject to fines and penalties.

Question 6: Health care organizations may disclose patients’ medical information without their permission in all of following situations EXCEPT:

Your response:

This question has not been answered yet.

Incorrect.

Correct Answer: In facility directories.

A health care facility may disclose patient medical information directly to the patient once it has confirmed the patient’s identity.

Correct!

A health care facility must obtain the patient’s permission to publish his or her information in its directory.

Incorrect.

Correct Answer: In facility directories.

In certain circumstances, health care organizations are not required to obtain patient permission to disclose medical information. Reporting communicable diseases is one such circumstance. The reason for this is to protect the public health.

Incorrect.

Correct Answer: In facility directories.

A health care facility may disclose patient information for the purposes of payment, treatment, and operations. For example, the facility may submit claims for payment to insurance companies without the patient’s permission.

Question 7: Identify three covered entities that are subject to HIPAA compliance.

Your response:

This question has not been answered yet.

Expert Responses: Health care experts on the HIPAA privacy and security rules indicate the following as covered entities subject to HIPAA compliance:

· Health plans.

· Health providers.

· Business associates.

· Health care clearinghouse