Hipaa Violation and Prevention
HIPAA Violation and Prevention
Many healthcare professionals and organizations have not been following the regulations set forth by HIPAA. Whenever violations of HIPAA’s privacy or security laws occur the organizations responsible must be held accountable resulting in a fine or penalty. Penalties provide incentive for organizations to guarantee patient privacy and security. Recently, certain people have failed to follow through with the laws and restrictions and were forced to accept the penalty. This paper will provide three real examples of such HIPAA violations as well as solutions or ways each violation could have been prevented.
In 2010, The Hospice of North Idaho, located in Hayden Idaho had a security breach compromising 441 patients’ health information. In the security breach, an unencrypted laptop containing patients’ information was stolen. After investigation, the Office for Civil Rights learned that the hospice did not have the adequate policies required by HIPAA law concerning technical safeguards in the Security Rule. The law stated that some form of encryption must be utilized in case any information is acquired by anyone other than the intended recipient, but the hospice did not have any, compromising private patient information. As a penalty for the 2010 incident, in January 2013, The Hospice of North Idaho agreed to a $50,000 settlement. The Hospice has also made significant improvements in its safeguards since the theft.
Initially, the hospice did have some policies in place in the organization to protect against violations but they were not sufficient. These include certain administrative and physical safeguards limiting patient information to only those who need it. However, the hospice failed to anticipate the possibility of theft and didn’t have any technical safeguards. Encryption should have been implemented because it would have made any lost information unusable, unreadable, and undecipherable. The physical safeguards weren’t adequate
Many healthcare professionals and organizations have not been following the regulations set forth by HIPAA. Whenever violations of HIPAA’s privacy or security laws occur the organizations responsible must be held accountable resulting in a fine or penalty. Penalties provide incentive for organizations to guarantee patient privacy and security. Recently, certain people have failed to follow through with the laws and restrictions and were forced to accept the penalty. This paper will provide three real examples of such HIPAA violations as well as solutions or ways each violation could have been prevented.
In 2010, The Hospice of North Idaho, located in Hayden Idaho had a security breach compromising 441 patients’ health information. In the security breach, an unencrypted laptop containing patients’ information was stolen. After investigation, the Office for Civil Rights learned that the hospice did not have the adequate policies required by HIPAA law concerning technical safeguards in the Security Rule. The law stated that some form of encryption must be utilized in case any information is acquired by anyone other than the intended recipient, but the hospice did not have any, compromising private patient information. As a penalty for the 2010 incident, in January 2013, The Hospice of North Idaho agreed to a $50,000 settlement. The Hospice has also made significant improvements in its safeguards since the theft.
Initially, the hospice did have some policies in place in the organization to protect against violations but they were not sufficient. These include certain administrative and physical safeguards limiting patient information to only those who need it. However, the hospice failed to anticipate the possibility of theft and didn’t have any technical safeguards. Encryption should have been implemented because it would have made any lost information unusable, unreadable, and undecipherable. The physical safeguards weren’t adequate
Cited: "29 USC § 502 - Bonding of Officers and Employees of Labor Organizations; Amount, Form, and Placement of Bonds; Penalty for Violation." 29 USC § 502. N.p., n.d. Web. 02 Jan. 2013. Ezold, Christopher. "GOVERNMENT MANDATES COULD COST EMPLOYERS HUGE PENALTIES." MELODIKA.net. MELODIKA, 02 Jan. 2013. Web. 02 Jan. 2013. "Fact Sheet 8a: HIPAA Basics: Medical Privacy in the Electronic Age." HIPAA Basics: Medical Privacy in the Electronic Age. N.p., n.d. Web. 02 Jan. 2013. McLaughlin, Jim. "Idaho Hospice to Pay HHS $50k in HIPAA Settlemen." Http://www.beckershospitalreview.com. ASC COMMUNICATIONS, 02 Jan. 2013. Web. 02 Jan. 2013. "News Release." HHS Settles HIPAA Case with BCBST for $1.5 Million. N.p., 13 Mar. 2012. Web. 02 Jan. 2013. Wong, Kimberly M., Lynn Sessions, and Ted Kobus. "State Fines Hospital For Patient Confidentiality Breach; Requires HIPAA Training For Executives." JD Supra. BakerHostetler, 12 Dec. 2012. Web. 02 Jan. 2013.