Violations
The Health Insurance Portability and Accountability Act of 1996 aims at regulating the protection and confidential handling of patients’ medical information. Health care, together with business associates, are required to develop and follow procedures to safeguard protected health information (PHI) (CDC, 2019). The case in this scenario covers violations under various federal laws and how they can be resolved.
Patients have a right to choose where to be reached at other than their home; this is called confidential communication requirements (HHS, 2020). When PA Jones disregarded the patient's instructions, called the home number, and then discussed the medical findings with the patient's daughter, she violated the patient's privacy rights. The other unrelated matters PA Jones discussed with the daughter were individually identifiable health information as they described the medical condition and identified the individual to his daughter. Such constituted another privacy violation. Sharing the lab results with the infectious disease office is permitted under permitted use of public interest and benefit activities. However, the accidental disclosure to office colleagues was another breach. Furrow et al. describe the easiness which computerization has made access to full medical records of patients (2015). Such makes the breach of privacy riskier and easier, as was the case in this scenario.
Delegate your assignment to our experts and they will do the rest.
Measures and Safeguards
ABC Medical should have privacy policies and procedures consistent with the Privacy Rule of HIPPA. It should have had mechanisms that promote intensive training of all new employees and monitor the existing workforce to ensure the establishment of a culture of upholding PHI. Staff should have been made aware of sanctions for the breach to make them be ever alert. The facility should also have established data safeguards that include access controls such as passwords and PINs to limit unauthorized access (HHS, 2013). Encryption of patient records would have prevented access to the data that was wrongly faxed by the office workers as it would have been opened only by those with a decryption key.
Federal Statutes and Regulations/ Consequences
The breaches by PA Jones and the receptionist violated Title II of HIPAA , which deals with the Privacy and Security Rule. This attracts civil money and criminal penalties. The penalties may not be imposed if there were reasonable circumstances, or there was no willful negligence, and the violation was corrected in thirty days (HHS, 2013). As such, having been recklessly disclosed to his colleagues and affecting the patient's reputation, monetary compensation is justified. High grounds have been set for criminal penalties such as voluntary disclosure, pretenses, and PHI use for monetary gain (HHS, 2013). These grounds are not available in this case; hence no criminal sanctions should be imposed.
The Federal Privacy Act of 1994 prohibits federal agencies, including federal hospitals, from disclosing confidential information in a system of records without the owner's consent. This will provide the patient with sufficient grounds to claim for various tort damages. Courts often use the Hippocratic Oath and the AMA Principles as sources for a common law duty of confidentiality (Furrow et al., 2015). The facility will cater to the damages due to vicarious liability due to the trend adopted by authorities to impose corporate negligence for failures to properly select and monitor physicians. Monetary damages will, therefore, be the suitable route taken to resolve this issue.
Remedial actions
I propose to the Office of Civil Rights to go for monetary damages and give the ABC facility guidelines to improve its data protection mechanisms. I intend to sanction the involved staff internally within the facility and come up with regular training programs that focus on HIPAA compliance. The supervisory personnel will apply for further training programs on HIPAA compliance currently offered by independent firms.
References
CDC. (2019). Health Insurance Portability and Accountability Act of 1996 (HIPAA) . Centers for Disease Control and Prevention. Retrieved July 23, 2020, from https://www.cdc.gov/phlp/publications/topic/hipaa.html
HHS. (2013). Summary of the HIPAA Privacy Rule . HHS.gov. Retrieved July 23, 2020, from https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
HHS. (2020). Your rights under HIPAA . HHS.gov. Retrieved July 23, 2020, from https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html
Furrow, B., R., Greaney, T., L., Johnson, S., H., Jost, T., S., Schwartz, R., L. (2015). Health Law , 3d (Hornbook Series). West Academic Publishing . https://www.vitalsource.com/products/furrow-greaney-johnson-jost-and-schwartz-health-furrow-barry-greaney-v9781634592567
