One administrator issue that is very important to stay up to date upon is HIPPA, and how it regards privacy for patient information. “The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information” (para. 1). Administrators have a duty to protect the information that comes into their care from patients in that a patient has to be able to trust that the sensitive information that they are giving to any health care workers is not going to be treated inappropriately. An article by Erin McCann entitled “4-Year Long HIPAA Breach Uncovered” that discusses a very recent security breach that was determined to exist for a long period of time considering that entities are required to have security in place to prevent these types of situations from occurring.
Article Issue and Effect
The key issue in this article is the fact that there was an employee at a hospital that was accessing information that did not pertain to their position. According to McCann (2014):
From September 2009 through October 2013, a former Riverside employee inappropriately accessed the Social Security numbers and electronic medical records of 919 patients. Reportedly, the employee was a licensed practical nurse, according to a Daily Press account. The breach wasn't discovered until Nov. 1 following a random company audit. (para. 3)
It was determined during this audit that a licensed practical nurse had used her position at the hospital to access information that she did not actually need to complete her job. Protecting patient’s personal information is very important, and in this case, there is no explanation as to whether this information was used for nefarious purposes or not, but they did have to notify these patients of the breach. This is a pretty devastating effect in that it not only has put these patients at risk for identify theft, but it can also severely tarnish the organization. Patients may have a hard time trusting a hospital system that allowed such a lengthy security breach to occur, and this could result in patients opting to use another hospital system in their area.
Current Facts on Health Care and HIPAA Privacy Breaches
This was just one of the breaches that have been reported in 2013 for HIPAA privacy and security, and there are penalties and fines that can be accessed against these facilities that violate their patient’s privacy and secure information by allowing there to be breaches in their system. Patients are required to divulge a great deal of their personal information when they are being checked into a medical care facility that they entrust the staff to treat properly, along with their confidential medical records that should only be shared with those making medical care decisions based on previous tests and medical findings. Often, when these breaches are reported in the news it is some type of accident where the information breach occurs or willful negligence by employees. According to Rupp (2014), “Breaches can be attributed to something as simple as a stolen device — flash drives and laptops, for example – to unauthorized access or disclosure of information by health system employees” (para. 2). There is one conclusion that an administrator can come to no matter the reason behind the breach is that risk assessments need to be made more thorough to think of ways that patient’s personal information can be protected in these types of instances and others not thought of before a breach occurs.
Managerial Responsibilities Related to HIPAA Privacy
The managerial responsibilities related to HIPAA privacy are to make sure that all vital information of patients are protected. Clearly in this case it was not done properly, and now, each of these patients has to worry about where their financial, medical and other information may have ended up because of the breach. When patients come in to be seen, they sign HIPAA law requirement information that informs them of their rights and responsibility. In turn, when this is done it holds the hospital, doctor’s office or any other type of company that has access to patient or client information liable for that information if it is misused through their database or other collection methods. Administrators, managers and all staff that comes into contact with this information must be responsible for the information that they handle on a daily basis without forgetting that this is a person’s life rather than just some numbers and letters. It can be easy to forget that when constantly working with this type of information that this is very important to the person that gave it over. Administrators and managers should take it upon themselves to remind their staff of this fact.
Proposed Solutions
The licensed practical nurse in this case that violated the use of patient information was terminated after the breach was found, and this certainly does set a precedent that this type of behavior will not be tolerated. The key problem is that it took so long for the hospital system to determine that there was a problem in the first place. There are a few additional solutions that should be taken to help curb this from happening in the future. Administrators should be aware of the external security in place to help prevent hacking from outside of the agency. There should be a set requirement for how this information is taken outside of the agency and how it is secured within the agency, such as the hard drives and laptops in the other breaches mentioned. Also, information access should be limited to what an employee actually needs it for, such as nursing not having access to their patient’s financial data while administrative staff only has enough medical data to handle billing and coding purposes. This access should be tracked more thoroughly, and more often than random checks every couple of years.
Conclusion
In conclusion, a patient is required to give up their most personal information when they enter into a medical facility seeking care. They have to give their name, address, social security number, workplace, phone numbers and insurance information to a complete stranger that they have to trust has their best interests at heart and has been vetted by the organization. To help make patients feel more comfortable with offering this information, HIPAA was put into law. This may mean more security, policies and procedures that may make tasks more complex to help protect patient information, but as can be seen with these recent breaches, they are necessary.
References
McCann, E. (2014, January 2). 4-year long HIPAA breach uncovered. Healthcare IT News. Retrieved June 25, 2014, from
Rupp, S. (2014, January 28). Health IT Security Breaches: Thought Leader Predictions for What's Ahead. Electronic Health Reporter. Retrieved June 25, 2014, from
Understanding Health Information Privacy. (n.d.). U.S. Department of Health and Human Services. Retrieved June 25, 2014, from