The Department of Health and Human Services Office of Civil Rights (OCR) is responsible for HIPAA regulations as well as enforcement for violations and penalties. The HIPAA journal provides daily information on data breach cases. OCR data breach cases are usually resolved with voluntary compliance through risk management activities/plan with only the most serious of beaches receiving financial penalties. Of the 450 data breach cases in 2016, 12 resulted in millions of dollars in financial penalties. The millions lost to data breach violations is money that the healthcare organization is unable to spend on increasing salaries for staff or improving quality care for patients.
What are the most common types of data breaches? Examples of accidental disclosure of patient’s protected health information (PHI) could be mailing our flyers with PHI, unauthorized access to PHI via an employee email, hacking of computer systems, loss of laptops containing patient information, or medical records found in dumpsters. The purpose of the discussion board is to understand, recognize, analyze and evaluate PHI data breach cases and their risk implications for local healthcare organizations.
Directions
Go to the HIPAA Journal website (Links to an external site.).
There you will find data breach cases posted by month and day.
In your initial post:
Based on your month of birth, select a data breach case from the HIPAA Journal website. In your initial post summarize and include the following information:
healthcare organization and location
type of service(s) provided by the organization
type of breach
time period over which breach occurred
number of and type of clients impacted
recommendation actions to resolve the case including any fines or penalties.
in conclusion, formulate an opinion on a risk management activity that could have been implemented to prevent the breach.
Identify a similar organization that might have the potential for the same type of breach that you identified in the case that you located. If you were employed by the similar organization, explain how you could use the case to assess risk for your healthcare organization.
For example: In August 2018, the New Mexico Department of Health experienced a breach of PHI when medical records in transit to a storage facility, fell from a truck and were found on the streets. If you worked at the Duval County Health Department this case can be used as lesson learned for the risk management department to re-examine the security and securing of medical records by its contract company that transports medical records.
