Denise Schuler
HCS 533
January 19, 2015
Dr. Kevin Lett University of Phoenix
Security and Privacy Case Scenario 1
Protecting patient privacy in health care is more than a moral obligation it is the law. The law requires heath care facilities and providers to have measures in place to safeguard against a security breach of all patients’ protect health information. Health care organizations and providers have to face the fact, violations of protected health care information happens, knowing how to minimize the opportunities for violations and breaches in security are key. This paper will review a security breach scenario from St. Joh’s Hospital (University of Phoenix) and address how companies’ …show more content…
In particular, the moral principle of personal autonomy suggests that individuals have the right to control all matters related to their own body, including their personal health information. This directly translates into public expectations and legal requirements that health care providers shall secure the privacy and confidentiality of patients ' health records" (Kamoun, 2014). At first consideration, one may think, all St. John’s need is to shred the reports, and problem is solved. A shredder is a good place for management to start; however, it is not all that the organization must consider. St. John 's Hospital needs to perform a risk assessment as identified in "the Problem" section of this paper. The organization also needs to review the policies and procedures, develop and provide updated employee education on HIPAA, security breaches, what to do if a violation occurs, and the organization and department managers should reintroduces the organization 's code of ethics, identifying the employee 's moral and legal obligations. The manager must also have a clear, comprehensive management plan to ensure continued PHI …show more content…
Managers are responsible for holding mandatory employee education on a routine basis, this should include new employee orientation, changes to policies and procedures, changes to HIPAA and other federal regulations and how to deal with data safeguards and security breaches. Another important part of a manager 's responsibilities should include a walkthrough of the department, looking for potential areas where PHI could potentially be vulnerable to others who have no reason to see it. This will ensure no PHI is subject to employees, vendors or customers that do not have a need to utilize or view the data. The management plan must also contain a process to address security incidents to use in future prevention planning (Coons, JD, 2001). One important process to include is the beach notification requirements where the organization is required to notify affected individuals of such a breach and dependent on the number of persons affected there may need to be media announcements and inform the Secretary through HHS at http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html. It is also to note that covered entities are required to comply with specific administrative requirements by providing proof of written policies and procedures regarding breach notifications and employee