Posted: August 15th, 2022

Patient Documents Security and Confidentiality: HIPPA Law

Patient Documents Security and Confidentiality: HIPPA Law
Computer Sciences and Information Technology
This assignment consists of two (2) sections: a written paper and a PowerPoint presentation. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for.

Health Information Technology (HIT) is a growing field within health services organizations today; additionally, health information security is a major concern among health organizations, as they are required to maintain the security and privacy of health information. The Department of Health and Human Services (HHS) provides extensive information about the Health Insurance Portability and Accountability Act (HIPAA). Visit the HHS Website, at www.hhs.gov/ocr/privacy, for more information about HIPAA requirements. In March 2012, the HHS settled a HIPAA case with the Blue Cross Blue Shield of Tennessee (BCBST) for $1.5 million. Read more about this case at www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/bcbstagrmnt.html. As an IT security manager at a regional health services organization, your CIO has asked for the following: an analysis of this incident, an overview of the HIPAA security requirements necessary to prevent this type of an incident, and a briefing for management on the minimum security requirements to be HIPAA complaint.

Section1: Written Paper

1. Homework help – Write a three to five (3-5) page paper in which you:

a. Describe the security issues of BCBST in regard to confidentiality, integrity, availability, and privacy based on the information provided in the BCBST case.

b. Describe the HIPPA security requirement that could have prevented each security issue identified if it had been enforced.

c. Analyze the corrective actions taken by BCBST that were efficient and those that were not adequate.

d. Analyze the security issues and the HIPAA security requirements and describe the safeguards that the organization needs to implement in order to mitigate the security risks. Ensure that you describe the safeguards in terms of administrative, technical, and physical safeguards.

e. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your written paper must follow these formatting requirements:

•This course requires use of new Student Writing Standards (SWS). The format is different than other Strayer University courses. Please take a moment to review the SWS documentation for details.
•Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the source list are not included in the required page length.

Unnecessary exposure of private information remains to be one of the most alarming and most likely source of conflict between a patient and their institution of care. Privacy of patient’s documents remains to be as important as the care the hospital gives to the patients medically. Therefore, privacy violations continue to be as unprofessional as just any other aspect of irresponsible caregiving within the medical field. The HIPPA law privacy and security standards has several important requirements for reducing and addressing breaches. The BCBST in 2012, was discovered to have over 57 unencrypted computers which contained patients PHI compromised. As such, over 1 million documents had been stolen from the institution’s storage facilities. PHI under the HIPPA Law is regarded to be identifiable health patient information that is stored maintained and often used under HIPPA guidelines. This paper reviews that BCBST was in direct violation of the 2009 Stimulus bill that placed additional responsibilities on the third parties with access to patient information for financial accountability, by categorically depriving the patient access and direct control to their medical record.
The PHI documents are be used by healthcare providers, to assess patient’s health, create a comprehensive health plan for the health insurer or personally by the patient when formulating various business or financial association within the real world. Loss of this documents was thus an extreme violation of the HIPPA law, since it compromised the security and privacy of their medical records depriving the patients their rights to use and control if their medical information and was directly in violation of the 2009 stimulus bill that categorically suggested and implemented the requirements for addressing breaches. It was identified through reports that lack of compliance to basic HIPPA laws would have even costed the company more than it the initial 1.5 million dollars. Nicastro (2012) identifies that “Instead, the health insurer agreed to a $1.5 million settlement with the Office for Civil Rights (OCR) over potential HIPAA security violations and spent another $17 million in breach response costs.” The basic requirements under the HIPPA law include policy mastering and implementation, training of staff in direct access to customer PHIs, regular monitoring and the conduction of risk assessment. BakerHolsteter (2012) identify that BCBST had not even encrypted a considerable amount of the PHI and tasked 800 of its employees to conduct the encryption process.
Further research identify that the regulators an the office of civil rights cited BCBST to be categorically slow in response to notify the OCR of the breach of data. additionally, they were not transparent in reporting the breach of data and their investigation was not widely and accurately documented to bring forth the root cause of the problem in the immediate aftermath of the breach (BakerHostetler, 2012). Key findings identify that there was a number of gaps and negligent conduct within the BCBST compliance program. Rodriguez, the director of the HHS Office for OCR stated that had the gaps in employee training with an up to date HIPPA law guidelines on how to handles confidential document the breach would not have occurred (HIPPA Journal). In the aftermath of the investigation it was revealed that some of the information leaked to potential fraudsters and other vices likely to take advantage of the patient’s lose of records were their social security information, Dates of Birth, Health plan numbers, contact information and their medical diagnosis codes. BakerHostetler (2012) identifies that BCBST had not categorically encrypted majority of the files but BCBST identifies that it had identified the significant amount of patients put at risk and corrective actions was taken to inform them. Within this regard, key areas of breach revolved around lack of compliance to guidelines and slow response to critical loss of data- implying to the general lack of security for patient’s documents.
HIPPA security requirements in this case revolved around the training of employees to familiarize them with the updated guidelines and additional regular monitoring of the general systems to identify the problem. The safeguards fell under three categories the administrative: to ensure training and regular assessment, technical which included encryption of the documents and physical surprise monitoring and limited access to PHI relative to amount of training offered to employees. Categorically, HIPPA identified that there was need for development and implementation of policies and procedures that incorporate risk assessment and a risk management plan (Kings and Spalding, 2012). This was to feature an elaborate list that highlights access and control of the facilities where documents are stored, and incorporation of physical safeguards that give additional oversight to software protocols governing the storage of the media files. Regular training of the staff was also a requirement for all employees with access to the e PHI files. Finally, Kings and Spalding (2012) identify that HIPPA Law in this context required surprise visits to ensure that all protocol and procedures were always followed at the BCBST facilities and an evaluation program that sampled all training, policy and procedure implementation process for all employees with access to the ePHI. This categorically was to be used to enforce and monitor the recovery process at the BCBST electronic storage facilities responsible for the oversight and management of patient PHI.
BCBST breached a great deal in HIPPA laws when it was robbed of more than a million records of PHI that contained secure and confidential patient records. They deprived their clients control and security over their medical records potentially exposing them to countless criminal activities. Additionally, they were in direct contravention of the 2009 Stimulus bill; an additional amendment to the HIPPA Laws that required monitoring, training and regular risk assessment of the program since they had not encrypted the files and had not given adequate and up to date training to their employees. Apart from this they recorded a slow response time to informing regulators of the breach. This were also the key areas that HIPPA implementers, the HHS under the civil rights office focused on addressing.

References
BakerHostetler. (2012). HIPAA: HHS settles violations related to breach for $1.5m | Lexology. Retrieved 13 January 2020, from https://www.lexology.com/library/detail.aspx?g=3b829226-2cd6-4599-a982-38f95c456c3f
Journal, H. (2012). Blue Cross Blue Shield to Pay HHS $1.5M for HIPAA Breach. Retrieved 13 January 2020, from https://www.hipaajournal.com/blue-cross-blue-shield-pay-hhs-1-5m-hipaa-breach/
King, & Spalding. (2012). HHS and BCBST Settle HIPAA Case for $1.5 Million | JD Supra. Retrieved 13 January 2020, from https://www.jdsupra.com/legalnews/hhs-and-bcbst-settle-hipaa-case-for-15-89763/
Nicastro, D. (2012). Experts: Lack of HIPAA basics cost BCBST $18.5 million – www.hcpro.com. Retrieved 13 January 2020, from http://www.hcpro.com/HOM-277726-6962/Experts-Lack-of-HIPAA-basics-cost-BCBST-185-million.html

Order | Check Discount

Tags: Computer Sciences and Information Technology, Patient Documents Security and Confidentiality: HIPPA Law