Free Essay

Hippa Is Being Violated on a Daily Basis

In: Miscellaneous

Submitted By arbyarse1016
Words 1749
Pages 7
Running head: HIPPA IS BEING VIOLATED ON A DAILY BASIS

HIPPA is Being Violated on a Daily Basis
Anita Byarse
Axia College
Effective Persuasive Writing
Com 120
Carolyn Parker
Jul 23, 2006

HIPPA is Being Violated on a Daily Basis

On June 14, 2006 I went to the doctor’s office to pick up a friend and while I was sitting in the waiting area a woman came in and went to the front desk to check in. After a few minutes she was called to the back and when the ladies behind the desk seen that she was no longer in the waiting area they began to discuss her personal business. Need-less to say by the time I was ready to leave I knew the ladies name, what type of insurance she had that she owed them some money, what she was being seen for and I also knew just by how they discussed her that she was a regular there and not very liked. The whole time that I was there no-one bothered to close the privacy window and they discussed this patient’s information openly not caring if someone over heard them or not, which brings me to my point. HIPPA is being violated on a daily basis. One may be asking what is HIPPA and how does it work?

HIPPA stands for Health Insurance Portability and Accountability Act. HIPPA was signed into law by President Clinton on August 21, 1996 and went into effect on April 14, 2001. Prior to HIPPA there was no uniformity; rules and regulations varied from state to state and even from one healthcare organization to another. HIPPA requires that medical providers take steps to keep our health information private. It also requires that you are informed how the information that is gathered, how it is used and what some of the limits are as to what can be done with this information.

We will be discussing ways in which HIPPA is being violated and how you can take steps to ensure that your rights are not being violated and that your not violating someone else’s rights. More often then you can imagine Private Health Information (PHI) is being given out either by phone or in person and no-one seems to be verifying if this information can be given out or not. This may be due to a lack of concern, time, knowledge or maybe even training. Whatever the reason it could be your information or maybe even mine that is being given out so freely. An authorization form should be in your records giving an exact description of the information to be used or disclosed, the name or class of individuals who are authorized to use or disclose this information (Nawrocki, J., Journal of Health Care Compliance Nov/Dec, 2001). No-one should be giving out your records, test/lab results or discussing your diagnosis if you have not given them permission to do so. But if you think about it how often do you see that person behind the desk check to see if there is a consent form? We are not taking the time to ensure that we do not violate someone’s rights. Nor are we doing what it takes to make sure we are keeping their PHI private.

Many people do not realize that by not disposing of PHI correctly they are in violation of HIPPA as well as Federal Law. All printed information containing confidential information must be burned or shredded prior to disposal. This information is supposed to be kept in secure containers and not accessible to the public. But I see it day in and day out paper with PHI on it thrown into a regular trash can. Anyone can get a hold of this information and use it resulting in identity theft or maybe even fraud. Plus you run the risk of having a lawsuit brought against you or the company you work for. Here are a few examples of this type of violation. According to Salyer (2000) two health care organizations in Washington State were found discarding medical reports in unlocked dumpsters. Among the information found by reporters were patient’s names, addresses, social security numbers, and detailed descriptions of sensitive medical procedures. Another example according to Nerl & Wlazelek (2002) police in Wilson, Pennsylvania are investigating why medical records (including original copies of lab reports, drug reports and doctor’s examination notes) from Easton Hospital were found on the streets of Allentown, PA. All of the records had patient names and many included addresses and phone numbers. A hospital official stated that an internal investigation revealed a suspect or suspects responsible. If we would only take the time to properly dispose of paper that we know contained PHI all this can be avoided.

To give you a better understanding Private Health Information (PHI) is anything that contains your name, phone number, Social Security number, medical diagnosis, or any personal information about yourself. According to HIPPA all PHI is suppose to be kept in a secure location (your car or home is not considered secure because someone other then yourself may have access). But more often then not physicians as well as employees have been known to take PHI home. When I asked my coworker Penny why she took this information home with her she stated “I’m not able to finish it all before I get off so I take it home so that I can stay caught up.” Even though it is a violation of HIPPA it still happens. You may wondering what harm is it in taking this information home? Well, consider this, the information could be lost, if someone gets a hold of that information and reads it the persons whom information is being read has just had their privacy rights violated. We have to put ourselves in the other person’s shoes and ask ourselves would we want someone we do not know reading our PHI.

That brings me to my next point; employees should not be able to access other employees PHI unless it is necessary for them to do their job. (Vogt, 2004) Plus according to Vogt (2004) employees should not have access to their own electronic medical records but should instead be required to follow the same process as any other patient seeking access to his or her records. This can be prevented by restricting access to where PHI is being kept, designating only certain personnel access to where this information is being kept, and keeping a log of where someone’s PHI is being taken. As I stated earlier it is a violation of your privacy rights if someone who is not authorized to do so reads your PHI. And if you were to find out that this has been done then you could file a lawsuit against the person or persons responsible. Then if the knowingly obtained and disclosed your personal information they could face fines or imprisonment if found guilty. Look at this: a psychiatrist from New Hampshire was fined $1,000 for repeatedly looking at the medical records of an acquaintance without permission. (1999) Then according to Sink (2002) a jury in Waukesha, Wisconsin, found that an emergency medical technician invaded the privacy of an overdose patient when she told the patient’s co-worker about the overdose. The co-worker then told nurses at West Allis Memorial Hospital, where both she and the patient were nurses. The EMT claimed that she called the patient’s co-worker out of concern for the patient. The jury, however, found that regardless of her intentions, the EMT had no right to disclose confidential and sensitive medical information, and directed the EMT and her employer to pay $3,000 for the invasion of privacy. Another case according to Slevin (1999) a Washington DC jury ordered a local hospital to pay $25,000 for failing to keep a patient’s medical records confidential. Co-workers learned of the victim’s HIV status after an employee at the Washington Hospital Center revealed information in his medical record.

The last point that I would like to make is be aware of your surroundings when discussing confidential or PHI. The break room or cafeteria is not the place to be holding a conversation about someone’s PHI because you do not know who could walk up on you while this is being done. Always discuss any information behind closed doors and never in an open area. You have to keep in mind that someone may overhear your conversation and know the person of whom you are discussing.

In this day and time when we have to worry about identity theft and fraud we should have a peace of mind in knowing that whether on the job- or at your doctors office everything is being done to make sure that your PHI is being protected. HIPPA is being violated on a daily basis and many people do not even realize it. If we would take a little more time and be more conscious of what we are doing then fewer mistakes would be made. So my question to you is what are some steps you can take to make sure that you comply with HIPPA and that you’re not violating someone’s rights?

References
Nawrocki, J. (2001, Nov/Dec). Complying with consent, authorizations, and notice under HIPPA. Journal of Health Care Compliance, 3, p41, 3p 1bw. Retrieved June 20, 2006, from EBSCOhost database
Nerl, D., & Wlazelek, A. (2002, August 8). Patients' privacy breached. The Morning Call, Retrieved June 21, 2006, from http://wwwlhippa.com/examples.html
Salyer, S. (2000, June 18). Patients records found in unsecured dumpsters. The Daily Herald, Retrieved June 21, 2006, from http://www.hippa.com/examples.html
Sink, L. (2002, May 9). Jurors decide patient privacy was invaded. Milwaukee Journal Sentinel, Retrieved June 21, 2006, from http://www.hippa.com/examples.html
Slevin, P. (1999, December 30). Man wins suit over disclosure of HIV status. The Washington Post, Retrieved June 21, 2006, from http://www.hippa.com/examples.html
The Associated Press State & Local Wire (1999, May 5). Psychiatrist convicted of snooping in records. The Associated Press State & Local Wire, Retrieved June 21, 2006, from http://www.hippa.com/examples.html
Vogt, N. (2004, Nov/Dec). Privacy compliance: are we sending mixed messages? Journal of Health Care Compliance, 6, p34-35, 2p. Retrieved June 20, 2006, from EBSCOhost database

Similar Documents

Premium Essay

Administration Ethics Paper

...Administration Ethics Paper Crystal Smith Monday October 28, 2013 HCS/335 Christine Singel Patient confidentiality is an important issue within the healthcare profession. Patient confidentiality was an important issue that in the year of 1996, the Health Insurance Portability and Accountability Act which is also called the (HIPPA), was passed in an effect to make health care more effect and available for Americans who receives health benefits. When the HIPPA was produced; they also produced the HIPPA Privacy Rule. The HIPPA Privacy Rule was being enforced, because confidential patient information was being shifted from one medical facility to the next. HIPPA protects an individual’s health information or his /her demographic information. It is also called “protected health information” or “PHI”. HIPPA protects patient’s information such as your name, dates relating to the patients, birthdates, medical treatment, admission discharge dates and dates of death. They also involved telephone numbers, and addresses, social security numbers, and any other unique identifying numbers you may encounter obtaining yourself. Before entering into the medical field, whether it is in a Hospital Facility or just a doctor’s office; there are important rules and regulations that one must abide by. Those rules are as followed: 1. one person cannot discuss a patient medical care with someone who is not directly related to the patient medical care group. 2. You cannot discuss the patient’s...

Words: 1119 - Pages: 5

Free Essay

Implementing Network Security

...Implementing Network Security Your Name here ISSC361: Final American Military University Implementing Network Security Network design teams have several aspects that need to be considered when presented with the task of building a network for an organization. These things range from how many devices to put on the network, what kinds of devices, location of devices, and even how the cable will be connected to the devices. The one item that should always be at the forefront of every network design team, is how the network will be secured. This security should be very in depth and go into more than just technical aspects of security, it should also cover physical security of the network such as the building and sensitive rooms. Organizations are only as successful as the information they have, they will want all sensitive or proprietary information protected to the utmost. In order for most network teams to accomplish this, they themselves need to attempt to break into or hack the network in order to identify the weakest points and secure them properly. Essentially, you can build a great and fast network but if you can’t protect it then it will provide no usability to the client and this is why network security should be a priority at all times of the process. As stated above, the security implementations and considerations must be vast and include all aspects of the network. The first thing to take into consideration is the physical security of the area the network will...

Words: 2592 - Pages: 11

Premium Essay

Security Policy

...Abstract 3 Security Policy Part 1 4 Computers 4 Switches 4 Personal Drives 5 Patient Database 5 Department Shared Folders 6 Network Configuration 6 Thumb Drives 7 Email Account 7 Account Management 7 Wireless Network 8 Security Policy Part 2 8 Missing 9 Incomplete 9 Inaccurate 10 Ill advised 10 References 12 Abstract This paper is based on two companies and their security policies. Some companies have a security policy that is complete and some companies have a security policy that is incomplete. The company that has a complete security policy will be able to activate that policy when a security violation occurs. The users and network administrator will know exactly what to do to mitigate the incident. The policy should have a corrective action section that will guide the people involved on how to handle the incident. Then there are those companies that have an incomplete plan so when a security violation occurs the whole company is in an up roar because they do not know what to do. These companies will have to mitigate the incident as they go and when this happens the process is not complete leaving things left undone. The best practice for every company is to have a complete and accurate security plan that is reviewed annually. The Security Policy Security Policy Part 1 I work for a hospital so network security is very important when it comes to keeping patient data safe. Ten things that are subject to compromise are: computers, switches, personal...

Words: 2464 - Pages: 10

Premium Essay

Healthcare Ethics

...CASE SCENARIO Leo R. is a 45-year-old patient with diabetes and is a widower with three young children. Two of Leo’s children suffer from chronic medical conditions. His oldest daughter, like Leo, has insulin-dependent diabetes. His only son suffers from grand mal epilepsy, which is poorly controlled by a plethora of medications. Leo works for a small printing business, a job he enjoys, but one that makes it difficult for him to make ends meet. With only six employees, the company’s owner cannot afford to offer health insurance. Leo’s annual salary of $30,000 allows him to purchase only the most basic of health plans, one that does not include coverage for prescription medications. Leo frequently must decide between medications and food, often opting for cheap junk food that is neither nutritious for his young family nor appropriate for a diabetic diet. Leo has recently applied for and been offered several other jobs, but at a lower salary and with no health insurance coverage. Recently, Leo’s diabetes has worsened. He has developed a serious infection that has led to lost wages and, far worse, the loss of his right leg below the knee. Leo is weighing his options. He has heard about a new clinical research trial open to insulin-dependent diabetics that pays $100 a week to research subjects. He has also been quite depressed and begun to wonder if his children might not be better off without him. He has several life insurance policies that would pay off generously if something...

Words: 9363 - Pages: 38

Premium Essay

Test

...SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING Securing Wi-Fi Rogue Access within an Enterprise Setting Daniel Joel Clark A Capstone Presented to the Information Technology College Faculty of Western Governors University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Security Assurance January 9, 2014 1 SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING 2 A1 - Abstract Since 1999 wireless devices have become a necessity in enterprises. While increasing convenience, connectivity, and productivity, they also pose an unprecedented threat to network security guarding, which has literally taken to the airwaves. This paper will deal with vulnerabilities and risks regarding access points (APs) in a wireless network (WLAN) connecting to a wired local area network (LAN) in enterprises. Data for this paper will come from published academic papers, industry publications including white papers and surveys, and industry specialists. It will also include definitions of terms, policy and procedures that affect access points, and current practices regarding rogue APs. A case study will be presented for a fictional enterprise with multiple locations that has standard procedures, policies, and protocols in place, but recent events have questioned their ability to control access points with the discovery of rogue devices hidden in several office locations. Industry warnings about access points span the...

Words: 18577 - Pages: 75

Premium Essay

Paper

...Management of Information Security Third Edition This page intentionally left blank Management of Information Security Third Edition Michael Whitman, Ph.D., CISM, CISSP Herbert Mattord, M.B.A., CISM, CISSP Kennesaw State University ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Management of Information Security, Third Edition Michael E. Whitman and Herbert J. Mattord Vice President, Career and Professional Editorial: Dave Garza Executive Editor: Stephen Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Developmental Editor: Lynne Raughley Editorial Assistant: Meghan Orvis Vice President, Career and Professional Marketing: Jennifer McAvey Marketing Director: Deborah S. Yarnell Senior Marketing Manager: Erin Coffin Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Production Manager: Andrew Crouth Senior Content Project Manager: Andrea Majot Senior Art Director: Jack Pendleton Cover illustration: Image copyright 2009. Used under license from Shutterstock.com Production Technology Analyst: Tom Stover © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information...

Words: 229697 - Pages: 919

Free Essay

Medical Surgical Nursing

...3. National Council Licensure Examination for Practical/Vocational Nurses--Study guides. I. Sloan, Diann. II. Hurd, Clara. III. Title. RT62.R55 2008 610.73'076--dc22 2008000133 Printed in the United States of America First Printing: February 2008 Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson Education cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The...

Words: 177674 - Pages: 711