[ad_1]
In June 2009, a 22 year old Honolulu mother of three young children was sentenced to one year in prison for illegally accessing medical records and send another woman on MySpace page that she had HIV.
The State of Hawaii brought charges against a woman under state law punishable unauthorized access to computers; and classified policy implementation as a class B felony.
According to accounts of the incident that led to the conviction of the woman, it was a feud between the victim and the victim’s sister-in-law, a friend of the defendant. The defendant, who worked as a patient service representative at the hospital where the victim was a patient, access the computer for the victim’s sister-in-law.
During the approximately ten months, the defendant obtained medical records of the patient three times a computer. After she learned of the condition of the victim, the defendant posted on the MySpace page that the victim had HIV. In another post, she said the victim was dying of AIDS.
The victim complained to officials in the hospital unauthorized access. After an internal investigation at the hospital resigned accused.
conduct of the defendant is, of course, was egregious and inexcusable. The one-year jail term handed down by the Court beyond the term recommended by prosecutors. Nevertheless, beyond the issue of holding the defendant accountable for her actions some may ask to what extent the hospital to be responsible for breaches of confidentiality that occurred.
Federal law imposes a statutory burden on health care providers to protect against misuse or disclosure of personal health and reasonably restrict the use and delivery to the minimum necessary to achieve the purpose .
Specifically, the Health Insurance Portability and Accountability Act of ( “HIPAA”) privacy regulations 1996 came into force on 14 April 2003. HIPAA is designed to protect consumers’ health, allowing consumers greater access and control of such information, expand health care, and ultimately to create a national framework for the protection of health privacy. HIPAA covered health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions electronically.
In addition to privacy regulations, HIPAA security rules that took effect on 21 April 2005. Together, privacy and security regulations are only a national set of rules governing the use and disclosure of private, confidential and sensitive information.
Under HIPAA Security Rule, are standards for the protection of electronic information covered by HIPAA divided into three groups: administrative safeguards, physical safeguards and technical safeguards.
A couple of the most important safeguards required under HIPAA Administration are “Sanctions Policy” and “Security Awareness Training” security.
The sanction policy standard requires a communication to all staff regarding penalties to be taken by the covered entities for violations of HIPAA. Sanctions policy should have notice of civil or criminal penalties for abuse or misuse of health information and make employees aware of the violations may result in notification to law enforcement officials and regulatory, accreditation and licensing bodies.
The security awareness training standard requires all employees, agents, and contractors to participate in information security awareness training. Based on the duties covered entity should require individuals to meet customized education programs that focus on issues concerning the use of healthcare and responsibility for confidentiality and security.
HIPAA privacy and security regulations require privacy officer and security officer to be appointed by the covered entity. The privacy and security officers should constantly analyze and manage risk by carefully assess potential risks and vulnerabilities, and implementing security-related.
The US Department of Justice ( “DOJ”) clarify the penalties that may be assessed against whom and for HIPAA violations. Covered entities and individuals who “knowingly” Obtainment or disclose individually identifiable health information in violation of HIPAA may be fined up to $ 50,000 plus imprisonment up to one year.
committed under false pretenses allow penalties to be increased – $ 100,000 fine, with up to five years in prison. Finally, offenses committed in order to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm permission fine of $ 250,000 and imprisonment for up to ten years.
Given a security breach that led to the tragic events, including a one-year prison term for the defendant, Hawaii employers, health care providers and health plans should review the privacy and HIPAA policies and perform their audit practices in order to protect against improper use and disclosure of personal health and to reduce the risk of fractures in the privacy of their own business.
[ad_2]
Source by Roman Amaguin