Discussion on Confidentiality/Information Security/HIPAA

 

Participation Requirement: You are required to post a minimum of three (3) times in each discussion. These three (3) posts must be on a minimum of two (2) separate days. You must respond to the initial discussion question by 11:59 p.m. on Wednesday.  On additional days, respond to your peers’ posts as well as additional faculty posts. Responses to peers must be posted by 11:59 p.m. on Sunday each week a discussion is due.

Step 1: Read the following article entitled, “The Beginner HIPAA Professionals Guide to the Electronic Health Information Considerations” (Attached to discussion)

Step 2: View the following videos,

“What is HIPAA?” https://www.prohipaa.com/training/video/what-is-hipaa (Links to an external site.)

“HIPAA Training: The HIPAA Privacy Rule”https://www.youtube.com/watch?v=y751i4QqP0g (Links to an external site.)

“Confidentiality: HIPAA Regulations”https://www.youtube.com/watch?v=n8tnGvV9nc4 (Links to an external site.)

“How to Maintain Patient Confidentiality”https://www.youtube.com/watch?v=APs23yxH5zc (Links to an external site.)

Step 3: Visit the U.S. Department of Health & Human Services website for additional information regarding HIPAA at https://www.hhs.gov/hipaa/for-professionals/privacy/index.html (Links to an external site.)

Confidentiality is the right to privacy with respect to one’s personal medical information. The Health Insurance Portability Accountability Act (HIPAA) was established in 1996.

  • HIPAA is a uniform, federal act providing protection for health consumers
  • State laws that may provide additional protections to consumers are not affected by HIPAA
  • HIPAA guarantees that clients are able to access their medical records
  • HIPAA provides clients with control over how their personal health information is used and disclosed
  • HIPAA outlines limited circumstances in which personal health information can be disclosed without first obtaining consent of the client of the client’s family. They include:
    • Suspicion of child or elder abuse
    • When otherwise required by law such as suspicion of criminal activity
    • Incidences of state agency of health department requirements; reportable communicable diseases

Initial Discussion Scenario:

Jenna Peterson, a 20-year-old college student, made an appointment to be seen by Susan Grant, M.D. Jenna had been seeing Dr. Grant for a few years. Dr. Grant was also the long-time family practitioner for Jenna’s mom and older sister.

On this visit, Jenna said she would like to get a prescription for birth control pills. They discussed other contraception options, as well as the risk and benefits of each and decided that “the pill” would be Jenna’s best option. After reviewing Jenna’s medical history and performing a brief physical examination, Dr. Grant gave Jenna a six-month prescription for Ortho-Novum 10/11, along with educational materials on oral contraceptives. She told her to schedule a six-month follow-up appointment over summer break.

When Jenna checked out with the front office, she told the billing office that she did NOT want this visit submitted to her mother’s insurance. Instead, she would pay for the visit herself because she didn’t want her mother to know the reason for the visit. The billing clerk said that she would send Jenna a bill because the practice’s billing system was undergoing a software upgrade. Jenna asked that the bill be sent to her college address.

About two weeks later, Mrs. Peterson had a routine appointment with Dr. Grant. When she checked in, she stopped by the billing office and asked the insurance clerk to check a notice of claim statement she recently received from her insurance carrier about a visit by Jenna. Mrs. Peterson said, “I know Jenna hasn’t been here because she’s away at school.” The clerk said she’d check on the claim and should have information for Mrs. Peterson by the time she was done seeing Dr. Grant. Mrs. Peterson was then taken back to an exam room for her appointment.

While seeing Mrs. Peterson, Dr. Grant inquired about the Peterson family and mentioned that “Jenna has really blossomed into a beautiful, intelligent young woman.” Mrs. Peterson thanked Dr. Grant and asked, “When did you see Jenna?” Dr. Grant unthinkingly said, “Oh, a couple weeks ago when she was in for her appointment.” When Mrs. Peterson questioned why Jenna had been seen, Dr. Grant realized she had said too much. She hemmed and hawed a bit, and finally suggested that Mrs. Peterson talk to Jenna.

Despite Mrs. Peterson’s insistence that she had a right to know why Jenna was seen, Dr. Grant refused to provide additional details. Mrs. Peterson was clearly angry with that response and stormed out of the exam room. On her way out, she stopped at the billing office, and the insurance clerk confirmed that Jenna was in for an appointment on the day in question and that the claim was correct.

Assignment: Discuss your responses to the following questions in your posting?

  1. Was Jenna’s right to privacy violated by Dr. Grant and the billing office?
  2. Once Mrs. Peterson was informed of her daughter’s visit, did she have the right to know the reason for her daughter’s visit?
  3. Does Jenna have the right to sue for breach of confidentiality? Does Mrs. Peterson have a right to sue for failure to disclose information for a visit that her insurance company paid for?
  4. What risk management recommendations would you give to this organization to prevent future violations?

The Beginner HIPAA Professional’s Guide to the Electronic Health Information Considerations