Use our essay title generator to get ideas and recommendations instantly
From a utilitarian perspective, the improper disclosure of confidential health information related to HIV / AIDS is an absolute wrong. While such improper disclosure may actually be beneficial to the at-risk people in the patient's life, such as unprotected sex partners, when viewed from a societal point-of-view, such disclosure would be improper. Most people who know that they have a contagious fatal disease will take steps to limit other's exposure to that disease. Therefore, it is in society's best interest to encourage testing. The fact that some people will continue to knowingly expose others to the disease is not a compelling reason to break confidentiality, because many people would forego testing if they believed that their results would be made public. The number of people put at risk in each scenario is unequal; therefore the ethical consequences of a breach of confidentiality are worse than the ethical consequences of maintaining…
American Association for World Health. (2001). Fact sheet: confidentiality and HIV testing.
Retrieved February 1, 2009, from the Body.
Web site: http://www.thebody.com/content/prev/art33036.html
University of Miami. (2005). Violation penalties (HIPAA). Retrieved February 1, 2009 from Miller School of Medicine
HIPAA Compliance Training of Nursing Services Staff
Curriculum Development - HIPAA
Educational need and rationale. The primary educational need of nurses at Heart of Lancaster egional Medical Center is training in the Health Insurance Portability and Accountability Act (HIPAA). The basis for identification of this need was the administration of semi-structured interviews and questionnaires with nursing services staff at Heart of Lancaster medical center. The results of the interviews and survey showed a clear lack of knowledge about HIPAA. In addition, The American ecovery and einvestment Act of 2009 contains provisions for medical records privacy for storage, transmission, and disclosure that link directly to HIPAA. Essentially, the two pieces of legislation create double jeopardy when any practices by medical personnel or medical institutions are not in compliance with HIPAA. Because of the potential for substantive fines for violation of either of The Acts, it is evident that an educational program…
Bandura, A. (1977). Social Learning Theory. New York, NY: General Learning Press.
Bloom, Benjamin S.(1994). Reflections on the development and use of the taxonomy [In Anderson, Lorin W. And Lauren A. Sosniak, (Eds.). (1994), Bloom's Taxonomy: A Forty-Year Retrospective. Chicago National Society for the Study of Education.]
Lieb, S. (1991, Fall). Principles of adult learning. Arizona Department of Health Services. VISION.
____. A Model of Learning Objectives. A Taxonomy for Learning, Teaching, and Assessing: A Revision of Bloom's Taxonomy of Educational Objectives. Ames, IA: Iowa State University. Center for Excellence in Learning and Teaching. Retrieved http://www.celt.iastate.edu/teaching/RevisedBlooms1.html
Unfortunately, the world we live in is not always trustworthy. There are those even in the most sensitive positions, like healthcare providers, who are more than willing to exploit patient information for their own selfish gains. This is why the federal government has stepped in to ensure greater patient protection with the HIPAA.
The HIPAA is a piece of legislation that aims to further provide protection for patients in a healthcare setting. An overview of HIPAA privacy rules clearly shows clear guidelines that protect the privacy of patients by limiting the access to healthcare records and health related information that might be sensitive if leaked to any third party. These privacy restrictions are part of the Heath Insurance Portability and Accountability Act of 1996 (HIPPA) Privacy and Security ules. According to the research, HIPPA "protects the privacy of individually identifiable health information" (U.S. Department of Health & Human…
Bell, Michael. (2001). HIPAA compliance: A step-by-step guide using the structure of your compliance program. Report on Medicare Compliance. Retrieved August 8, 2012 from http://www.ehcca.com/presentations/HIPAA4/bell1.pdf
U.S. Department of Health & Human Services. (2012). Health information privacy. About HHS. Retrieved August 6, 2012 from http://www.hhs.gov/ ocr/privacy/
HIPAA (the Health Insurance Portability and Accountability Act of 1996) and ecent Changes
On August 21, 1996 a new law was signed called the Health Insurance Portability and Accounting Act of 1996, which is abbreviated as HIPPA (HEP-C, 2003 & egence, 2003). The law guarantees many things to American workers, including continuous healthcare coverage for people who are changing jobs (DC, 2003). HIPPA also includes a provision that details the manner in which health information can be disbursed, and also seeks to "combat waste, fraud, and abuse in health insurance and health care (DC, 2003). ecently rules and regulations were developed by the government that mandate new requirements for creation, storing, transmittal and care of health related data manually and electronically (DC, 2003). Additionally, a Privacy ule was enacted that regulates the manner in which private medical and health information can be shared or disseminated among health care entities and…
DC Department of Health. (2003) "HIPPA Overview." District of Columbia, 2003. Retrieved November 22, 2003, from, http://dchealth.dc.gov/hipaa/hipaaoverview.shtm
HHS. (March, 2003). "FAQ's." Retrieved from United States Department of Health and Human Services. November 20, 2003, http://hhs.gov/ocr/hipaa/whatsnew.html
HRSA. "HIPAA Overviews and Updates." Retrieved from HRSA, November 22, 2003, http://www.hrsa.gov/website.htm#overview
Hep-C. "The Health Insurance Portability and Accountability Act of 1996." Retrieved from HEP-C alerts, November 23, 2003, http://www.hep-c-alert.org/links/hippa.html
The security rule also requires the physician to train his staff periodically on security policies and procedures and to come up with a contingency plan in cases of calamities like an earthquake, fire or other events that can destroy his information systems. Experts estimate that 70-80% of the administrative policies and procedures and 20-30% of the technology of the security rule constitute its implementation specifications and other approaches in meeting them. Some approaches are required while some are addressable. Dr. Lazarus says that a particular implementation specification that is addressable allows a physician to perform something else that is equivalent to it but not to ignore the specification. What applies to a solo medical practitioner will not apply to a 200-physician alliance or a 00-bed hospital, for example, but whatever it is, must be in fine shape and carefully documented. Walsh Consulting said that a physician basically needs information systems…
American Medical Association. HIPAA-Health Insurance Portability and Accountability Act, June 23, 2004. http://www.ama-assn.org/ama/pub/category/4234.html
Centers for Medicare and Medicaid Services. The Health Insurance Portability and Accountability Act of 1996, 2004. http://cms.hhs.gov/hipaa
Chin, Tyler. Data Guard: the Next HIPAA Mandate. American Medical News. Mobile edition. http://www.ama-assa.org/amednews/2004/05/10/bisa0510.htm
Employee Benefits Security Administration. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). U.S. Department of Labor. http://www.dol.gov/ebsa/pdf/fshipaa.pdf
HIPAA Privacy ule: The Effects of the HIPAA Privacy ule on Clinical esearch
The positive and negative effects the HIPAA Privacy ule has on clinical research
The HIPAA Privacy ule was issued by the United States Department of Health and Human Services (HHS) in accordance with the Health Insurance Portability and Accountability Act of 1996. Its major goals is to ensure that people's health information is protected and at the same time allows the necessary flow of health information that is required to guarantee the health of the public and to promote quality health care (HHS, 2015). The rule covers health care clearing houses, health plans, and health care providers who deal with the electric transmission of health information, referred to as 'covered entities' by HIPAA standards.
One of the major ways clinical research benefits from this rule is through the time and resources saved, which would have otherwise been…
The Association of Academic Health Centers (2008). HIPAA Creating Barriers to Research and Discovery. AAHCDC. Retrieved 16 March 2015 from http://www.aahcdc.org/policy/reddot/AAHC_HIPAA_Creating_Barriers.pdf
The National Institute of Health (2015). HIPAA Privacy Rule - Information for Researchers. Retrieved 12 March 2015 from http://privacyruleandresearch.nih.gov/
The U.S. Department of Health and Human Services (2015). Summary of The HIPAA Privacy Rule. OCR Privacy Brief. Retrieved 17 March 2015 from http://www.hhs.gov/ ocr/privacy/hipaa/understanding/summary/privacysummary.pdf
HIPAA Compliant Electronic Medical ecord Capture/Management System
The successful outcome of medical processes largely depends on complete, relevant, and timely medical data. Up-to-date and accurate data allows for images of surgical wounds, surgical pathology, and operative techniques to be used in the most efficient ways for patient management. However, while there are technological solutions that could improve medical data storage and retrieval systems, any improvement to medical data systems must include not only technological elements but ethical and legal considerations as well. There are multiple regulations guarding the privacy and integrity of patients' medical data. One of the major regulatory instruments that governs medical data in the United States is the Health Insurance Portability and Accountability Act (HIPAA), which imposes harsh penalties for breaches in patient privacy, data handling, and data security rules as defined in the act. Hence, images of medical data or medical procedures that are not HIPAA…
Berman, K. & Knight, J. (2008). Finance intelligence for IT professionals. Boston: Harvard Business Press.
Carr, N.G. (2005). Does IT matter? Information technology and the corrosion of competitive advantage. Cambridge: Harvard Business School.
Chesbrough, H. (2003). Open innovation: The new imperative for creating and profiting from technology. Cambridge: Harvard Business School.
Langer, A.M. (2011). It and organizational learning: Managing change through technology and education (2nd Ed.) New York: CRC Press.
Discussing Most Important Aspects HIPAA Privacy Security Law Critiquing Effect egarding Protection Security Personal Health Information (PHI)
HIPAA is an acronym for the Health Insurance Portability Accountability Act. This is an act signed into law by President Bill Clinton on August 21st, 1996. The maim aspects of this law is protection and provision of privacy to a patient's medical history The U.S. Department of Health & Human Services, 2003.
This law ensures that no patient information is ever spilled to the public. The law also governs against any fraudulent activity from taking place in regards to a patient's medical history and identity. To protect a patient's privacy, the law states the kind of information regarding a patient that can be released, and it also specifies who the information can be released to. The law requires that any organization handling patient information to establish safeguards that ensure privacy of personal…
Beaver, K., & Herold, R. (2004). The Practical Guide to Hipaa Privacy and Security Compliance. Boca Raton, FL: Auerbach Publishers, Incorporated.
Burke, L.D., Tyler, L., & Weill, B. (2010). MediSoft Made Easy: A Step-by-step Approach. Upper Saddle River, NJ: Pearson Education, Limited.
The U.S. Department of Health & Human Services. (2003). Health Information Privacy, from http://www.hhs.gov/ ocr/privacy/hipaa/administrative/privacyrule/index.html
If the marketing claims to be medically expedient then personal health records may be released.
3. Are there requirements for covered entities to have written privacy policies? If so, what has to be addressed in the policy?
4. How will employees in the medical office have to be trained regarding privacy (for example, who is responsible for training and record keeping)? What is required if an…
United States Department of Health and Human Services. "Case Examples Organized by Covered Entity." Retrieved Nov 14, 2008 at http://www.hhs.gov/ ocr/privacy/enforcement/casebyentity.html
United States Department of Health and Human Services. "Patient Guide." Retrieved Nov 14, 2008 at
Housing. Though one's medical health is usually not asked for on a lease application, the landlord might very well look it up, using an online service. One might ask why, but it is similar to the employer's reason: not wanting the tenant complaining that their disability was not accommodated (this is against the law) or that they were discriminated against (this is why the landlord would look up medical history secretly (What are the 12 circumstances can personal health information be used for purposes unrelated to health care?)
8. Marriage. It sounds unromantic, but potential spouses often want to know about any history of illness, genetic or otherwise. Also, many partners (wisely) want the other tested for STD's such as HIV and Hepatitis C in most states, testing for syphilis is mandatory, though there is a cure in the early stages (What are the 12 circumstances can personal health information…
Figure 1: Electronic Medical Systems Architecture
Source: (Cahn, 2001)
The core building blocks of this framework include the presentation and client layers, where web-based applications aligned with the needs of clinicians, specialist MDs and patients. The need for synchronization across Platform, Storage and Infrastructure and Integration areas of this framework dictate the speed and accuracy of responses to all users of the system. Thinking of this framework as the foundation that the specific processes that clinics, practices and hospitals rely on to complete daily tasks to accomplish their goals and objectives while at the same time ensuring a high level of security across each component. The integration and security requirements are critical for HIPAA compliance.
Another approach to viewing the framework that is emerging from it providers addressing the unmet needs of a medical practice area is shown in Figure 2. This is a framework that has foundational elements focused…
David Cahn (2001, November). ECM fosters the future it framework. MSI, 19(11), 36-38. Retrieved September 22, 2008, from ABI/INFORM Global database. (Document ID: 90248042).
Ram Dantu, Herman Oosterwijk, Prakash Kolan, Husain Husna. (2007). Securing medical networks. Network Security, 2007(6), 13. Retrieved September 28, 2008, from ABI/INFORM Global database. (Document ID: 1294137471).
Barry Hall (2008). Health Incentives: The Science and Art of Motivating Healthy Behaviors. Benefits Quarterly, 24(2), 12-22. Retrieved September 26, 2008, from ABI/INFORM Global database. (Document ID: 1481467951).
David C. Kibbe (2005). 10 STEPS to HIPAA SECURITY COMPLIANCE. Family Practice Management, 12(4), 43-9. Retrieved September 24, 2008, from ABI/INFORM Global database. (Document ID: 834471611).
HIPAA has made finding subjects for clinical trials easier or more difficult is moot. HIPAA was passed almost twenty years ago. Since 1996, HIPAA rules protect the privacy of test subjects, strengthen informed consent, and have generally changed the culture around these issues, further protecting people who are involved in clinical trials. It's law, and that's what clinical researchers have to work with. Further, the privacy rule was designed with one objective (protect privacy), so evaluating it against another objective (making research easier) is a red herring. The theory is that HIPAA should make it easier to find subjects, but it wasn't written for that so much as just to assuage apprehension about the privacy of medical information. Because HIPAA is law, it doesn't much matter if it has made it harder or easier, the only thing that matters is that practitioners understand the best practices as to how to…
Erlen, J. (2005). HIPAA -- Implications for research. Orthopedic Nursing. Vol. 24 (2) 139-142.
HHS. (2004). Clinical research and the HIPAA Privacy Rule. National Institutes of Health. Retrieved July 27, 2015 from
They each get on the phone, pull up the image on computer and discuss the image and the results and what the results indicate.
One recent study measured the productivity benefits of using PACS and the participants, all radiologists estimated there was a 100% increase in productivity for CT scans, MIs and ultrasounds (Kywi, 2005).
Overall PACS has provided a new and innovative method for physicians to utilize medical imaging to their highest potential.
COLLIDE or COINCIDE
While the PACS system is undeniably important in the world of medical care because of the advantages that it provides. It creates a speedy, accurate and instant result to tests which doctors can pull up at their desk and view almost as soon as the procedure is over with. With the new abilities the system allows it has revolutionized the medical imaging field as well as many aspects of total health care.
Gater, Laura (2004) PACS integration and work flow.(CE Directed Reading)
Glaser, John (2001) HIPAA will be helpful. Modern Healthcare
Kywi, Alberto (2005) PACS is a crowd-pleaser in healthcare: California healthcare system meticulously plans going filmless via a PACS installation, and finds abundant acceptance by physicians.(Picture Archiving and Communication System / Diagnostic Imaging)(Cottage Health System) Health Management Technology
McLURE, MARCIA L.(2000) HIPAA Brings New Requirements, New Opportunities.
#1 I believe in evidence-based policy, and on that front there is evidence that the glass ceiling exists. I have no personal anecdotes to tell on the subject, and an individual anecdote is meaningless when discussing broad sociological phenomena. After all, this is a well-studied issue for which there is a lot of data. A lot of the studies on the subject are European, but there are a few that specifically discuss the United States. Cotter et al. (2001) found evidence that a glass ceiling exists in the United States in their study of the gender inequalities of earnings in the 25th, 50th and 75th quartiles of earnings. Their findings show that gender inequality with respect to wages, and opportunity, increases the higher up the corporate ladder you go. There is evidence that females have lower rates of holding positions of authority than do men (Baxter & Wright, 2000).…
Arken, D., Bellar, S. & Helms, M. (2004). The ultimate glass ceiling revisited: The presence of women on corporate boards. Journal of Business Ethics. Vol. 50 (2004) 177-186.
Baxter, J. & Wright, E. (2000). The glass ceiling hypothesis: A comparative study of the United States, Sweden and Australia. Gender and Society. Vol. 14 (2) 275-294.
Cotter, D., Hermsen, J., Ovadia, S. & Vanneman, R. (2001). The glass ceiling effect. Social Forces. Vol. 80 (2) 655-681.
Jackson, J. (2001). Women middle managers' perception of the glass ceiling. Women in Management Review Vol. 16 (1) 30-41.
HIPAA and Laptops
The objective of this study is to answer the questions of what ethical issues exist when health information privacy is not protected and what some of the reason were for enacting HIPAA in addition to protecting privacy. This study will additionally address whether under the laws of HIPAA the nurse whose laptop with patient information and which was stolen is at fault and whether her employer is at fault.
According to the U.S. Department of Health and Human Services, stolen laptops lead to important HIPAA settlements and specifically stated is that "two entities have paid the U.S. Department of Health and Human Services Office for Civil ights (OC) $1,975,220 collectively to resolve potential violations of the Health and Insurance Portability and Accountability Act (HIPAA) Privacy and Security ules." (p. 1)
It is reported that entities and business associates covered under these HIPAA rules "must understand that mobile…
References (2005) HIPAA and Laptops. Retrieved from: http://www.hipaahomecare.com/Resources/Home-Care-Automation-Report-April-05.pdf
Stolen laptops lead to important HIPAA settlements (2014) U.S. Department of Health and Human Services. 22 Apr 2014. Retrieved from: http://www.hhs.gov/ news/press/2014pres/04/20140422b.html
HIPAA Policies and Procedures
Medical ecords privacy
The Health Insurance Portability and Accountability Act (HIPAA) which is basically the federal law on medical privacy, which was made fully operational in 2003 is a measure to ensure that the information that the client shares with the health care facilities is given maximum privacy and security.
The HIPAA does not have very strict measures against the access of the information by the patents themselves. As long as the person can positively identify himself, then he will have access to the information that belongs to him. However, the restriction comes in when a second party wants to have access to your information. This has to be accompanied by an authorization form from HIPPA that must be signed by you as the owner of the information. The parents of an individual under the age of 18 years are however allowed to access information freely…
Health Care Tips, (2011). What are the 12 circumstances can personal health information be used for purposes unrelated to health care? Retrieved December 10, 2014 from http://7healthcaretips.com/what-are-the-12-circumstances-can-personal-health-information-be-used-for-purposes-unrelated-to-health-care.html
Office for Civil Rights, (2011). The HIPAA Privacy Rule and Electronic in a Networked
Environment. Retrieved December 10, 2014 from http://www.hhs.gov/ ocr/privacy/hipaa/understanding/special/healthit/accountability.pdf
Privacy Rights Clearinghouse/UCAN., (2011). Fact Sheet 8: Medical Records Privacy.
ut the failure must be corrected within 30 days from the time of notification of the violation. Criminal penalty will be imposed on a person who knowingly obtains and reveals identifiable health information and violates HIPAA Rules at a fine of $50,000 and up to 1 year imprisonment. The fine can increase to $100,000 and the imprisonment to 5 years if the violation involves false pretenses. The fine can go up to $250,000 and up to 10 years imprisonment if there is an intent to sell, transfer or use the information for commercial or personal gain or malicious harm. The Department of Justice enforces criminal sanctions (OCR).
Protected health information or PHI refers to all held or transmitted individually identifiable health data by a covered entity or its business association, contained in any form or medium -- whether electronic, paper or in oral form (OCR, 2003). These data…
Czaja, J. (2012). What is the reason for HIPAA regulations? eHow: Demand Media, Inc.
Retrieved on June 21, 2012 from http://www.ehow.com/list_6870131_reason_hipaa-regulations.html
Fortuna, M. (2012). History of HIPAA. eHow: Demand Media, Inc. Retrieved on June 21,
2012 from http://www.ehow.com/about_5448842_history-hipaa.html
In that regard, they must promote initial awareness of HIPAA requirements within the organization and conduct comprehensive assessment of existing privacy practices, information security, information safeguarding procedures, and use of electronic transfers. Furthermore, they must also develop an action plan relating to compliance with each HIPAA rule and develop technical and managerial oversight for sufficient compliance and implementation of action plan components (Stanhope & Lancaster 2004).
Under HIPAA requirements, covered healthcare entities must implement a comprehensive implementation action plan that is sufficient to develop new policies and procedures to comply with patient privacy rights; generate business associate agreements that are consistent with HIPAA objectives; institute a secure information infrastructure; use standard claims and codes as required; continually update the safety and security of information systems; provide appropriate training for all employees who may reasonably be anticipated to have access to PHI; and manage Internet privacy and security through the appointment…
DHHSOCR (2003) Summary of HIPAA Privacy Rule. Retrieved June 22, 2008, at http://www.hhs.gov/ ocr/hipaa
Kutkat, L. (2004) the HIPAA Privacy Rule and Research. Retrieved June 22, 2008, from: www.cdc.gov/phin/conference/04conference/05-24-04/Session%201%20F-%20Lora%20Kutkat.pdf
Phoenix Health Systems (2006) HIPAA Primer. Retrieved June 22, 2008, at http://www.hipaadvisory.com/REGS/HIPAAprimer.htm
Stanhope, M., Lancaster, J. (2004) Community and Public Health Nursing (6th ed.) St. Louis: Mosby.
forward, HIPAA should not have much more impact on health care systems in general. HIPAA was passed into law in 1996 nearly three Presidents ago and has been in full implementation since the final modifications to the privacy rule were put into place in 2002, giving health care stakeholders a dozen years to have been working with the regulations (HHS.gov, 2014). This means that everything should have been implemented already with respect to HIPAA -- full compliance was required by 2003 - and there should not be any future changes. There should have been changes over the course of the last 18 years to address the different elements of HIPAA, however, and build the law into the health care systems. The HITECH Act is more recent, having been passed into law in 2011. This law creates incentives to implement electronic health records, and HITECH also made some changes to HIPAA…
HHS.gov. (2014). Summary of the HIPAA Privacy Rule. Department of Health and Human Services. Retrieved June 5, 2014 from http://www.hhs.gov/ ocr/privacy/hipaa/understanding/summary/
Health IT.com (2014). HITECH Act. Health IT. Retrieved June 5, 2014 from http://searchhealthit.techtarget.com/definition/HITECH-Act
Holloway, J. (2003). What takes precedence: HIPAA or state law? American Psychological Association. Retrieved June 5, 2014 from https://www.apa.org/monitor/jan03/hipaa.aspx
Oates, D. (2007). HIPAA hypocrisy and the case for enforcing federal privacy standards under state law. Seattle University Law Review. Retrieved June 5, 2014 from http://digitalcommons.law.seattleu.edu/cgi/viewcontent.cgi?article=1903&context=sulr&sei-redir=1
All covered entities must designate a privacy official with principal organizational authority over all HIPAA issues and record-keeping procedures. They must also provide staff training for all individuals who could conceivably access private health information (whether paid or unpaid). This training…
Levine, C. (2008). Taking Sides: Clashing Views on Bioethical Issues. 12th Ed. Dubuque
Iowa: McGraw Hill.
Tong, R. (2007). New Perspectives in Health Care Ethics: An Interdisciplinary and Cultural Approach. Upper Saddle River, New Jersey: Pearson Education, Inc.
USDHHSOCR (2003) Summary of HIPAA Privacy Rule. Retrieved March 10, 2009 at http://www.hhs.gov/ ocr/hipaa
Online HIPAA Training changed how you view ethical principles and professional responsibilities within the human services profession?
The Online HIPAA Training has reinforced the importance and responsibility that I feel as my role of practitioner within the human service profession. The websites have made me more aware of the numerous contacts that I influence and the huge ramifications of my role. As the National Organization for Human Services has observed:
[Human service professionals] enter into professional-client relationships with individuals, families, groups and communities who are all referred to as "clients" in these standards. Among their roles are caregiver, case manager, broker, teacher/educator, behavior changer, consultant, outreach professional, mobilizer, advocate, community planner, community change organizer, evaluator and administrator.
HIPAA regulations have reinforced my acknowledgment of the fact that the client is in a vulnerable position -- this is no equal situation of friendship -- and that I cannot take advantage of…
Woodside, M. & McClam, T. (1993) Generalist Case management. CA: Brooks / Cole.
National Organization for Human Services: Ethical Standards for Human Service Professionals
Online Health Insurance Portability and Accountability Act (HIPAA) Training: https://www.courses.learnsomething.com/scripts2/content.asp?m=9D591256C0404276A602A56D1FEF9BA3&r=PersonalPage
Covered entities must designate a privacy official who is the primary authority within the organization as to HIPAA-related matters and record keeping, and must implement workforce training for anybody with possible access to PHI. Such training must cover…
USDHHS Office of Civil Rights (2003) Summary of the HIPAA Privacy Rule, Retrieved September 13, 2008 from: http://www.hhs.gov/ ocr/privacysummary.pdf
The Blue Cross Blue Shield of Tennessee settled for $1.5 million on a HIPAA breach of privacy case. The HHS website outlines the particulars of this case. There were 57 unencrypted hard drives that were stolen from a facility. These contained personal health care information on over 1 million individuals, so the fine was like a buck fifty per person, and was probably less than it would have cost the company to properly secure that information.
Nevertheless, the case highlights a few different things that the company could have done differently in order to follow HIPAA rules. The first is that the data was being held in a leased space, one that apparently was not particularly secure. The company could have held the hard drives in a facility that it owned, over which is had more control over the security procedures. In that situation, it would make sense that the…
HHS.gov (2018) HHS settles HIPAA case with BCBST for $1.5 million. Department of Health and Human Services. Retrieved January 13, 2018 from https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples/BCBST/index.html
HHS.gov (2018) Resolution agreement. Retrieved January 13, 2018 from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/enforcement/examples/resolution_agreement_and_cap.pdf
Ethical Responsibilities: Avoid Putting Organization at Risk
The 1996 HIPAA (Health Insurance Portability and Accountability Act) helps millions of U.S. employees and family members transfer and carry on with the same healthcare insurance coverage even if they jump jobs or get fired; decreases abuse and fraud in the health sector; mandates confidential use and protection of sensitive patient health details; and mandates sector-wide healthcare data standards when it comes to processes like electronic billing (California Department of Health Care Services, 2015). HIPAA's enactment made healthcare practitioners who can view and share patients' sensitive personal information legally liable (Medical Assistant Certification, n.d.). A few professional and ethical actions to be considered by new medical assistants include:
Contracts are voluntary arrangements between two entities wherein explicit promises are made. Contract elements are vital to physicians, nurses, etc. as healthcare services are delivered under different kinds of medical contracts (Chapter 3, n.d.).
Wide Web Consortium and HIPAA Applicable ules
In the contemporary business environment, compliance and security standards have become the crucial factors to a successful business and assist in gaining the confidence of top global clients. The W3C (World Wide Web Consortium) is one of the standards, which develops the interoperable technologies that include guidelines, specifications, tools and software to assist the Web achieving its full potential. Moreover, the W3C is a forum for commerce, communication information, and collective understanding primarily aimed to pursue its mission through development of Web guidelines and standards. Since 1994, the W3C has launched a publication of over 100 standards referred as W3C recommendations. The W3C also engages in software development, outreach, education, and serve as an open forum for Web discussion. To assist Web reaching its full potential, fundamental Web technologies allow the software and hardware accessing the Web to allow the technologies working together.…
ANSI, (2016). United States National Standards. USA.
Barth, A. Datta, A. Mitchell, J.C. et al. (2006). Privacy and Contextual Integrity: Framework and Applications. IEEE Symposium on Security and Privacy (S&P'06).
FERPA (2016). Family Educational Rights and Privacy Act. USA.
Kim, D., & Solomon, M. G. (2014). Fundamentals of information systems security (2nd ed.). Burlington, MA: Jones & Bartlett Learning.
In addition to barriers to coverage, HIPAA presents problems for patients wishing to keep their medical information private. HIPAA professes to protect patient privacy and information security. While the provisions of HIPAA do outline the strict rules for informed consent, there are a slew of loopholes that would permit the disclosure of information. Those loopholes can be readily taken advantage of by numerous parties, including but not limited to the primary care provider, health care administrator, insurer, employer, and government agency.
When HIV / AIDS information is disclosed, stigma and prejudice are almost guaranteed. For this reason, patients with HIV / AIDS should be offered greater protection under the law. The prevention of HIV / AIDS depends on education and awareness as well as improving patient access to quality care. Paranoia about HIV / AIDS has led to a dismantling of privacy rules that would otherwise be invoked. Patients with…
Avert (n.d.). HIV & AIDS stigma and discrimination. Retrieved online: http://www.avert.org/hiv-aids-stigma.htm
Biel-Cunningham, S. (2003). HIPAA: Understanding Your Rights of Insurance Portability and Privacy. The Body. Retrieved online: http://www.thebody.com/content/art32201.html
Columbia University Medical Center (n.d.). Uses and disclosures of HIV / AIDS information. Retrieved online: http://www.cumc.columbia.edu/hipaa/policies/hiv.html
U.S. Department of Health and Human Services (n.d.). Health information privacy. Retrieved online: http://www.hhs.gov/ ocr/privacy/
100). Much of the focus of personnel selection using psychological testing was on new troops enlisting in the military during two world wars and the explosive growth of the private sector thereafter (Scroggins et al., 2008). Psychological testing for personnel selection purposes, though, faded into disfavor during the 1960s, but it continues to be used by human resource practitioners today. In this regard, Scroggins and his colleagues advise, "Many H practitioners, however, have continued to use personality testing with an optimistic and enduring faith in its ability to discriminate between good and poor job candidates" (p. 101).
In cases where cheating is suspected (such as in the case of an teen applicant possibly using a smartphone or consulting crib notes during testing by visiting the restroom), psychologists have a professional responsibility to conform to relevant privacy laws with respect to the results of such tests, including following the decision-making model…
Barnes, F.P. & Murdin, L. (2001). Values and ethics in the practice of psychotherapy and counseling. Philadelphia: Open University Press.
Bersoff, D.N. (2008). Ethical conflicts in psychology. American Psychological Association.
Bonventre, V.M. (2005, Spring). Editor's foreword. Albany Law Review, 68(2), vii-ix.
Charman, D. (2004). Core processes in brief psychodynamic psychotherapy: Advancing effective practice. Mahwah, NJ: Lawrence Erlbaum Associates.
Legal medical measures that had to be taken in advance so that people's live would not be at risk, because individuals would actually postpone treatment for the fear of being judged about something that a patient was embarrassed about. It became more of a public health issue to not enforce the rights of individuals who sought medical attention for a pertinent matter.
Although the privacy, safety, and comfort level of patients are impacted by the application of HIPAA, the medical industry was also directly impacted as well. Pharmaceutical industries were no longer able to direct their products directly at patients, since under this policy, they no longer had the right to look at anyone's information. Medical information was no longer up for grabs for the business industry to exploit its usage. Having absolute confidentiality meant that money that was once made from direct tailored advertisement, could no longer be made.…
The U.S. Department of Health and Human Services. (undefined). Understanding Health Information Privacy. In http://www.hhs.gov/ . Retrieved July 23, 2011, from
Protections for hardware, software, and data resources. (American Health Information Management Association, 2011, paraphrased)
V. Legal and Ethical Issues
Security professionals are held responsible for understanding the legal and ethical aspects of information security including crimes, investigation of computer crimes and specifically it is stated that certified security professionals "…are morally and legally held to a higher standard of ethical conduct." (U.S. Department of Health and Human Services, 2011)
There are four primary canons established in (ISC)2 code of ethics for credentialed security included those stated as follows:
(1) Protect society, the commonwealth, and the infrastructure
(2) Act honorably, honestly, justly, responsibly, and legally
(3) Provide diligent and competent service to principals
(4) Advance and protect the profession (U.S. Department of Health and Human Services, 2011)
Three credentials are held by information security professions include the following credentials:
(1) CISSP -- Certified Information Systems Security Professional, credentialed through the International…
Kurtz, Ronald L., and Russell Dean Vines. The CISSP Prep Guide (Gold Edition). Indianapolis, in: Wiley, 2003, p. 345.
Summary of the HIPAA Security Rule (2011) U.S. Department of Health and Human Services. Retrieved from: http://www.hhs.gov/ ocr/privacy/hipaa/understanding/srsummary.html
The 10 Security Domains (AHIMA Practice Brief) (2011) Retrieved from: http://www.advancedmedrec.com/images/The10SecurityDomains.pdf
Walsh, Tom. "Selecting and Implementing Security Controls." Getting Practical with Privacy and Security Seminars, AHIMA and HIMSS, 2003.
Computerized Hospital Management Systems
The paper is about the benefits and costs of a computerized hospital management system from a nurse's perspective. The author is placed in the position of a nurse of a small 100 bed-community hospital who is the only nurse in a team of doctors to participate in the hospital management's decision on whether to buy such management system. In answering six specific questions related to the benefits and economic costs of computerized hospital management systems, the paper shows -- among others - that improved health care and increase in personnel and work efficiency will well outweigh the financial burden imposed on the hospital when buying two specific managements systems: ELECTA and Microsoft Dynamics GP. In addition, the paper outlines the security standards of data and patient confidentiality, including the need for data storage integrity and data backup and recovery and how the Health Insurance Portability and…
Berczuk, C. June 2008. The Lean Hospital. 1-5. The Hospitalist, June 2008. 1-5. Accessed 16 March 2012.
Cached - Similar
Dugas, M. & Eckholt, M. & and Bunzemeier, H. (2008). Benchmarking of hospital information systems: Monitoring of discharge letters and scheduling can reveal heterogeneities and time trends. 1-6. BMC Medical Informatics and Decision Making 2008, 8:15 doi:10.1186/1472-6947-8-15. Accessed 16 March 2012.
The dilemma is often easier to resolve once those emotions and assumptions are put into their rightful context.
For this paper, critical thinking came into play was logic. It is understood that initially the nursing profession had issues with HIPAA. These issues were practical, however, and when the law was matched up against the underlying principles and the Code of Ethics, it became apparent that the guidelines that can be used for resolving any ethical dilemma are fairly consistent. There is still some leeway for professional judgment, as Lo et al. (2005) wrote but the Code of Ethics does a strong job of filling in the blanks left behind by the legislation. Once this was pieced together, the argument for easy resolution of ethical dilemmas became clear.
American Nursing Association. (2009). Code of ethics for nurses with interpretive statements. American Nursing Association. etrieved October 17, 2009 from http://nursingworld.org/ethics/code/protected_nwcoe813.htm#3.1
American Nursing Association. (2009). Code of ethics for nurses with interpretive statements. American Nursing Association. Retrieved October 17, 2009 from http://nursingworld.org/ethics/code/protected_nwcoe813.htm#3.1
Bendix, J. (2009). News: New "red flags rule' focuses on medical identity theft. Contemporary OB/GYN. Retrieved October 17, 2009, from http://contemporaryobgyn.modernmedicine.com/obgyn/Modern+Medicine+Now/News-New-Red-Flags-Rule-focuses-on-medical-identit/ArticleStandard/Article/detail/597492
Lo, B.; Dornbrand, L. & Dubler, N. (2005). HIPAA and patient care: The role for professional development. Journal of the American Medical Association. 2005; 293: 1766-1771.
No author. (2003). What is HIPAA? HIPAAps.com. Retrieved October 17, 2009, from http://www.hipaaps.com/main/background.html
PHI Security and Privacy
Privacy and security is significant for any institution operating under offices because of clients, which prompts for the need of protecting the flowing information. In the context of a hospital, there is need for protecting the client's information in order to assure them of their privacy and security. Privacy is always important when attending to the clients since it provides an environment where the latter can open up to their doctors. Privacy refers to what the protected; information about the patient and the determination of the personalities permitted to use while security refer to the way of safeguarding the information through ensuring privacy to information (odrigues, 2010). The patients also need security because of the inevitability of serene environment for their recovery. Even though St. John's hospital presents good strategies in terms of their sound policies, this is not enough in ensuring confidentiality in the information…
Harman, L.B., & American Health Information Management Association. (2006). Ethical challenges in the management of health information. Sudbury, Mass: Jones and Bartlett
Nass, S.J., Levit, L.A., Gostin, L.O., & Institute of Medicine (U.S.). (2009). Beyond the HIPAA
privacy rule: Enhancing privacy, improving health through research. Washington, D.C:
Some or all such authority may be in fact unlimited. This is when a committee can counterbalance authority and diffuse power within an organization since effectively only a small faction is making important decisions. The best use of committees is to have limited power to make decisions but have unlimited power to make recommendations on how things should be done.
2. Identify the initial issue that should always be thoroughly addressed when the establishment of a committee is recommended.
The initial issue that should be addressed is that of making sure that those on the committee are the people capable of carrying out the agenda of the committee and that the committee will have limited power to make organizational decisions.
3. In what ways may committees be said to dilute the recognition and diffuse the blame or responsibility? Where, based on your personal experience, have you seen one of these…
Baker, L. 2002. "Managed care, medical technology, and the well-being of society," viewed 21
February 2011, < http://www.ncbi.nlm.nih.gov/pubmed/12055455 >
Carlson, Gail. 2009. "Managed Care Understanding Our Changing Health Care System," viewed
21 February 2011,
The ability for patients to access mental health services these days are more wide ranging than ever before. This is in part due to the fact that the realm of mental health, once simply governed by physicians, is now peopled by staff of all different types and disciplines. In addition, many mental health professionals are now multiply credentialed, so it is not impossible to see a mental health professional who is all at once a family and marital therapist, a chemical dependency practitioner and a social worker. All these elements only serve to improve the ability of patients/clients to receive quality mental health services, whether it be in a large institutional setting, a community mental health center or in a private clinical office.
But what are the different types of mental health professionals who are trained in the identification and treatment of patients with mental health issues? There…
Bridget, J. 1994, Treatment of Lesbians with Alcohol Problems in Alcohol services in North-West England, Lesbian Information Service.
Faulkner, A. 1997, Briefing No.1 - Suicide and Deliberate Self-Harm. Mental Health Foundation
National Patient Safety Agency 2001, Safety First, National Confidential Inquiry into Suicide and Homicide by People with Mental Illness, five-year report of the National Confidential Inquiry
Shaffi, M., Carigan, S., Whittinghall, J.R. et al. 1985, 'Psychological Autopsy of Completed Suicide in Children and Adolescents', American Journal of Psychiatry, 142, 1061-1064.
" (U.S. Department of Health and Human Services, nd) Key provisions of the standards include protection in the areas of: (1) access to medical records; (2) notice of privacy practices; (3) limits on uses of personal medical information; (4) prohibition on marketing; (5) strong state laws; (6) confidential communications; and (7) complaints. (U.S. Department of Health and Human Services, nd)
III. EMPLOYEE RETIREMENT INCOME SECURITY ACT (ERISA)
The Employee Retirement Income Security Act (ERISA) is a federal law that places standards that are minimum to be met for "most voluntarily established pensions and health plans in private industry to provide protection for individuals in these plans." (U.S. Department of Labor, 2008) the requirements of ERISA include the provision of plan information and fiduciary responsibilities to participants and makes a requirement of establishment of "a grievance and appeals process for participants to get benefits from their plans; and gives participants the…
Employee Retirement Income Security Act - ERISA (2008) U.S. Department of Labor - Health Plans and Benefits. 19 Jan 2008. Online available at http://www.dol.gov/dol/topic/health-plans/erisa.htm
Office for Civil Rights - HIPAA (nd) U.S. Department of Health & Human Services. Online available at http://www.hhs.gov/ ocr/hipaa/bkgrnd.html
Protecting the Privacy of Patient's Health Information (2003) U.S. Department of Health & Human Services 14 Apr 2003. Online available at
Medical ID Theft and Securing EPHI
Medical Identity Theft
Medical information can be stolen by 1) the bad guys getting sick and using a victim's information to obtain services, 2) friends or relatives use another friend's or relative's information to obtain treatment, 3) when professionals, such as physicians, fabricate services that did not exist, 4) organized crime, and 5) innocent or not so innocent opportunists (Lafferty, 2007). ad guys that get sick can take a victim's insurance information to obtain services for treatment. Professionals can fabricate false claims to cover medical errors. Opportunists have access to patient data and the ability to steal, use, or sell that information.
Effective security requires clear direction from upper management (Whitman). Assigning security responsibilities and access controls with audit controls to organizational elements and individuals helps to place accountability on individuals. They must formulate or elaborate security policies and procedures based on the organizational…
HIPAA Security Series. (n.d.). Retrieved from HHS.gov: http://www.hhs.gov/ ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf
Hoffman, S. & . (2007). SECURING THE HIPAA SECURITY RULE. Journal of Internet Law, 10(8), 1-16.
Lafferty, L. (2007). Medical Identity Theft: The Future Threat of Health Care Fraud is Now. Journal of Healthcare Compliance, 9(1), 11-20.
Whitman, M. & . (n.d.). Case B: Accessing and Mitigating the Risks to a Hypothetical Computer System, pages B1-B24 .
" (Harman, Flite, and ond, 2012) the key to the preservation of confidentiality is "making sure that only authorized individuals have access to that information. The process of controlling access -- limiting who can see what -- begins with authorizing users." (Harman, Flite, and ond, 2012) Employers are held accountable under the HIPAA Privacy and Security Rules for their employee's actions. The federal agency that holds responsibility for the development of information security guidelines is the National Institute of Standards and Technology (NIST). NIST further defines information security as "the preservation of data confidentiality, integrity, availability" stated to be commonly referred to as "the CIA triad." (Harman, Flite, and ond, 2012)
III. Risk Reduction Strategies
Strategies for addressing barriers and overcoming these barriers are inclusive of keeping clear communication at all organizational levels throughout the process and acknowledging the impact of the organization's culture as well as capitalizing on all…
Harman, LB, Flite, CA, and Bond, K. (2012) Electronic Health Records: Privacy, Confidentiality, and Security. State of the Art and Science. Virtual Mentor. Sept. 2012, Vol. 14 No. 9. Retrieved from: http://virtualmentor.ama-assn.org/2012/09/stas1-1209.html
Kopala, B. And Mitchell, ME (2011) Use of Digital health Records Raises Ethical Concerns. JONA's Healthcare Law, Ethics, and Regulation. Jul/Sep 2011. Lippincott's Nursing Center. Retrieved from: http://www.nursingcenter.com/lnc/cearticle?tid=1238212#P77 P85 P86 P87
Sanford, J., Townsend-Rocchicciolli, J.,Horigan, A., & Hall, P. (2011). A process of decision making by caregivers of family members with heart failure. Research & Theory for Nursing Practice, 25(1), 55-70.
Describe the population for this study.
participants were recruited from cardiology offices, inpatient hospital units, or adult day care facilities. The participant had to be related to the patient with heart failure (HF), provide one activity of daily living, and/or assist the care recipient with two activities of daily living and do this voluntarily.
How was the sample selected? What are the strengths and weaknesses of this sampling strategy?
This was a convenience sample. The participants were recruited from cardiology offices, inpatient hospital units, or adult day care facilities and had to meet certain conditions. The strengths are that the researchers know and get precisely what they are looking for (in terms of qualifications of participants). The weaknesses are that…
Though freedom of religion exists, this freedom does not allow people to break the law. In this particular turning the records over to the mother may endanger the safety of the child. In addition the hospital could be held liable if they turn the records over and something happens to the child because it would be considered a decision that was made in bad faith.
There are also federal laws that protect minors as it pertains to matters of reproductive health. These laws are part of the ealth Insurance Portability and Accountability Act (IPAA. Laws containted in this act are designed to allow girls under the age of 18 to have control of their sexual and reproductive health. Under this law teenage girls can receive treatment for STD's and abortions without the consent of their parents. Although this is a federal statute, indivudal states have the right to determine whether…
Health and Safety Code). HEALTH and SAFETY CODE
Smith, S.K. (2007) Mandatory Reporting Child Abuse and Neglect. http://www.smithlawfirm.com/mandatory_reporting.htm
Family assistance programs provide assistance for employees and families in need. These have the benefit of strengthening employee commitment and loyalty to the workplace by boosting employee morale. The work-to-family program, for example, helps employee scope with caring for children or aging parents by providing assistance as part of insurance benefits. There is also a family assistance program to address partner violence, which has a severe effect on employee productivity and well-being. A further assistance program is offered to families of military personnel deployed to combat environments. Such programs provide both financial and moral support to families who must cope with such separation in the long-term.
It is vital for employers to provide employees with these kinds of assistance, since they cultivate both loyalty and well-being among employees. Both these factors tend to increase the ability of employees to deliver good service.
Department of Health and Human Services…
Department of Health and Human Services (2012). Summary of the HIPAA Privacy Rule. Retrieved from: http://www.hhs.gov/ ocr/privacy/hipaa/understanding/summary/index.html
Frugal Trader (2011). Defined Benefit Pension vs. Defined Contribution Pension. Million Dollar Journey. Retrieved from: www.milliondollarjourney.com/defined-benefit-pension-vs.-defined-contribution-pension.htm
Hall, D. (2011, Jun 14). Employee and Family Assistance Program. Retrieved from: www.livestrong.com/article/300731-employee-family-assistance-program/
Jennifer, K. (2012). Government Regulations on Discretionary Benefits in the United States. Retrieved from: http://www.ehow.com/list_7385963_government-discretionary-benefits-united-states.html
IT Architecture ecommendations to Peachtree Healthcare
The discussions and cursory analyses in the Harvard Business eview case Too Far Ahead of the IT Curve? (Dalcher, 2005) attempt to implement massive IT projects without considering the implications from a strategic and tactical level. There is no mention of the most critical legal considerations of any healthcare provider, and this includes compliance to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in addition to highly specific requirements by medical practice area and discipline (Johnston, Warkentin, 2008).
Second, there isn't a framework described for governance of the IT strategies as they relate to Peachtree Healthcare's overarching strategic vision and mission. The lack of focus on governance in any strategic IT implementation will eventually lead to confused roles, cost overruns and chaos relating to the long-term contribution of IT to rapidly changing business priorities (Smaltz, Carpenter, Saltz, 2007). Max Berndt…
Alhatmi, Y.S. (2010). Quality audit experience for excellence in healthcare. Clinical Governance, 15(2), 113-127.
Cheng, H.K., Tang, Q.C., & Zhao, J.L. (2006). Web services and service-oriented application provisioning: An analytical study of application service strategies. IEEE Transactions on Engineering Management, 53(4), 520-520.
Coetzee, M., & Eloff, J.H.P. (2005). Autonomous trust for web services. Internet Research, 15(5), 498-507.
Dalcher, D. (2005). Breakthrough it change management: How to get enduring change results. Project Management Journal, 36(1), 62-62.
Activity Studies found common features high-performing health departments manage diabetes. These departments include receiving external funding programming, a -management education program recognized American Diabetes Association, partnership opportunities.
While obesity and obesity-related complaints such as Type II diabetes are a problem all over the United States, in my home state of Georgia, the condition has been of particular, growing concern. According to the Centers for Disease Control (CDC), "64.8% of adults were overweight, with a Body Mass Index of 25 or greater" and "29.6% of adults were obese, with a Body Mass Index of 30 or greater" in the state (Georgia's response to obesity, 2012, CDC). Even more worrisome, amongst adolescents who should be at the most active stage of their lives, "14.8% were overweight (>85th and < 95th percentiles for BMI by age and sex) 12.4% were obese (>95th percentile for BMI by age and sex)" (Georgia's response to obesity,…
Rivard, P. (2003). Accountability for patient safety: A review of cases, concepts, and practices.
Massachusetts Coalition for the Prevention of Medical Errors. Retrieved: http://www.macoalition.org/Initiatives/docs/Accountability%20LitReview%20Final_Rivard_new%20copyright.pdf
Beyond the ability of the individual to carry out daily activities, there is the issue of quality of life. So a person who can get up and go to work but finds no pleasure in normal activities is someone whose symptoms still merit concern from the mental health professional (Hood & Johnson, 2006, pp. 27-9.)
Psychiatrists: The Medical Model of Treatment
For many people the most obvious professional to seek treatment from when faced with the symptoms of mental disorders is a psychiatrist. (Maybe because we've grown up reading the psychiatry cartoons in The New Yorker!) Psychiatrists are medical doctors and so their basic response to the symptoms of mental disorders will tend to be a medical one. This encompasses an overall examination of the person's health. (For example, a psychiatrist might run a series of thyroid function tests to determine if a patient's depressive symptoms were related to thyroid…
American Psychiatric Association. Diagnostic and Statistical Manual of Mental Disorders DSM-IV-TR Fourth Edition.
Davies, T. (1997, 24 May.). ABC of mental health: Mental health assessment. BMJ: 314.
Groth-Marnat, G. (2009). Handbook of psychological assessment. New York: Wiley.
Hood, A. & Johnson, R. (2006). Assessment in counseling: A guide to the use of psychological procedures. Washington DC: American Counseling Association.
Security Standards & Least Privilege
Security Standards and Legislative Mandates
Industries are required by law to follow regulations to protect the privacy of information, do risk assessments, and set policies for internal control measures. Among these polices are: SOX, HIPAA, PCI DSS, and GLA. Each of these regulations implements internal control of personal information for different industries. Where GLA is for the way information is shared, all of them are for the safeguard of sensitive personal information.
Sarbanes-Oxley Act of 2002 (SOX) created new standards for corporate accountability in reporting responsibilities, accuracy of financial statements, interaction with auditors, and internal controls and procedures (Sarbanes-Oxley Essential Information). When audits are done to verify the validity of the financial statements, auditors must also verify the adequacy of the internal control and procedures. The Health Insurance Portability and Accountability Act (HIPAA) is designed to protect personal health information held by covered entities and…
Brenner. (2007). How Chevron Met the PCI DSS Deadline. Security Wire Daily News.
Gramm Leach Bliley Act. (n.d.). Retrieved from Bureau of Consumer Protection: http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act principle of least privilege (POLP). (n.d.). Retrieved from Search Security: http://searchsecurity.techtarget.com/definition/principle-of-least-privilege-POLP
Sarbanes-Oxley Essential Information. (n.d.). Retrieved from The Data Manager's Public Library: http://www.sox-online.com/basics.html
Tipton, K. & . (n.d.). Access Control Models. Retrieved from CC Cure.org: http://www.cccure.org/
When setting up and maintaining the human resource files, confidentiality and privacy are always significant at workplace. Today most organizations are taking different steps of ensuring that the information within the organization remains confidential and private, however employees on the other hand are seen not to be concerned of this, therefore it is the work of the top managers to make their employees understand the importance of keeping files such as the human resource files as confidential. The human resources professionals should prevent misuse of personal information by safely storing them to avoid unauthorized access. Maintaining confidentiality of information in organization does not only protect the company from the legal hassles, but it improves the productivity of the employee while providing them with a safer working environment and security (Dogra, 2012).
Maintaining privacy and confidentiality for human resource files is important for varied reasons this is because, it…
Dogra, A. (2012). Confidentiality in the Workplace. Buzzle. Retrieved December 7, 2012, from http://www.buzzle.com/articles/confidentiality-in-the-workplace.html
ACAS (2012). Recruitment and selection Promoting employment relations and HR excellence Retrieved December 7, 2012, from http://www.acas.org.uk/index.aspx?articleid=746
Professional oles and Values
A good number of patients visiting emergency departments are in a position to make independent decision concerning their care. Nevertheless, a significant proportion of them are extremely incapacitated either mentally or physically to the extent that they cannot solely make decisions regarding their treatment. Some of the conditions associated with this incapacitation include organic brain disorder, hypoxia, or head trauma. Jones et al. (2005) describes an emergency department as a very hostile environment where patients may lose control of the nature of care they undergo. Such is the case scenario in this current study. Mr. E is developmentally delayed and hypoxic. Dr. K considers his situation as an emergency and a ventilator must support it. The fact that Mr. E had already signed an advance directive under the supervision of a patients advocate that he did not want a ventilator or cardiopulmonary resuscitation complicates the matter…
Dickey, S.B. (2003-2004). Nurses should be concerned about the ethical implications of HIPAA regulations (pp. 1-5). Washington, DC: American Nurses Association
Fowler, D.M. (2008). Guide to the code of ethics for nurses. Silver Springs, MD: American Nurses Association
Jones S, Davies K, Jones B (2005). The adult patient, informed consent and the emergency care setting. Accident and Emergency Nursing. 13, 3, 167-170
Ethics in a Long-Term Healthcare Business
Ethics in the health care industry spans a wide spectrum of activities and most of the obligations are cast by law on the professionals and the second by the common practice and morals of the profession. Both are important to the progress of the institution and also the health care industry. Compliance of statutes is of primary importance.
There are many rules and statutes that must be complied with by all organizations and one such recent legislation is the hospital information access system. The HIPAA rules apply to all personnel in the system and extend to laboratory technicians, and lawyers and insurers. The culpability comes if the information was disclosed to a third party who did not have an association with the entity -- the clinic and was permitted to access the information. In such cases where the physician discloses information to another…
Andre, Claire; Velasquez, Manuel. (2013) "Aged-Based Health Care Rationing" Retrieved 8
June, 2013 from http://www.scu.edu/ethics/publications/iie/v3n3/age.html
Chaikind, Hinda R. (2004) "The Health Insurance Portability and Accountability ACT
(Hipaa): Overview and Analyses" Nova Publishers.
Refusal to cooperate with the physician selection on the part of the employee could result in a termination, cancellation or simple refusal of benefits.
This physician, the first to treat the patient regarding the work related injury for which the claim is filed, is known as the physician of record. The physician of record has certain duties and obligations to both the patient and the other parties concerned with the worker's compensation claim. Their primary concern is, of course, the treatment of the condition that caused the claim, and the general health of their patient. As part of this treatment, the physician of record has the responsibility to determine the extent of the disability, as well as the date on which the employee can safely return to work. Their report can also allow for further treatments, such as physical therapy. In addition to treating the patent, the physician must keep…
Medicare and Medicaid Services (CMS) announced in January that ICD- 10-CM will be implemented into the HIPAA mandated code set on Oct. 1, 2013.
Introduction to the new structure of ICD manual o Statistics
The International Classification of Diseases (ICD) is a program that is designed in order to record statistics of morbidity and mortality and for the indexing of hospital records of disease.
ICD is published by the World Health Organization (WHO).
It has always been statistically difficult to categorize diseases according to any one specific category since different professions that work with diseases have traditionally classified them according to different categories. The pathologist, for instance, is primarily interested in the natural course of the disease process, whilst the anatomist may prefer to have a classification that groups the disease according to the effected part of the body. The statistical classification of disease and injuries depends upon how the…
Ethics and the Military
As globalism becomes more of a reality, and as various developing countries increase the amount of interaction they do with developed countries, many cultural issues arise. Doing business is not the same worldwide, and as citizens of a global village, we must realize that there are different cultural norms and behaviors that are acceptable in some countries, unacceptable in others, and even expected in some. In the same manner, there are a number of ethical commonalities that businesses and the military share, particularly in the global world. International companies and the military are being pressurized by different groups of people, mainly from their stakeholders, regarding social and ethical issues. Issues revolving around what the United States, Canadian, British and Australian governments call moral issues, in some countries are part of regular actions, yet cause us to ask: "Is it moral or not, when trading in a…
Health Information Privacy. (2012). U.S. Department of Health and Social Services. Retrieved from: http://www.hhs.gov/ ocr/privacy/index.html
Intellectual Property. (1993). Army Regulation 27-60, Department of the Army, Washington,
DC. Retrieved from: http://www.apd.army.mil/pdffiles/r27_60.pdf
American Logistics Association, (2008). DeCA Receives Top Score. Military Partners.com.
There are several criteria by which the company can establish acceptability for the eCube system of EM that is available from Fresenius. The first stakeholder group consists of the patients, who will benefit from the enhanced functionality that comes from the eCube system, in particular the superior health outcomes that come from having accurate medical histories available to physicians and other practitioners while they are working with the patient. Management must strike a balance between business objectives and patient outcomes, and therefore there are multiple different acceptability measures that are possible, both based on profit and patient outcomes. Management will also want to know that the system is relatively easy to install, that there is training available from the vendor for the staff, and that the vendor will deliver full support of the system if there are any problems.
Another stakeholder group consists of the owners/shareholders of the health…
Jena, A., Seabury, S., Lakdawalla, D. & Chandra, A. (2011). Malpractice risk according to physician specialty. New England Journal of Medicine. Vol. 365 (7) 629-636.
Kalathil, R. (2011). Data management: New products: eCube combines clinical and billing applications. Neprhology News & Issues. Retrieved November 6, 2013 from http://www.nephrologynews.com/articles/data-management-new-products-ecube-combines-clinical-and-billing-applications
Self, D. & Schraeder, M. (2009). Enhancing the success of organizational change: Matching readiness strategies with sources of resistance. Leadership and Organizational Development Journal. Vol. 30 (2) 167-182.
Covered entities must develop and implement written privacy policies that are consistent with the Privacy Rule (OCR, 2003). This policy must address several components. One is that there must be a privacy official. The privacy official is responsible for developing and implementing privacy policies. There must also be a contact person responsible for the receipt of complaints (Ibid.).
The written policy must also cover other key areas. These included workforce training, which should also include any employee under the direct control of the covered entity, even if they are under contract and not an employee of the entity. There must be data safeguards as well, so the written policy needs to include specific procedures for verification of identity, release of information and disposal of PHI.
There must also be a policy with respect to the handling of complaints. This procedure must be outlined in the notice that…
Office for Civil Rights: Health Information Privacy. Retrieved April 2, 2009 from http://www.hhs.gov/ ocr/privacy/index.html
No author. (2003). What is HIPAA? HIPAAps.com. Retrieved April 2, 2009 from http://www.hipaaps.com/main/background.html
Francis, Theo (2006). Spread of Records Stirs Fear of Privacy Erosion. Wall Street Journal. Retrieved April 2, 2009 from http://www.post-gazette.com/pg/06362/749444-114.stm
Office for Civil Rights: HIPAA Privacy Rule FAQ. Retrieved April 2, 2009 from
Healthcare Management -- Discussion Questions
Communication strategies are very important when it comes to promoting the practice of healthcare delivery and ensuring that customer service is offered at the highest level. If a person does not communicate well it can harm him or her both personally and professionally. However, that is still a rather isolated issue that is generally considered to be self-limiting in nature. With companies, and especially with healthcare companies, the issue of poor communication is much larger and more significant. As a healthcare worker, a person has to be able to communicate information to patients, families, and other healthcare workers (Nutbeam, 2000). When a person is a manager in a healthcare setting, though, there is much more pressure to make sure that everyone gets the information they need in a timely manner and that the communication preferences as addressed in such a way that each and every…
Arora, V.M., Manjarrez, E., Dressler, D.D., Basaviah, P., Halasyamani, L., & Kripalani, S. (2009). Hospitalist handoffs: A systematic review and task force recommendations. Journal of Hospital Medicine, 4(7): 433- 440. Retrieved from http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3575739/
Mercuri, R.T. (2004). The HIPAA-potamus in health care data security. Security Watch. Communications of the ACM, 47(7): 25-28. Retrieved from http://www.notable-software.com/Papers/HIPAA.pdf
Moskop, J.C., Marco, C.A., Larkin, G.L., Geiderman, J.M., & Derse, A.R. (2005). From Hippocrates to HIPAA: Privacy and confidentiality in emergency medicine -- Part I: Conceptual, moral, and legal foundations. Annals of Emergency Medicine, 45(1): 53-59. Retrieved from https://www3.acep.org/assets/0/16/898/904/2196/2280/C798499F-59F2-42A3-A23A-A575767D4234.pdf
Nutbeam, D. (2000). Health literacy as a public health goal: A challenge for contemporary health education and communication strategies into the 21st century. Health Promotion International, 15(3): 259-267. Retrieved from http://heapro.oxfordjournals.org/content/15/3/259.long
Clinical Activity: Maintaining Alignment to Legal Changes
Policy and Procedures on Information System
My organization's priorities are maintaining the confidentiality of patients and also protecting the organization as a whole from any security impingements. All information is password-protected with strong passwords requiring six characters or more, at least one capital letter and one lower case letter, a number and a symbol of some kind. Passwords are also regularly changed. There is also an additional level of screening with security questions.
Employees are prohibited from using their work email address to conduct personal business. All work emails are monitored to ensure that employees do not disclose private data of patients, work passwords, or open up potentially corrupted files that could damage the system. Mobile devices must likewise be secured and data must only be accessed on secured networks. All employees are prohibited from disclosing any private data about patients with any…
HIPAA. (2016). HHS. Retrieved from: http://www.hhs.gov/ hipaa/
HIPAA: Electronic Data Interchange (EDI) Rule. (2016). ASHA. Retrieved:
Your rights under HIPAA. (2016). HHS. Retrieved from:
Technology gives us more capabilities than we ever had before, and health care organizations need to ensure that their staff members are aware of the regulations surrounding the use of technology in the workplace, both for work-related activities and private activities. The prompt was of a nurse who took photos of a celebrity and texted them to her friend. This action constitutes a violation of HIPAA, wherein the Privacy ule holds the health care providers must safeguard information from your medical records, any information that is recorded by the health care provider, billing information and any other health information (HHS.gov, 2015). Furthermore, there has clearly been an ethical violation committed with regards to the recording of the patient without their consent, and the distribution of that material. Patient information is always confidential in nature, by ethics even if not by law (Mulholland, 1994). This paper will examine the situation…
HHS.gov (2015) Guidance materials for consumers. U.S. Department of Health and Human Services. Retrieved March 19, 2015 from http://www.hhs.gov/ ocr/privacy/hipaa/understanding/consumers/index.html
HIPAA (2007). Subtitle B -- Requirements relating to health care access. Retrieved March 19, 2015 from http://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-part164.pdf
Li, K. (2014). Health smartphone applications on chronic disease monitoring: Development and regulatory considerations. The University of Hong Kong. Retrieved March 19, 2015 from http://hub.hku.hk/bitstream/10722/206932/1/FullText.pdf?accept=1
Milholland, K. (1994). Privacy and confidentiality of patient information: Challenges for nursing. Journal of Nursing Administration. Vol. 24 (2) 19-24.
Another study found that there are many different strategies that are utilized when information technology is developed within the federal government and many of these tend to come not from the top managers but from the management instead (Gupta, Holladay, & Mahoney, 2000).
Much of this has to do with the fact that the top managers in the federal government are often political appointees and therefore know somewhat less about the inner workings of the organization when it comes to specific technological systems (Gupta, Holladay, & Mahoney, 2000). The middle managers are the ones who generally look for strategies to develop other types of information technology and are often comparable to the end users within other studies (Gupta, Holladay, & Mahoney, 2000). Unlike the managers who deal specifically with management information systems, or the other executive managers within the company, these middle managers actually understand many of the challenges and…
Adams, a. & Sasse, M.A. (1999). Users Are Not the Enemy. Communications of the ACM, 42(12), 40-46.
Bocco, G., and Sanchez, R. (1995). Quantifying urban growth using GIS: The case of Tijuana, Mexico (1973-1993). Geo Info Systems 5(10), 18-19.
Bohnet, D. (1995). Integration of socio-economic data into GIS -- a case study of the CRDA. Proceedings of the AfricaGIS 95 conference, Abidjan, March 5-10.
Broadbent, M., Weill, P., & St. Clair, D. (1999) the Implications of Information Technology Infrastructure for Business Process Redesign. MIS Quarterly, 23(2), 159-182.
Health-Care Data at Euclid Hospital Security and Control: A White Paper
Protecting Health-Care Data
The efficiency of the modern healthcare system is increasingly becoming reliant on a computerized infrastructure. Open distributed information systems have been initiated to bring professionals together on a common platform throughout the world. It needs to be understood that easy and flexible methods of processing and communication of images; sound and texts will help in visualizing and thereby cure illnesses and diseases effectively. Another aspect is that the easy access and usage can risk patient privacy, accountability, and secrecy associated with the healthcare profession. Therefore, Information Technology -- IT must be able to focus mainly on improving the health of the patient and should not put the patient's health in danger. (IO Press)
This implies that right data has to be made available to the right person at the right time. IT strongly affects the confidentiality…
A WWW implementation of National Recommendations for Protecting Electronic Health
Accessed 21 September, 2005
IO Press. Retrieved from http://www.iospress.nl/loadtop/load.php?isbn=9051992661
Portability vs. Privacy
Electronic Medical ecords (EM) refers to the digital version of papers containing all the medical history of a patient. EMs are mostly applied in healthcare institutions for treatment and diagnosis.
Benefits of Electronic Medical ecords
The following are some of the benefits associated with electronic medical records (Thede, 2010). EMs are more efficient than paper records because they encourage providers to:
Track patient's data over time
Spot clients who are due for screening and preventive visits
Conduct patient monitoring to measure their parameters including blood pressure and vaccinations
Improve the overall quality of service provision in the practice
Electronic medical records store information in a manner that makes it impossible for outsiders to access. It might be necessary to print patients' medical records and delivered through the mail to other health care members or specialists.
HIPAA egulations and EM
The federal government passed the Health Insurance Portability…
Thede, L. (2010). Informatics: Electronic health records: A boon or privacy nightmare? Online Journal of Issues in Nursing, 15(2), 8.
Jacques, L. (2011). Electronic health records and respect for patient privacy: A prescription for compatibility. Vanderbilt Journal of Entertainment & Technology Law, 13(2), 441-462. http://www.jetlaw.org/wp-content/journal-pdfs/Francis.pdf
Stanhope, M., & Lancaster, J. (2012). Public health nursing: Population-centered health care in the community. Maryland Heights, Mo: Elsevier Mosby.
ecurity Management Plan
Privacy of client information is an assurance that every patient wants and this assurance is what the hospital can build patient confidence on. The lack of it therefore may have consequences such as loss of confidence in the hospital, loss of clientele and the emergence of a poor reputation. This paper looks at the t. John's Hospital which has experienced the leakage of confidential information a problem that needs to be addressed. It highlights the steps the hospital must take in its management plan. In the first step, hospital must identify how widespread the problem is and where exactly there are weaknesses in the system. econdly, the hospital's staff must receive adequate training in methods to deal with confidential information especially its destruction. A culture must be developed to deal with this information discreetly. In this same breadth breach must be understood by all staff…
Shred it (2013), Security Breach, Shred --It making sure it is secure, http://www.shredit.com/en-us/document-destruction-policy-protect-your-business (Retrieved 16/11/2015)
Scallan T. (2013), Disaster recovery solutions underscore the importance of security, Health Management Technology, http://www.healthmgttech.com/disaster-recovery-solutions-underscore-the-importance-of-security.php (Retrieved 16/11/2015)
U.S. Department of Health and Human Services (HHS) (2000), Health information privacy, HHS.gov, http://www.hhs.gov/ ocr/privacy/hipaa/understanding/srsummary.html (Retrieved 16/11/2015)
Technical Security Recommendations for ABC Healthcare IT Infrastructures
ABC Healthcare has been facing a multitude of challenges ranging from the security of the IT infrastructures to the compliance of regulatory policies. In the United States, the lawmakers are increasing putting more restrictive in the regulatory environment because there have been more attacks in the healthcare environment, damaging the organizational information systems and using worms and virus to gain access to non-authorized sensitive data. The issues are making the stakeholders of ABC Healthcare demand for more flexible access to their information systems. Moreover, increasing regulatory pressures within the healthcare environment with regards to the management of the information systems has made ABC Healthcare to decide to implement more prudent information systems security. The goal of ABC Healthcare is to implement good information systems to abide by regulatory policies of HIPPA and SOX (Sarbanes-Oxley). Typically, both SOX and HIPAA mandate healthcare organizations…
Kizza, J.M. (2015). Guide to Computer Network Security. Springer.
Krogh, P. (2009). The DAM Book: Digital Asset Management for Photographers, 2nd Edition, p. 207. O'Reilly Media.
Mell, P. & Grance, T. (2011). The NIST Definition of Cloud Computing (NIST SP 800-145). National Institute of Standards and Technology (NIST).