The HITECH Act was incorporated into ARRA to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act, sections 13400–13424, addresses the privacy and security concerns associated with the electronic transmission of health information. It does so, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules. (OCR, 2017)
Consider the following case from the course scenario on St. Michael’s Medical Center.
Case I: The Blue Wall
Many patients and regulators have accused the hospital of neglecting its organizational responsibilities to respect patient rights. The hospital has established a so-called blue wall to withhold information and protect its employees. The administration and the ethics committee overseeing these ethical issues were accused of cover-up and making decisions that endangered vulnerable people. In most cases, the hospital has failed to meet its responsibilities to patients and to comply with regulations. Some of the violations are the following:
- Employees have exposed patient information to unauthorized people.
- Nurses have made unilateral decisions and ignored informed consent mandates.
- Administrators have covered up instances of medication errors and failed to meet regulatory compliance regarding the handling, storage, and retention of medical records.
- Visitors have found sensitive patient information in files left in hallways and on laptops left in patients’ rooms. Mobile devices containing patient information that doctors have claimed were missing have been found lying around in public areas.
Few employees have done the right thing. Organizational lapses in policies and procedures occur at all levels.
As the newly hired chief executive officer (CEO), you have been asked to address these issues. You will make a presentation to help managers, supervisors, and general staff members to curb the Health Insurance Portability and Accountability Act (HIPAA) violations in the following areas:
- Secure storage of information
- Retention of health information
Prepare a 15-slide PowerPoint addressing the following items:
- What are 5 effective health information communication methods? What are the advantages and disadvantages of these methods?
- What healthcare laws guide the sharing and delivery of health information among stakeholders? What type of health information could be shared and with whom?
- What are the benefits of sharing patient health information? What current applications are available to share patient information?
- What HIPAA mandates are about the disclosure of patient information, especially the Privacy and Security Rules?
- What are the benefits of using social media applications for sharing health information? What limitations exist in sharing health information using social media applications?
- What is the purpose of seeking patient consent to release medical records? What penalty exists for unauthorized release of patient health information as per HIPAA regulations?
- What communication skills are essential to patient satisfaction? How can lawsuits be avoided?
- How should healthcare organizations secure patient medical records? Who owns patient medical records?
- What protocols should be in place to store and share patient medical record information? What are the challenges of storing and communicating patient medical records?
- What are the benefits of adequate storage and communication of patient medical information? How would St. Michael’s Medical Center staff benefit from this training?