The organization that you work for just concluded an investigation of a USB thum
ID: 124564 • Letter: T
Question
The organization that you work for just concluded an investigation of a USB thumb drive that was lost and contained a file with the information of 765 patients on it, including name, address, telephone number, and social security number. As the privacy officer, you are required to manage the notification process for the data breach. Describe who would need to be notified of the data breach based and the timeline for the notification requirement.
2. As the new HIM Supervisor, one of the areas of responsibility is the release of information department. Upon reviewing the releases being processed through the department, it was determined that the release of information staff do not understand the basic requirements of an authorization. You are responsible for educating the release of information staff on what must be filled out on an authorization to make it valid. Discuss the main elements that must be completed on the authorization to make it valid and the six reasons an authorization would be considered defective.
3. Mobile technology use within healthcare organizations is becoming more common. The organization you work for just decided to allow employees to receive work e-mail on their personal cell phones to be able to respond and access e-mails, as appropriate. As the security officer, you are responsible for creating a policy and procedure and implementing safeguards as many e-mails sent throughout the company contain protected health information. Discuss the key components that you would need to include to ensure data on personal cell phones is properly protected
Explanation / Answer
1. The process of data storage is very confidential for any organisation. Breaching of data or lost of information is a serious violation of maintaining confidentiality of each patient documents. The administration member and head of department should be immediately unformed about the USB loss as soon as possible. The IT department should be informed as they can recover some back up data from the system.
2. The main elements for an authorisation to be released are
Patient name, patient age, patient id, biological reference range, correct test parameters, authorised physician signature .The authorisation will be considered defective with patients incorrect information, age errors, test name error, no physician sign, incorrect id, authorised logo in the reports, incorrect test values.
3. Each cell phone should have antivirus install and facility of internet to Mobile should be password protected. Everyone should be all to use internet only for emails and other work related access, other websites which is virus prone should be blocked from using it.