Part I: For each question in the section make sure you provide the following inf
ID: 379632 • Letter: P
Question
Part I:
For each question in the section make sure you provide the following information:
An answer. I know this seems silly, but make sure you provide an answer to the basic questions asked. Sometimes students get so focused on the rationale and justification for their intended answer, they forget to actually answer to the question.
Explanation. As you should no doubt have learned by now, a simple yes/no is not going to cut it. This should contain the following:
A discussion of the how HIPAA (or whatever the question asks you about) is implicated in this scenario. Apply the facts given to the law.
A discussion of the law. What is the law in this situation? How does it or does it not apply in this situation? Just saying “they are a covered entity so HIPAA applies” is not going to be a strong answer. You need to carefully discuss the definition of a covered entity and which, if any, of the definitions applies. Why does it apply?
Well written answer. Make sure your sentences flow, your argument makes sense, you are using proper terms, spelling, and grammar. Imagine you are writing this for your boss on your first day of work and you want to make the best impression possible.
Assume in each question that you are the Chief Privacy Officer in each scenario.
Scenario 1
You work in a hospital. Someone from the records department calls you and says that Human Resources (HR) has requested an electronic file of patient data for the Intensive Care department. HR wants this information so they can do an analysis of the number patients and the seriousness of their diagnosis in order to ensure that they have a sufficient number of clinical staff on hand during the various shifts. They are requesting the following data fields:
Date of admission, date of discharge, primary diagnosis, comorbidities (other medical conditions), patient name, patient home address.
You look at the Notice of Privacy Practices used in the hospital and nowhere does it state that patient data may be used for clinical staffing reviews, but nowhere does is state that the hospital will not use data for that purpose.
Question 1 (20 points): For the first part of your analysis, I want you to look at the types of data fields requested. If you were to allow the transfer of data, would you permit all the requested data fields to be given to HR?
Question 2 (20 points): Do you allow the records department to provide any of the data to HR?
Scenario 2
You work in a psychiatric practice. A patient sends a registered letter to the practice requesting copies of the notes that his psychiatrist takes during their therapy sessions together. Your office uses a Notice of Privacy Practices based on the Sample NPP provided in this class.
Question 3 (20 points): Do you provide the requested information to the patient?
Scenario 3
You work in a hospital. You get a telephone call from an attorney’s office informing you that their computer system has been compromised and they assume the hackers have gained access to all their electronic files. You know that this attorney has represented the hospital in several medical malpractice claims in the past. You conduct an investigation on what was sent to the attorney electronically and see that multiple electronic files containing patient PHI had been e-mailed to the attorney’s office in the past. At no point was the hospital’s e-mail or electronic medical record system compromised.
Question 4: (20 points): Would the hospital be required to perform any type of breech notification based on this incident?
Scenario 4
A local community non-profit organization that receives some state funding is conducting a campaign to “increase awareness of certain public health issues”. You work in a hospital. A representative from the non-profit contacted you and requested a list of patients (names and dates treated) seen in the emergency department for asthma-related issues. They plan to use this list to contact the patients so they can provide them with information related to free or low-cost resources in the area. Your hospital uses a Notice of Privacy Practices based on the Sample NPP provided in this class.
Question 5 (20 points): Do you provide the list of patients?
Explanation / Answer
Scenario 2
Question 3 (20 points): Do you provide the requested information to the patient?
Answer:
Being a chief privacy officer I would certainly not provide the information as during a psychiatric practice things it’s very important to keep the information confidential and it’s also against the practice standards. Even if the patient of anyone else would ever approach for such sort of request I would straight away deny them for the same keeping the psychiatric practice privacy policy in place.