HIPAA Security Case Study

Words: 790
Pages: 4

New technologies are emerging within the healthcare industry and PHI is vulnerable to data breaches. The Health Insurance Portability and Accountability Act (HIPAA) were established in response in the technological growth and aims to regulate the security of patient information. The HIPAA Security Rule is set in place to ensure confidentiality, integrity and security of ePHI. All HIPAA covered entities that creates, receives, maintains and transmit must protect ePHI. (Security Rule-HHS, 2009) They have to implement policies and procedures to ensure compliance by their workforce, to prevent threats to security of ePHI.
The HIPAA Security Rule and privacy rule do complement each other but there are differences. Privacy rule covers the privacy
…show more content…
The employee inappropriately shares the PHI at the wrong place and was unaware of her surroundings. This shows that the employee did not receive an initial or proper training on HIPAA policies. Lack of training can cause employees to follow basic safety principles. The organization failed to comply with HIPAA and is in violation of the requirements as well.
The health provider need be compliant with HIPAA security rule. They should implement and maintain appropriate security measures. They need to focus on HIPAA security rules and educate the employees of patient information security. The medical practice should let employees take HIPAA compliance tests and demonstrate HIPAA safe practices in the workplace. In this case, the patient health information is at high risk for criminals to target and PHI is exploited for identity theft and fraud. Engaging the workforce in the security awareness training is pertinent to prevent unauthorized access of ePHI. The workforce should be taught to take security precautions. This includes ensuring that the patient information on computer screens is not visible by unauthorized individuals. Daily reminders and workplace training should be ongoing to comply with HIPAA Security Rule. Security Rule must be documented and made available to all employees within the practice. The health care organization should follow a monthly schedule to audit to check potential vulnerabilities and see what need to