In June 2009, a 22-year-old Honolulu mom of three younger kids was sentenced to a yr in jail for illegally accessing one other lady's medical information and posting on a MySpace web page that she had HIV. The State of Hawaii introduced expenses in opposition to the lady beneath a state statute criminalizing the unauthorized entry to a pc; and which categorized the conduct of the defendant as a category B felony. Based on accounts of the incidents that led to the lady's conviction, there was a feud between the sufferer and the sufferer's sister-in-law, a pal of the defendant. The defendant, who labored as a affected person service consultant on the hospital the place the sufferer was a affected person, accessed the pc for the sufferer's sister-in-law. Over the course of roughly ten months, the defendant accessed the affected person's medical information thrice via a pc. After she discovered of the sufferer's medical situation, the defendant posted on her MySpace web page that the sufferer had HIV. In a second posting, she stated the sufferer was dying of AIDS. The sufferer complained to hospital officers of the unauthorized entry. After an inner investigation the hospital terminated the defendant's employment. The defendant's conduct, after all, was egregious and inexcusable. The one-year jail term handed down by the Courtroom exceeded the term advisable by the prosecutor. Nonetheless, past the difficulty of holding the defendant accountable for her actions some might query to what extent the hospital ought to bear duty for the breaches of confidentiality that occurred. Federal legislation imposes statutory burdens on well being care suppliers to guard in opposition to the improper use or disclosure of personal well being data and to fairly restrict makes use of and disclosures to the minimal mandatory to perform their meant function. Particularly, the Well being Insurance coverage Portability and Accountability Act of 1996's ("HIPAA") privateness rules grew to become efficient on April 14, 2003. HIPAA is meant to guard shoppers' well being data, permit shoppers better entry and management to such data, improve well being care, and eventually to create a nationwide framework for well being privateness safety. HIPAA covers well being plans, well being care clearinghouses, and people well being care suppliers that conduct sure monetary and administrative transactions electronically. Along with the privateness rules, HIPAA's safety guidelines grew to become efficient on April 21, 2005. Collectively the privateness and safety rules are the one nationwide set of rules that governs the use and disclosure of personal, confidential and delicate data. Below HIPAA's Safety Rule, the requirements for the safety of digital data coated by HIPAA are divided into three teams: Administrative safeguards, Bodily safeguards and Technical safeguards. A few probably the most important required safeguards beneath HIPAA are the Administrative "Sanction Coverage" and "Safety Consciousness Coaching" safeguards. The sanction coverage normal requires a communication to all staff concerning the disciplinary motion that might be taken by the coated entity for violations of HIPAA. The sanction coverage ought to have a discover of civil or legal penalties for misuses or misappropriation of well being data and make staff conscious that violations might end in notification to legislation enforcement officers and regulatory, accreditation, and licensure organizations. The safety consciousness coaching normal requires all staff, brokers, and contractors to take part in data safety consciousness coaching applications. Based mostly on job duties, the coated entity ought to require people to attend personalized teaching programs that target points concerning use of well being data and duties concerning confidentiality and safety. The HIPAA privateness and safety rules require a privateness officer and safety officer to be designated by the coated entity. The privateness and safety officer ought to frequently analyze and handle threat by totally assessing potential dangers and vulnerabilities, and implementing associated safety measures. The U.S. Department of Justice ("DOJ") clarified the penalties which may be assessed and in opposition to whom for HIPAA violations. Lined entities and people whom "knowingly" get hold of or disclose individually identifiable well being data in violation of HIPAA could also be fined as much as $50,000, in addition to imprisonment as much as one yr. Offenses dedicated beneath false pretenses permit penalties to be increased--a $100,000 effective, with as much as 5 years in jail. Lastly, offenses dedicated with the intent to promote, switch, or use individually identifiable well being data for industrial benefit, private achieve or malicious hurt allow fines of $250,000, and imprisonment for as much as ten years. Given the safety breach that led to the tragic occasions, together with the one-year jail term for the defendant, Hawaii employers, well being care suppliers and well being plans ought to assessment their privateness and HIPAA insurance policies and conduct an audit of their practices with a view to defend in opposition to the improper use and disclosure of personal well being data and to cut back the chance of privateness breaches in their very own group.
0 Comments