Compliance Program Implementation and Ethical Decision-Making Template

Background

As a risk manager here are Vila Health, a group of community-based hospitals, I am responsible for lowering the risk and increasing quality. Located in Minnesota and Wisconsin, we are a medium sized facility. My direct supervisor is the Chief Compliance Officer, and together we worked to investigate the most recent HIPAA breach. Regretfully, an employee disclosed personal and private health information without gaining prior consent to share their information. HIPAA defines this as a compliance risk and a breach of privacy. Problem Summary:Privacy Breach—HIPAA Violation Briefly Explain the Law, Regulation,Standard, et cetera*Briefly Explain How the Law, Regulation, Standard, et cetera Applies to the Privacy Breach/HIPAA Violation Applicable Law(s)HITECH - The Health Information Technologyfor Economic and Clinical Health Act. This waspassed to protect the sharing of a patient's PHIelectronically (Lite et al, 2020) In this situation the regulation was violated because PHI was provided to the insurance company with out prior consent from the patient. Applicable SpecificOmnibus rule states that any breach of PHI mustThis is a HIPAA privacy violation. It is a violation 2

Briefly Explain the Law, Regulation,Standard, et cetera*Briefly Explain How the Law, Regulation, Standard, et cetera Applies to the Privacy Breach/HIPAA Violation Regulation(s)be reported (Cascardo, 2014).because Vila Health employee gave out patient information that was protected without the written consent from the patient. DisclosureBreach Notification Rule requires notification toaffected patients and the department of Healthand Human Services (HHS). Some cases mayrequire media notification (CMS, 2021). Vila Health was notified of the error by the insurance carrier and must there for notify those involved including the patient and HHS. Applicable HumanResource Law(s) The employees are held accountable forfollowing HIPAA regulations and laws to be ableto protect the patient's health information frombeing shared without their consent.This violation happened because the employee provided a patient's private and confidential information with the health plan without the patient's written consent. Applicable IndustryAccrediting Body StandardsThe department of Health and Human Servicesand the Civil Rights office, both have accreditingstandards regarding HIPAA responsibilities. Violation in this case, would be reported to the departments listed to determine next steps. (Lite et al., 2020). (Cascardo, 2014). 3

Why is this page out of focus?Because this is a Premium document. Subscribe to unlock this document and more.

Why is this page out of focus?

Because this is a Premium document. Subsc