Risk Management: Hippa Compliance

Sources, a minimum of 4, must be used in the response. Each source must be cited within the body of the response. The response must be typewritten and double spaced. Students may submit their analysis for feedback prior to submitting the final document. To be assured of obtaining the feedback with ample time to make revisions, submitted the draft 3 days prior to the date due. Analysis 1: HIPAA Compliance You are the Director for Operations at a general hospital. You are responsible for the Health Information Management Department (HIM [the department formally known as Medical Records]).

The supervisor of the HIM Department calls for an immediate appointment. The supervisor states that she received a complaint and doesn’t know how to handle the issue. The complainant stated that: Her friend, an employee in the HIM Department, told her confidential information about a mutual friend. The complainant said that the employee told her that she (the employee) typed the patient’s discharge papers. The employee shared that their mutual friend was admitted to the psychiatric unit for depression. Later in the conversation Ms. Smith stated that she had heard the information from another source. The complainant also stated that the employee texted the information to other friends as well. The complainant said that she is contacting the patient to let her know of the situation. Also, the complainant said that she would like to know the outcome of the investigation. The supervisor interviewed the employee. The highlights of the conversation are: The employee said that she was aware of her friend’s admission but had heard the information from other sources. She said that a friend of the patient’s boyfriend was the one that told her (the employee) the information.

The employee added that the patient’s mother accused her of spreading the information around town and at school. The employee said that she called the mother to tell her she wasn’t the source of the information. When the employee was asked if she discussed the patient’s admission with anyone, the employee said that she talked with her friend. The supervisor asked the friend’s name and the friend was the complainant. She denied texting information to friends. But, she said she ONLY shared the information she heard from her discussion with the friend of the patient’s boyfriend. She stated that she is very clear about HIPAA guidelines and confidentiality. She said that she handled the patient’s record while carrying-out her usual job functions. The employee said that she probably shouldn’t have called the patient’s mother but should have reported it to her supervisor instead. The supervisor doesn’t know what to do next. Please advise her and provide your answer using the analysis format below. Please be sure to include the Massachusetts’ requirement for sensitive information and the potential implication AND respond to all of the complainant’s requests in #5.