Step back in time
To help you understand.
This is a memorandum.
1). I am Axe Health System’s Privacy Officer. I have just discovered all 4 breaches and need to determine whether to report these breaches to the attorney generals of the states in which the patients affected by the breaches resolve. – Choose Four States doesn’t matter which US States.
You already know that they need to be reported to the Office for Civil Rights.
2)Of those four states What are the medical privacy laws and imagine that Breach #1 impacted the residents of that state, For Example Florida.
Then Compare Florida against Hawaii Medical privacy laws (example)
3) Breach #2 involved the residents of another state, ( South Carolina)
Then compare Florida against South Carolina.
4) Breach #3 affected the residents of a third state, Make it California
Then Compare Florida against South Carolina and California
Breach #4 Breach #4 impacted residents of a fourth state. Hawaii.
Then compare florida, Hawaii, South Carolina and California
5) please discuss what type of action you will need to take to address each breach in the Summary of the Events under the state law that you choose.
Please cite each law and describe whether the law is more or less strict than HIPAA and why.
These are the breaches. Cite them and explain what the Medical privacy laws for ( Florida, Califonia , Hawaii, South Carolina
Axe’s local minor league baseball team, the Sharp Axes, won their league’s championship game. It was a big deal for the town and Axe’s mayor wanted to celebrate this victory in style, so he and the other members of the city council organized a parade and celebration day to honor the city’s champions. The celebration day’s parade had all of the standard fare – floats, marching bands, and of course, ticker tape. While cleaning up after the parade, Paul Steele, a member of the town’s sanitation department, noticed that he could read some of the text on the ticker tape. Curious as to what the tickertape said, he put a few pieces together, like a puzzle. Paul soon discovered that the tickertape was not made from just any old scrap paper, these were medical records! Paul was putting more pieces together when he determined that these records were from his old podiatrist, Dr. Toe. Concerned about whether his medical records were amongst the tickertape, he called Dr. Toe’s office. After speaking with Paul, Dr. Toe’s Office Manager contacted Axe Health System’s Compliance Officer. The Compliance Officer launched an investigation into how this could have happened. The Compliance Officer called the company that they had contracted with to destroy all of the paper records for the health system and it was determined that in 2012 one of their trucks overturned on a highway, sending bags of shredded papers everywhere. Some of the bags of records must have fallen off the highway and on to the road below and had been picked up by recyclers. The Compliance Officer became very angry at the trash company because they never notified the hospital that the accident involved bags of shredded medical records.
On December 31, 2013, Carl, a receptionist at Axe Urgent, was working his weekly late shift. Feeling blue about the fact that he would be spending another new year’s eve alone on the couch, Carl tried to kill some time, so he decided to check his personal email on his work computer. Carl knew that it was against Axe Urgent’s policy to check his personal email on his work computer, but no one was looking. Carl was deleting a few pieces of junk mail when he noticed an email from an unfamiliar sender, firstname.lastname@example.org. Intrigued, Carl opened the email and began reading it. The writer of the email introduced herself as Natasha, she explained that she was a Nigerian princess whose parents had both been killed in a plane crash in Zimbabwe and that she was set to inherit several million dollars but needed the help of a kind American man to help her secure the funds. In exchange for his help, the email told Carl that he would receive $475,000 from the princess. The email instructed Carl to click on a link that would let him chat live with the princess so that they could set up plans to meet and obtain the funds. Eager to meet the princess and to get some cash, Carl clicked on the link and waited. Nothing happened. He clicked again and again and again. Figuring that it was time to go home, Carl gave up, shut down his computer and left work. Little did Carl know that by clicking that link, he had opened up the urgent care clinic’s entire network to hacking via malware. As a result of clicking on the link, the hackers were able to access the urgent care center’s entire system. On January 20, 2014 it was discovered that the malware caused a breach of unsecured electronic protected health information (ePHI) that involved 1,212 patients. The breach could have been prevented had Axe Urgent’s IT staff updated all of the necessary patches on the system, but they had failed to do so.
BattleAxe Acres knew that Evan Novella was a “bad apple” but failed to do anything about him. Evan consistently received bad performance evaluations and negative reviews from patients, but little did BattleAxe Acres know that he was stealing patient records to sell their information on the internet to fund his prescription drug addiction. After Evan Novella was arrested on June 11, 2014, a search of Evan’s home was conducted, during which hundreds of pages of medical records belonging to 23 patients of BattleAxe Acres were discovered. According to the police, Evan was using the records to steal the identities of the patients and sell their identifying information online for cash to fuel his prescription drug addiction. It was determined by the Axe Health System that Evan had stolen paper medical records that were being thrown away and that he had printed some pages of electronic health records because all staff members, regardless of their duties, had access to the electronic health record platform at BattleAxe Acres.
Nurse Jack walking to his car after a long overnight shift at Axe Health System’s main hospital when he was accosted by two men in masks with guns. “Give me your stuff or else I will shoot you!” said one of the robbers. Jack immediately handed over his wallet, keys, and his laptop case. The robbers then went through his things and said, “hey, you work at that hospital. I know that this computer is encrypted! Give me your username and password, or else!” The robbers through Jack a post-it note pad and a pencil and he began writing when the robber said, “and don’t you dare write a fake username and password. I am going to make sure that what you are giving us is real, or else you dead punk!’ Jack gave them the information and the robbers logged on to the computer. They punched him in the face and then drove off in his car. Jack determined that the laptop contained PHI of about 30 patients.