SlideShare una empresa de Scribd logo

Handling a high-risk HIPAA Breach

Arete-Zoe, LLC
Arete-Zoe, LLC

Handling a high-risk HIPAA Breach Published April 2017 Part of scenarios for patient privacy crisis management Every hospital encounters patients, who for the reason of their social circumstances, dependent status, personal characteristics, or the nature of their condition, are more vulnerable than the general population. While compliance with HIPAA is indeed important, because of the potential to inflict significant liability on the hospital resulting from compliance failure, it should not be the only consideration when caring for vulnerable patients. Mere compliance with the minimum requirements of HIPAA does not guarantee the safety of vulnerable patients. In the case study scenario, the hospital emergency department in a small town admitted a 15-year-old female with emergency labor. After delivery in the emergency room, the mother and the baby were moved to Obstetrics and Neonate. Despite appropriate care, the infant presented with multiple medical problems, which may or may not be resolved in the future. A nurse, who took care of the young mother, accidentally disclosed the patient’s identity and condition to her young daughter, who spread the news in all high schools in the area by the following day. The 15-year-old managed to hide her pregnancy from her family. To complicate matters, the young mother’s mother and aunt work in the same hospital.

Salud y medicina
1 de 8
Descargar para leer sin conexión
Handling a high-risk HIPAA Breach Published April 2017 Part of scenarios for patient privacy crisis management Every hospital encounters patients, who for the reason of their social circumstances, dependent status, personal characteristics, or the nature of their condition, are more vulnerable than the general population. While compliance with HIPAA is indeed important, because of the potential to inflict significant liability on the hospital resulting from compliance failure, it should not be the only consideration when caring for vulnerable patients. Mere compliance with the minimum requirements of HIPAA does not guarantee the safety of vulnerable patients. In the case study scenario, the hospital emergency department in a small town admitted a 15-year-old female with emergency labor. After delivery in the emergency room, the mother and the baby were moved to Obstetrics and Neonate. Despite appropriate care, the infant presented with multiple medical problems, which may or may not be resolved in the future. A nurse, who took care of the young mother, verbally disclosed the patient’s identity and condition to her young daughter, who spread the news in all high schools in the area by the following day. The 15-year-old managed to hide her pregnancy from her family. To complicate matters, the young mother’s mother and aunt work in the same hospital. HIPAA assessment The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. The HIPAA Privacy Rule sets national standards for the protection of personal health information against unauthorized disclosure. The Privacy Rule can be found at 45 CFR Part 160, and 45 CFR Part 164, Subparts A and E. The standards, requirements, and implementation specifications apply to health plans, healthcare clearinghouses, and healthcare providers and their business associates. The Security Rule sets standards for protecting electronic health information. Enforcement of the regulation is the responsibility of the Office for Civil Rights (OCR) that is part of HHS. In this case study, the nurse disclosed personal health information, including the full identifier and the patient’s medical condition to an unauthorized individual. A nurse, as an employee of a covered entity, would indeed be subject to obligations under HIPAA. The Site Privacy Officer’s concerns should be the facilitation of an investigation and risk of harm assessment. If a Breach is substantiated and notification is required, the Site Privacy Officer shall notify each individual whose PHI has been accessed, acquired, used, or disclosed as a result of the Breach. In cooperation with other hospital functions, the Site Privacy Officer shall determine what additional external notifications should be made. In this case, it may be necessary to notify local law enforcement if there is a reason to believe the minor’s pregnancy was the result of abuse, neglect, or domestic violence. A breach or not? Breach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E, which compromises the security or privacy of PHI. Breach excludes unintentional acquisition, access, or use of PHI by a person acting under the authority of a covered entity, or inadvertent disclosure between employees of the same covered entity, as long as this information does not spread any further. Breach also excludes disclosures made to unauthorized persons who would not be reasonably able to retain such information. Any
other acquisition, access, use, or disclosure of PHI not permitted under subpart E is considered a breach [45 CFR 164.402]. Based on this definition, the incident indeed constitutes a breach of personal health information that does not fall under any of the exclusions. In the event of an impermissible use or disclosure of unsecured PHI, the covered entity is obligated to conduct a risk assessment. Breach notification is necessary for all situations where PIH has been compromised. Breach notification is not required if the covered entity demonstrates that there is a low probability that PHI has been compromised. In this particular case, there is no doubt PHI has been compromised since the information reached all four high schools in the area by the following day. Breach notification The HIPAA Breach notification rule [45 CFR 164.400-414] requires covered entities to report breaches of health information that have not been rendered unusable, unreadable, or indecipherable. Notification of the Breach has to be provided to the affected individuals, the Secretary, and in certain circumstances, to the media. In this instance, the hospital would have to report the Breach to the patient and to the Secretary within 60 days following the discovery of the Breach. The notification must include a description of the Breach and the information involved, and steps the individuals should take to protect themselves from potential harm. Besides, the hospital should include a brief description of what it is doing to investigate the breach, mitigate the harm, and prevent further breaches, as well as contact information such as a toll-free number. To notify the Secretary, the hospital shall submit the information via an electronic form that is available on the OCR website. Risk of Harm Assessment In January 2013, the Risk of Harm standard was dropped from the final HIPAA Omnibus Rule. The initial rule stated that a breach does not occur unless the access, use or disclosure poses "a significant risk of financial, reputational, or other harm to an individual." It was up to the covered entities to decide whether the harm standard applies or not. The new rule assumes that all impermissible PHI disclosures are reportable (HHS, 2013). However, risk assessment conducted by the hospital shall not be limited to HIPAA compliance obligations. Risk is the probability that a vulnerability will be threatened, resulting in an adverse consequence. The hospital has to consider the potential harm to the affected patient as well as liabilities for the hospital and potential disruption of its own business operations. The patient The case study represents a myriad of ethical and legal problems, in addition to HIPAA compliance. These concerns include the fact that the patient is an unemancipated minor, that her parents were unaware of her condition until birth, and that the pregnancy may have been the result of rape or incest. The consequences of such disclosure in a small town are easy to imagine. Whilst the general acceptance of unwed and underage mothers and offspring conceived out of traditional boundaries of formal marriage depends on location, time, and culture, some patterns are universal in nature and only vary in extent. A teenage mother and a child of uncertain parentage, especially if ill or disabled, are likely to face severe repercussions and lifelong shunning even in the most benign environments. Young mothers may be forced to give up their newborn babies and become themselves subject to retaliation from angry relatives, including the risk of violent death. According to RAINN, the overwhelming majority of victims of sexual
abuse know the perpetrator. Even more disturbingly, in 80% of perpetrators were a parent (RAINN, 2013). Josephson (2016), in her book “Rethinking sexual citizenship” (Josephson, 2016) discusses in detail the causes and consequences of early motherhood, including various societal ills connected to the phenomenon of teenage motherhood, both real and perceived. Teenage sexual activity is considered a deviancy and a threat to public order, and as such, it is subject to widespread public shaming (pp. 82-84). The experiences of teenage mothers can be extremely distressing due to public shaming, shunning, rejection by the community and the family, and absence of elementary support. Even worse, children are often deprived of many opportunities later in their lives because of biases and prejudices; they have to grow up with (Odyssey, 2016). According to “Report on Exploratory Study into Honor Violence Measurement Methods”, honor violence seems to be rare in the United States and apparently limited to ethnic minorities mainly from South East Asia. These cultures do not view honor violence as a crime, and the victims or potential victims are unlikely to report victimization because of fear of repercussions from their own family. These cultures defend honor violence as a means to maintain or regain the reputation and social standing of a family by female members who violate the community’s traditions and norms, should it be sexually inappropriate behavior or disobedience (Helba, Bernstein, Leonard and Bauer, 2014). Other cultures find it appropriate to murder the infant whilst preserving the life of the female. Hungary, a country in Eastern Europe, is an example of a culture where infanticide is generally acceptable, although not legal, mechanism of restoring family honor (Journeyman’s Pictures, 2016). The risks to the mother and the infant following such disclosure are grave, and depending on circumstances, and cultural and ethnic background can include retaliation, infanticide, and honor violence. The Infant Genetic testing of the infant may be warranted to confirm paternity and exclude or confirm the pregnancy was the result of an incestuous relationship. Whether such a test would or would not be permissible and what authorization is required to conduct such tests is a delicate question that requires careful professional judgment, both medical and legal. Genetic screening without parental consent is subject to much controversy, and New Act Newborn Screening Saves Lives Reauthorization Act of 2014 includes the requirement of parental consent for the screening of newborn babies with deadly yet treatable conditions (National Institutes of Health, 2015). The quality and speed of newborn screening programs vary from state to state (Gabler, 2013). Whelan (2013) argues that the main concern of privacy advocates and patient advocacy groups was not the initial screening itself but indefinite retention of genetic material for undisclosed uses, potentially resulting in tangible harms in the future such as employment discrimination and insurance coverage (Whelan, 2013). The American Society of Human Genetics (ASHG, 2015) published a position statement in which it clarified its stance on genome-scale, carrier, and newborn results, and covered a variety of conditions and circumstances including incest. While parental consent is required under most circumstances, clinician’s judgment can override the lack of parental consent "when there is
strong evidence that a secondary finding has urgent and serious implications for a child's health or welfare, and effective action can be taken to mitigate that threat". In this instance, the healthcare provider should be able to perform genetic testing even without parents’ consent. Mitigation of adverse consequences Steps relating to the protection of the young mother and the infant shall be taken with full consideration of the benefits and risks of available options and possible solutions. Personal representative With respect to use or disclosure, 45 CFR Part 160 does not preempt State Law in regards to disclosure of protected health information about a minor to a parent [45 CFR 160.202(2)]. However, in this particular instance, the disclosure of the minor’s condition may not be in the best interest of the young mother and her newborn child. First, the minor’s parents or legal representatives were supposedly unaware of their daughter’s pregnancy. This fact itself should trigger hospital procedures for care for vulnerable minors, including potential victims of rape, incest, sexual abuse, parental neglect, domestic violence or human trafficking. A minor does not become an adult by virtue of becoming pregnant and giving birth. Regardless of the potential Breach, determining who is the patient’s legal representative, and making sure, that she does have an appropriate one, would be the most important first step. A covered entity may elect not to treat a person as the personal representative of an individual if the reason to believe that the individual may be subjected to domestic violence, abuse or neglect by such person, or treating such person as the personal representative could endanger the individual [45 CFR 164.502 (g)(5)(i)(A)-(B)]. The hospital has the option to exercise its professional judgment and decide not to treat the person as the individual’s personal representative [45 CFR 164.502 (g)(ii)]. The rules for the emancipation of a minor vary from state to state. Whilst in most cases court decision is required, in cases where the evidence shows that censurable parental conduct had occurred implied emancipation may apply (Legal Information Institute, n.d.). Protection of disclosure within the hospital Permitted uses and disclosures include the use of the individual’s name, location, and condition described in general terms to maintain the hospital’s directory and to be able to locate the individual in the facility. The patient should have the opportunity to agree or object to such disclosure [45 CFR 164.510(a)(1)(i)(A)-(C)]. In emergency circumstances, the health care provider shall act in the individual’s best interest as determined by the covered health care provider, in the exercise of professional judgment [45 CFR 164.510 (3)(B)]. Law enforcement disclosures The Fourth Amendment to the U.S. Constitution states: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized” (U.S. Constitution, Amendment IV). Medical records contain very sensitive information about individual patients. Law enforcement searches are authorized as reasonable under very
specific circumstances and only to a specific extent. Whilst the pregnancy could have been the result of a relationship between two sexually experimenting minors, the possibility that an adult was involved deserves an appropriate investigation. Successfully hiding a pregnancy from an immediate family is not an easy thing to achieve. Near-complete ignorance and willful blindness are required not to notice that a teen living in the same household is pregnant and about to give birth. Awareness of the pregnancy, in combination with the failure to provide appropriate support, could indicate the intent not to allow the infant to live. In some cultures, infants born from unapproved relationships are at risk of infanticide. The Site Privacy Officer shall make appropriate disclosures to staff in functions designated to coordinate high-risk cases of this nature with other appropriate departments and services, in addition to the investigation of the Breach. To this end, additional external disclosures may be necessary. A covered entity may use or disclose protected health information without the written consent or authorization of the individual if there is a reason to believe that the individual is a victim of abuse, neglect, or domestic violence. Such disclosure shall be limited in nature to comply with relevant laws if the individual agrees, or to the extent expressly authorized by statute or regulation [45 CFR 164.512 (c) (i) – (iii)]. Any attempts to mitigate the damage caused by the Breach shall be appropriately documented for the Office of Civil Rights (OCR). Obligations after impermissible disclosures Once an impermissible disclosure has been made, covered entities should take steps to mitigate the potential damage. Covered entities have a duty to identify and document security incidents and privacy violations, including an impermissible disclosure. Appropriate safeguards include administrative, technical, and physical safeguards that protect PHI from any intentional or unintentional use or disclosure [45 CFR 164.530]. In response to the incident, the hospital should examine the events that led to the disclosure. This primarily includes the review of the history of impermissible uses and breach logs, training materials, and training records. Gap analysis and holistic vulnerability assessment to prevent future breaches would be beneficial to prevent future breaches. Examination and review of the hiring process and critical assessment of organizational culture would facilitate the change in the ways people think about patient privacy and the implications of privacy breaches. Personal accountability The hospital shall have in place written policies and procedures regarding breach notification and must train their workforce appropriately. The organization also has to apply appropriate sanctions against staff members who fail to comply with HIPAA law as relevant to them. A breach of this kind would warrant the review of the appropriateness of policies and procedures, the record of previous breaches, and certainly a revision of training including a reminder of the implications of such disclosures for the patients and for the hospital. When hiring new people, the focus on technical skills shall not overshadow the importance of character, trustworthiness, and ethical conduct. Although most organizations perform background checks prior to hiring them, these do not typically reveal elements such as trust. Workforce retention is a major problem in healthcare. Recent estimates placed the cost of staff turnover at $40,000 to $80,000 per nurse, including the investment required to find a permanent replacement, ensure staffing of shifts and provide onboarding training (Cohen, 2013).
A departing nurse can cause significant damage to the hospital, especially if hurt feelings are involved or the dismissal is perceived as unjust. Experience from the University of Rochester Medical Center (Shaw, 2016), shows how much damage a nurse can inflict on the hospital before leaving if she decides to take advantage of access to patient records that would give her the necessary leverage to either move to a new position or start a practice on her own (Shaw, 2016). Whether the nurse who caused the Breach should be dismissed is a decision, the Human Resources department would have to make. Considering the potential damage caused both to the patient and to the hospital, and the need for extensive resources dedicated to mitigation of the disclosure, immediate dismissal seems appropriate. The incident does violate not only HIPAA but also represents a breach of the professional code of conduct and hospital policies. Most importantly, it shows a lack of sound judgment, which may be critical in many other situations. Any action taken by the hospital should be proportionate and fair to avoid scapegoating of a single individual for conduct that may, in fact, be a widespread cultural problem observable across the enterprise, especially when it is clear this was the result of a mishap rather than malicious intent. A careful review of past incidents, policies, and procedures and quality of training and training records should provide better guidance about what is appropriate. At the very least, the nurse should be placed on administrative leave until the investigation is closed. HIPAA v. the hospital The risks to the hospital include a liability relating to HIPAA compliance failure and tort claims, including negligence. HIPAA breaches and the implications resulting from compliance failure is not the only liability the hospital’s leadership could face. In 2012, in R.K. v. St. Mary’s Medical Center, the West Virginia Supreme Court of Appeals ruled that HIPAA did not preempt state law, and provided the standard of care for tort claims. The hospital shared R.K.’s medical information relating to his psychiatric hospitalization with his estranged wife, despite the patient’s request not to. R.K’s cause of action included negligence (R.K. v. . St. Mary’s Medical Center, 2012). In Byrne v. Avery Center for Obstetrics and Gynecology, the Connecticut Supreme Court ruled that HIPAA does not preempt negligent claims for a breach of patient privacy. In this particular case, Emily Byrne’s medical information was shared with her partner against her wish. The healthcare provider received a subpoena from her partner’s attorney in a paternity suit and complied with the request, disclosing Byrne’s medical information to her significant other. Byrne then successfully sued the hospital for negligence (Byrne v. Avery Center for Obstetrics and Gynecology, 2014). Lewis in The National Law Review (2014) stressed that the fact that HIPAA does not give patients a right of private action does not mean that remedies for questionable disclosures do not exist. Remedial measures include namely state health laws and common law torts (Lewis, 2014). Conclusion Disclosure of protected health information in circumstances that would make the individual subject to serious repercussions is a major concern for the affected individual and for the hospital. The incident represents a complex set of medical, legal and ethical concerns in addition to HIPAA violations. Professional judgment is required to decide whether or not there is a reason to believe the teen may have been the victim of abuse, neglect or domestic violence, whether the
hospital can deny disclosure of the patient’s PHI to her parents, and whether implied emancipation applies in this case. Hospital’s post-incident assessment shall address the risk of harm to the affected patient and her infant child, review previous instances of improper disclosures and breaches, implement corrective and preventative action to ensure HIPAA compliance, and address other risks, such as the risk of litigation for negligence. The Human Resources Department shall make the decision about the nurse’s future employment, and place her on administrative leave until the completion of the investigation. Gap analysis and critical assessment of organizational culture would be beneficial to identify vulnerabilities in the hospital’s operations and address them appropriately. Policies and procedures have to be implemented with fidelity to be effective. Review of training materials, procedures, methodologies, and training effectiveness has to follow to prevent inadvertent disclosures in the future. Dismissal of a single employee does not solve the problem of systemic issues and organizational culture that need to be addressed separately to be effective. Bibliography ASHG. (2015). ASHG Position Statement Provides Guidance for Genetic Testing in Children and Adolescents. Retrieved April 04, 2017, from https://www.genomeweb.com/molecular- diagnostics/ashg-position-statement-provides-guidance-genetic-testing-children-and Cohen, S. (2013). Recruitment and retention. OR Nurse,7(3), 8-10. doi:10.1097/01.orn.0000429410.21897.75 Gabler , E. (2013). Delays at hospitals across the country undermine newborn screening programs, putting babies at risk of disability and death. Retrieved April 04, 2017, from http://archive.jsonline.com/watchdog/watchdogreports/Deadly-Delays-Watchdog-Report- Delays-at-hospitals-across-the-country-undermine-newborn-screening-programs-putting-babies- at-risk-of-disability-and-death-228832111.html Helba, C., Bernstein, M., Leonard, M., & Bauer, E. (2014). Report on Exploratory Study into Honor Violence Measurement Methods (Rep. No. 248879). Westat. HIPAA Privacy Rule Requirements Overview. (2003). The Practical Guide to HIPAA Privacy and Security Compliance. doi:10.1201/9780203507353.ch5 Josephson , J. J. (2016). Rethinking sexual citizenship. Albany: State University of New York Press . The Damaging Effects Of Shaming Teen Mothers. (2016, May 31). Retrieved April 04, 2017, from https://www.theodysseyonline.com/damaging-effects-shaming-teen-mothers Journeyman Pictures. (2016). Infanticide in Eastern Europe (1999) Retrieved April 04, 2017, from https://www.youtube.com/watch?v=ZjSC1xiQd-Q Legal Information Institute. (2007). Emancipation of Minors. Retrieved April 04, 2017, from https://www.law.cornell.edu/wex/emancipation_of_minors Lewis, J. (2014). Negligence Claims for Breach of Patient Privacy Not Preempted by HIPAA, Connecticut Supreme Court Holds. Retrieved April 04, 2017, from http://www.natlawreview.com/article/negligence-claims-breach-patient-privacy-not- preempted-hipaa-connecticut-supreme-cou National Institutes of Health. (2015). Preliminary Guidance Related to Informed Consent for Research on Dried Blood Spots Obtained Through Newborn Screening. Retrieved April 04, 2017, from https://grants.nih.gov/grants/guide/notice-files/NOT-OD-15-127.html RAINN. (n.d.). Children and Teens: Statistics . Retrieved April 04, 2017, from https://www.rainn.org/statistics/children-and-teens
R.K. v. St. Mary's Medical Center, 735 S.E.2d 715 (2012) 229 W.Va. 712 (November 15, 2012). Secretary, H. O. (2013). Breach Notification Rule. Retrieved April 04, 2017, from https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html?language=es Whelan, A. M. (2013). That's My Baby: Why the State's Interest in Promoting Public Health Does Not Justify Residual Newborn Blood Spot Research Without Parental Consent. Minnesota Law Review ,98, 419-453. doi:10.2139/ssrn.2590100 Secretary, H. O. (2015, November 05). Privacy Rule Introduction. Retrieved March 25, 2017, from https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/introduction/index.html Shaw, G. (2016). Departing Nurseʼs HIPAA Breach Spurs New Privacy Policies at URMC — A Case In Point for Reviewing and Tightening Practices. Neurology Today,16(3), 11-12. doi:10.1097/01.nt.0000480943.34345.44 Warren, Z. (2014). Connecticut Supreme Court rules that HIPAA does not preempt negligence claim. Retrieved April 04, 2017, from http://www.insidecounsel.com/2014/11/11/connecticut- supreme-court-rules-that-hipaa-does-no?slreturn=1491315877

Recomendados

1673187449568_disrespect and abuse.docx
1673187449568_disrespect and abuse.docx1673187449568_disrespect and abuse.docx
1673187449568_disrespect and abuse.docxkiokosoft
 
Advanced Search SUBCRIBE TO AJOB .docx
Advanced Search SUBCRIBE TO AJOB .docx Advanced Search SUBCRIBE TO AJOB .docx
Advanced Search SUBCRIBE TO AJOB .docxhallettfaustina
 
Domestic violence or abuse.docx
Domestic violence or abuse.docxDomestic violence or abuse.docx
Domestic violence or abuse.docxwrite5
 
HT final
HT finalHT final
HT finalAnnabelle Minturn
 
Child Abuse Pediatrician Expert Dr. Jennifer Canter
Child Abuse Pediatrician Expert Dr. Jennifer CanterChild Abuse Pediatrician Expert Dr. Jennifer Canter
Child Abuse Pediatrician Expert Dr. Jennifer CanterJennifer Canter MD MPH FAAP
 
Legal issues in nursing
Legal issues in nursingLegal issues in nursing
Legal issues in nursingSusymaryThomas
 
Sensitive Health Care Services in the Era of Electronic Health Records
Sensitive Health Care Services in the Era of Electronic Health Records Sensitive Health Care Services in the Era of Electronic Health Records
Sensitive Health Care Services in the Era of Electronic Health Records Philip R. Lee Institute for Health Policy Studies
 
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a t
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a tCOVID-19 & Personal BeliefsValuesThe COVID pandemic has had a t
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a tCruzIbarra161
 

Recomendados

1673187449568_disrespect and abuse.docx
1673187449568_disrespect and abuse.docx1673187449568_disrespect and abuse.docx
1673187449568_disrespect and abuse.docxkiokosoft
 
Advanced Search SUBCRIBE TO AJOB .docx
Advanced Search SUBCRIBE TO AJOB .docx Advanced Search SUBCRIBE TO AJOB .docx
Advanced Search SUBCRIBE TO AJOB .docxhallettfaustina
 
Domestic violence or abuse.docx
Domestic violence or abuse.docxDomestic violence or abuse.docx
Domestic violence or abuse.docxwrite5
 
HT final
HT finalHT final
HT finalAnnabelle Minturn
 
Child Abuse Pediatrician Expert Dr. Jennifer Canter
Child Abuse Pediatrician Expert Dr. Jennifer CanterChild Abuse Pediatrician Expert Dr. Jennifer Canter
Child Abuse Pediatrician Expert Dr. Jennifer CanterJennifer Canter MD MPH FAAP
 
Legal issues in nursing
Legal issues in nursingLegal issues in nursing
Legal issues in nursingSusymaryThomas
 
Sensitive Health Care Services in the Era of Electronic Health Records
Sensitive Health Care Services in the Era of Electronic Health Records Sensitive Health Care Services in the Era of Electronic Health Records
Sensitive Health Care Services in the Era of Electronic Health Records Philip R. Lee Institute for Health Policy Studies
 
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a t
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a tCOVID-19 & Personal BeliefsValuesThe COVID pandemic has had a t
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a tCruzIbarra161
 
FE policy statements_update2019.doc
FE policy statements_update2019.docFE policy statements_update2019.doc
FE policy statements_update2019.docFEChair
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptxelo1972
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptxelo1972
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptxelo1972
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptxelo1972
 
Hipaa
HipaaHipaa
Hipaaelo1972
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
6Accessing Health CareLearning ObjectivesAfter rea.docx
6Accessing Health CareLearning ObjectivesAfter rea.docx6Accessing Health CareLearning ObjectivesAfter rea.docx
6Accessing Health CareLearning ObjectivesAfter rea.docxblondellchancy
 
Hippa 2021
Hippa 2021Hippa 2021
Hippa 2021John Reardon
 
Fertility Europe policy statements 2016
Fertility Europe policy statements 2016Fertility Europe policy statements 2016
Fertility Europe policy statements 2016Asociatia SOS Infertilitatea - www.vremcopii.ro
 
Surname 2NameTutorInstructorDateMedical Releas.docx
Surname 2NameTutorInstructorDateMedical Releas.docxSurname 2NameTutorInstructorDateMedical Releas.docx
Surname 2NameTutorInstructorDateMedical Releas.docxmattinsonjanel
 
Medical privacy for confidentiality is misleading and unethical before and wi...
Medical privacy for confidentiality is misleading and unethical before and wi...Medical privacy for confidentiality is misleading and unethical before and wi...
Medical privacy for confidentiality is misleading and unethical before and wi...Modupe Sarratt
 
To Prepare· Review the Congress website provided in the Resourc
To Prepare· Review the Congress website provided in the ResourcTo Prepare· Review the Congress website provided in the Resourc
To Prepare· Review the Congress website provided in the ResourcTakishaPeck109
 
Breach of Security Final Paper
Breach of Security Final PaperBreach of Security Final Paper
Breach of Security Final PaperAndrew Blumenreich
 
1334173_Full_dissertation
1334173_Full_dissertation1334173_Full_dissertation
1334173_Full_dissertationJack Docherty-Smith
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docx
2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docx2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docx
2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docxvickeryr87
 
Adult protection and safeguarding presentation
Adult protection and safeguarding presentationAdult protection and safeguarding presentation
Adult protection and safeguarding presentationJulian Dodd
 
CAMHS consultation
CAMHS consultationCAMHS consultation
CAMHS consultationMark Waddington
 
Fifth Annual Study on Medical Identity Theft
Fifth Annual Study on Medical Identity TheftFifth Annual Study on Medical Identity Theft
Fifth Annual Study on Medical Identity Theft- Mark - Fullbright
 
Availability of essential medicines in the Czech Republic (2017)
Availability of essential medicines in the Czech Republic (2017)Availability of essential medicines in the Czech Republic (2017)
Availability of essential medicines in the Czech Republic (2017)Arete-Zoe, LLC
 
Post-marketing safety surveillance of medical devices and drug-device combina...
Post-marketing safety surveillance of medical devices and drug-device combina...Post-marketing safety surveillance of medical devices and drug-device combina...
Post-marketing safety surveillance of medical devices and drug-device combina...Arete-Zoe, LLC
 

Más contenido relacionado

Similar a Handling a high-risk HIPAA Breach

FE policy statements_update2019.doc
FE policy statements_update2019.docFE policy statements_update2019.doc
FE policy statements_update2019.docFEChair
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptxelo1972
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptxelo1972
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptxelo1972
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptxelo1972
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
6Accessing Health CareLearning ObjectivesAfter rea.docx
6Accessing Health CareLearning ObjectivesAfter rea.docx6Accessing Health CareLearning ObjectivesAfter rea.docx
6Accessing Health CareLearning ObjectivesAfter rea.docxblondellchancy
 
Surname 2NameTutorInstructorDateMedical Releas.docx
Surname 2NameTutorInstructorDateMedical Releas.docxSurname 2NameTutorInstructorDateMedical Releas.docx
Surname 2NameTutorInstructorDateMedical Releas.docxmattinsonjanel
 
Medical privacy for confidentiality is misleading and unethical before and wi...
Medical privacy for confidentiality is misleading and unethical before and wi...Medical privacy for confidentiality is misleading and unethical before and wi...
Medical privacy for confidentiality is misleading and unethical before and wi...Modupe Sarratt
 
To Prepare· Review the Congress website provided in the Resourc
To Prepare· Review the Congress website provided in the ResourcTo Prepare· Review the Congress website provided in the Resourc
To Prepare· Review the Congress website provided in the ResourcTakishaPeck109
 
Breach of Security Final Paper
Breach of Security Final PaperBreach of Security Final Paper
Breach of Security Final PaperAndrew Blumenreich
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docx
2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docx2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docx
2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docxvickeryr87
 
Adult protection and safeguarding presentation
Adult protection and safeguarding presentationAdult protection and safeguarding presentation
Adult protection and safeguarding presentationJulian Dodd
 
Fifth Annual Study on Medical Identity Theft
Fifth Annual Study on Medical Identity TheftFifth Annual Study on Medical Identity Theft
Fifth Annual Study on Medical Identity Theft- Mark - Fullbright
 

Similar a Handling a high-risk HIPAA Breach (20)

FE policy statements_update2019.doc
FE policy statements_update2019.docFE policy statements_update2019.doc
FE policy statements_update2019.doc
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptx
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptx
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptx
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptx
 
Hipaa
HipaaHipaa
Hipaa
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGY
 
6Accessing Health CareLearning ObjectivesAfter rea.docx
6Accessing Health CareLearning ObjectivesAfter rea.docx6Accessing Health CareLearning ObjectivesAfter rea.docx
6Accessing Health CareLearning ObjectivesAfter rea.docx
 
Hippa 2021
Hippa 2021Hippa 2021
Hippa 2021
 
Fertility Europe policy statements 2016
Fertility Europe policy statements 2016Fertility Europe policy statements 2016
Fertility Europe policy statements 2016
 
Surname 2NameTutorInstructorDateMedical Releas.docx
Surname 2NameTutorInstructorDateMedical Releas.docxSurname 2NameTutorInstructorDateMedical Releas.docx
Surname 2NameTutorInstructorDateMedical Releas.docx
 
Medical privacy for confidentiality is misleading and unethical before and wi...
Medical privacy for confidentiality is misleading and unethical before and wi...Medical privacy for confidentiality is misleading and unethical before and wi...
Medical privacy for confidentiality is misleading and unethical before and wi...
 
To Prepare· Review the Congress website provided in the Resourc
To Prepare· Review the Congress website provided in the ResourcTo Prepare· Review the Congress website provided in the Resourc
To Prepare· Review the Congress website provided in the Resourc
 
Breach of Security Final Paper
Breach of Security Final PaperBreach of Security Final Paper
Breach of Security Final Paper
 
1334173_Full_dissertation
1334173_Full_dissertation1334173_Full_dissertation
1334173_Full_dissertation
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docx
2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docx2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docx
2011; 33 e50–e56WEB PAPERThe ethics of HIV testing an.docx
 
Adult protection and safeguarding presentation
Adult protection and safeguarding presentationAdult protection and safeguarding presentation
Adult protection and safeguarding presentation
 
CAMHS consultation
CAMHS consultationCAMHS consultation
CAMHS consultation
 
Fifth Annual Study on Medical Identity Theft
Fifth Annual Study on Medical Identity TheftFifth Annual Study on Medical Identity Theft
Fifth Annual Study on Medical Identity Theft
 

Más de Arete-Zoe, LLC

Availability of essential medicines in the Czech Republic (2017)
Availability of essential medicines in the Czech Republic (2017)Availability of essential medicines in the Czech Republic (2017)
Availability of essential medicines in the Czech Republic (2017)Arete-Zoe, LLC
 
Post-marketing safety surveillance of medical devices and drug-device combina...
Post-marketing safety surveillance of medical devices and drug-device combina...Post-marketing safety surveillance of medical devices and drug-device combina...
Post-marketing safety surveillance of medical devices and drug-device combina...Arete-Zoe, LLC
 
Mitigating consequences of a drug-facilitated sexual assault .pdf
Mitigating consequences of a drug-facilitated sexual assault .pdfMitigating consequences of a drug-facilitated sexual assault .pdf
Mitigating consequences of a drug-facilitated sexual assault .pdfArete-Zoe, LLC
 
Approach to preparing for a biological attack (2017)
Approach to preparing for a biological attack (2017)Approach to preparing for a biological attack (2017)
Approach to preparing for a biological attack (2017)Arete-Zoe, LLC
 
Improving the resilience of vulnerable populations
Improving the resilience of vulnerable populationsImproving the resilience of vulnerable populations
Improving the resilience of vulnerable populationsArete-Zoe, LLC
 
Pricing transparency at point of care
Pricing transparency at point of carePricing transparency at point of care
Pricing transparency at point of careArete-Zoe, LLC
 
Addressing pediatric medication errors in ED setting utilizing Computerized P...
Addressing pediatric medication errors in ED setting utilizing Computerized P...Addressing pediatric medication errors in ED setting utilizing Computerized P...
Addressing pediatric medication errors in ED setting utilizing Computerized P...Arete-Zoe, LLC
 
Let's talk causality attribution: Current practices and path forward
Let's talk causality attribution: Current practices and path forward Let's talk causality attribution: Current practices and path forward
Let's talk causality attribution: Current practices and path forward Arete-Zoe, LLC
 
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...Arete-Zoe, LLC
 
Clinical documentation for medical devices
Clinical documentation for medical devices Clinical documentation for medical devices
Clinical documentation for medical devices Arete-Zoe, LLC
 
Zpracování klinické dokumentace dle EU MDR 2017/745
Zpracování klinické dokumentace dle EU MDR 2017/745 Zpracování klinické dokumentace dle EU MDR 2017/745
Zpracování klinické dokumentace dle EU MDR 2017/745 Arete-Zoe, LLC
 
COVID-19 Vaccines (Pfizer/BioNTech)
COVID-19 Vaccines (Pfizer/BioNTech) COVID-19 Vaccines (Pfizer/BioNTech)
COVID-19 Vaccines (Pfizer/BioNTech) Arete-Zoe, LLC
 
Pharmacovigilance Workshop: Case Studies
Pharmacovigilance Workshop: Case Studies Pharmacovigilance Workshop: Case Studies
Pharmacovigilance Workshop: Case Studies Arete-Zoe, LLC
 
Pharmacovigilance workshop
Pharmacovigilance workshop Pharmacovigilance workshop
Pharmacovigilance workshop Arete-Zoe, LLC
 
Ethical Dilemmas in Gerontology (2017)
Ethical Dilemmas in Gerontology (2017)Ethical Dilemmas in Gerontology (2017)
Ethical Dilemmas in Gerontology (2017)Arete-Zoe, LLC
 
Deteriorating Patient with Sepsis: Early Diagnosis and Intervention (2017)
Deteriorating Patient with Sepsis: Early Diagnosis and Intervention (2017)Deteriorating Patient with Sepsis: Early Diagnosis and Intervention (2017)
Deteriorating Patient with Sepsis: Early Diagnosis and Intervention (2017)Arete-Zoe, LLC
 
Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Arete-Zoe, LLC
 

Más de Arete-Zoe, LLC (20)

Availability of essential medicines in the Czech Republic (2017)
Availability of essential medicines in the Czech Republic (2017)Availability of essential medicines in the Czech Republic (2017)
Availability of essential medicines in the Czech Republic (2017)
 
Post-marketing safety surveillance of medical devices and drug-device combina...
Post-marketing safety surveillance of medical devices and drug-device combina...Post-marketing safety surveillance of medical devices and drug-device combina...
Post-marketing safety surveillance of medical devices and drug-device combina...
 
Sexual assault (2017)
Sexual assault (2017)Sexual assault (2017)
Sexual assault (2017)
 
Mitigating consequences of a drug-facilitated sexual assault .pdf
Mitigating consequences of a drug-facilitated sexual assault .pdfMitigating consequences of a drug-facilitated sexual assault .pdf
Mitigating consequences of a drug-facilitated sexual assault .pdf
 
Approach to preparing for a biological attack (2017)
Approach to preparing for a biological attack (2017)Approach to preparing for a biological attack (2017)
Approach to preparing for a biological attack (2017)
 
Improving the resilience of vulnerable populations
Improving the resilience of vulnerable populationsImproving the resilience of vulnerable populations
Improving the resilience of vulnerable populations
 
Pricing transparency at point of care
Pricing transparency at point of carePricing transparency at point of care
Pricing transparency at point of care
 
Addressing pediatric medication errors in ED setting utilizing Computerized P...
Addressing pediatric medication errors in ED setting utilizing Computerized P...Addressing pediatric medication errors in ED setting utilizing Computerized P...
Addressing pediatric medication errors in ED setting utilizing Computerized P...
 
Let's talk causality attribution: Current practices and path forward
Let's talk causality attribution: Current practices and path forward Let's talk causality attribution: Current practices and path forward
Let's talk causality attribution: Current practices and path forward
 
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...Clinical evaluation: Supporting medical device product life-cycle. Applicable...
Clinical evaluation: Supporting medical device product life-cycle. Applicable...
 
Clinical documentation for medical devices
Clinical documentation for medical devices Clinical documentation for medical devices
Clinical documentation for medical devices
 
Zpracování klinické dokumentace dle EU MDR 2017/745
Zpracování klinické dokumentace dle EU MDR 2017/745 Zpracování klinické dokumentace dle EU MDR 2017/745
Zpracování klinické dokumentace dle EU MDR 2017/745
 
COVID-19 Vaccines (Pfizer/BioNTech)
COVID-19 Vaccines (Pfizer/BioNTech) COVID-19 Vaccines (Pfizer/BioNTech)
COVID-19 Vaccines (Pfizer/BioNTech)
 
Anthrax vaccine
Anthrax vaccine Anthrax vaccine
Anthrax vaccine
 
Adenovirus vaccine
Adenovirus vaccineAdenovirus vaccine
Adenovirus vaccine
 
Pharmacovigilance Workshop: Case Studies
Pharmacovigilance Workshop: Case Studies Pharmacovigilance Workshop: Case Studies
Pharmacovigilance Workshop: Case Studies
 
Pharmacovigilance workshop
Pharmacovigilance workshop Pharmacovigilance workshop
Pharmacovigilance workshop
 
Ethical Dilemmas in Gerontology (2017)
Ethical Dilemmas in Gerontology (2017)Ethical Dilemmas in Gerontology (2017)
Ethical Dilemmas in Gerontology (2017)
 
Deteriorating Patient with Sepsis: Early Diagnosis and Intervention (2017)
Deteriorating Patient with Sepsis: Early Diagnosis and Intervention (2017)Deteriorating Patient with Sepsis: Early Diagnosis and Intervention (2017)
Deteriorating Patient with Sepsis: Early Diagnosis and Intervention (2017)
 
Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...Why merging medical records, hospital reports, and clinical trial data is a v...
Why merging medical records, hospital reports, and clinical trial data is a v...
 

Último

Factors Affecting child behavior in Pediatric Dentistry
Factors Affecting child behavior in Pediatric DentistryFactors Affecting child behavior in Pediatric Dentistry
Factors Affecting child behavior in Pediatric DentistryDr Simran Deepak Vangani
 
Hemodialysis: Chapter 1, Physiological Principles of Hemodialysis - Dr.Gawad
Hemodialysis: Chapter 1, Physiological Principles of Hemodialysis - Dr.GawadHemodialysis: Chapter 1, Physiological Principles of Hemodialysis - Dr.Gawad
Hemodialysis: Chapter 1, Physiological Principles of Hemodialysis - Dr.GawadNephroTube - Dr.Gawad
 
Cas 28578-16-7 PMK ethyl glycidate ( new PMK powder) best suppler
Cas 28578-16-7 PMK ethyl glycidate ( new PMK powder) best supplerCas 28578-16-7 PMK ethyl glycidate ( new PMK powder) best suppler
Cas 28578-16-7 PMK ethyl glycidate ( new PMK powder) best supplerSherrylee83
 
hypo and hyper thyroidism final lecture.pptx
hypo and hyper thyroidism final lecture.pptxhypo and hyper thyroidism final lecture.pptx
hypo and hyper thyroidism final lecture.pptxdr shahida
 
Vaccines: A Powerful and Cost-Effective Tool Protecting Americans Against Dis...
Vaccines: A Powerful and Cost-Effective Tool Protecting Americans Against Dis...Vaccines: A Powerful and Cost-Effective Tool Protecting Americans Against Dis...
Vaccines: A Powerful and Cost-Effective Tool Protecting Americans Against Dis...PhRMA
 
THORACOTOMY . SURGICAL PERSPECTIVES VOL 1
THORACOTOMY . SURGICAL PERSPECTIVES VOL 1THORACOTOMY . SURGICAL PERSPECTIVES VOL 1
THORACOTOMY . SURGICAL PERSPECTIVES VOL 1DR SETH JOTHAM
 
SURGICAL ANATOMY OF ORAL IMPLANTOLOGY.pptx
SURGICAL ANATOMY OF ORAL IMPLANTOLOGY.pptxSURGICAL ANATOMY OF ORAL IMPLANTOLOGY.pptx
SURGICAL ANATOMY OF ORAL IMPLANTOLOGY.pptxSuresh Kumar K
 
Cardiac Impulse: Rhythmical Excitation and Conduction in the Heart
Cardiac Impulse: Rhythmical Excitation and Conduction in the HeartCardiac Impulse: Rhythmical Excitation and Conduction in the Heart
Cardiac Impulse: Rhythmical Excitation and Conduction in the HeartMedicoseAcademics
 
DIGITAL RADIOGRAPHY-SABBU KHATOON .pptx
DIGITAL RADIOGRAPHY-SABBU KHATOON .pptxDIGITAL RADIOGRAPHY-SABBU KHATOON .pptx
DIGITAL RADIOGRAPHY-SABBU KHATOON .pptxSabbu Khatoon
 
CONGENITAL HYPERTROPHIC PYLORIC STENOSIS by Dr M.KARTHIK EMMANUEL
CONGENITAL HYPERTROPHIC PYLORIC STENOSIS by Dr M.KARTHIK EMMANUELCONGENITAL HYPERTROPHIC PYLORIC STENOSIS by Dr M.KARTHIK EMMANUEL
CONGENITAL HYPERTROPHIC PYLORIC STENOSIS by Dr M.KARTHIK EMMANUELMKARTHIKEMMANUEL
 
Tips and tricks to pass the cardiovascular station for PACES exam
Tips and tricks to pass the cardiovascular station for PACES examTips and tricks to pass the cardiovascular station for PACES exam
Tips and tricks to pass the cardiovascular station for PACES examJunhao Koh
 
5CL-ADB powder supplier 5cl adb 5cladba 5cl raw materials vendor on sale now
5CL-ADB powder supplier 5cl adb 5cladba 5cl raw materials vendor on sale now5CL-ADB powder supplier 5cl adb 5cladba 5cl raw materials vendor on sale now
5CL-ADB powder supplier 5cl adb 5cladba 5cl raw materials vendor on sale nowSherrylee83
 
5cladba raw material 5CL-ADB-A precursor raw
5cladba raw material 5CL-ADB-A precursor raw5cladba raw material 5CL-ADB-A precursor raw
5cladba raw material 5CL-ADB-A precursor rawSherrylee83
 
Renal Replacement Therapy in Acute Kidney Injury -time modality -Dr Ayman Se...
Renal Replacement Therapy in Acute Kidney Injury -time modality -Dr Ayman Se...Renal Replacement Therapy in Acute Kidney Injury -time modality -Dr Ayman Se...
Renal Replacement Therapy in Acute Kidney Injury -time modality -Dr Ayman Se...Ayman Seddik
 
World Hypertension Day 17th may 2024 ppt
World Hypertension Day 17th may 2024 pptWorld Hypertension Day 17th may 2024 ppt
World Hypertension Day 17th may 2024 pptdesktoppc
 
Evidence-based practiceEBP) in physiotherapy
Evidence-based practiceEBP) in physiotherapyEvidence-based practiceEBP) in physiotherapy
Evidence-based practiceEBP) in physiotherapyNehaa Dubey
 
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...marcuskenyatta275
 
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...marcuskenyatta275
 
The Orbit & its contents by Dr. Rabia I. Gandapore.pptx
The Orbit & its contents by Dr. Rabia I. Gandapore.pptxThe Orbit & its contents by Dr. Rabia I. Gandapore.pptx
The Orbit & its contents by Dr. Rabia I. Gandapore.pptxDr. Rabia Inam Gandapore
 

Último (20)

Factors Affecting child behavior in Pediatric Dentistry
Factors Affecting child behavior in Pediatric DentistryFactors Affecting child behavior in Pediatric Dentistry
Factors Affecting child behavior in Pediatric Dentistry
 
Hemodialysis: Chapter 1, Physiological Principles of Hemodialysis - Dr.Gawad
Hemodialysis: Chapter 1, Physiological Principles of Hemodialysis - Dr.GawadHemodialysis: Chapter 1, Physiological Principles of Hemodialysis - Dr.Gawad
Hemodialysis: Chapter 1, Physiological Principles of Hemodialysis - Dr.Gawad
 
Cas 28578-16-7 PMK ethyl glycidate ( new PMK powder) best suppler
Cas 28578-16-7 PMK ethyl glycidate ( new PMK powder) best supplerCas 28578-16-7 PMK ethyl glycidate ( new PMK powder) best suppler
Cas 28578-16-7 PMK ethyl glycidate ( new PMK powder) best suppler
 
hypo and hyper thyroidism final lecture.pptx
hypo and hyper thyroidism final lecture.pptxhypo and hyper thyroidism final lecture.pptx
hypo and hyper thyroidism final lecture.pptx
 
Vaccines: A Powerful and Cost-Effective Tool Protecting Americans Against Dis...
Vaccines: A Powerful and Cost-Effective Tool Protecting Americans Against Dis...Vaccines: A Powerful and Cost-Effective Tool Protecting Americans Against Dis...
Vaccines: A Powerful and Cost-Effective Tool Protecting Americans Against Dis...
 
THORACOTOMY . SURGICAL PERSPECTIVES VOL 1
THORACOTOMY . SURGICAL PERSPECTIVES VOL 1THORACOTOMY . SURGICAL PERSPECTIVES VOL 1
THORACOTOMY . SURGICAL PERSPECTIVES VOL 1
 
HyperIgE syndrome: primary immune deficiency.pdf
HyperIgE syndrome: primary immune deficiency.pdfHyperIgE syndrome: primary immune deficiency.pdf
HyperIgE syndrome: primary immune deficiency.pdf
 
SURGICAL ANATOMY OF ORAL IMPLANTOLOGY.pptx
SURGICAL ANATOMY OF ORAL IMPLANTOLOGY.pptxSURGICAL ANATOMY OF ORAL IMPLANTOLOGY.pptx
SURGICAL ANATOMY OF ORAL IMPLANTOLOGY.pptx
 
Cardiac Impulse: Rhythmical Excitation and Conduction in the Heart
Cardiac Impulse: Rhythmical Excitation and Conduction in the HeartCardiac Impulse: Rhythmical Excitation and Conduction in the Heart
Cardiac Impulse: Rhythmical Excitation and Conduction in the Heart
 
DIGITAL RADIOGRAPHY-SABBU KHATOON .pptx
DIGITAL RADIOGRAPHY-SABBU KHATOON .pptxDIGITAL RADIOGRAPHY-SABBU KHATOON .pptx
DIGITAL RADIOGRAPHY-SABBU KHATOON .pptx
 
CONGENITAL HYPERTROPHIC PYLORIC STENOSIS by Dr M.KARTHIK EMMANUEL
CONGENITAL HYPERTROPHIC PYLORIC STENOSIS by Dr M.KARTHIK EMMANUELCONGENITAL HYPERTROPHIC PYLORIC STENOSIS by Dr M.KARTHIK EMMANUEL
CONGENITAL HYPERTROPHIC PYLORIC STENOSIS by Dr M.KARTHIK EMMANUEL
 
Tips and tricks to pass the cardiovascular station for PACES exam
Tips and tricks to pass the cardiovascular station for PACES examTips and tricks to pass the cardiovascular station for PACES exam
Tips and tricks to pass the cardiovascular station for PACES exam
 
5CL-ADB powder supplier 5cl adb 5cladba 5cl raw materials vendor on sale now
5CL-ADB powder supplier 5cl adb 5cladba 5cl raw materials vendor on sale now5CL-ADB powder supplier 5cl adb 5cladba 5cl raw materials vendor on sale now
5CL-ADB powder supplier 5cl adb 5cladba 5cl raw materials vendor on sale now
 
5cladba raw material 5CL-ADB-A precursor raw
5cladba raw material 5CL-ADB-A precursor raw5cladba raw material 5CL-ADB-A precursor raw
5cladba raw material 5CL-ADB-A precursor raw
 
Renal Replacement Therapy in Acute Kidney Injury -time modality -Dr Ayman Se...
Renal Replacement Therapy in Acute Kidney Injury -time modality -Dr Ayman Se...Renal Replacement Therapy in Acute Kidney Injury -time modality -Dr Ayman Se...
Renal Replacement Therapy in Acute Kidney Injury -time modality -Dr Ayman Se...
 
World Hypertension Day 17th may 2024 ppt
World Hypertension Day 17th may 2024 pptWorld Hypertension Day 17th may 2024 ppt
World Hypertension Day 17th may 2024 ppt
 
Evidence-based practiceEBP) in physiotherapy
Evidence-based practiceEBP) in physiotherapyEvidence-based practiceEBP) in physiotherapy
Evidence-based practiceEBP) in physiotherapy
 
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...
TEST BANK For Huether and McCance's Understanding Pathophysiology, Canadian 2...
 
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...
TEST BANK for The Nursing Assistant Acute, Subacute, and Long-Term Care, 6th ...
 
The Orbit & its contents by Dr. Rabia I. Gandapore.pptx
The Orbit & its contents by Dr. Rabia I. Gandapore.pptxThe Orbit & its contents by Dr. Rabia I. Gandapore.pptx
The Orbit & its contents by Dr. Rabia I. Gandapore.pptx
 

Handling a high-risk HIPAA Breach

  • 1. Handling a high-risk HIPAA Breach Published April 2017 Part of scenarios for patient privacy crisis management Every hospital encounters patients, who for the reason of their social circumstances, dependent status, personal characteristics, or the nature of their condition, are more vulnerable than the general population. While compliance with HIPAA is indeed important, because of the potential to inflict significant liability on the hospital resulting from compliance failure, it should not be the only consideration when caring for vulnerable patients. Mere compliance with the minimum requirements of HIPAA does not guarantee the safety of vulnerable patients. In the case study scenario, the hospital emergency department in a small town admitted a 15-year-old female with emergency labor. After delivery in the emergency room, the mother and the baby were moved to Obstetrics and Neonate. Despite appropriate care, the infant presented with multiple medical problems, which may or may not be resolved in the future. A nurse, who took care of the young mother, verbally disclosed the patient’s identity and condition to her young daughter, who spread the news in all high schools in the area by the following day. The 15-year-old managed to hide her pregnancy from her family. To complicate matters, the young mother’s mother and aunt work in the same hospital. HIPAA assessment The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. The HIPAA Privacy Rule sets national standards for the protection of personal health information against unauthorized disclosure. The Privacy Rule can be found at 45 CFR Part 160, and 45 CFR Part 164, Subparts A and E. The standards, requirements, and implementation specifications apply to health plans, healthcare clearinghouses, and healthcare providers and their business associates. The Security Rule sets standards for protecting electronic health information. Enforcement of the regulation is the responsibility of the Office for Civil Rights (OCR) that is part of HHS. In this case study, the nurse disclosed personal health information, including the full identifier and the patient’s medical condition to an unauthorized individual. A nurse, as an employee of a covered entity, would indeed be subject to obligations under HIPAA. The Site Privacy Officer’s concerns should be the facilitation of an investigation and risk of harm assessment. If a Breach is substantiated and notification is required, the Site Privacy Officer shall notify each individual whose PHI has been accessed, acquired, used, or disclosed as a result of the Breach. In cooperation with other hospital functions, the Site Privacy Officer shall determine what additional external notifications should be made. In this case, it may be necessary to notify local law enforcement if there is a reason to believe the minor’s pregnancy was the result of abuse, neglect, or domestic violence. A breach or not? Breach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E, which compromises the security or privacy of PHI. Breach excludes unintentional acquisition, access, or use of PHI by a person acting under the authority of a covered entity, or inadvertent disclosure between employees of the same covered entity, as long as this information does not spread any further. Breach also excludes disclosures made to unauthorized persons who would not be reasonably able to retain such information. Any
  • 2. other acquisition, access, use, or disclosure of PHI not permitted under subpart E is considered a breach [45 CFR 164.402]. Based on this definition, the incident indeed constitutes a breach of personal health information that does not fall under any of the exclusions. In the event of an impermissible use or disclosure of unsecured PHI, the covered entity is obligated to conduct a risk assessment. Breach notification is necessary for all situations where PIH has been compromised. Breach notification is not required if the covered entity demonstrates that there is a low probability that PHI has been compromised. In this particular case, there is no doubt PHI has been compromised since the information reached all four high schools in the area by the following day. Breach notification The HIPAA Breach notification rule [45 CFR 164.400-414] requires covered entities to report breaches of health information that have not been rendered unusable, unreadable, or indecipherable. Notification of the Breach has to be provided to the affected individuals, the Secretary, and in certain circumstances, to the media. In this instance, the hospital would have to report the Breach to the patient and to the Secretary within 60 days following the discovery of the Breach. The notification must include a description of the Breach and the information involved, and steps the individuals should take to protect themselves from potential harm. Besides, the hospital should include a brief description of what it is doing to investigate the breach, mitigate the harm, and prevent further breaches, as well as contact information such as a toll-free number. To notify the Secretary, the hospital shall submit the information via an electronic form that is available on the OCR website. Risk of Harm Assessment In January 2013, the Risk of Harm standard was dropped from the final HIPAA Omnibus Rule. The initial rule stated that a breach does not occur unless the access, use or disclosure poses "a significant risk of financial, reputational, or other harm to an individual." It was up to the covered entities to decide whether the harm standard applies or not. The new rule assumes that all impermissible PHI disclosures are reportable (HHS, 2013). However, risk assessment conducted by the hospital shall not be limited to HIPAA compliance obligations. Risk is the probability that a vulnerability will be threatened, resulting in an adverse consequence. The hospital has to consider the potential harm to the affected patient as well as liabilities for the hospital and potential disruption of its own business operations. The patient The case study represents a myriad of ethical and legal problems, in addition to HIPAA compliance. These concerns include the fact that the patient is an unemancipated minor, that her parents were unaware of her condition until birth, and that the pregnancy may have been the result of rape or incest. The consequences of such disclosure in a small town are easy to imagine. Whilst the general acceptance of unwed and underage mothers and offspring conceived out of traditional boundaries of formal marriage depends on location, time, and culture, some patterns are universal in nature and only vary in extent. A teenage mother and a child of uncertain parentage, especially if ill or disabled, are likely to face severe repercussions and lifelong shunning even in the most benign environments. Young mothers may be forced to give up their newborn babies and become themselves subject to retaliation from angry relatives, including the risk of violent death. According to RAINN, the overwhelming majority of victims of sexual
  • 3. abuse know the perpetrator. Even more disturbingly, in 80% of perpetrators were a parent (RAINN, 2013). Josephson (2016), in her book “Rethinking sexual citizenship” (Josephson, 2016) discusses in detail the causes and consequences of early motherhood, including various societal ills connected to the phenomenon of teenage motherhood, both real and perceived. Teenage sexual activity is considered a deviancy and a threat to public order, and as such, it is subject to widespread public shaming (pp. 82-84). The experiences of teenage mothers can be extremely distressing due to public shaming, shunning, rejection by the community and the family, and absence of elementary support. Even worse, children are often deprived of many opportunities later in their lives because of biases and prejudices; they have to grow up with (Odyssey, 2016). According to “Report on Exploratory Study into Honor Violence Measurement Methods”, honor violence seems to be rare in the United States and apparently limited to ethnic minorities mainly from South East Asia. These cultures do not view honor violence as a crime, and the victims or potential victims are unlikely to report victimization because of fear of repercussions from their own family. These cultures defend honor violence as a means to maintain or regain the reputation and social standing of a family by female members who violate the community’s traditions and norms, should it be sexually inappropriate behavior or disobedience (Helba, Bernstein, Leonard and Bauer, 2014). Other cultures find it appropriate to murder the infant whilst preserving the life of the female. Hungary, a country in Eastern Europe, is an example of a culture where infanticide is generally acceptable, although not legal, mechanism of restoring family honor (Journeyman’s Pictures, 2016). The risks to the mother and the infant following such disclosure are grave, and depending on circumstances, and cultural and ethnic background can include retaliation, infanticide, and honor violence. The Infant Genetic testing of the infant may be warranted to confirm paternity and exclude or confirm the pregnancy was the result of an incestuous relationship. Whether such a test would or would not be permissible and what authorization is required to conduct such tests is a delicate question that requires careful professional judgment, both medical and legal. Genetic screening without parental consent is subject to much controversy, and New Act Newborn Screening Saves Lives Reauthorization Act of 2014 includes the requirement of parental consent for the screening of newborn babies with deadly yet treatable conditions (National Institutes of Health, 2015). The quality and speed of newborn screening programs vary from state to state (Gabler, 2013). Whelan (2013) argues that the main concern of privacy advocates and patient advocacy groups was not the initial screening itself but indefinite retention of genetic material for undisclosed uses, potentially resulting in tangible harms in the future such as employment discrimination and insurance coverage (Whelan, 2013). The American Society of Human Genetics (ASHG, 2015) published a position statement in which it clarified its stance on genome-scale, carrier, and newborn results, and covered a variety of conditions and circumstances including incest. While parental consent is required under most circumstances, clinician’s judgment can override the lack of parental consent "when there is
  • 4. strong evidence that a secondary finding has urgent and serious implications for a child's health or welfare, and effective action can be taken to mitigate that threat". In this instance, the healthcare provider should be able to perform genetic testing even without parents’ consent. Mitigation of adverse consequences Steps relating to the protection of the young mother and the infant shall be taken with full consideration of the benefits and risks of available options and possible solutions. Personal representative With respect to use or disclosure, 45 CFR Part 160 does not preempt State Law in regards to disclosure of protected health information about a minor to a parent [45 CFR 160.202(2)]. However, in this particular instance, the disclosure of the minor’s condition may not be in the best interest of the young mother and her newborn child. First, the minor’s parents or legal representatives were supposedly unaware of their daughter’s pregnancy. This fact itself should trigger hospital procedures for care for vulnerable minors, including potential victims of rape, incest, sexual abuse, parental neglect, domestic violence or human trafficking. A minor does not become an adult by virtue of becoming pregnant and giving birth. Regardless of the potential Breach, determining who is the patient’s legal representative, and making sure, that she does have an appropriate one, would be the most important first step. A covered entity may elect not to treat a person as the personal representative of an individual if the reason to believe that the individual may be subjected to domestic violence, abuse or neglect by such person, or treating such person as the personal representative could endanger the individual [45 CFR 164.502 (g)(5)(i)(A)-(B)]. The hospital has the option to exercise its professional judgment and decide not to treat the person as the individual’s personal representative [45 CFR 164.502 (g)(ii)]. The rules for the emancipation of a minor vary from state to state. Whilst in most cases court decision is required, in cases where the evidence shows that censurable parental conduct had occurred implied emancipation may apply (Legal Information Institute, n.d.). Protection of disclosure within the hospital Permitted uses and disclosures include the use of the individual’s name, location, and condition described in general terms to maintain the hospital’s directory and to be able to locate the individual in the facility. The patient should have the opportunity to agree or object to such disclosure [45 CFR 164.510(a)(1)(i)(A)-(C)]. In emergency circumstances, the health care provider shall act in the individual’s best interest as determined by the covered health care provider, in the exercise of professional judgment [45 CFR 164.510 (3)(B)]. Law enforcement disclosures The Fourth Amendment to the U.S. Constitution states: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized” (U.S. Constitution, Amendment IV). Medical records contain very sensitive information about individual patients. Law enforcement searches are authorized as reasonable under very
  • 5. specific circumstances and only to a specific extent. Whilst the pregnancy could have been the result of a relationship between two sexually experimenting minors, the possibility that an adult was involved deserves an appropriate investigation. Successfully hiding a pregnancy from an immediate family is not an easy thing to achieve. Near-complete ignorance and willful blindness are required not to notice that a teen living in the same household is pregnant and about to give birth. Awareness of the pregnancy, in combination with the failure to provide appropriate support, could indicate the intent not to allow the infant to live. In some cultures, infants born from unapproved relationships are at risk of infanticide. The Site Privacy Officer shall make appropriate disclosures to staff in functions designated to coordinate high-risk cases of this nature with other appropriate departments and services, in addition to the investigation of the Breach. To this end, additional external disclosures may be necessary. A covered entity may use or disclose protected health information without the written consent or authorization of the individual if there is a reason to believe that the individual is a victim of abuse, neglect, or domestic violence. Such disclosure shall be limited in nature to comply with relevant laws if the individual agrees, or to the extent expressly authorized by statute or regulation [45 CFR 164.512 (c) (i) – (iii)]. Any attempts to mitigate the damage caused by the Breach shall be appropriately documented for the Office of Civil Rights (OCR). Obligations after impermissible disclosures Once an impermissible disclosure has been made, covered entities should take steps to mitigate the potential damage. Covered entities have a duty to identify and document security incidents and privacy violations, including an impermissible disclosure. Appropriate safeguards include administrative, technical, and physical safeguards that protect PHI from any intentional or unintentional use or disclosure [45 CFR 164.530]. In response to the incident, the hospital should examine the events that led to the disclosure. This primarily includes the review of the history of impermissible uses and breach logs, training materials, and training records. Gap analysis and holistic vulnerability assessment to prevent future breaches would be beneficial to prevent future breaches. Examination and review of the hiring process and critical assessment of organizational culture would facilitate the change in the ways people think about patient privacy and the implications of privacy breaches. Personal accountability The hospital shall have in place written policies and procedures regarding breach notification and must train their workforce appropriately. The organization also has to apply appropriate sanctions against staff members who fail to comply with HIPAA law as relevant to them. A breach of this kind would warrant the review of the appropriateness of policies and procedures, the record of previous breaches, and certainly a revision of training including a reminder of the implications of such disclosures for the patients and for the hospital. When hiring new people, the focus on technical skills shall not overshadow the importance of character, trustworthiness, and ethical conduct. Although most organizations perform background checks prior to hiring them, these do not typically reveal elements such as trust. Workforce retention is a major problem in healthcare. Recent estimates placed the cost of staff turnover at $40,000 to $80,000 per nurse, including the investment required to find a permanent replacement, ensure staffing of shifts and provide onboarding training (Cohen, 2013).
  • 6. A departing nurse can cause significant damage to the hospital, especially if hurt feelings are involved or the dismissal is perceived as unjust. Experience from the University of Rochester Medical Center (Shaw, 2016), shows how much damage a nurse can inflict on the hospital before leaving if she decides to take advantage of access to patient records that would give her the necessary leverage to either move to a new position or start a practice on her own (Shaw, 2016). Whether the nurse who caused the Breach should be dismissed is a decision, the Human Resources department would have to make. Considering the potential damage caused both to the patient and to the hospital, and the need for extensive resources dedicated to mitigation of the disclosure, immediate dismissal seems appropriate. The incident does violate not only HIPAA but also represents a breach of the professional code of conduct and hospital policies. Most importantly, it shows a lack of sound judgment, which may be critical in many other situations. Any action taken by the hospital should be proportionate and fair to avoid scapegoating of a single individual for conduct that may, in fact, be a widespread cultural problem observable across the enterprise, especially when it is clear this was the result of a mishap rather than malicious intent. A careful review of past incidents, policies, and procedures and quality of training and training records should provide better guidance about what is appropriate. At the very least, the nurse should be placed on administrative leave until the investigation is closed. HIPAA v. the hospital The risks to the hospital include a liability relating to HIPAA compliance failure and tort claims, including negligence. HIPAA breaches and the implications resulting from compliance failure is not the only liability the hospital’s leadership could face. In 2012, in R.K. v. St. Mary’s Medical Center, the West Virginia Supreme Court of Appeals ruled that HIPAA did not preempt state law, and provided the standard of care for tort claims. The hospital shared R.K.’s medical information relating to his psychiatric hospitalization with his estranged wife, despite the patient’s request not to. R.K’s cause of action included negligence (R.K. v. . St. Mary’s Medical Center, 2012). In Byrne v. Avery Center for Obstetrics and Gynecology, the Connecticut Supreme Court ruled that HIPAA does not preempt negligent claims for a breach of patient privacy. In this particular case, Emily Byrne’s medical information was shared with her partner against her wish. The healthcare provider received a subpoena from her partner’s attorney in a paternity suit and complied with the request, disclosing Byrne’s medical information to her significant other. Byrne then successfully sued the hospital for negligence (Byrne v. Avery Center for Obstetrics and Gynecology, 2014). Lewis in The National Law Review (2014) stressed that the fact that HIPAA does not give patients a right of private action does not mean that remedies for questionable disclosures do not exist. Remedial measures include namely state health laws and common law torts (Lewis, 2014). Conclusion Disclosure of protected health information in circumstances that would make the individual subject to serious repercussions is a major concern for the affected individual and for the hospital. The incident represents a complex set of medical, legal and ethical concerns in addition to HIPAA violations. Professional judgment is required to decide whether or not there is a reason to believe the teen may have been the victim of abuse, neglect or domestic violence, whether the
  • 7. hospital can deny disclosure of the patient’s PHI to her parents, and whether implied emancipation applies in this case. Hospital’s post-incident assessment shall address the risk of harm to the affected patient and her infant child, review previous instances of improper disclosures and breaches, implement corrective and preventative action to ensure HIPAA compliance, and address other risks, such as the risk of litigation for negligence. The Human Resources Department shall make the decision about the nurse’s future employment, and place her on administrative leave until the completion of the investigation. Gap analysis and critical assessment of organizational culture would be beneficial to identify vulnerabilities in the hospital’s operations and address them appropriately. Policies and procedures have to be implemented with fidelity to be effective. Review of training materials, procedures, methodologies, and training effectiveness has to follow to prevent inadvertent disclosures in the future. Dismissal of a single employee does not solve the problem of systemic issues and organizational culture that need to be addressed separately to be effective. Bibliography ASHG. (2015). ASHG Position Statement Provides Guidance for Genetic Testing in Children and Adolescents. Retrieved April 04, 2017, from https://www.genomeweb.com/molecular- diagnostics/ashg-position-statement-provides-guidance-genetic-testing-children-and Cohen, S. (2013). Recruitment and retention. OR Nurse,7(3), 8-10. doi:10.1097/01.orn.0000429410.21897.75 Gabler , E. (2013). Delays at hospitals across the country undermine newborn screening programs, putting babies at risk of disability and death. Retrieved April 04, 2017, from http://archive.jsonline.com/watchdog/watchdogreports/Deadly-Delays-Watchdog-Report- Delays-at-hospitals-across-the-country-undermine-newborn-screening-programs-putting-babies- at-risk-of-disability-and-death-228832111.html Helba, C., Bernstein, M., Leonard, M., & Bauer, E. (2014). Report on Exploratory Study into Honor Violence Measurement Methods (Rep. No. 248879). Westat. HIPAA Privacy Rule Requirements Overview. (2003). The Practical Guide to HIPAA Privacy and Security Compliance. doi:10.1201/9780203507353.ch5 Josephson , J. J. (2016). Rethinking sexual citizenship. Albany: State University of New York Press . The Damaging Effects Of Shaming Teen Mothers. (2016, May 31). Retrieved April 04, 2017, from https://www.theodysseyonline.com/damaging-effects-shaming-teen-mothers Journeyman Pictures. (2016). Infanticide in Eastern Europe (1999) Retrieved April 04, 2017, from https://www.youtube.com/watch?v=ZjSC1xiQd-Q Legal Information Institute. (2007). Emancipation of Minors. Retrieved April 04, 2017, from https://www.law.cornell.edu/wex/emancipation_of_minors Lewis, J. (2014). Negligence Claims for Breach of Patient Privacy Not Preempted by HIPAA, Connecticut Supreme Court Holds. Retrieved April 04, 2017, from http://www.natlawreview.com/article/negligence-claims-breach-patient-privacy-not- preempted-hipaa-connecticut-supreme-cou National Institutes of Health. (2015). Preliminary Guidance Related to Informed Consent for Research on Dried Blood Spots Obtained Through Newborn Screening. Retrieved April 04, 2017, from https://grants.nih.gov/grants/guide/notice-files/NOT-OD-15-127.html RAINN. (n.d.). Children and Teens: Statistics . Retrieved April 04, 2017, from https://www.rainn.org/statistics/children-and-teens
  • 8. R.K. v. St. Mary's Medical Center, 735 S.E.2d 715 (2012) 229 W.Va. 712 (November 15, 2012). Secretary, H. O. (2013). Breach Notification Rule. Retrieved April 04, 2017, from https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html?language=es Whelan, A. M. (2013). That's My Baby: Why the State's Interest in Promoting Public Health Does Not Justify Residual Newborn Blood Spot Research Without Parental Consent. Minnesota Law Review ,98, 419-453. doi:10.2139/ssrn.2590100 Secretary, H. O. (2015, November 05). Privacy Rule Introduction. Retrieved March 25, 2017, from https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/introduction/index.html Shaw, G. (2016). Departing Nurseʼs HIPAA Breach Spurs New Privacy Policies at URMC — A Case In Point for Reviewing and Tightening Practices. Neurology Today,16(3), 11-12. doi:10.1097/01.nt.0000480943.34345.44 Warren, Z. (2014). Connecticut Supreme Court rules that HIPAA does not preempt negligence claim. Retrieved April 04, 2017, from http://www.insidecounsel.com/2014/11/11/connecticut- supreme-court-rules-that-hipaa-does-no?slreturn=1491315877