Course: Law, Ethics, And Confidentiality In Allied Health Case Solution & Answer

Question No. 3

Breach Notification

Covered entities are required to notify the individuals if there is a breach of the unsecured protected health information, as mentioned in the breach law by HIPAA. In case, there is a breach of information, the entity mustnotify the individual, the Secretary, and if required,the media as well.

Notice to Individuals

The notice to individuals must be in the written form by mail. But, if the individual himself has agreed for electronic notice, then he can be sent an e-mail of the notice. If in case the contact information is out of date for at least 10 individuals, then the covered entity is required to post the notice on its website on the home page for at least ninety days. Or, the covered entity also has the option to broadcast the notice through media instead of posting it on its site. The notice on the site or through media should also include a toll-free number, so that the individual can contact once he gets to know about the violation. Moreover, the notice of breach must be sent to the individual in at least 60 days.

“These individual notifications must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach.”

The notice should include the details about the breach, an explanation of why it happened, the type of harms that the individual is exposed to, and what the entity is doing to mitigate these harms. (Breach Notification Rule, 2018)

Question No. 4

Investigation of complaint by OCR

If there is a HIPAA violation then OCR can investigate the compliant related to it. If the OCR accepts it for investigation, then first, OCR notifies the individual who has filed the complaint and the entity against which the complaint is filed. Both the parties are asked to present information regarding the violation from their perspective. Additionally, OCR can ask any side for specific information to have a better understanding of the complaint. The information gathered from both the parties is then reviewed by OCR. If in case the entity has not violated any privacy and security rules, then it is discharged. However, if it has violated any rights, then the OCR tries to resolve the issue between the two parties either by voluntary compliance, an agreement of resolution, or by a corrective action from the entity. (How OCR Enforces the HIPAA Privacy & Security Rules, 2018)

In some cases, the Office of Civil rights can take consultation from the Department of Justice as well. Apart from these two, there are no other agencies involved in the investigation process. (HIPAA VIOLATIONS, 2018)

Penalties and Possible Charges

The violations are proved then following penalties are imposed on covered entities.

Civil Penalties

If in case the violation took place when the individual was not aware of it, and if the violation occurs because of a willful neglect in practice, then in such cases, the penalty can range from 100 dollars to 50,000 dollars, depending on the severity of the harm caused to the individual by the violation…………….

This is just a sample partical work. Please place the order on the website to get your own originally done case solution.

Share This