Question

Hermit’s Pediatrics is a small practice serving the health care needs of children in a small, rural community. The practice has always used paper health records. However, the practice founder, Dr. Melody Hermit, learns that under the American Recovery and Reinvestment Act (ARRA) of 2009, the Centers for Medicare and Medicaid Services (CMS) is offering significant incentives to eligible healthcare professionals who effectively adopt electronic health records (EHR). She sees an opportunity to move into the electronic age.

It takes some time for Dr. Hermit and her staff to get accustomed to using the EHR instead of the paper record, but they quickly see some real advantages. Information in the EHR is always easy to find and is well-organized. Things are going smoothly until one morning when Dr. Hermit and her staff discover that all of their patient records are gone from the EHR. Inadvertently, the system upgrade that was rolled out the night before has overwritten the storage partition containing the records. Luckily, the records had been backed up just before the wipe-out, and are eventually reloaded within a few hours.

Several months later, Dr. Hermit receives an irate phone call from a patient’s mother whose child has been diagnosed with sickle cell disease. The mother’s anger is triggered when a neighbor expresses her sympathy, although the mother has not discussed the diagnosis with anyone. Dr. Hermit questions her staff and learns that the receptionist discussed the child’s diagnosis with the mother’s neighbor after checking his medical records. Dr. Hermit is astounded that the receptionist could even view the patient information, particularly given that the EHR is supposed to be HIPAA compliant according to Planet, the software developer. She is equally surprised when she walks into the reception area only to witness that another patient’s record is in full-sight of those waiting for their appointment. To top Dr. Hermit’s frustration, the Planet software server suffers a malicious software attack. As a consequence, the EHRs of many patients have been compromised, and many others might have been made vulnerable.

Dr. Hermit is now rethinking her decision to adopt an EHR to qualify for the incentive payment after all. The clinic may be better off using paper records until she retires.

Case Study Questions

1. Hermit’s Pediatrics has experienced risks to information confidentiality, data integrity, service availability, and the business itself. Identify the consequences, the vulnerabilities exploited, and the ways these risks could have been mitigated.

2. What are some of the risks that are not addressed by HIPAA, but an EHR software subscriber may need to consider?

Answer 1

Ans 1:Addressing the use of EHR privacy and security of the client stand to be the prime concern wherein this case has been violated.

Consequences in this case includes compromise to the data breach of patients records and exposure of the records to general view which has to be taken to consideration.

Vulnerabilities: Involves the privacy of the client medical procedures and diagnosis and for those with cases of confidential treatment for instances HIV/AIDS,Congenital annomalies ,Hepatitis B etc.

Mitigation of risk: This risk can be tackled by considering the control pannel and educating and providing the staffs with individual passwords to utilize the system efficiently and therewby enhancing privacy,having the concern technicians to check into the system as per policy and rules which in my point of view can prevent the breach of information.

ANS 2: HIPAA maintains baseline standards for storage and privacy of personal medical data for individuals covered by health insurance and enables to prevent fraud however the EHR subscriber needs to consider the pros and cons of availing the software reports incidence of cyber security data breaches and the information being used by an organization and ventors may result in information blockage.