Question

1. Critically evaluate HIPPA Breach Notification Rule in relation to managing a healthcare facility. Be specific and avoid general statements such as “an administrator should be aware.”
2. Evaluate and analyze any current changes or recent events involving the HIPPA Breach Rule. Discuss why these events are of significance and how they might impact a healthcare facility. Consider financial impacts, staffing, information systems, etc. Demonstrate critical thinking.

Answer 1

#. HIPAA Breach Notification Rule.

HIPAA's Breach Notification Rule requires covered entities to notify patients when their unsecured protected heath information (PHI) is impermissibly used or disclosed—or “breached,”—in a way that compromises the privacy and security of the PHI.

#. A rule, promulgated under HITECH, requiring vendors of personal health records and related entities to notify consumers when the security of their individually identifiable health information has been breached.

#. Changes :-

-Breach Notification (Interim Reg September 23, 2009)-notification when information is sent to the wrong place

-Electronic Copies (patient access law)

-Individually Directed Privacy Restrictions (pay out of pocket for a service so it doesn't go on insurance claims)

-Restrictions on Marketing, Fundraising and the sale of PHI

-Preference for Limited Data Sets and De-Identification

-Extension of Minimum Necessary

-Vendors/Business Associates (subject to penalties)

-Accounting for Disclosures (NPRM 5/31/11)

-Increased Enforcement and New Penalties - Individual's are subject to the criminal provisions; State AG's can bring civil suit in Federal Courts on behalf of state residents; harmed individuals can receive a % of CMP's or settlement (AG's Trained 2012)

#. Breach Notification Interim Regulation

-Effective September 23, 2009 Breach Notification is required for any unauthorized acquisition, access, use or disclosure of "unsecured" PHI

-"Breach" being the acquisition, access, use or disclosure of protected health information in a manner not permitted under HIPAA privacy rules and also compromises the security or privacy of the protected health information.

-A breach of protected health information can lead to "unprotected" protected health information. "Unprotected" being any protected health information that has not been rendered unusable or unreadable to unauthorized individuals through the use of a technology or methodology specified by the Secretary of HHS guidance

-Guidance provided August 27, 2009 Breach Notification Standards required the provision of notice to affected individuals, HHS and in some cases the media, in the event of a breach of unsecured PHI. Prescribed rules w/ respect to methods, content, permissible time frame for providing such notice. Specifications of appropriate technologies or methodologies encryption or destruction (proper disposal). Focus on mobile devices, data a rest and data in transit.

#. Critical Thinking means :-

-Taking nothing for granted

-Identifying & challenging assumptions

-Imagining & exploring alternatives

-Considering ethical principles

-Applying reason & logic to make informed decisions

-Finding the meaning in facts

#. BASIC Level of Critical Thinking

-Learner trusts experts to have all the answers

-Thinking is concrete & based on a set of rules or principles

#. COMPLEX Level of Critical Thinking

-Begin to question answers & examine alternatives

-Many answers may be "right." There are options!

-Each solution has benefits & risks the nurse must consider

-Nurses learn a variety of different approaches

#. Components of Critical Thinking

-Specific Knowledge Base

-Experience

-Competencies

-Attitudes

-Standards