- This topic has 9 replies, 10 voices, and was last updated 3 years, 7 months ago by Kridsada Sirichaisit.
-
AuthorPosts
-
-
2020-09-22 at 8:23 am #22682Navinee KruahongParticipant
Article: “3 Massachusetts hospitals fined nearly $1 million by OCR for HIPAA violations”
1. Provide a brief description of the story.
According to this article, three hospitals violated the Health Insurance Portability and Accountability Act (HIPAA) by inviting and letting ABC film crews to film on site without first obtaining patient authorization. As the result, all three hospitals fined $999,000 by the Office of Civil Rights (ORC)for compromising patient privacy during the filming of an ABC documentary.2. What is/are the impact of this data breach? Consequences of the data breach.
This data breach was called “an egregious disclosure” by OCR. This breach not only may affect a patient’s dignity, but can cause harm and affect the employment. When personally identifiable health information is disclosed to an employer, insurer, or family member, it can result in stigma, embarrassment, and discrimination. On the other hand, criminal penalties for a HIPAA violation come with a fine and potentially a prison sentence of up to 10 years.3. How did the data breach occur?
Boston Medical Center, Brigham and Women’s Hospital and Massachusetts General Hospital let ABC film a documentary on site without obtaining patient authorization.4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The cause of this HIPAA violation is an unauthorized access/disclosure. There are possible reasons that this kind of HIPAA violation can occur such as lack of awareness of patient’s privacy and its impact on a patient, lack of knowledge of HIPAA, lack of policies and regulations to protect patient’s privacy.5. How could you prevent this data breach attack?
This article talks about the ways that the hospitals are going to do to prevent this breach including implementing staff training, developing policies and procedures around photography, video recording and audio recording, evaluating and approving requests form the media to film not otherwise open to the public. These approaches are a good start. However, a hospital might need security safeguards, privacy culture, enforcement and ongoing privacy & security assessments, monitoring, and protection to ensure that patients’ privacy in the hospital are well protected. -
2020-09-25 at 6:22 pm #22766Pongsakorn SadakornParticipant
I agree with you for answer number 5, privacy and security assessments and monitoring are essential to building a well-safeguard privacy and security system because sometimes we didn’t realize or know the security level in our organization and didn’t know what we should do or planning with an error that could occur.
-
2020-09-26 at 11:34 pm #22794Khaing Zin Zin HtweParticipant
I find this report very interesting because this is different from all other cases where they mainly concern data. And thank you for providing good preventing measures regarding patients’ privacy. In addition, I think hanging privacy policy posters (e.g., no photo sign) in the hospital might be a simple and effective way to inform public.
-
2020-09-30 at 4:38 am #22880Saravalee SuphakarnParticipant
Thank you for the explanation of Navinee and I agree with Khaing ZinZin’s comment that hanging privacy policy poster or the sign for don’t take a photo or record videos. Morover, I think awareness about privacy of film producer is also important, not only for the hospital, that should educate to both of them.
-
-
2020-09-28 at 2:45 am #22824Wachirawit SupasaParticipant
I agree with you. As I worked in the embassy, they’re very strict on the privacy policy. If any person appears on any video footage or image, they must obtain a signature that gives them permission to record.
-
2020-09-28 at 10:56 pm #22829SaranathKeymaster
Although the HIPPA is strictly followed in the US, we still have heard this kind of report from time to time. Think about our countries, sometimes people don’t take this issue seriously. Particularly, when big crime or accident events happened on the news.
-
2020-09-30 at 12:09 am #22872Ornpicha ThiampolParticipant
That’s true!! The news in Thailand isn’t a concern about the patient’s privacy. This topic should be a serious topic in Thailand also.
-
-
2020-09-29 at 11:38 pm #22870Phone Suu KhaingParticipant
Thanks for your report! It is the same case study with me and you clearly mentioned about preventive measures! I totally agree and like best about security safeguards, privacy culture and enforcement which is still not respected by health staff sometimes either knowingly or unintentionally!
-
2020-10-02 at 2:26 am #22916Kaung Khant TinParticipant
Thank you so much for this informative report. I agree with your preventive measures especially developing policies and procedures around photography, video recording and audio recording, evaluating and approving requests form the media. That’s a wise step. And there should be a team to check and monitor the media group so that they strictly follow the agreed terms and conditions of the hospital.
-
2020-10-20 at 11:46 pm #23443Kridsada SirichaisitParticipant
I agree with you. Regulation and the follow to regulation is important to protect privacy data.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here