A Case for Analyzing Privacy Violations

Case Study
As the Privacy Officer for a mid-sized healthcare organization, it has been identified that the organization has suffered a breach when a third-party vendor’s system was compromised. When the third-party vendor provided billing services to your patients for all services provided for the past 60-days, a breach resulted in unauthorized access to patient billing information, including names, addresses, and social security numbers. The investigation into the breach provided insight that the third-party vendor did not have ample security measures in place. Unfortunately, the healthcare organization did not conduct their due diligence of ensuring that there were regular audits being performed and that there were strong security measures in place. As a result of this lapse in follow through, the discovered breach exposed the personal and financial information of hundreds of patients.
Action Plan
As the Privacy Officer, you have been tasked with digging deeper into the privacy breach that just occurred and to make corrective action recommendations, as well as provide a proposal of changes to the policies and procedures to prevent similar data breaches from occurring in the future. You should focus on the aspect of the vendor management and compliance with HIPAA regulations.
Steps you will complete the following as part of your report:
1. Assess the HIPAA Privacy Rule violations relevant to the third-party vendor management and the protection of patient information. What are your conclusions?
2. Based upon the breach investigation findings, provide a list of corrective actions that should be taken to improve the security measures and for the oversight of the third-party vendor.
3. Provide a recommendation of policy changes that would better support vendor management practices and ensure adherence to compliance with privacy regulations.

 

This question has been answered.

Get Answer