HIPAA Scenario Executive Brief Discussion

HIPAA Scenario Executive Brief Discussion

You are a Compliance Officer in a Healthcare organization. You have received a report from the
organization’s Chief Information Officer (CIO). While at the airport between flights, the CIO was
working on a report that contained confidential patient information: name, address, DOB, SSN,
MRN, diagnoses, and physician names. Unexpectedly, the CIO had to make a quick run to the
restroom. Unfortunately, the “quick run” lasted 15 minutes, and during that time the computer
sat unattended in the concourse.
When the CIO returned from the restroom, the computer was nowhere to be found. Luckily, the
computer and carry-on bag were turned into security, and the CIO was able to retrieve them.
The CIO reports that the file he was working on was not password protected, and that there
were approximately 2,014 patients on the report.
Instructions
Write a one-to-two page Executive Brief describing your responsibilities as Compliance Officer
for breach notification and reporting in this scenario. Include answers to all the questions below.
1. Which rules under HIPAA are relevant to this scenario?
2. What is the timeframe for making your breach notification report?
3. Is there a set format for making your breach notification report?
4. Where should you send your breach notification report?
5. What details about the affected patients must be provided in your report?
6. How should your breach reporting be documented at your organization?
7. Whom should you inform within the executive team of your organization?
8. Do you have a responsibility to inform the patients affected by the breach?
To find the answers to these questions:
1. Go to the HSS.gov website on HIPAA at: https://www.hhs.gov/hipaa
2. Click the HIPAA for Professionals link to research HIPAA rules and procedures