Danjerell Burks
HCS/335
December 10, 2014
Susam Miedzianowski
Administrative Ethics
In this paper I will discuss patient privacy and the population it affects the most. Along with ethical and legal issues dealing with breaches of patients records and explain managerial responsibilities related to patient privacy. Identify any proposed solutions. The issue is patient privacy” previous regulations had required a practice to notify affected patients and the federal government only if it determined that a breach involving patient records had occurred and that it carried a significant risk of financial or reputational harm to patients”. “Which raised concerns from privacy advocates that practices should not have the discretion to determine those matters” (Lubell, Jenifer, HIPPA gets tougher on physicians, February 4, 2013 www.amednews.com/APPS/PBCS.DLL/PERSONALIA?ID=JLUBELL). This issue has had and impact on physicians, “under the new privacy rules doctors must assume the worst case scenario in the event of a possible privacy breach”. “Now any incident involving patient records is assumed to be a breach, unless a practice conducts a risk assessment that proves a low probability that any protected information was compromised the breach must be reported”(Lubell, Jenifer, HIPPA gets tougher on physicians, February 4, 2013 www.amednews.com/APPS/PBCS.DLL/PERSONALIA?ID=JLUBELL). The argument that is being used is that “some of the largest security breaches have involved business associates of plans, doctors, and other professionals”.” An analysis of large data breaches reported to the department of health and human services finds that personal health information may be most at risk when in the hands of a third party business associate hired to perform functions that require access to the patient data” (Dolan, Pamela, Blame for medical data breaches often rests outside physician office, March 4, 2013, www.amednewa.com/APPS/PBCS.DLL/PERSONALIA?ID=PDOLAN). “An analysis by Redspin, an information technology security company in Carpentaria, California, found that of the 538 breaches reported to the health and human services from August 2009 to January 17th, as required under the health information technology for economic clinical health act of 2009, 57% involved third party contractors or, as they are referred to by HHS, business associated. Breaches involving business associates typically impact five times as many patient records as those covered entities” (Dolan, Pamela, Blame for medical data breaches often rests outside physician office, March 4, 2013, www.amednewa.com/APPS/PBCS.DLL/PERSONALIA?ID=PDOLAN).” The proliferation of mobile devices presents a whole new threat,” said James Christian, chief information risk officer of the risk management firm Risky Data of Orange County, California in the ID Experts report.” The ID Experts report found that of the 131 breaches reported to the office in 2012, 55% were intentional intrusions by outsiders or by unauthorized insiders”.” The other 45% were mostly the result of failures to adopt or carry out appropriate security measures” (Dolan, Pamela, Health data breaches usually aren’t accidents anymore, July 29, 2013, www. amednewa.com/APPS/PBCS.DLL/PERSONALIA?ID=PDOLAN).” There’s more awareness of data risk than there were a decade ago thanks to the Health Insurance Portability and Accountability Act, the HITECH ACT, the Red Flags Rule and state data breach notification laws that require disclosure and corrective action by healthcare organizations”.” But many organizations are relying too much on technology to protect their data rather than focusing on how they can use the technology correctly and training employees to be better stewards of the data, said John Sileo, CEO of the Sileo Group, a data security consulting firm in Denver” (Dolan, Pamela, Health data breaches usually aren’t accidents anymore, July 29, 2013, www.