Below you will find several situations that include potential privacy breaches in California. For each situation, use
Question:
Below you will find several situations that include potential privacy breaches in California. For each situation, use the IRAC format to state the rule and analyze under BOTH CA regulatory frameworks (the Cal. Civ. Code §1798.82 and CA Health & Safety Code §1280.15).
Please determine:
- Whether there was a privacy breach.
- Whether the breach is reportable.
- To whom the breach should be reported.
Please state each law and its rule and explain your analysis for each situation and question. For the purposes of this assignment, all the health care facilities described in the following situations conduct business in California, and all patients are California residents.
Situation 1
An employee at health facility A reported to the privacy department that his laptop was stolen. IS determined that the laptop was unencrypted, and that the laptop contained 2,000 health facility A patients' first and last names, medical record numbers (MRNs), and medical history information. Health facility A is a licensed facility.
- Was there was a privacy breach?
- Is the breach reportable?
- If applicable, who should the breach should be reported to?
Situation 2
An employee at health facility B inadvertently faxed paper documents containing three patients' information to a clothing retail store. The paper documents contained MRNs and dates of birth. Health facility B is a licensed facility.
- Was there was a privacy breach?
- Is the breach reportable?
- If applicable, who should the breach should be reported to?
Situation 3
An employee at health facility C searched the facility's encrypted Electronic Health Record (EHR) for patient X's medical record using patient X's first and last names. The employee is a nurse in the pediatric department of health facility C. The patient is a geriatric patient and is not under the care of the nurse. The employee accessed patient X's entire medical history. Health facility C is a licensed facility.
- Was there was a privacy breach?
- Is the breach reportable?
- If applicable, who should the breach should be reported to?
Situation 4
An employee at health facility D searched the facility's encrypted Electronic Health Record (EHR) for patient X's medical record using patient X's first and last names. The employee is a nurse in the pediatric department of health facility C. The patient is a geriatric patient and is not under the care of the nurse. The employee accessed patient X's entire medical history and disclosed the patient's medical history on social media. Health facility D is not a licensed facility.
- Was there was a privacy breach?
- Is the breach reportable?
- If applicable, who should the breach should be reported to?
Situation 5
An employee at health facility E searched the facility's encrypted Electronic Health Record (EHR) for patient X's medical record using patient X's first and last names. After the Privacy Office conducted an audit trail of the employee's search, it was determined that the employee only accessed patient X's MRN and date of birth. Health facility E is a licensed facility.
- Was there was a privacy breach?
- Is the breach reportable?
- If applicable, who should the breach should be reported to?
Income Tax Fundamentals 2013
ISBN: 9781285586618
31st Edition
Authors: Gerald E. Whittenburg, Martha Altus Buller, Steven L Gill