You just started your dream job as the CEO of Compliant Hospital. You walk into your corner
Question:
You just started your dream job as the CEO of Compliant Hospital. You walk into your corner office, sit down at your desk, and find:
Hospital security determined that a nurse, who quit her job last month and went to work for a hospital across town, stole a laptop containing patient medical files, demographic information, insurance records, and electronic claims data. Resisting the urge to quit, you spring into action and assemble your team to investigate the theft. After a few days of sleuthing, you have a good idea of what happened, how many patients the theft implicated, and who the patients are. You do not, however, know whether the nurse compromised the data on the stolen device. What are you going to do?
And then it hits you. You have a friend at the local office of the United States Department of Health and Human Services. She has always been helpful, so you decide to call her to report the theft and ask for advice. While you discuss the situation, you provide your pal the names of the affected patients. Because you are busy and stressed out, you do not realize that you are talking on your cell phone while walking through the hospital's bustling cafeteria, where patients and their families overhear your conversation.
- What disclosure(s) occurred?
- Does the HIPAA apply to the disclosure(s)? Why or why not?
- Was the CEO allowed or required to make the disclosure(s) under the Privacy Rule?
- Did the CEO violate the Privacy Rule by making the disclosure(s)?