The purpose of this assignment is to examine a case study and identify and describe the safeguards and gaps prevalent in securing inpatient data. After reading “Case Study Comparison: HIPAA Data Breaches and PHI on Stolen Laptops,” located in the topic materials, review the following case study and answer the questions that follow.
Health Care Inc., a health care consulting company, was engaged to perform a MS-DRG validation audit of 100 Medicare inpatient claims for ABC Hospital. The inpatient cases to be reviewed were selected by ABC Hospital’s Coding Manager. The Health Care Inc. auditors were provided VPN access to the hospital’s EHR to review the documentation of the selected inpatient cases to validate MS-DRG assignment. The Consulting Manager with Health Care Inc., who is responsible for performing the quality review of the work of team, decided to download the inpatient cases included in the review to a company issued laptop to perform the quality review while traveling to another client site. In the course of travel, the laptop was left in the back seat of a rental car while the consulting team stopped to have dinner. When the team returned from dinner, it was discovered that the rental car had been burglarized, and the laptop was stolen. This is the first time that patient data from ABC Hospital has been compromised. However, this is the 3rd time in 11 months that a laptop from Health Care Inc. has been stolen and contained patient data.
Analyze the case study to identify the inefficiencies associated with inpatient record management. In a 500-750-word essay, answer the following reflection questions based on the case study:
Who is liable for the loss of inpatient cases (Health Care Inc. or ABC Hospital)? Explain.
What are three activities that demonstrate inefficient management of inpatient cases in the case study?
What are your suggestions for what can be done to inpatient case data and the management process to reduce the overall impact of loss from future audits?
Has a HIPAA breach occurred? If a breach has occurred, explain what specific evidence from the case study supports your answer.
If a breach has occurred, explain the next steps to be taken by ABC Hospital.
Reference for this topic
Read “Case Study Comparison: HIPAA Data Breaches and PHI on Stolen Laptops,” located on the NORCAL Group website (2018).
Read “What Is a HIPAA Business Associate Agreement (BAA)?” by Snell, located on the Health IT Security website.
Read “What Are the Duties of a HIPAA Compliance Officer?” located on the HIPAA Journal website.