The HIPAA Privacy and Security Rules
Do an Internet search for a recent article or news story discussing a significant breach under the HIPAA Privacy and Security rules. Using your own words, write a summary of the article, and discuss how the organization could have prevented or mitigated the risk of the breach. You must use your own thoughts and words – you may include no more than 15% of directly quoted, and properly cited, references.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted to protect patients’ personal health information from being released without explicit consent. The law has sections such as HIPAA security that mandate healthcare organizations to put measures that protect patients’ electronic data from being accessed by unauthorized individuals without their consent. However, there are several instances where the HIPAA security rule has been breached, resulting in the loss of patients personal health information,
According to Davis (2020), in 2017, Lifespan, the largest hospital in Rhodes Island, was forced to notify at least 20,000 patients of the possibility of their personal and protected health information being in unauthorized hand after a laptop containing the information was stolen from an employee of the organization. The loss of the laptop meant the thieves have access to all protected health information (PHI) and could use the information to steal the patients’ identity or just blackmail mail them based on their medical diagnoses, especially those that are not supposed to be known publicly. The organization paid a fine of $ 1.04 million for the violation of various elements of the HIPAA security law.
The organization could have prevented the risk of the breach in the following ways; first, physical security at their premises and warming employees against taking office computers out of the secure facility. The move reduces theft of the computers. Secondly, the company should have encrypted the data its stores on its computers to make it inaccessible to any unauthorized person even if they come across the laptop. The stolen laptop contained information that was not encrypted. Additionally, the organization should retrain its employees on HIPAA security law compliance. Such training would make employees appreciate the use of passwords to protect their work computers, thus reducing the ease of unauthorized access to the information contained in such devices
Davis, J. (2020). Lifespan to Pay OCR $1.04M HIPAA Penalty For Unencrypted Laptop Theft. HealthITSecurity. Retrieved 24 April 2021, from