HIPAA Security & Breach Practices.Health, Medicine, Nursing Coursework

HIPAA Security and Breach Practices
Name
Institutional Affiliation
HIPAA Security and Breach Practices
Introduction
Health insurance portability and accountability Act of 1996 (HIPAA) was formed by us secretary in the department of health to develop urgent reforms and regulations which will be used in protecting the privacy and safety of specific health data in the country. HIPAA was established by the health and human service section to fulfill the requirements which were described as HIPAA privacy Rule and the HIPAA Security Rule. In the Privacy Rule, it’s responsible for establishing national standards and directions for the protection of specific heath data. Security standards for the protection of the electronically secured health data also work in establishing a national set of security direction which works in protecting specific health information which is transferred electronically. Security rule, therefore, works in operationalizing all the protections which are contained in the privacy rule by addressing the complex and non-complex safeguards which are referred by organizations as “covered entities” which must be offered for the sake of serving individuals and the protected electronic information’.
From the establishment of HIPAA act in 1996 there have been several violation cases which have resulted to the settlement with the sector of the health sector and human services in US. One of these areas of the health care sector is the office for civil rights (OCR) which oversees the all human practices services it has been seen being part of the cases when HIPAA violations were discovered during the breach research where the complaints were later submitted by the health care employees and even the patients themselves . This paper, therefore, aims in discussing the real-life of the HIPAA Security Rule and the Privacy breach which affected the health care system organization in the US. To develop a descriptive analysis of the research the paper will use one of the violation cases as illustrated in the research guidelines.
Part A: Breach Research
During the administration of President Obama in the United States, both the health care and the civil rights departments deliberated on imposing a multi-million-dollar HIPAA civil money penalty against the children's medical Centre in Dallas Texas. This penalty was announced publically in first February 2017.according to the recorded information, the kids' penalty was based on multiple impermissible disclosures of the information which was not secured electronically in and annual noncompliance with many HIPAA Rule Security. According to the office of civil right, the children's lies in the seventh-largest pediatric care provider in the United States.
The kids filed two different HIPAA breach reports with the office of the civil right. Back in 2010, the children in Dallas Texas health unit forwarded reports to the office of the civil rights which contained losses on unencrypted, and a protected blackberry gadget that had no password which carried ePHI information of about 3800 people (Chen et, 2017). In 2013 the children reported theft cases to the office of the civil right where there was an unencrypted personal computer from the children's stay yards which also had a capacity of about 2500 people and was named as “laptop breach”.
During the investigation carried out by the office of the civil right on the “BlackBerry Breach” the children forwarded to the office of the civil right HIPPA Security Rule problem analysis which was carried out by a private vendor hired by the health ministry which took place between December 2006 to around the second month of the following year of 2017. The private researcher on his research was able to identify zero risk management protocols where he ended up recommending the use of encryption to all devices used in the children's services. There was another gap analysis that was done in the year 20008 the children conducted an independent analysis in HIPAA Rule compliance. This second vendor analysis was able to identify encryption as the leading item and he ended up making a recommendation on children encrypt all devices by the end of 2008.  
The civil penalty comes as a result of the losses which come from the unencrypted Blackberry device and the personal computer in 2009 and 2013. Due to such cases the office of civil rights initiated on increasing its enforcement activities in the last two years, with the increased cases on HIPAA violations which results from financial penalties. According to the information reported to the US media, there were over nine financial penalties in 2017 which were imposed to resolve the increasing HIPAA violation cases in the US (Shay et al 2017). The office of the civil right at the same time reported that there is an increase in the impermissible disclosure of 22 individuals which resulted from resident loss and unencrypted. The office of the civil rights, therefore, contended the breach research and confirmed that the children noncompliance with HIPAA rule as failing to impose and implement the risk management plans, acting centrally to external recommendations to implement that as a requirement, and also failing to deploy encryption or by failing to use any measure which in all its personal computers.
The press release done on 30th September 2016 reported that the office of the civil rights in the US offered directives to children stating that they intend to impose a compliance penalty of $3.2 million on the children’s pediatric sector. This proposed determination contains over 20 funding from the evidence which confirmed that the children have been using unencrypted devoices like blackberry thus exposing their workforce in using unsecured devices during April despite the guidelines offered by the two private vendors reports on the use encryption (Dolezel et al 2019). The failure of the children to effectively document and adhere to the recommendation given to the outside vendors was the main reason why the big penalty was imposed which increased the many recorded violation cases in the department of health and human service as a whole. The children failed in implementing the ordered effective set policies and guidelines on the regard of the receipt or even withdrawing the hand ware from an electronic device which contained ePHI in and out of their premises.
Part B: HIPAA Breach Rule
The notification HIPAA Rule works in covering all the entities in the department which therefore notifies the patients to incase their protected health data is not secure or if it has been disclosed or even “breached” which strictly comprises the privacy regulations and the safety of the PHI. Usually, an impermissible disclosure of the PHI is thought to be impassible not unless the covered entity can demonstrate or show that there is “low probability” which critically shows that the PHI has been compromised (Edemekong, et al 2019). To achieve this the doctor is supposed to take active responsibility in making implementing random evaluation on matters to do with the severity of the wrong use. In the two identified breach which include the blackberry bleach and the laptop bleach made use of several notification requirements.
In the absence of demonstrations in the low probability of compromise, the pediatric children's physician is supposed to notify the children on and the health department on any event of disclosure to their PHI. The children doctors are supposed to also to notify the patient on the evaluation done by giving a comprehensive report whether 
The PHI has been compromised, report whether the covered entities effectively determines the probability of such compromises. The office of the civil rights notification on the proposed determination to the children was timely done. According to the rule of notification, timing is one of the most respected aspects. In this, the covered entities which were well known by the OCR highlighted the actual dates of the breach discover. The office of the civil rights which concentrates on matters to do with human service did an extensive gap analysis where after identifying the use of unsecured devices the venders made the victorious recommendations to curb that.
The gap identified by these two outside vendors was notified to the public through a press release and also the management of the facility (Hoffman 2017. The facility management parties were notified by the use of the right protocols so that they can be able to notify the children who exposed the whole workforce in the use of unsecured devices. The breach in the facility which involved about 6000 individuals notified the media outlet explaining how the breach occurred in the facility (Frith 2019). The media platforms, therefore, made the information public where the whole updates were notified to the public as it’s a requirement in the notification rule.
HIPAA notification in the health and human service sectors organization on unsecured encryption was done by the outside vendor who carried a research on the problem which were in the facility and which required an urgent concern notified the facility managers and the doctors on the use of secured devices. The OCR give notified the management individuals to all the complaints received from the kids who submitted various report s on the blackberry breach and the case of the personal computer breach. They also notified the technical problems interferences which mostly affected the individual electronic protected data of the patients which were reported in the children’s report.
Part C: HIPAA Exceptions
There are three main HIPAA exceptions. Generally, many people have a “better stay safe than sorry” rule which governs their mentality on the issue of privacy and HIPAA breaches. This is very similar to how the health practitioners normally consider specific inciden...