I want assistance with the given questions:
Question 1. How does HIPAA serve to protect patient rights?
Question 2. What areas of the organization did HIPAA compliance impact?
Question 3. Do you agree with the fine levied against Mercy Hospital? Why, or why not?
Evan Lee went to the emergency room at Mercy Hospital after he badly cut his hand on the job as a stock associate in a retail store. Evan's manager went to the hospital to check on Evan, but he had already been released. Evan's manager approached the nurse's station, identified herself, and asked for information on Evan's case.
The nurse on duty had only been on the job for one week. The supervising nurse had been called away from the station to deal with a critical patient. Unsure of what to do, the nurse on duty asked Evan's manager to wait until the supervising nurse returned. Evan's manager became emotional and explained that she was worried Evan would sue the store if he was badly hurt, and that she would lose her job. To help calm down Evan's manager, the nurse pulled Evan's file up on her computer screen and showed her the attending physician's comments on his case.
When Evan returned to work after a few days, he was beset with questions from his manager, who was curious about which medications were most effective for depression. When he confronted his manager, Evan discovered that his manager saw his electronic file and read that he was taking anti-depressants. In response, Evan contacted the Office for Civil Rights in the U.S. Health and Human Service Department to file a claim against Mercy Hospital for violating his privacy.
After investigating Evan's claim, the Office for Civil Rights determined that Mercy Hospital violated privacy rules and standards established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by unlawfully sharing his private medical information. These violations extended past Evan's case to hundreds of other patients. Mercy Hospital was fined $10,000 for non-compliance. In response to its HIPAA violation, Mercy Hospital took several steps to ensure its future compliance. These steps included notifying patients of privacy practices, training staff on proper procedure, appointing a privacy officer, and establishing safeguards against distributing patient information to unauthorized parties.