To date, a total of 804 large breaches of protected health information (PHI) affecting over 29.2 million patient's records have been reported to the Department of Health and Human Services since 2009.
You are the Corporate Compliance Officer for your health organization and you have just been notified that an unknown party has "hacked" the main computer server and your organization's PHI has been breached by the theft of several facility laptop computers. Over 5,000 of the patients your organization serves are impacted. As a result, you must explain to the Senior Leadership, the Board of Directors, the affected patients, and the public [a] what you plan to do about the breach and [b] how you plan to prevent this from reoccurring.
In your report, you must include the following:
1. Define breach of PHI by the federal government's standards including what federal laws dictate the health care organization's responsibility to protect electronic health information.
2. Explain to Leadership and the Board how this breach was allowed to occur. In other words, what went wrong and why.
3. Define what course of action should be taken to notify the Individual patients affected and the public of this breach that would incur the least amount of panic. Include any federally mandated course of action.
4. Develop an action plan [including safeguards] to prevent a PHI Breach from reoccurring at your health organization. Include both electronic and paper safeguards.