Analysis 1: HIPAA Compliance

You are the Director for Operations at a general hospital. You are responsible for the Health Information Management Department (HIM [the department formally known as Medical Records]). The supervisor of the HIM Department calls for an immediate appointment. The supervisor states that she received a complaint from a friend of a former patient (complainant).  The complainant is also friends with an employee of the HIM Department.  Because of the seriousness of the complaint, the supervisor doesn’t know how to handle the issue.

 The complainant stated:

  1. Her friend, an employee in the HIM Department, told her confidential information about a mutual friend, Jayne Doe (patient).
  2. The complainant said that her friend (our employee) said she typed the patient’s discharge papers.  The patient, their mutual friend, had been admitted to the psychiatric unit for depression. 
  3. The complainant also stated that our employee texted information about the patient’s admission to other friends as well.
  4. The complainant said that she is contacting the patient to let her know of the situation.
  5. In addition, the complainant said that she would like to know the outcome of the complaint investigation.  She wants to know what is found and how the employee was handled based on the investigation.


The supervisor interviewed the employee. The highlights of the conversation:

  1. The employee said that she was aware of her friend’s admission but had heard the information from other sources and did not rely on the patient’s medical record documentation. The employee claims that the information she shared was from a discussion with a friend of the patient’s boyfriend.
  2. She added that the patient’s mother was accusing her of spreading the information around town and at school. She said that she called the mother to tell her she wasn’t the source of the information.
  3. When the employee was asked if she discussed the patient with anyone, the employee said that she talked with her friend. But she added that the details shared was the information she received from the patient’s boyfriend.  The supervisor asked the friend’s name and the friend was the complainant. She denied texting information to friends.
  4.  She stated that she is very clear about HIPAA guidelines and confidentiality. She said that she handled the patient’s record while carrying-out her usual job functions.  She transcribed the patient’s discharge summary.
  5. The employee said that she probably shouldn’t have called the patient’s mother but should have reported it to her supervisor instead.
  6. The supervisor doesn’t know what to do next.  Please advise her and provide your answer using the analysis format below.  Please be sure to include the Massachusetts’ requirement for sensitive information and the potential implications.


Introduction: Establish the foundation for the analysis. Set the stage for the sections to follow.  Be concise; highlight the issues.


Problem Identification: Identify the major issues or problems to be solved in the analysis.  List the steps in your investigation.


Analysis: Analyze the major issues and discuss the implications.  Discuss the outcome should you decide the issue isn’t critical and you will make no changes and the outcome should you decide to make changes. Consider personnel behavior changes expected.


Recommendations: State and support your recommendations for solving the major problems identified in the analysis.  Apply the background given in your analysis to justify your recommendations.


Implementation:  Develop a plan to implement your recommendations, provide explanations for timing, responsibilities, and potential pitfalls, and how to avoid these problems.  A consideration of costs, and organizational structure should be used to help support recommendations.     Take each of your recommendations through the implementation process.  Be sure to address each implementation topic (for example, timing, responsibilities, potential pitfalls) for EACH recommendation.

Leave a Reply

Your email address will not be published.