Question

Read the following protected or is there a possible breach of PHI. Submit a written word document stating your decision and your justification(s) for each of your decisions. case scenarios and decide whether the patient's PHI is being Scenario 1 Aly, a medical biller missed two days of work due to ill ness. Upon returning, she asked to take home an office laptop to get caught up on her work. Scenario 2 A patient is moving to another area and has requested to bring a USB device to the office to have medical records copied. Scenario 3 The physician assistant has a patient on hold and needs to access the patient's electronic PHI. He asks to borrow your password. Scenario 4 While taking a patient's history, the medical assistant was called out of the examination room to answer a question. The laptop was left in the examination room and the medical assistant was logged into the computer Scenario 5 Over the past few years, your area has seen a change in the weather pattern. More severe storms, tornadoes, and floods have occurred. Electronic data are safe because a backup copy is made each night and is locked in the physician office.

Answer 1

Scenario 1: Taking office laptop home gives rise to the possibility of exposing patients' details to unintended audience, as unauthorized external people can have a peek into patients' details. Hence, this is a possible breach of PHI if the laptop isn't encrypted and is not being used in isolation.

Scenario 2: A private USB device is not a secure data retention medium, hence this is a possible breach of PHI since the copied data can become publicly available, possibly for patients other than the one being addressed here.

Scenario 3: Lending passwords is dangerous as it exposes the data to personnel not supposed to have access to it. This is again, a possible breach of PHI

Scenario 4: If the laptop is left unlocked as mentioned in the question, this allows the patient an opportunity to access the medical details of other patients. Again, a possible breach of PHI.

Scenario 5: Retaining the backup data at the same location as the physician office is not the ideal way to retain backups, since both the original and backup data can get damaged at once in case of a calamity. It is important to preserve the backup data at another (possibly safer) location so that the probability of total data loss is minimized. Hence, the mentioned scenario is again a possible breach of PHI.