Question: you are the compliance officer for a major health care...
You are the compliance officer for a major health care system when you receive a call from a woman claiming that her privacy has been violated. Upon speaking with her you learn that last week she came to the emergency department at the hospital because of a possible fracture in her right arm. The ED physician wanted to get x-rays which meant she would need to take a pregnancy test. Several days later her boyfriend, whose mother works in the ED at the hospital, said “I sure am glad that you weren’t pregnant”. The woman is convinced that her boyfriend’s mother reviewed her records without authorization and then reported the status of her pregnancy test to her boyfriend.
What steps would you need to take to investigate this complaint?
If you found the allegations to be true, how would you proceed?
What level violation would this be under the HIPAA regulations?
What would you be required to do under the law?
How would you discipline this employee?