Through an online search or other means, identify a data breach incident during the COVID-19 pandemic at a health care organization of your
HIM 6019
Legal and Ethical Issues in Health Care
Individual Research Report # 2
Health IT Law, Privacy and Security Report
COVID-19 Related Cybersecurity Breaches
Background:
Health care organizations are vulnerable to data breaches. Threats include insider
threats and outsider cyber attaches such as weaponized ransomware, denial of
service and phishing attaches. Many times, hackers are successful because of
employee error or failed security policies and procedures. A recent study found
that hospitals account for one-third of reported data breaches to the Office of Civil
Rights from 2019-2016. In 2017, there were 477 healthcare breaches reported to
the U.S. Department of Health and Human Services (HHS) according to Protenus,
which tracks disclosed breaches impacting the healthcare industry.
The Assignment:
This is an individual assignment. You will be required to report on a data breach in
a HIPAA Covered Entity or Business Associate in Florida during the COVID-19
pandemic, determine the extent to which the breaching organization complied with
HIPAA’s Privacy, Security and Data Breach Notification Rules, and report on the
role of OCR”s HIPAA Enforcement Discretions.
Instructions:
1. Prepare and format your report using the American Psychological
Association (APA) Style. Your report should be a maximum of 5 pages
excluding the bibliography and appendices. You must include all references
to the peer reviewed literature, and legal citations. For more information on
the APA style, visit https://owl.english.purdue.edu/owl/resource/560/01/
2. Review the rubric to understand what the assignment’s quality expectations
are.
Questions:
Discuss your findings and recommendations with respect to the following
questions.
1. Through an online search or other means, identify a data breach incident
during the COVID-19 pandemic at a health care organization of your choice
in Florida that you wish to investigate. Describe the company background.
2
What was the nature of the data breach / HIPAA violation? (5 points)? What
were the fines and penalties that the breaching organization incurred (5
points)? You may utilize the OCR breach portal to facilitate your search.
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
2. Describe how this organization violated the HIPAA Privacy Rule (10
points)? Give recommendations to help prevent future violations of the
HIPAA Privacy Rule (10 points)?
3. Describe how this organization violated the HIPAA Security Rule (10
points). Give recommendations to help prevent future violations of the
HIPAA Security Rule(10 points)?
4. How did the organization respond after the data breach / HIPAA violation?
(5 points). Did the organization respond appropriately and did their
response comply with federal and state law, regulations and guidance such
as the HIPAA Breach Notification Rule? What was the role of OCR’s HIPAA
Enforcement Discretions? (10 Points). What recommendations would you
make to improve their response to the data breach / HIPAA violation (10
Points)?
Answer preview for Through an online search or other means, identify a data breach incident during the COVID-19 pandemic at a health care organization of your
APA
1426 Words