Administrative Ethics Protecting the privacy of patient’s health information is a main concern among health care providers today. The Health Insurance Portability and Accountability Act of 1996 known as HIPAA was approved by law to safeguard not only patients but also health care workers. However, sometimes people tend to violate these laws unintentionally or sometimes intentionally. According to an article from the Department of Health and Human Service website (2011), HHS imposes a $4. 3 million civil money penalty for violating HIPAA privacy rules on Cignet Health (U.S.
Department of Health and Human Services, 2011). This paper will elaborate on the violation issue of Cignet Health and the population it affects most, the ethical and legal issues reported, and explain the managerial responsibilities related to this issue. Additionally, this paper will elaborate on any proposed solutions and what arguments or facts used to support the proposed solution. HHS delivered a Notification of Final Determination regarding a violation of privacy rules to Cignet Health.
Cignet Health dishonored 41 patient’s privileges by denying the patients access to his or her medical records when requested from September 2008 through October 2009. Each patient filed a complaint to the Office of Civil Rights that prompted an investigation. During the investigation, Cignet declined to reply to the Office of Civil Rights request of providing the documents and failed to collaborate with the inquiry of the grievances and to produce the records in response to the summons by OCR. Moreover, Cignet continually did not cooperate with the enquiry (U. S.Department of Health and Human Services, 2011).
This issue will not only hurt Cignet but also other in health care organizations that do not follow HIPPA Laws. According to the article, Department of Health and Human Services will continue to investigate and take action against organizations who knowingly disregard their obligations under the HIPPA rule. The issue here is Cignet Health refused to follow HIPAA Laws. Legally, the HIPPA law requires a protected individual to provide the patients with a duplicate of his or her medical records within 30 days but not more than 60 days from his or her request.Cignet Health denied these patients access to their record. According to OCR Director Georgina Verdugo, “covered entities and business associates must uphold their responsibility to provide patients with access to his or her medical records, and adhere to closely the requirements of HIPAA.
” Because Cignet failed to comply with OCR, the company was hit with a penalty of $4. 3 million in fines. The first fine totaling $1. 3 million for not providing the records to the patients as requested. The next fine was for $3 million for not cooperating with OCR’s investigations.To keep from violating this issue, Cignet Health should have upheld their responsibilities as a health care provider in making sure their patients had access to his or her medical records when asked.
Cignet Health’s duty as a health care provider was to protect the privacy of the patient but still making sure that these patients would still have access to his or her medical records upon request. Instead of avoiding the 41 patients, Cignet Health should have attempted to correspond with these patients either in person or through a letter.Additionally, if Cignet Health complied with this administrative issue the company would not be in this predicament. OCR attempted to reach Cignet Health and give them time to produce the copies of the medical records for the patients. However, the company still neglected to correct the situation.
The proposed solution regarding the issue with Cignet Health is for the organization to pay the fines imposed on them. The organization had ample amount of time to comply with OCR’s demands for obtaining the health records requested by the 41 patients.The organization gave OCR no choice but to file a petition to enforce the subpoena in the United States District Court. Once the courts were involved, Cignet delivered 59 boxes of medical records.
In the boxes were records for the 41 patients plus 4,500 other patient’s. Cignet should not have given up those records because those other patients were not part of the investigation. Another solution to this issue is for health care organizations to follow the rules that are enforced regarding patient privacy.It is the organizations duty to ensure that patient’s health information is safeguarded and that rules are followed regarding patients rights to obtaining a copy of his or her medical information.
As stated in the article, Department of Health and Human Services is serious about enforcing the rights of individuals who is guaranteed by the privacy rules of HIPAA. In conclusion, HIPAA Laws are put in place for a reason, to provide protection of pertinent health information of patients. Additionally, the law also states that health care providers are to furnish a copy of medical health records to patients upon request.Violating the HIPAA Law has some serious consequences, as is the case with Cignet Health.
Cignet Health was the first health care organization to have a Civil Money Penalty or CMP in the amount of $4. 3 million for violating HIPAA Laws. 41 patient’s affiliated with Cignet Health made a request to obtain his or her medical records. The organization failed to meet those requests within a specific time frame that prompted the patients to file a complaint with Department of Health and Human Services.Upon investigation, Cignet Health failed to respond and comply with the requests from the Office of Civil Rights, which prompted OCR to file a petition in District Court to enforce the subpoena.
The solution to this issue is for Cignet Health to pay the fines imposed on the organization. Also other health care organizations should learn from this situation and be sure to comply with all rules and regulations regarding HIPAA. References U. S. Department of Health & Human Services. (2011).
Retrieved from http://www. hhs. gov/news/press/2011pres/02/20110222a. html
