Health Law: Breach of Confidentiality and Liability for Improper Disclosure of PHI
VerifiedAdded on 2023/06/03
|10
|2610
|233
AI Summary
This article discusses the breach of confidentiality and liability for improper disclosure of PHI under the Health Insurance Portability and Accountability Act (HIPAA) and other laws. It also analyzes the legal consequences of such breaches and the liability of the entities involved.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: HEALTH LAW
HEALTH LAW
Name of the Student
Name of the University
Author Note
HEALTH LAW
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1HEALTH LAW
MCQ
1. C
2. B
3. D
4. C
5. C
6. C
7. C
8. C
9. D
10. B
Question 1
The Charm City Hospital (CCH) received the subpoena for 450patient records due to a
doctor, Dr. Wyst who worked with the hospital 10 years ago. There has been certain
malpractices that has been proved against the doctor and there has been a breach of data security
as well, done by a volunteer of Neonatal Intensive Care Unit of the same hospital. The IT
department of the hospital has failed to consult the legal counsel or any other department for the
interpretation of the subpoena or for other legal assistance. It has been reluctant toward the
subpoena and has not taken any necessary steps against the volunteer who disclosed the
hospital’s confidential information about patients, which is a criminal offence.
Under the Law of Contract, when a patient shares his/her personal and medical details
with a hospital or other medical concern, such medical concern becomes bound to preserve and
MCQ
1. C
2. B
3. D
4. C
5. C
6. C
7. C
8. C
9. D
10. B
Question 1
The Charm City Hospital (CCH) received the subpoena for 450patient records due to a
doctor, Dr. Wyst who worked with the hospital 10 years ago. There has been certain
malpractices that has been proved against the doctor and there has been a breach of data security
as well, done by a volunteer of Neonatal Intensive Care Unit of the same hospital. The IT
department of the hospital has failed to consult the legal counsel or any other department for the
interpretation of the subpoena or for other legal assistance. It has been reluctant toward the
subpoena and has not taken any necessary steps against the volunteer who disclosed the
hospital’s confidential information about patients, which is a criminal offence.
Under the Law of Contract, when a patient shares his/her personal and medical details
with a hospital or other medical concern, such medical concern becomes bound to preserve and
2HEALTH LAW
protect such information and treat it with utmost confidentiality. In case such data is divulged or
misused, it would about to a severe breach of contract and the victim would be liable to sue such
medical concern for damages.
Under Law of Torts, in case an employee of the hospital leaks confidential information
pertaining to the patients’ identity, address, email id, medical history and etcetera, the hospital
would be held liable under the principle of Vicarious Liability. The principle of vicarious
liability would direct the employer to carry the burden of liability of tort committed by its
employee. The theory of ‘Respondeat Superior’ would be applicable in such case and the
superior in position would be held responsible for the wrongful act of its subordinate1. While,
when an employee or a department of a hospital fails to carry out its duties that authorizes it to
adhere to subpoenas and legal proceedings,it lead to Corporate Negligence.In such case, the
hospital would be held liable for such misconduct or omission of duty by its employees2.
In the United States of America, medical information are guarded and regulated by The
Health Insurance Portability and Accountability Act (HIPAA)3. It is applicable to medical care
provides, pharmacies, data processors and other entities associated with handling of medical data
and information. While, The Standards for Privacy of Individually Identifiable Health
Information (HIPAA Privacy Rule) is applied to the gathering and utilization of Protected
Health Information (PHI)4. The standards for the protection of medical data is laid down in The
Security Standards for the Protection of Electronic Protected Health Information (HIPAA
1Singh, MadhavMadhusudan, Rajiv K. Agarwal, and Pranav Choudhary. "VICARIOUS LIABILITY IN HEALTHCARE: A
MEDICO LEGAL VIEW." INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH 7.1 (2018).
2Rancourt, Stephen J. "Hacking, Theft, and Corporate Negligence: Making the Case for Mandatory Encryption of
Personal Information." Tex. Wesleyan L. Rev. 18 (2011): 183.
3'Summary Of The HIPAA Privacy Rule' (HHS.gov, 2018)
<https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html> accessed 13 October 2018.
4'Standards For Privacy Of Individually Identifiable Health Information' (ASPE, 2018)
<https://aspe.hhs.gov/standards-privacy-individually-identifiable-health-information> accessed 13 October 2018.
protect such information and treat it with utmost confidentiality. In case such data is divulged or
misused, it would about to a severe breach of contract and the victim would be liable to sue such
medical concern for damages.
Under Law of Torts, in case an employee of the hospital leaks confidential information
pertaining to the patients’ identity, address, email id, medical history and etcetera, the hospital
would be held liable under the principle of Vicarious Liability. The principle of vicarious
liability would direct the employer to carry the burden of liability of tort committed by its
employee. The theory of ‘Respondeat Superior’ would be applicable in such case and the
superior in position would be held responsible for the wrongful act of its subordinate1. While,
when an employee or a department of a hospital fails to carry out its duties that authorizes it to
adhere to subpoenas and legal proceedings,it lead to Corporate Negligence.In such case, the
hospital would be held liable for such misconduct or omission of duty by its employees2.
In the United States of America, medical information are guarded and regulated by The
Health Insurance Portability and Accountability Act (HIPAA)3. It is applicable to medical care
provides, pharmacies, data processors and other entities associated with handling of medical data
and information. While, The Standards for Privacy of Individually Identifiable Health
Information (HIPAA Privacy Rule) is applied to the gathering and utilization of Protected
Health Information (PHI)4. The standards for the protection of medical data is laid down in The
Security Standards for the Protection of Electronic Protected Health Information (HIPAA
1Singh, MadhavMadhusudan, Rajiv K. Agarwal, and Pranav Choudhary. "VICARIOUS LIABILITY IN HEALTHCARE: A
MEDICO LEGAL VIEW." INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH 7.1 (2018).
2Rancourt, Stephen J. "Hacking, Theft, and Corporate Negligence: Making the Case for Mandatory Encryption of
Personal Information." Tex. Wesleyan L. Rev. 18 (2011): 183.
3'Summary Of The HIPAA Privacy Rule' (HHS.gov, 2018)
<https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html> accessed 13 October 2018.
4'Standards For Privacy Of Individually Identifiable Health Information' (ASPE, 2018)
<https://aspe.hhs.gov/standards-privacy-individually-identifiable-health-information> accessed 13 October 2018.
3HEALTH LAW
Security Rule). While the electronic transmission of medical data is dealt by the Standards for
Electronic Transactions (HIPAA Transactions Rule). These rules were revised and consolidated
under the HIPAA “Omnibus Rule”.The Security Breach Notification Rule, also revised by the
HIPAA Omnibus Rule, makes the entities liable to provide a notice of breach of PHI. As per the
Omnibus Rule, an entity is liable to provide the information regarding the acquisition, access,
usage and divulgence of Protect Health Information in a way, which is unauthorized and
unlawful under the privacy rule. The entity must have strong supportive evidence against the
notice of divulgence of confidential data to a party who has no capacity to hold it5.
In the given case, the IT department has shown reluctance towards the
subpoenareceivedfor a case against an ex doctor who left the hospital 10 years ago. Although the
IT department pulled out information regarding all the patients and old records on its own
discretion and let the legal counsel of the hospital know about the subpoena, yet it did not care to
take legal counsel from the matter. It can be held as a negligence of duty on the IT department’s
part and it should be show-caused by the higher management. On the other hand, a hospital
system must handle a subpoena with minute attention, must consult with the legal counsel
regarding it, and must take official action at the earliest.
The hospital volunteer of the Neonatal Intensive Care Unit has breached his term of
employment severely and must be prosecuted. He had no official capacity to get hold of the data
of patients and their confidential information. The hospital mist bring in charged against the
volunteer. While, the hospital itself would be held responsible for the wrongful act of its
employee under the principle of vicarious liability. The hospital would be charged with heavy
compensation for invasion of privacy and private information of patients.
5'What Is HIPAA' (Dhcs.ca.gov, 2018)
<https://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00WhatisHIPAA.aspx> accessed 13 October 2018.
Security Rule). While the electronic transmission of medical data is dealt by the Standards for
Electronic Transactions (HIPAA Transactions Rule). These rules were revised and consolidated
under the HIPAA “Omnibus Rule”.The Security Breach Notification Rule, also revised by the
HIPAA Omnibus Rule, makes the entities liable to provide a notice of breach of PHI. As per the
Omnibus Rule, an entity is liable to provide the information regarding the acquisition, access,
usage and divulgence of Protect Health Information in a way, which is unauthorized and
unlawful under the privacy rule. The entity must have strong supportive evidence against the
notice of divulgence of confidential data to a party who has no capacity to hold it5.
In the given case, the IT department has shown reluctance towards the
subpoenareceivedfor a case against an ex doctor who left the hospital 10 years ago. Although the
IT department pulled out information regarding all the patients and old records on its own
discretion and let the legal counsel of the hospital know about the subpoena, yet it did not care to
take legal counsel from the matter. It can be held as a negligence of duty on the IT department’s
part and it should be show-caused by the higher management. On the other hand, a hospital
system must handle a subpoena with minute attention, must consult with the legal counsel
regarding it, and must take official action at the earliest.
The hospital volunteer of the Neonatal Intensive Care Unit has breached his term of
employment severely and must be prosecuted. He had no official capacity to get hold of the data
of patients and their confidential information. The hospital mist bring in charged against the
volunteer. While, the hospital itself would be held responsible for the wrongful act of its
employee under the principle of vicarious liability. The hospital would be charged with heavy
compensation for invasion of privacy and private information of patients.
5'What Is HIPAA' (Dhcs.ca.gov, 2018)
<https://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00WhatisHIPAA.aspx> accessed 13 October 2018.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4HEALTH LAW
Chris Jones, the victim whose personal details was sent over email to Dr. Wyst by the
volunteer would be eligible to sue the hospital and the volunteer severally. Jones would sue the
hospital on the ground of vicarious liability possessed by the hospital, as it is the authorized body
that held his personal information. The hospital was bound to preserve and protect his identity,
address and confidential medical history from being divulged to unauthorized person. The
hospital has failed to carry out its duty to protect his privacy. Therefore, it would be charged
under HIPAA and would be liable to pay damages to the victim. On the other hand, the volunteer
would also be held liable for invasion of privacy as well as defamation for conveying such
slanderous messages over email about Jones, which constitutes Libel under the law of tort.
Question 2
1. It has to be determined in this case, that the liability for the improper disclosure of the
enrolees PHI lies within which authority. To understand the legal basis for this decision, the U.S.
Code needs to be analysed. § 6103 of the 26 U.S Code provides that no employee or officer of
the States, who is receiving an information, or has access to such information, should not
disclose such information6. Such a person, shall not make any unauthorised disclosure of such
information obtained by him, during a manner which is connected to his service as an employee.
Section 7213 of the 26 United States Code has provided that, it would be treated as unlawful for
an employee or an officer of the United States, who makes disclosure of any information,
wilfully to a person, who is not authorised in the title. A person who makes a violation of this
rule, shall be punished upon conviction by fines of an amount that is not exceeding $5000, or a
sentence of imprisonment not exceeding the term of 5 years, or both. It further stated that any
such accused employee or officer shall be dismissed form his employment who has been
626 U.S Code
Chris Jones, the victim whose personal details was sent over email to Dr. Wyst by the
volunteer would be eligible to sue the hospital and the volunteer severally. Jones would sue the
hospital on the ground of vicarious liability possessed by the hospital, as it is the authorized body
that held his personal information. The hospital was bound to preserve and protect his identity,
address and confidential medical history from being divulged to unauthorized person. The
hospital has failed to carry out its duty to protect his privacy. Therefore, it would be charged
under HIPAA and would be liable to pay damages to the victim. On the other hand, the volunteer
would also be held liable for invasion of privacy as well as defamation for conveying such
slanderous messages over email about Jones, which constitutes Libel under the law of tort.
Question 2
1. It has to be determined in this case, that the liability for the improper disclosure of the
enrolees PHI lies within which authority. To understand the legal basis for this decision, the U.S.
Code needs to be analysed. § 6103 of the 26 U.S Code provides that no employee or officer of
the States, who is receiving an information, or has access to such information, should not
disclose such information6. Such a person, shall not make any unauthorised disclosure of such
information obtained by him, during a manner which is connected to his service as an employee.
Section 7213 of the 26 United States Code has provided that, it would be treated as unlawful for
an employee or an officer of the United States, who makes disclosure of any information,
wilfully to a person, who is not authorised in the title. A person who makes a violation of this
rule, shall be punished upon conviction by fines of an amount that is not exceeding $5000, or a
sentence of imprisonment not exceeding the term of 5 years, or both. It further stated that any
such accused employee or officer shall be dismissed form his employment who has been
626 U.S Code
5HEALTH LAW
convicted upon such an offense. A company which is handling with the data of public, which has
to be kept secured,is responsible for any occurrence if the data has been misused or disclosed
without proper authorisation7. In the case of Eerrapin Ltd v Builders Supply Co ( Hayes) Ltd, it
was observed that in any situation, a claim against a breach of confidentiality can be made,
where it can be proved that confidential information of the company or of individual, has been
shared or used by an employee8. There is no need to have a specific contract, where the nature of
the company is that to protect the confidentiality of data provided to them. The Federal Trade
Commission Act (15 U.S.C. subsection 41-58) prohibits and penalises an action of the company,
which fails to provide the required privacy and makes unauthorised disclosure of personal
information9. As per the verdict of the case, N.X. v Cabrini Medical Center, 97 NY2d 247, 252-
253 [2002], the employer shall be liable for the tortious act of his employee if the act was
committed during the scope of his employment10.
In this case, the NoSecure shall be liable for the act of their employee who made an
unauthorised and improper disclosure of the enrolees PHI. NoSecure was under the obligation to
ensure protection to the protected health information, given to them. Their work was to make the
PHI accessible to ensure the protection of data. The act of the employee of disclosing
confidential information makes NoSecure liable for the breach of confidentiality. The company,
NoSecure was under the obligation to ensure safety to the data, and consequently, the
unauthorised disclosure of the data makes the entity liable under the said section of the Code.
7Da Veiga, Adéle, and Nico Martins. "Information security culture and information protection culture: A validated
assessment instrument." Computer Law & Security Review31.2 (2015): 243-256.
8Eerrapin Ltd v Builders Supply Co ( Hayes) Ltd
9Federal Trade Commission Act
10N.X. v Cabrini Medical Center, 97 NY2d 247, 252-253 [2002]
convicted upon such an offense. A company which is handling with the data of public, which has
to be kept secured,is responsible for any occurrence if the data has been misused or disclosed
without proper authorisation7. In the case of Eerrapin Ltd v Builders Supply Co ( Hayes) Ltd, it
was observed that in any situation, a claim against a breach of confidentiality can be made,
where it can be proved that confidential information of the company or of individual, has been
shared or used by an employee8. There is no need to have a specific contract, where the nature of
the company is that to protect the confidentiality of data provided to them. The Federal Trade
Commission Act (15 U.S.C. subsection 41-58) prohibits and penalises an action of the company,
which fails to provide the required privacy and makes unauthorised disclosure of personal
information9. As per the verdict of the case, N.X. v Cabrini Medical Center, 97 NY2d 247, 252-
253 [2002], the employer shall be liable for the tortious act of his employee if the act was
committed during the scope of his employment10.
In this case, the NoSecure shall be liable for the act of their employee who made an
unauthorised and improper disclosure of the enrolees PHI. NoSecure was under the obligation to
ensure protection to the protected health information, given to them. Their work was to make the
PHI accessible to ensure the protection of data. The act of the employee of disclosing
confidential information makes NoSecure liable for the breach of confidentiality. The company,
NoSecure was under the obligation to ensure safety to the data, and consequently, the
unauthorised disclosure of the data makes the entity liable under the said section of the Code.
7Da Veiga, Adéle, and Nico Martins. "Information security culture and information protection culture: A validated
assessment instrument." Computer Law & Security Review31.2 (2015): 243-256.
8Eerrapin Ltd v Builders Supply Co ( Hayes) Ltd
9Federal Trade Commission Act
10N.X. v Cabrini Medical Center, 97 NY2d 247, 252-253 [2002]
6HEALTH LAW
Hence, NoSecure shall be liable for the situation, which has been resulted from the act of their
employee.
2. The issue is to determine whether Birdland’s Medicaid agency, Neversafe and NoSecurecan
take an action for the improper disclosure of the enrolees’ personal health information. For the
purpose of determining this issue, the consequences for breach of confidentiality by an employee
must be discussed. Breach of confidentialityis a serious offence for an employee of a company
that deals with the information and data of public11. A breach of confidentiality constitutes a
breach of the contract of the employee with his company.
In this case, the first and foremost consequences that could arise out of the act of Pitch
McRye for making unauthorised disclosure of the confidential information of the personal health
of public that the company he used to work in, is the termination of McRye12. His company
NoSecure deals with, is termination. Birdland’s Medicaid Agency, Neversafe, and NoSecure can
successfully sue the employee, McRye, for his conduct. McRye can be sued for committing
breach of his duty to safeguard the PHI. In the case of Doe v Guthrie Clinic, Ltd 2014 NY Slip
Op 0013813, it was held that the liability of the company or organisation shall reside within them
only if the risk are reasonably foreseeable by the employer. In this case, the risk of disclosing
confidential information of the company by the employee was not reasonably foreseeable by
NoSecure, hence McRye can sued for his action by NoSecure. In an extreme situation, a breach
of confidentiality can be treated as a criminal offense and charges of theft of the proprietary
information of the company can be brought against him. In this case, Pitch McRye posted the
11Hannah, David R., and Kirsten Robertson. "Why and how do employees break and bend confidential information
protection rules?." Journal of Management Studies 52.3 (2015): 381-413.
12Van Deursen, Nicole, William J. Buchanan, and Alistair Duff. "Monitoring information security risks within health
care." computers & security 37 (2013): 31-45
13Doe v Guthrie Clinic, Ltd 2014 NY Slip Op 00138
Hence, NoSecure shall be liable for the situation, which has been resulted from the act of their
employee.
2. The issue is to determine whether Birdland’s Medicaid agency, Neversafe and NoSecurecan
take an action for the improper disclosure of the enrolees’ personal health information. For the
purpose of determining this issue, the consequences for breach of confidentiality by an employee
must be discussed. Breach of confidentialityis a serious offence for an employee of a company
that deals with the information and data of public11. A breach of confidentiality constitutes a
breach of the contract of the employee with his company.
In this case, the first and foremost consequences that could arise out of the act of Pitch
McRye for making unauthorised disclosure of the confidential information of the personal health
of public that the company he used to work in, is the termination of McRye12. His company
NoSecure deals with, is termination. Birdland’s Medicaid Agency, Neversafe, and NoSecure can
successfully sue the employee, McRye, for his conduct. McRye can be sued for committing
breach of his duty to safeguard the PHI. In the case of Doe v Guthrie Clinic, Ltd 2014 NY Slip
Op 0013813, it was held that the liability of the company or organisation shall reside within them
only if the risk are reasonably foreseeable by the employer. In this case, the risk of disclosing
confidential information of the company by the employee was not reasonably foreseeable by
NoSecure, hence McRye can sued for his action by NoSecure. In an extreme situation, a breach
of confidentiality can be treated as a criminal offense and charges of theft of the proprietary
information of the company can be brought against him. In this case, Pitch McRye posted the
11Hannah, David R., and Kirsten Robertson. "Why and how do employees break and bend confidential information
protection rules?." Journal of Management Studies 52.3 (2015): 381-413.
12Van Deursen, Nicole, William J. Buchanan, and Alistair Duff. "Monitoring information security risks within health
care." computers & security 37 (2013): 31-45
13Doe v Guthrie Clinic, Ltd 2014 NY Slip Op 00138
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7HEALTH LAW
information of almost 500,000 enrolees out of a malaise intention and a target of taking revenge.
Thus, Birdland and Neversafe can sue McRye for violating the rules and publishing the PHIs, as
he was obliged to protect them and refrain from making any publication of information. Out of
his conduct it is evident that McRye shall be liable not only for causing the breach of
confidentiality but also for committing theft. Hence, Medicaid, Neversafe and NoSecure can
claim punitive damage for the alleged breach of confidentiality, as well as, they can make Pitch
McRye liable for theft of information.
information of almost 500,000 enrolees out of a malaise intention and a target of taking revenge.
Thus, Birdland and Neversafe can sue McRye for violating the rules and publishing the PHIs, as
he was obliged to protect them and refrain from making any publication of information. Out of
his conduct it is evident that McRye shall be liable not only for causing the breach of
confidentiality but also for committing theft. Hence, Medicaid, Neversafe and NoSecure can
claim punitive damage for the alleged breach of confidentiality, as well as, they can make Pitch
McRye liable for theft of information.
8HEALTH LAW
Bibliography
Cases
Doe v Guthrie Clinic, Ltd 2014 NY Slip Op 00138
Eerrapin Ltd v Builders Supply Co ( Hayes) Ltd
N.X. v Cabrini Medical Center, 97 NY2d 247, 252-253 [2002]
Statutes
The Federal Trade Commission Act
26 United States Code
Journals
Da Veiga, Adéle, and Nico Martins. "Information security culture and information protection
culture: A validated assessment instrument." Computer Law & Security Review31.2 (2015): 243-
256.
Hannah, David R., and Kirsten Robertson. "Why and how do employees break and bend
confidential information protection rules?." Journal of Management Studies 52.3 (2015): 381-
413.
Rancourt, Stephen J. "Hacking, Theft, and Corporate Negligence: Making the Case for
Mandatory Encryption of Personal Information." Tex. Wesleyan L. Rev. 18 (2011): 183.
Bibliography
Cases
Doe v Guthrie Clinic, Ltd 2014 NY Slip Op 00138
Eerrapin Ltd v Builders Supply Co ( Hayes) Ltd
N.X. v Cabrini Medical Center, 97 NY2d 247, 252-253 [2002]
Statutes
The Federal Trade Commission Act
26 United States Code
Journals
Da Veiga, Adéle, and Nico Martins. "Information security culture and information protection
culture: A validated assessment instrument." Computer Law & Security Review31.2 (2015): 243-
256.
Hannah, David R., and Kirsten Robertson. "Why and how do employees break and bend
confidential information protection rules?." Journal of Management Studies 52.3 (2015): 381-
413.
Rancourt, Stephen J. "Hacking, Theft, and Corporate Negligence: Making the Case for
Mandatory Encryption of Personal Information." Tex. Wesleyan L. Rev. 18 (2011): 183.
9HEALTH LAW
Singh, MadhavMadhusudan, Rajiv K. Agarwal, and Pranav Choudhary. "VICARIOUS
LIABILITY IN HEALTHCARE: A MEDICO LEGAL VIEW." INTERNATIONAL JOURNAL
OF SCIENTIFIC RESEARCH 7.1 (2018).
'Standards For Privacy Of Individually Identifiable Health Information' (ASPE, 2018)
<https://aspe.hhs.gov/standards-privacy-individually-identifiable-health-information> accessed
13 October 2018
'Summary Of The HIPAA Privacy Rule' (HHS.gov, 2018) <https://www.hhs.gov/hipaa/for-
professionals/privacy/laws-regulations/index.html> accessed 13 October 2018
Van Deursen, Nicole, William J. Buchanan, and Alistair Duff. "Monitoring information security
risks within health care." computers & security 37 (2013): 31-45.
'What Is HIPAA' (Dhcs.ca.gov, 2018)
<https://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00WhatisHIPAA.aspx> accessed
13 October 2018
Singh, MadhavMadhusudan, Rajiv K. Agarwal, and Pranav Choudhary. "VICARIOUS
LIABILITY IN HEALTHCARE: A MEDICO LEGAL VIEW." INTERNATIONAL JOURNAL
OF SCIENTIFIC RESEARCH 7.1 (2018).
'Standards For Privacy Of Individually Identifiable Health Information' (ASPE, 2018)
<https://aspe.hhs.gov/standards-privacy-individually-identifiable-health-information> accessed
13 October 2018
'Summary Of The HIPAA Privacy Rule' (HHS.gov, 2018) <https://www.hhs.gov/hipaa/for-
professionals/privacy/laws-regulations/index.html> accessed 13 October 2018
Van Deursen, Nicole, William J. Buchanan, and Alistair Duff. "Monitoring information security
risks within health care." computers & security 37 (2013): 31-45.
'What Is HIPAA' (Dhcs.ca.gov, 2018)
<https://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00WhatisHIPAA.aspx> accessed
13 October 2018
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.