Order from us for quality, customized work in due time of your choice.
We are using the following scenario for our Courtroom Drama:
THE CASE: A patient
We are using the following scenario for our Courtroom Drama:
THE CASE: A patient, who was both a patient and an employee of UAGC Hospital, alleged that his/her protected health information (PHI) was impermissibly disclosed to his/her supervisor.
UAGC Hospital distributed an Operating Room (OR) schedule to employees via email. The hospital’s OR schedule contained information about the patient’s upcoming surgery. Information disclosed included, but was not limited to, the Social Security number, birth date, age, residence, insurance and/or payment information, former surgeries, former and current medications, past medical conditions, primary care physician, psychiatrist, and other health professionals that had been seen throughout the past year. The patient’s supervisor was not part of the OR team or the patient’s treatment team but was considered to be in a senior administrative position within the facility.
THE SUIT: The patient is suing UAGC Hospital for the improper release of health information, protected under the Privacy Rule.
The Plaintiff: Daniel Davies, patient suing UAGC Hospital
The Defendant: Denise (Elsa) Gallipposebaly) is representing UAGC Hospital
The Jury: The remaining students of the course (initial videos due on Saturday)
The Judge: Dr. Trevisan
Videos will be posted as follows:
Defendant and Plaintiff video posts are DUE by Thursday (Day 3).
Juror’s original video decisions are due by Saturday (Day 5).Please note that Canvas does not recognize a changed date for one discussion. It will show that jurors are late with their initial posts. I adjust that during the grading process.
Jurors, please add your decision “FOR THE PLAINTIFF” OR “FOR THE DEFENDANT” at the top of your post prior to submitting your video in order to avoid losing points.
YOU MUST INCLUDE A TRANSCRIPT OF YOUR VIDEO (WORD DOCUMENT ATTACHMENT OR COPY/PASTE) WITH YOUR SUBMISSION. It is helpful if you create the transcript first, then record your video
Prior to beginning work on this discussion, read Chapter 5 along with the following:
Health Insurance Portability And Accountability Act of 1996Links to an external site.
Defend your practice against HIPAA violationsLinks to an external site.
A closer look at HIPAA violationsLinks to an external site.
HIPAA violations on social media: THINK before you post!Links to an external site.
The case for HIPAA risk assessmentsLinks to an external site.
This discussion is based on the court case details provided by your instructor in the announcements.
Last week, your instructor asked for volunteers in an announcement and requested one student to take on the role of the Plaintiff and one student to take on the role of the Defendant for the case being covered in this discussion. The remaining class members are Jurors.
Every participant—the Plaintiff, Defendant, and jury members—will create their initial post using either the Canvas Video Submission InstructionsLinks to an external site. or ZoomLinks to an external site. to create the initial post. This is a dramatization of a real court case, and all members are expected to speak clearly and dress appropriately. Therefore, part of your grade will be determined by these requirements.
Plaintiff (the person or entity who is suing another): Research the case provided by the instructor. In your video response:
Indicate at the top of the discussion box that you are the PLAINTIFF.
Present evidence as to how you were wronged in the scenario.
Include the legal and ethical violations that occurred. Please be specific to indicate what part of the law was violated.
Support your suit by arguing your case in a 5-minute video to the jury.
Submit your video and written transcript along with your reference list by the end of Day 3 (Thursday).The transcript can be copy/pasted into the discussion box below the video or submitted as a reply to the initial post.
Defendant (the person or entity who is being sued by the Plaintiff): Research the case provided by the instructor. In your video response:
Indicate at the top of the discussion box that you are the DEFENDANT.
Present evidence as to how you did not act against legal and ethical standards.
Support your case and why the issue is not a violation. Be specific as to what part of the law indicates this method of managing the situation is allowed (e.g., what elements must be present).
Support your suit by arguing your case in a 5-minute video to the jury.
Submit your video and written transcript along with your reference list by the end of Day 3 (Thursday).The transcript can be copy/pasted into the discussion box below the video or submitted as a reply to the initial post.
Jurors (the remainder of the class): Research the case, as well as the legal and ethical standards surrounding the issues from both sides. Review the Plaintiff and Defendant videos. In your video post,
Indicate whether you are FOR THE PLAINTIFF or FOR THE DEFENDANT at the top of the page of the discussion box.
Argue for your decision either in favor of the plaintiff or the defendant.
Present your decision in a 5-minute video explaining the rationale behind your decision.
Submit your video and written transcript along with your reference list by the end of Day 5 (Saturday).The transcript can be copy/pasted into the discussion box below the video or submitted as a reply to the initial post.
Judge: Your instructor will serve as the judge and review all posts. The final decision will be presented as decided by the jurors’ rulings. This ruling will be posted by the end of Day 3 of Week 3 in an Announcement.
Video How-To Information:
Review the Canvas Video Submission InstructionsLinks to an external site. on how to create a video post using your computer’s webcam. ZoomLinks to an external site. may also be used to record the video if preferred.
If you used Zoom to record your video, insert your Zoom video file by following these steps:
If you record using Zoom, select SAVE TO COMPUTER when you start recording.
Save your Zoom video file to your computer in a folder where you can easily find it.
Place your cursor where you want the video in the discussion text box.
Select Insert from the tool bar above the discussion response box.
Briefly scroll down to MEDIA > UPLOAD MEDIA. A pop-up box will open.
Drag the file you saved from your file folder on your computer to the pop-up box or click and browse your computer to select it.
Select Submit in the lower right corner.
Wait for the video to fully load. It will be gray until it is loaded. This often takes several minutes.
DEFENDANT’S VIDEO
Jurors, thank you for your presence today. The plaintiff, Mr. Davies, brings a case against UAGC Hospital suggesting his personal health information or PHI was shared with his supervisor in an illegal manner, violating his HIPAA protection rights. As the legal representation for the defendant, UAGC Hospital, I will show that is not the case.According to Bustillos & Vellek, (2019), “an organization’s code of ethics should require all health care providers [and administrative personnel] to follow the privacy rules under the Health Information Portability and Accountability Act, otherwise knowns as HIPAA, by providing confidentiality to all patients” (Section 3.1).The Health Information Portability and Accountability (HIPAA) Act of 1996, Privacy Rule, 45 C.F.R. Part 160Links to an external site. and subparts A and C of Part 164Links to an external site. address administration simplification and include directives regarding privacy (e.g., administrative acts as well as physical and technical safeguards) and security rules. Privacy covers what information is protected, how it can be used, and how it is disclosed (eCFR, 20221). Bustillos & Vellek indicate that HIPAA allows the disclosure of PHI “in order to facilitate medical treatment of the patient or billing as well as other health care operations” (2019, Section 5.2).The security rule covers who should be protected, what information should be protected, and what kind of safeguards should be used to protect PHI (eCFR, 20222). The Health Information Technology for Economic and Clinical Health, otherwise known as the HITECH Act of 2009, extended HIPAA’s requirements to business associates—that is, entities likely to come into contact with or have the opportunity to access PHI that perform a business function for the covered entity (Bustillos & Vellek, 2019, Section 5.2).As identified within the HIPAA privacy act, a hospital must obtain written consent authorizing the release of this information prior to its disclosure. The patient, Mr. Davies, did sign the authorization forms during the initial appointment with the surgeon. Once the initial consent was authorized, legitimate reasons for further disclosure is authorized under HIPAA such as the ability “to facilitate medical treatment of the patient or billing as well as other health care operations” (2019, Section 5.2).In this case, the additional reasons for this disclosure was to ensure the surgical team had all the appropriate and necessary information to ensure they provide the best care possible to their patient both before and after the procedure. Additionally, my client’s Privacy Officer, who ensures the hospital follows patient privacy guidelines, validated that no violations were met. This information further validates my client’s claim that they did not unlawfully disclose Mr. Davies’ PHI.In order for this allegation to hold any weight, my client would have had to obtain and disclose Mr. Davies’ PHI without his authorizing consent and release it to individuals not related to his current medical team and pertinent medical staff.Being an employee at the University of Arizona Global Campus Hospital, Mr. Davies is aware of the facility’s policies in regard to the safeguards that are set in place with a patient’s PHI. Based on the hospital’s policy on lawful release of PHI, you can see that besides the patient’s immediate medical team, the hospital’s senior administrators receive health and billing information related to the patient such as the information Mr. Davies is claiming was impermissibly disclosed.The supervisor is a senior administrator and oversees departments responsible for day to day operations, which means they are in a need-to-know position. Further, HIPAA requires health care entities to appoint a privacy officer, which UAGC Hospital has in place. Because the patient’s supervisor is an employee of the hospital, the supervisor is held to the sections of HIPAA that ensure PHI is not released to others without appropriate need and as it follows the letter of the law.I rest my case. Jurors, we look forward to your decision.References:Bustillos, D., & Vellek, S. (2019). Health care ethics and medical law. Bridgepoint Education.eCFR. (20221). Part 160 – General administrative requirementsLinks to an external site..eCFR (20222). Part 164 – Security and privacyLinks to an external site..
Plaintiff Evidence:
Instructor Edit: The following emails are screenshots as evidence for this case. Each screenshot has alt-text with the content if you are using a screenreader.
Transcript:
PLAINTIFF
Your Honor, jury members, thank you for your time and attention today. I, Daniel Davies, stand before you as the plaintiff, seeking justice and accountability for the egregious violation of my privacy and the irreparable harm that UAGC Hospital has caused me.
I am an employee of UAGC Hospital, working in the Neuro ICU. I have dedicated myself to that role for many years, caring for the critically ill patients and their families. I take pride in my work, it is built on a foundation of trust, empathy, and the sacred duty to protect the privacy and well-being of those in my care.
Tragically, the defendant has betrayed that trust. As a patient of UAGC Hospital, I underwent a recent surgery, and I entrusted the defendant with the most intimate details of my medical history and condition. I did so with the reasonable expectation that this information would remain safeguarded and accessible only to my direct care team in the OR.
However, my evidence will show that UAGC Hospital flagrantly disregarded its ethical and legal obligations under the Health Insurance Portability and Accountability Act (HIPAA) to protect my private health information. Instead of limiting access to my medical records, the hospital distributed a detailed operating room schedule via email to a wide range of employees – including my supervisor, who was not part of my care team.
This schedule contained an egregious breach of my privacy, disclosing sensitive details such as my social security number, birth date, address, insurance information, past medical conditions, medications, and the names of every one of my physicians. All of this highly confidential information was accessible to individuals who had no business knowing the intimate details of myself, my health or my care.
The ramifications of this privacy violation have been profound and far-reaching. As a respected member of the UAGC Hospital staff, the unauthorized disclosure of my medical information has caused me immense emotional distress and anxiety. I now face the prospect of stigma, discrimination, and unequal treatment from my employer and colleagues – people I have worked alongside for years and with whom I have built relationships founded on trust and mutual respect.
UAGC Hospital’s actions have devastated me financially. The hospital’s actions have caused me to be passed over for promotions and lucrative projects due to the stigma attached to my medical condition. I have also been forced to spend precious time and resources that would have been for my work and family responsibilities to address this violation. The emotional toll of constantly worrying about the ramifications of this privacy breach and the need to monitor my employment status and workplace treatment vigilantly has been debilitating.
UAGC Hospital’s actions represent clear and inexcusable violations of the HIPAA Privacy Rule. More Specifically, the hospital failed to:
1. Implement appropriate administrative, physical, and technical safeguards to protect my electronic protected health information (ePHI) from unauthorized access, use, or disclosure, as required under the HIPAA Security Rule (U.S. Department of Health & Human Services, 2013).
2. Limit access and disclosure of my ePHI to the minimum necessary to accomplish the intended purpose, in direct contravention of the HIPAA Privacy Rule’s “minimum necessary” standard (U.S. Department of Health & Human Services, 2013).
3. Obtain my written authorization before disclosing my protected health information, as mandated by the HIPAA Privacy Rule (U.S. Department of Health & Human Services, 2013).
In addition to these HIPAA violations, UAGC Hospital’s actions have also breached its ethical and fiduciary duty to me as a patient and employee. The American Medical Association’s Code of Medical Ethics states that “physicians have an ethical obligation to preserve the confidentiality of information gathered in association with the care of the patient” (American Medical Association, 2022). By failing to uphold this fundamental principle, UAGC Hospital has violated the trust placed in it by both myself and the medical profession.
Your Honor, jury members, I entrusted UAGC Hospital with my most sensitive information, with the reasonable expectation that they would safeguard and protect it. Instead, the defendant callously disregarded its ethical and legal obligations, exposing me to profound personal and professional harm. UAGC Hospital failed to implement adequate safeguards and training to prevent such egregious privacy breaches. Their actions fell woefully short of industry standards for protecting patient data, showing a willful disregard for the privacy rights of its employees and patients.
I am not here today seeking mere compensation. I am seeking accountability, justice, and a clear message that such flagrant violations of patient confidentiality will not be tolerated. The right to medical privacy is a cornerstone of the patient-provider relationship, and UAGC Hospital has betrayed that trust.
With compelling evidence, I will prove that UAGC Hospital’s actions were a clear and inexcusable breach of its duty. I have suffered tangible harm directly from this violation and deserve to be fully compensated for my incurred damages.
UAGC Hospital’s actions have caused me to suffer severe emotional distress, anxiety, and reputational harm. I have endured the humiliation of having my most sensitive medical information disclosed to my colleagues, and I now face the prospect of being unfairly treated and passed over for career advancement opportunities., The financial impact of this privacy breach has been devastating. The stigma associated with my medical condition has already cost me significant lost earnings and future earning potential. The hospital’s reckless disregard for my privacy has jeopardized my financial security and well-being.
Your Honor, jury members, I am here today to seek justice, not only for myself but for all patients and employees who entrust their private information to healthcare providers. UAGC Hospital must be held accountable for its egregious actions, and a clear message must be sent that such blatant privacy violations will not be tolerated.
Thank you, your Honor and jury members, for your time and attention.
References
American Medical Association. (2022). Code of medical ethics. https://www.ama-assn.org/delivering-care/ethics/co…
U.S. Department of Health & Human Services. (2013). Summary of the HIPAA privacy rule. https://www.hhs.gov/hipaa/for-professionals/privac…
Order from us for quality, customized work in due time of your choice.