For your initial post, consider the scenario below.
Mary Salvatore works at the New University of Arizona Global Campus General Hospital in downtown San Diego. Mary is a nurse helper and sometimes works at the front desk to admit patients. She frequently works with computer equipment and printers. On November 1, 2015, Mary was working a night shift when an ambulance brought a young man to the emergency room. He had four gunshot wounds in his chest. Mary quickly recognized him as one of her son’s friends and was in utter shock. His name was Jason Smith and lived only a few blocks from her.
Later that evening, Mary reviewed his file from her computer to see his progress and saw that he was in a coma. She then called her son to let him know about Jason. Her son then called several of his friends to let them know about Jason’s situation. Mary discussed Jason’s case with nurses and fellow workers, and even posted Jason’s situation on her Facebook page. In addition, Mary used her cell phone to take a picture of Jason in his hospital bed and sent it to several of her friends and neighbors.
On her way home from work, Mary stopped by the grocery store and could not help but talk about Jason’s injuries to local shoppers. At one point there were at least five shoppers sympathizing with her about his injuries. Once she got home, Mary logged into the hospital network almost every hour to check on Jason’s file and progress. When she got back to work the next day, Jason was smiling and showed some sign of recovery. Mary was relieved and thankful.
Carefully review the scenario and analyze the actions taken by Mary Salvatore following Jason’s admission to the hospital. Explain how the actions taken by Mary violated HIPAA rules as well as the fines that the hospital could face based on her actions. Support your statements with evidence from your sources.
Evaluate the HIPAA regulations and the IT governance polices that would need to be in place in order to ensure that those in roles like Mary’s would not have access to medical record files like those she accessed in order to determine Jason’s coma status. Explain how the network should be segmented so that Mary’s access would be limited to just those records necessary for her role to admit patients.