Question

An investigator obtains consent and HIPAA authorization from subjects to review their medical records and HIV status. He plans to go back to the medical record, so the HIV status information is stored along with subject identifiers in a database that he keeps on his laptop computer. His laptop is stolen.

This incident constitutes:

a) a FERPA violation.
b) a breach of confidentiality.
c) an invasion of privacy.
d) All of the above.
e) None of the above.

Answer 1

Answer: b) a breach of confidentiality.

Explanation: Restricted or private information may be deemed as confidential and as such, the information should not flow, be seen or be heard outside the sphere of those who are authorized. A breach of confidentiality therefore occurs, when private data or restricted information gets into the hands of an unauthorized individual. In the scenario above, patients medical record and HIV status are meant to be private and not disclosed to third parties. However, with the theft of a laptop contain a database with thses information, means it has made it's way into the hands of a third party, and therefore such incident constitutes breach of confidentiality.