The Office for Civil Rights (OCR) which is part of the U.S. Department of Health and Human Services (HHS) opened compliance reviews for stolen unencrypted laptop computers. The OCR compliance review of Concentra Health Services was related to receipt of a breach report that an unencrypted laptop was stolen from one of its facilities, the Springfield, Mo., Physical Therapy Center. The OCR investigation revealed that Concentra had previously recognized in multiple risk analyses a critical risk due to a lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing electronic protected health information (ePHI). Although steps were taken to begin encryption, the investigation found that Concentra's efforts were deficient and inconsistent over time, leaving identifiable patient protected health information (PHI) vulnerable throughout the organization. The OCR's investigation further found Concentra had insufficient security management processes in place to safeguard patient information. Additionally, the OCR received another breach notice in February 2012 involving the QCA Health Plan of Arkansas. The report was that an unencrypted laptop computer containing the ePHI of 148 individuals was stolen from a workforce member's car. Although QCA corrected the situation by encrypting its devices following the discovery of the breach, the OCR's investigation revealed that QCA failed to comply with multiple HIPAA requirements beginning from the compliance date of the security rule in April 2005 and ending in June 2012.In November 2021, 30 data breaches of 10, 000 or more medical records were reported and 4 of those resulted in the exposure or theft of more than 100,000 records. The worst breach involved exposure of 582,170 records by hackers into an imaging center. (HIPAA Journal at https://www.hipaajournal.com/november-2021-healthcare-data-breach-report/)

3. It is hard to escape the presence of social media and its impact and influence on our personal and professional lives. Increasingly, educational institutions, healthcare organizations and professionals are using and relying upon social media sites (such as Meta) for a range of activities - recruitment, advertising, hiring decisions, instruction, networking, research and content dissemination, communications with students, faculty, alumni, etc. Increasingly, admissions counselors, faculty, and employers are monitoring social media to monitor behavior of prospective applicants, current students, and employees.Discuss any legal and ethical issues arising from awareness of questionable drug use and excessive partying influencing the decision of a program to reject a candidate for admission to the PT Program. Can a PT Program discipline a student based on a posting on social media? Can a PT Program fire an employee for fraternizing with students? Consider both legal and ethical aspects in your discussion.