Security of Health Information

The graduate analyzes the requirements and practices for maintaining the security and privacy of healthcare information.
INTRODUCTION
A healthcare administrator needs to provide a safe and secure environment for all health information. No matter the healthcare setting, personal health
information (PHI) is accessible to many individuals. You will be faced with situations as an administrator that will require a well-founded knowledge of how
PHI is secured, how it is proactively monitored, and what immediate actions you need to take when faced with a potential breach. The purpose of this task is
to assess your knowledge of the implications of maintaining the security and privacy of healthcare information. It will also help you understand the cultural
issues of implementing change in a small healthcare setting.
SCENARIO
You are the healthcare administrator for a small critical access hospital (i.e., 25 beds or fewer). Your administration team includes the director of nursing, the
chief medical officer, the director of support services, the director of pharmacy, and the health information management (HIM) director. You and your team
have been tasked with investigating a recent data breach. As the data breach was investigated, several members of the staff have been identified as being
directly involved in the breach. Several patients experiencing the compromise of their PHI have filed legal claims with the intent to sue. Your team is also
accountable for implementing an electronic health record (EHR) system, which is a newly initiated technology in a culture that is resistant to change. The
board of directors has requested that you have a plan addressing both of these issues ready to present in two weeks.
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual
source can be directly quoted or closely paraphrased from sources, even if cited correctly. An originality report is provided when you submit your task that
can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each
requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
A. Create a planning, organizing, directing, controlling (PODC) HIPAA training model by doing the following:

  1. Describe how you would teach the hospital employees the rules and regulations regarding HIPAA.
    a. Identify three appropriate types of PHI that can be shared between staff.
    i. Identify where in the facility the information sharing should take place.
    ii. Identify three individuals who can use and disclose this information.
    b. Describe two penalties associated with breaching patient information.
    c. Identify two appropriate ways to secure data from one working shift to another using HIPAA guidelines.
  2. Complete an internal audit plan of all security measures meant to protect health information by doing the following:
    a. Identify which department will oversee the audit.
    b. Explain three security practices the audit will review (e.g., PHI sign-out sheets, secured storage/location of records).
    c. Describe three potential changes that can be made within the organization to address the results of the audit (e.g., additional employee education).
    d. Create a risk assessment plan to identify the potential for any future security breaches.
    i. Identify how often this assessment plan should be completed.
    ii. Identify who will complete this assessment plan.
Our customer support team is here to answer your questions. Ask us anything!