Sign In
Not register? Register Now!
Essay Available:
Pages:
3 pages/≈825 words
Sources:
No Sources
Style:
APA
Subject:
Health, Medicine, Nursing
Type:
Essay
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 12.96
Topic:

Security of Health Information

Essay Instructions:

SCENARIO
You are the healthcare administrator for a small critical access hospital (i.e., 25 beds or fewer). Your administration team includes the director of nursing, the chief medical officer, the director of support services, the director of pharmacy, and the health information management (HIM) director. You and your team have been tasked with investigating a recent data breach. As the data breach was investigated, several members of the staff have been identified as being directly involved in the breach. Several patients experiencing the compromise of their PHI have filed legal claims with the intent to sue. Your team is also accountable for implementing an electronic health record (EHR) system, which is a newly initiated technology in a culture that is resistant to change. The board of directors has requested that you have a plan addressing both of these issues ready to present in two weeks.
REQUIREMENTS
A. Create a planning, organizing, directing, controlling (PODC) HIPAA training model by doing the following:
1. Describe how you would teach the hospital employees the rules and regulations regarding HIPAA.
a. Identify three appropriate types of PHI that can be shared between staff.
i. Identify where in the facility the information sharing should take place.
ii. Identify three individuals who can use and disclose this information.
b. Describe two penalties associated with breaching patient information.
c. Identify two appropriate ways to secure data from one working shift to another using HIPAA guidelines.
2. Complete an internal audit plan of all security measures meant to protect health information by doing the following:
a. Identify which department will oversee the audit.
b. Explain three security practices the audit will review (e.g., PHI sign-out sheets, secured storage/location of records).
c. Describe three potential changes that can be made within the organization to address the results of the audit (e.g., additional employee education).
d. Create a risk assessment plan to identify the potential for any future security breaches.
i. Identify how often this assessment plan should be completed.
ii. Identify who will complete this assessment plan.
B. Determine the financial impact of a new EHR system by doing the following:
1. Develop a risks versus benefits summary for the key stakeholders of the hospital to show why an EHR system should be invested in and implemented.
a. Identify four key decision makers who give input and buy-in.
b. Include two CMS requirements for the new system.
2. List four new hardware components required for the new system.
a. Identify the potential capital dollar investment for the new system.
b. Discuss which of the three EHR systems—Cerner, Meditech, or Epic—would be the best system for your organization using information in the web links section below and the attached “Information on EHR Vendors.”
3. Identify three components or applications that will need to be incorporated into the EHR system at your small critical access hospital.
a. Discuss the key security and privacy components of the EHR system you selected in part B2b.
C. Create an appropriate training plan for all clinical and non-clinical staff by doing the following:
1. Identify the estimated number of total hours required to learn the EHR system for both clinical and non-clinical staff.
2. Describe the logistics required to train all employees on all shifts by doing the following:
a. Identify how many training sessions would be reasonable for approximately 150 day-shift employees.
b. Identify how many training sessions would be reasonable for approximately 50 night-shift employees.
c. Identify how much the training will cost, assuming an average wage of $21 per hour and a total training length of 6−10 hours per employee.
d. Develop a training plan for 75 physicians (40 are active medical staff, 35 see patients on a consult or specialist basis).
i. Design a schedule, using the attached “Proposed Physician Schedule,” that allows all physicians to learn the new program while also providing adequate coverage for patient care on a 24-hour basis.
3. Describe a train-the-trainer program you could implement to ensure ongoing support and training of new employees.
4. Describe a transition plan for employees transitioning from the old EHR system to the new EHR system.
a. Describe how you will measure whether employees have demonstrated competency with the new system.
b. Identify the most appropriate time of day and day of the week to initiate the transition.
i. Identify three leaders who should be on-site for the transition period.
ii. Justify why you chose the three leaders in part C4bi.
5. Describe one approach you could use in collaboration with your administration team to reward the staff for successfully learning and transitioning to a new EHR system.
a. Explain how you would collaborate with your administration team to initiate the approach described in part C5.

Essay Sample Content Preview:

Security of Health Information
Student Name
Institutional Affiliation
Date
Security of Health Information
A1. The education of employees regarding HIPAA will take place both online and in person. Combining the two approaches will cater to the different shifts of workers. In training, PowerPoint presentations would be used.
* The only PHI shared between staff includes the patient’s name, identity number, and treatment plans.
i. The information sharing will occur in secure private rooms and only with the people who need the patient information. Sharing secure information and private areas will ensure that third parties cannot overhear the conversations. Physicians can also meet in a secure conference room that has closed doors. This will assist in maintaining patient confidentiality.
ii. PHI will be shared with the patient, the direct care providers, and the patient’s guardian or parents for children under 18 years.
* HIPAA violations can earn a fine from $100.00 to $50.000 depending on the severity of the offense. Sometimes, a healthcare facility may be required to pay restitution to the victim. Additionally, jail time can be imposed, especially when the perpetrator does not pay the imposed fine or severe violation. For instance, aggravated identity theft can earn someone a 2-year jail term.
* Firstly, authentication will ensure that the incoming employees have the required credentials to access the system. Additionally, physical mechanisms should be put in place to ensure that staff members do not access PHI unless they are on working shifts (Kruse, Smith, Vanderlinden & Nealand, 2017). Staff should be authorized to access patient information during their working shifts, and once they hand it over to the incoming shift, they should be allowed out of the facilities.
2. A. The medical record department will oversee the audit. The departments will oversee the audit because it can identify areas of vulnerability and make appropriate recommendations.
b.
* The physical location of the copies and their accessibility.
* PHI sign-out sheets to make it simpler to track who accessed particular information just in case of a data breach.
* A thorough background check to identify potential employees likely to breach data and prevent them from accessing PHI.
c.
* Data encryption should be done to external data storage devices to ensure that it is unreadable if the data gets into unauthorized individuals.
* The records should be stored in hallways that are only accessible to authorized individuals for physical security. The cabinets should be under lock and key at all times when not supervised or in use. Keypad access codes should be changed regularly.
* Staff training will ensure that all employees comply with data protection measures.
d. The audit team will provide the results to Risk Management via a risk assessment plan to evaluate and implement changes. This will help ensure we are HIPAA compliant and identify areas where PHI could be compromised. The SRA tool will be used to capture this information.
Vulnerability

Risk
Description

Impact Severity

Risk
Level

Recommended. Best
Practice

Organization
Owner
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Order

👀 Other Visitors are Viewing These APA Essay Samples: