Description
Write a security report (4-5 pages) that identifies potential security and technical safeguard violations in a health care organization’s audit report. Include evidence-based recommendations to address these potential violations and prevent them from occurring in the future.
Collapse All
Introduction
The shift from paper to electronic health records has created the need for organizations to design proper controls and auditing procedures. These controls and procedures must assure the appropriate handling of data in compliance with HIPAA security and privacy rules. At the same time, access to electronically stored health data can be a matter of life and death. Controls must include access to the data needed to manage emergency situations.
Prior to the passage of the Health Insurance and Portability Accountability Act (HIPAA), national guidelines or legal security standards for protecting health information did not exist. Even so, technological advances continued, and organizations began to rely more heavily on electronic processes, creating an evident need for security standards. The HIPAA Security Rule is designed to protect the privacy of health information when using communication technologies and electronic processes. Privacy and security are intimately linked. Any organization that houses private data must also guard against its release so that information remains secure and private.
For this assessment, you will continue your work as a HIM analyst at Valley City Regional Hospital. A quality control report released by risk management indicated potential security issues, including password protection. As a result, the risk management department completed a risk audit. The hospital’s risk management manager has provided additional information about the audit he conducted. You have been asked to evaluate the audit and compile a security report.
Demonstration of Proficiency
By successfully completing this assessment, you will demonstrate your proficiency in the course competencies through the following assessment scoring guide criteria:
Competency 3: Analyze the relationship between privacy and security in health care.
Describe access, authentication, and authorized use of health information.
Compare/contrast the HIPAA Security Rule and the HIPAA Privacy Rule.
Distinguish between proper and improper parameters for physical safeguards.
Recommend a list of evidence-based technical safeguards and security controls, including examples of types of uses and users.
Competency 5: Communicate effectively in a professional and ethical manner.
Create a clear, well-organized, professional security report that is generally free of errors in grammar, punctuation, and spelling.
Follow APA style and formatting guidelines for citations and references.
Preparation
As part of your preparation for Assessment 3, please complete the following:
View this media piece: Vila Health: Security | Transcript.
As you view the media piece, consider security requirements and the potential security violations presented. Based on your analysis of the media piece, you will prepare a security report that outlines the security issues you identified and presents recommendations to remedy the identified issues.
Revisit your previous assessments. Because of the close relationship between privacy and security, you may choose to incorporate elements of these previous assessments into this one.
In Assessment 1, you prepared a SWOT analysis and a risk report, the narrative accompanying the SWOT analysis.
In Assessment 2, you analyzed potential privacy violations that occurred in Valley City Regional Hospital and prepared a compliance checklist. This checklist outlined for staff members the steps they need to follow when releasing patient information. Health care organizations often use checklists, such as the one you developed, as quality control measures.
Instructions
For this assessment, you will continue your work as an HIM analyst at Valley City Regional Hospital. The quality control committee has released notification that potential issues with password protection exist within the organization. Computers containing patient information are not secure; passwords are openly displayed.
As a result, the risk management department completed a comprehensive risk audit. The hospital’s risk management manager has provided you with additional information about the audit he conducted. You will find this information in the Vila Health: Security media piece. The audit specifically addressed issues related to security and technical safeguards. Your task is to evaluate the audit, compile a master list of potential security violations, and then present recommendations to address these potential violations and prevent them from occurring in the future.
Be sure to include all of the following headings in your 4–5 page security report and answer the questions underneath each heading:
Proper Access, Authentication, and Use of Health Information (1 page)
What constitutes proper access, authentication, and authorized use of health information?
HIPAA Privacy Rule vs. HIPAA Security Rule (1 page)
What are the HIPAA Privacy Rule’s requirements?
What are the HIPAA Security Rule’s requirements?
How are these rules the same?
How are they different?
Note: Consider which elements from Assessment 1 might be appropriate to incorporate here.
Proper vs. Improper Parameters for Physical Safeguards (1 page)
Note: The names of these safeguards come from the Security Rule.
What are these safeguards?
How do the security parameters for these safeguards vary by level of authority and job role?
Recommendations (1 to 1 1/2 pages)
What are the potential security violations you identified in the Vila Health: Security media piece?
What evidence-based technical safeguards and security controls would you recommend to address and prevent the identified security violations from occurring?
What are some examples of uses and users with your evidence-based recommendations?
Note: Throughout your security report:
Incorporate specific examples from the media piece, your experience in this course and/or the workplace, and from your readings and research.
Substantiate your assertions and recommendations with references to current, scholarly and/or authoritative sources.
Additional Requirements
Length: 4- to 5-page double-spaced security report.
Format: Times Roman, 12-point type.
References: Follow APA style and formatting guidelines for citations and references. Include a separate works cited page for your references. For an APA refresher, consult this resource: APA Style and Format.
Writing: Create a clear, well-organized, professional security report that is generally free of errors in grammar, punctuation, and spelling.
Security Scoring Guide
CRITERIA NON-PERFORMANCE BASIC PROFICIENT DISTINGUISHED
Describe access, authentication, and authorized use of health information. Does not describe access, authentication, and authorized use of health information. Describes access, authentication, and authorized use of health information in minimal depth and detail. Describes access, authentication, and authorized use of health information. Describes access, authentication, and authorized use of health information. Description includes multiple examples and references to current, scholarly and/or authoritative sources.
Compare/contrast the HIPAA Security Rule and the HIPAA Privacy Rule. Does not compare/contrast the HIPAA Security Rule and the HIPAA Privacy Rule. Compares/contrasts the HIPAA Security Rule and the HIPAA Privacy Rule; however, omissions and/or errors exist. Compares/contrasts the HIPAA Security Rule and the HIPAA Privacy Rule. Compares/contrasts the HIPAA Security Rule and the HIPAA Privacy Rule. Analysis includes multiple examples and references to current, scholarly and/or authoritative sources.
Distinguish between proper and improper parameters for physical safeguards. Does not distinguish between proper and improper parameters for physical safeguards. Distinguishes between proper and improper parameters for physical safeguards. However, omissions and/or errors exist. Distinguishes between proper and improper parameters for physical safeguards. Distinguishes between proper and improper parameters for physical safeguards. Narrative includes multiple examples and references to current, scholarly, and/or authoritative sources.
Recommend a list of evidence-based technical safeguards and security controls, including examples of types of uses and users. Does not recommend a list of evidence-based technical safeguards and security controls, including examples of types of uses and users. Recommends a list of technical safeguards and security controls, including examples of types of uses and users; however, recommendations are not always evidence based. Omissions and/or errors exist. Recommends a list of evidence-based technical safeguards and security controls, including examples of types of uses and users. Recommends a list of evidence-based technical safeguards and security controls, including examples of types of uses and users. Recommendations provide multiple examples and references to current, scholarly, and/or authoritative sources.
Create a clear, well-organized, professional security report that is generally free of errors in grammar, punctuation, and spelling. Does not create a clear, well organized, professional security report that is generally free of errors in grammar, punctuation, and spelling. Attempts to create a clear, well-organized, professional security report that is generally free of errors in grammar, punctuation, and spelling. However, lapses, omissions, and/or errors exist. Creates a clear, well-organized, professional security report that is generally free of errors in grammar, punctuation, and spelling. Creates a clear, well-organized, professional, error-free security report. Report includes multiple examples and references to current, scholarly, and/or authoritative sources.
Follow APA style and formatting guidelines for citations and references. Does not follow APA style and formatting guidelines for citations and references. Attempts to follow APA style and formatting guidelines for citations and references; however, omissions and/or errors exist. Follows APA style and formatting guidelines for citations and references. Follows APA style and formatting guidelines for citations and references without errors or omissions.
Unformatted Attachment Preview
1/11/24, 4:24 PM
Vila Health: Security
Security
Follow Up with Andrew
It looks like you have email from Andrew about your findings. You’ll want to read
that now.
Inbox – Email (2)
Security risks
From: Andrew Barnes
To: Lisbeth Enriquez
Date:
1/11/2024
I hope Lawrence was helpful. The board wants to meet and talk about what
we need to do to improve our security posture. Can you send me a
summary of the risks you and he identified? It doesn’t have to be anything
formal. I just want to know what I’ll be talking about so I don’t sound like an
idiot.
—Andrew
https://media.capella.edu/CourseMedia/HIM4660/VilaHealth-Security/wrapper.asp#
1/2
1/11/24, 4:24 PM
Vila Health: Security
Reply
Summary:
Enter your summary here…
(Maximum 2500 characters)
Save your summary
Intro
Was this media helpful? (Javascript:Feedback();)
Transcript (transcript.asp)
Licensed under a Creative Commons Attribution 3.0 License (https://creativecommons.org/licenses/by-nc-nd/3.0/).
https://media.capella.edu/CourseMedia/HIM4660/VilaHealth-Security/wrapper.asp#
2/2
Purchase answer to see full
attachment
