OM011 Protecting Patient Data Questions
Access the following to complete this Assessment:
This assessment has five-parts. Click each of the items below to complete this assessment.
Part I: Policy Manual Introduction
United General’s hospital administrator reviewed the hospital’s policy manual and discovered that it inadequately addresses the area of patient records. The hospital administrator tasks you with reviewing the hospital policy manual and reporting on the thoroughness of its coverage of patient records. After a review of the policy manual, you report that the coverage of patient records is sparse and outdated. The hospital administrator then asks you to update the policy manual.
Develop a policy manual introduction that includes the following (1–2 pages):
- Write an update to the manual’s introduction, which includes more depth in the area of patient records. As you write this section, describe the purpose of patient record protection and its importance to the organization.
- Include an explanation of the legal requirements for protecting patient health records.
Because Pete compromised Winnie’s patient records, the hospital administrator tasks you with identifying other potential risks that the hospital and the primary care physicians may need to address to protect patient records.
Conduct a risk assessment, and write a report that includes the following (5–7 pages):
- Identify risks to both electronic and paper patient records, and recommend remedies the United General can put in place to protect the records from compromise.
- Create policy statements that comply with HIPAA regulations, addressing access to and disclosure of electronic and paper patient records.
- Describe relevant training topics that will educate the staff on accessing and disclosing patient records.
Part III: Alignment With Regulatory Requirements
Winnie’s lawsuit refers to the violation of patient record protection and privacy regulations, by the United General, as the prime cause of the problem. This has now opened United General to governmental inquiries, as well as to federal lawsuits.
In 5–7 pages, complete the following:
- Review the requirements of the HIPAA regulations, and identify areas in the case study that breached HIPAA regulations—remembering your analysis of the hospital’s policy manual (the policies applicable to patient record handling and disposal require an update to align with HIPAA regulations).
- Create policy statements that align with HIPAA regulations that address patient healthcare record handling and disposal.
- Describe relevant training topics for staff in order to educate them on the handling and disposal of patient records.
During Pete’s exit interview, he stated that he did not receive managerial direction or training in regard to accessing computer systems and online patient records. The hospital administrator reviewed the management training manual and found that the area detailing instructions that management needs to give to staff is sparse. The hospital administrator asks that you write a section of the management training manual to provide clear instructions for management oversight in the area of handling and accessing patient records. As part of managerial oversight of hospital staff, access to patient records should be restricted and only available to appropriate staff members. For instance, in this case study, Pete should not have had access to Winnie’s patient record.
Develop a section of the management training manual that includes the following (5–7 pages):
- Write at least four clear instructions for management oversight in the area of handling and accessing patient records.
- Create at least two policy statements for role-based security level access to patient records.
- Include at least three methods to set security levels for accessing patient records to support the policy statements.
Because Pete accessed Winnie’s record using mobile and wireless technology, the United General is concerned about their approach to emerging technology. To deal with this potential threat, the United General brought in a security consultant to assess the hospital’s technology environment. The consultant found that the wireless network is unprotected, allowing for unauthorized access to patient records and hospital personnel records. To address this issue, you are tasked to work with the security consultant to describe the role that emerging technologies played in the “United General Hospital Patient Privacy Case Study” document.
Develop a report for the security consultant that addresses the following (5–7 pages):
- Evaluate the role that emerging technologies play in access to patient records.
- Create policy statements for the use of wireless technology and access.
- Describe relevant training topics for staff in order to introduce emerging technology, and educate them regarding the possibilities presented by emerging technology.