You are tasked to analyze the use of information technology resources and assess the applicability...

Question

You are tasked to analyze the use of information technology resources and assess the applicability to United General Hospital and the video scenario presented in this week’s Discussion. Your response to this assessment will be to write policy statements that address specific issues related to patient health care records and align with HIPAA regulations. Assess threats related to issues presented in the case study that United General Hospital must address.

Part I: Policy Manual Introduction (1–2 pages)

United General’s hospital administrator reviews the hospital’s policy manual and discovers that it inadequately addresses the area of patient records. The hospital administrator tasks you with reviewing the hospital policy manual and reporting on the thoroughness of its coverage of patient records. After a review of the policy manual, you report that the coverage of patient records is sparse and outdated. The hospital administrator then asks you to update the policy manual.

The policy manual introduction should include:

An update to the manual’s introduction to include more depth in the area of patient records. As you write this section, describe the purpose of patient record protection and its importance to the organization.
An explanation of the legal requirements for protecting patient health records.

Part II: Risk Assessment (3–5 pages)

Because Pete compromised Winnie’s patient records, the hospital administrator tasks you with identifying other potential risks that the hospital and the primary care physicians may need to address to protect patient records.

Your risk assessment should:

Identify risks to both electronic and paper patient records, and recommend remedies United General can put in place to protect the records from compromise.
Create policy statements that comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations addressing access to and disclosure of electronic and paper patient records.
Describe relevant training topics that will educate the staff on accessing and disclosing patient records.

Part III: Alignment with Regulatory Requirements (3–5 pages)

Winnie’s lawsuit refers to United General’s violation of patient record protection and privacy regulations as the prime cause of the problem. This has now opened United General to governmental inquiries as well as to federal lawsuits.

Write a 3–5 page APA style paper addressing the following:

Review the requirements of the HIPAA regulations and identify areas in the case study that breached HIPAA regulations, remembering your analysis of the hospital’s policy manual—the policies applicable to patient record handling and disposal require an update to align with HIPAA regulations.
Create policy statements that align with HIPAA regulations that address patient health care record handling and disposal.
Describe relevant training topics for staff in order to educate them on the handling and disposal of patient records.

Part IV: Managerial Oversight (3–4 pages)

During Pete’s exit interview he states that he did not receive managerial direction or training in regard to accessing computer systems and online patient records. The hospital administrator reviews the management training manual and finds that the area detailing instructions that management needs to give to staff is sparse. The hospital administrator asks that you write a section of the management training manual to provide clear instructions for management oversight in the area of handling and accessing patient records. As part of managerial oversight of hospital staff, access to patient records should be restricted and only available to appropriate staff members. For instance, in this case study, Pete should not have had access to Winnie’s patient record.

This section of the management training manual should:

Include clear instructions for management oversight in the area of handling and accessing patient records.
Include policy statements for role-based security level access to patient records.
Describe methods to set security levels for accessing patient records to support the policy statements.

Robert · Accepted Answer

Running Head: HOSPITAL PRIVACY AND SECURITY ANALYSIS 1
Assignment Title 
Student Name 
Course Name 
Instructor Name 
Date
HOSPITAL PRIVACY AND SECURITY ANALYSIS 2 
Part I: Policy Manual Introduction 
Importance of Patient Record Protection: 
A policy manual of the hospital should consider the Health Insurance Portability and 
Accountability Act (HIPAA) before formulating the rule. It is the responsibility of a hospital to 
provide protection to all the medical records of the patient. A hospital must focus on obtaining 
the trust from the patients by maintaining their record in an appropriate manner and in protecting 
their records from being misused. Patients trust the hospital, and they are sharing all their 
personal health information in detail, and it is the responsibility for maintaining their record with 
a higher level of integrity. 
Any breach in the security system will create more trouble for the health care 
organization. There is increasing cyber-attacks in every especially in the healthcare industry poor 
security system will cause more trouble to the entire organization (Health IT, 2015). The 
healthcare organizations suffer a Huge amount of penalties due to poor patient record security 
system. Medicare and Medicaid EHRs Incentive Program has proposed the steps the hospital 
should follow in maintaining EHRs in their organization. As per HIPAA, the covered entity is 
responsible for providing NPP (Notice of Privacy Practices) to the patients specifying all the 
individual rights provided by HHS.  
Patients have all rights to create restriction over the access of their information, and they 
have rights to have confidential communication. HIPAA requires the covered entities to follow 
the minimum-security standards of EHRs. Administrative safeguards, physical safeguards, 
organizational safeguards and policies, and procedures are essential to adhere by the entities as 
per HIPAA. More agencies work for protecting the patient's records and more rules that every 
HOSPITAL PRIVACY AND SECURITY ANALYSIS 3 
covered entity should follow. It makes it necessary for the organization to protect the patient's 
record (Health IT, 2015). 
Legal Implications: 
It is essential for every healthcare organization to adhere to the Health Information 
Technology Privacy and Security requirement. The ONC (Office of the National Coordinator for 
Health Information Technology), HHS (U.S. Department of Health and Human Services), OCR 
(Office of Civil Rights) and HHS agencies has provided various privacy and security parameters 
that the healthcare organization should follow (Health IT, n.d.). HIPAA is mainly responsible for 
providing protection to the following: 
 Patient’s current, historical and future physical and mental health condition details. 
 Health care provisions of the individual. 
 The current, historical and the future payments towards the health care provision by the 
individual. 
The legal consequences could be civil penalties if there is a breach of any HIPAA 
security and privacy requirement. There are chances to receive criminal penalties if there are any 
criminal violations of HIPAA. The annual cap of all the violations is $1.5 million. 42 CFR Part 
2: Confidentiality of Alcohol and Drug Abuse, FERPA (Family Educational Rights and Privacy 
Act). Title X of Public Health Service Act-Confidentiality, etc. can question the healthcare 
organization (Health IT, 2105, p. 61). The legal complications are too complex, and various 
federal and state agencies interfere in this case depending on the scenario. Thus, a healthcare 
organization should take all possible proactive steps to avoid such problems while forming the 
policy manual instruction.
HOSPITAL PRIVACY AND SECURITY ANALYSIS 4 
Part II: Risk Assessment 
Risk and Remedies: 
Both paper and e-record maintenance have their respective risks. In the case of paper 
record management, there are more chances that the patient records are mishandled or misplaced 
and not updated on a regular basis. As various people do all work, even a small mistake done by 
one of the employees will create serious impact while treating the patient. In the case of 
paperwork, there are more chances of medical errors due to a higher volume of work or mistake 
in making the entry or entering the data of another patient, etc.  
Similarly, it is not easy to archive all the information and finally end up in more trouble 
to the organization when the patient demands all the records for their treatment with another 
hospital. Paper patient records can be easily lost, and there are higher chances of missing the 
track and various records that are critical for the future treatment. There are more opportunities 
that patients cannot retrieve their data as and when they require.  
In the case of electronic data, there are more risks associated with the unauthorized 
access of the patient records. In electronic data maintenance, all records should be updated on 
timely basis failure to such update will result inaccurate patient information. The level of 
inaccuracy in the electronic data are higher. It will become difficult for the hospital to retrieve 
even basic details of the patients if the EHRs system is down or inaccessible (KU Medical 
Center, n.d.). It might cause some issue to the patient during an emergency. 
During the transition period, there are higher levels of risk associated with the transfer of 
all the medical records accurately into the system that errors in uploading the information, 
inaccuracy, data missing, etc. are major problems that will create noise to the entire EHRs. There 
are more risks associated with the cyber security that is patients the others can hack records. 
HOSPITAL PRIVACY AND SECURITY ANALYSIS 5 
Similarly, any compromise accidently due to any error in the EHRs will result in adverse 
consequences to the hospital. There are chances of compromising on patient privacy information 
that can lead to more trouble to the hospital. 
The remedy for these risks is that the hospital should hire a Management Information 
services from the third-party service provider (KU Medical Center, n.d.). They will be in a 
position to make a consolidation of all the records of the patients in chronological order and 
verify the records to ensure that there are no errors in the data provided by the hospital 
management related to the patient. In the case of conspiracy, they will be sorted out with the 
management before the details are fed into the system.  
Scrutinizing is essential to achieve the higher quality outcome and to minimize the errors 
in the database of EHRs which will be fundamental for the future patient treatment. The third 
party will enter all the data, and the management of the hospital will work along with the third 
party to perform the quality check. It will result in minimizing the errors in patient records. 
Similarly, the hospital IT team will ensure that all the privacy and security compliances as per 
various regulatory bodies are met appropriately or not and then apply to avoid the future problem 
(Rupp, n.d.). 
Policy Statement: 
Objective. United General Hospital serves patients with higher level of integrity in 
maintaining all the patient's records and provides better patient education about their health 
information.

You are tasked to analyze the use of information technology resources and assess the applicability to United General Hospital and the video scenario presented in this week’s Discussion. Your response...

Solution

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment