Data Security and Privacy in Business
Use the following scenario to complete your assignment.
You are the CIO of Community General Hospital, a 300-bed acute care hospital serving a medium-sized city of 800,000 area-wide population. The hospital is a tertiary care center for the metropolitan area and the eight outlying rural counties It is the primary teaching hospital for a state-supported medical school and school of nursing, both located close to the facility. Community General has an EHR system initiated in 2007 and provides both onsite and offsite connectivity to all inpatient, outpatient, and office locations. The system also maintains a VPN portal for both professionals and patients to log into the EHR, with appropriate access, via the Internet.
The quality of the medical school, and its faculty and administration, has increased progressively over the years. Recently, you and the director of data sharing have been attending a series of meetings with the top hospital and medical school administration. The group has been discussing the need for medical school professors to have access to existing medical patient data for research purposes. You have also been strategizing where prospective data on an increasing number of research studies approved by the medical school should be stored.
At the last meeting, you were tasked with developing a comprehensive plan for data compiled on human subjects in medical studies, and also on the policies and procedures for access to data on patients in the EHR by physician-faculty members and medical students. The group discussed, and needs guidance on, the development and control of a research review committee (RRC), also known as an institutional review board (IRB).
Assignment Requirements
For this assignment, research and write a short (3–6 page body section) paper that includes the following. See the Data Security and Privacy in Business Scoring Guide for more information on how your work will be graded.
- List and explain the law regarding the use of personal health information for research purposes and the security and privacy of study research data.
- Describe the requirements of RRC members, their duties, limitations, and authority as liaison between the medical school, hospital administration, medical staff, patients, and the director of data sharing.
- Supported by examples in the literature, describe the structure of the RRC and the polices and procedures needed to enable a flow of data that is at all times compliant with the HIPAA security and privacy rules.
- Identify the organizational relationships of the RRC with the CIO, CEO, medical school president, health care providers, and patients, as well as with the IT/IS department personnel in general.
- Describe the informational parameters that must be included in a research request form and by whom the request must be approved, other than the RRC.
- Follow APA (6th edition) style and formatting guidelines, use references and citations, and create a document that is clearly written and generally free of grammatical errors.