Instructions
The purpose of this homework assignment is to allow you to research information about the healthcare industry that addresses the requirements a healthcare organization must comply with. You will relate the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security rules to NIST standards and encryption technologies to ensure confidentiality of electronic protected health information (ePHI) transmission.
You will evaluate HIPAA requirements, identify what ePHI data consists of, and apply HIPAA Privacy and Security rules to ensure confidentiality, integrity, and availability. Finally, you will relate the security requirements for protected heath information (PHI) to an overall privacy and security strategy for a healthcare organization.
You will use a text document to develop your homework assignment by completing the sections listed below:
Lab 3.1a
Review the following scenario:
Your manager has asked you to identify information and resources in the healthcare industry that address what laws, rules, and guidelines your healthcare organization needs to follow. Your healthcare organization is to have an audit so you need to gather information for the upcoming audit, which will be more stringent than any that have been done before. The healthcare organization that employs you believes it is necessary to conduct a review of its HIPAA compliance (or lack of compliance) and put the gathered information into a report to show all the requirements the organization faces. Your manager has asked you to perform this function knowing that your work has been above reproach. He expects a summary of the HIPAA requirements the organization needs to comply with and any financial regulatory acts for which it might also be held liable. With your previous experience researching the financial sector and Sarbanes-Oxley, you will need to dig deeper into the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and Security Rule. You can use resources from HHS.gov, the U.S. Department of Health and Human Services’ website, to evaluate the HIPAA Privacy and Security rules.
On your local computer, open a new Internet browser window.
Navigate to the following web addresshttp://www.himss.org. This is the Healthcare Information and Management Systems Society (HIMSS) website. Review the website.
Click on the Healthcare Reform linkhttp://www.himss.org/site-search?search_api_views_fulltext=Health+care+reform. Review some of the documents. Then, type the wordshealth information technologyin the search box. Review the information you find.
In the document that you have created, note what you have learn about the HIMSS website and how it helps companies and organizations address healthcare issues.
Lab 3.1b
Navigate to the web address:http://csrc.nist.gov/news_events/HIPAA-May2010_workshop/presentations/2-3-logging-auditing-mcmillan-cynergistek.pdf
Review the following sections:
- Logging & Audit Requirement,
- Privacy vs. Security, and
- Challenges & Barriers.
In your document, note the information you can gather from these sections of the document. Summarize your findings and cite at least one source.
Lab 3.1c
Navigate to the following web address:https://www.healthit.gov/patients-families
Browse the Privacy and Security section of the Office of the National Coordinator for Health Information Technology, and review the available information and resources provided.
In your document, note the types of information you can gather from the Office of the National Coordinator for Health Information Technology.
Lab 3.1d
Navigate to the following web address:http://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/
Review the following HIPAA Security Rule topics:
- Who the security rule covers
- Health plans
- Healthcare clearinghouses
- Any healthcare provider who transmits health information in electronic form in connection with a transaction for which the secretary of HHS has adopted standards under HIPAA
- What information is protected?
- Protected health information (PHI)
- De-identified health information
- General rules
- Risk analysis and management
- Administrative, physical, and technical safeguards
- Security management process
- Facility access and control
- Access, audit, and integrity controls
- Transmission security
- Policies, documentation, and penalty enforcements
In your document, summarize what you have found in the topics.
Lab 3.1e
Navigate to the following web address:http://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/
Review the HIPAA Privacy Rule and address the following topics:
- general principle for uses and disclosures;
- permitted vs. authorized uses and disclosures to the individual;
- treatment, payment, healthcare operations;
- opportunity to agree or object;
- incidental use and disclosure;
- public interest;
- limiting disclosure and notifications;
- policies, documentation, and penalty enforcements;
- for violations occurring prior to 2/18/2009;
- penalty amount: Up to $100 per violation;
- for violations occurring on or after 2/18/2009; and
- calendar year cap respectively: $25,000 and $1,500,000.
In your document, write what you have found in the topics.
Lab 3.2
In your document, write an executive summary that defines a process for obtaining and documenting information needed to perform a HIPAA compliancy audit. Please cite one resource in your executive summary.
Submit the document to your instructor as a deliverable for this homework assignment.
NOTE: When you submit your homework assignment, you can combine the assignments into one document for grading. Please clearly mark the answers for Lab 3.1a, Lab 3.1b, Lab 3.1c, Lab 3.1d, Lab 3.1e, and Lab 3.2 within your submission by labeling those sections within your assignment.
Your homework assignment should be a minimum of two pages in APA format. Include a minimum of two sources, with at least one source from the CSU Online Library in addition to your textbook.
Adhere to APA Style when constructing this assignment, including in-text citations and references for all sources that are used. Please note that no abstract is needed.