Introduction:

A healthcare administrator needs to provide a safe and secure environment for all health information. No matter the healthcare setting, personal health information (PHI) is accessible to many individuals. You will be faced with situations as an administrator that will require a well-founded knowledge of how PHI is secured, how it is proactively monitored, and what immediate actions you need to take when faced with a potential breach. The purpose of this task is to assess your knowledge of the implications of maintaining the security and privacy of healthcare information. It will also help you understand the cultural issues of implementing change in a small healthcare setting. Scenario: You are the healthcare administrator for a small critical access hospital (i.e., 25 beds or fewer).

Your administration team includes the director of nursing, the chief medical officer, the director of support services, the director of pharmacy, and the health information management (HIM) director. You and your team have been tasked with investigating a recent data breach. As the data breach was investigated, several members of the staff have been identified as being directly involved in the breach. Several patients experiencing the compromise of their PHI have filed legal claims with the intent to sue.

ORDER NURSING COURSE WORKS HERE

Your team is also accountable for implementing an electronic health record (EHR) system, which is a newly initiated technology in a culture that is resistant to change. The board of directors has requested that you have a plan addressing both of these issues ready to present in two weeks. Requirements:

A. Create a planning, organizing, directing, controlling (PODC) HIPAA training model by doing the following:

1. Describe how you would teach the hospital employees the rules and regulations regarding HIPAA. a. Identify three appropriate types of PHI that can be shared between staff.

i. Identify where in the facility the information sharing should take place.

ii. Identify three individuals who can use and disclose this information.

b. Describe two penalties associated with breaching patient information.

c. Identify two appropriate ways to secure data from one working shift to another using HIPAA guidelines.

2. Complete an internal audit plan of all security measures meant to protect health information by doing the following: a. Identify which department will oversee the audit. b. Explain three security practices the audit will review (e.g., PHI sign-out sheets, secured storage/location of records). c. Describe three potential changes that can be made within the organization to address the results of the audit (e.g., additional employee education). d. Create a risk assessment plan to identify the potential for any future security breaches. i. Identify how often this assessment plan should be completed. ii. Identify who will complete this assessment plan.

B. Determine the financial impact of a new EHR system by doing the following:

1. Develop a risks versus benefits summary for the key stakeholders of the hospital to show why an EHR system should be invested in and implemented.

a. Identify four key decision makers who give input and buy-in.

b. Include two CMS requirements for the new system.

2. List four new hardware components required for the new system. a. Identify the potential capital dollar investment for the new system.

b. Discuss which of the three EHR systems—Cerner, Meditech, or Epic—would be the best system for your organization using information in the web links section below and the attached “Information on EHR Vendors.”

3. Identify three components or applications that will need to be incorporated into the EHR system at your small critical access hospital.

a. Discuss the key security and privacy components of the EHR system you selected in part B2b. C. Create an appropriate training plan for all clinical and non-clinical staff by doing the following:

1. Identify the estimated number of total hours required to learn the EHR system for both clinical and non-clinical staff.

2. Describe the logistics required to train all employees on all shifts by doing the following:

a. Identify how many training sessions would be reasonable for approximately 150 day-shift employees.

b. Identify how many training sessions would be reasonable for approximately 50 night-shift employees.

c. Identify how much the training will cost, assuming an average wage of $21 per hour and a total training length of 6−10 hours per employee.

d. Develop a training plan for 75 physicians (40 are active medical staff, 35 see patients on a consult or specialist basis).

i. Design a schedule, using the attached “Proposed Physician Schedule,” that allows all physicians to learn the new program while also providing adequate coverage for patient care on a 24-hour basis.

3. Describe a train-the-trainer program you could implement to ensure ongoing support and training of new employees.

4. Describe a transition plan for employees transitioning from the old EHR system to the new EHR system.

a. Describe how you will measure whether employees have demonstrated competency with the new system.

b. Identify the most appropriate time of day and day of the week to initiate the transition. i. Identify three leaders who should be on-site for the transition period.

ii. Justify why you chose the three leaders in part C4bi.

5. Describe one approach you could use in collaboration with your administration team to reward the staff for successfully learning and transitioning to a new EHR system.

a. Explain how you would collaborate with your administration team to initiate the approach described in part C5.

D. When you use sources, include all in-text citations and references in APA format.

ORDER A CUSTOM-WRITTEN, PLAGIARISM-FREE PAPER NOW

For this HIPAA: An Issue of Patient Privacy Essay Assignment, review the following from this week’s Resources:
• Resources on the HIPAA Privacy and Security Rules
• Resources on privacy and security and the use of mobile devices in patient care
• Privacy and Confidentiality Scenario

As you reflect on the Privacy and Confidentiality Scenario (located in this week’s Resources), consider the following points and write a 2-3-pages proposal addressing privacy issues:
• Identify the issues related to patient privacy and confidentiality in this scenario.
• Describe strategies your organization (or one with which you are familiar) might use to safeguard patient information from the use of mobile devices.
• Discuss the use of mobile devices for patient care in your organization (or one with which you are familiar) and any organizational policies related to mobile devices. Specifically, address the use of text messages to communicate patient care information and explain what happens to a message after it is sent.
• Analyze your personal strategies used to protect patient health information on mobile devices.
• Do your personal strategies adequately protect information in a patient care setting?
• Provide examples of alternate or additional methods that could be used to insure patient privacy and confidentiality is maintained.
Include a minimum of three resources from the professional nursing literature in the assigned course readings and other references in the Walden Library.

Privacy and Confidentiality Scenario

This scenario is based on a true story and due to increased ubiquitous use of mobile technology more incidents such as this will occur. Nurses must fully understand privacy and confidentiality issues and apply the information to various settings and situations to best advocate for the patient. Working in a busy cardiac cath lab provides many opportunities for possible breaches of confidentiality or privacy. Jennifer works in a cath lab and has noticed mobile technology is encroaching on patient confidentiality and privacy. A few months back they were very busy and several patients were in the holding area awaiting procedures. HIPAA: An Issue of Patient Privacy Essay. Jennifer’s coworker, Tim, decided to take a picture of the patients in the holding area and posted it on Facebook to show his friends how busy he was. Jennifer felt very uncomfortable about this and told Tim she really did not think that was appropriate due to the patients in the picture. She also noted the schedule board was in the picture which contained patient initials, procedures, and doctor. Tim said it was nothing, as the patients could not really be identified and pretty much told Jennifer she was being, “Miss. Perfect because she was in school.” As time went by Jennifer noticed it was becoming commonplace for techs and nurses to text information back and forth about cases to the physicians on their personal cell phones. Initials were supposed to be used, but sometimes, patient names would be added by mistake. The physicians loved the convenience and encouraged this behavior. It wasn’t long before patient scheduling via Google was the new tool. This meant all the nurses, techs, and physicians could share a common calendar on Google Calendar and view the schedule in real time. Again, patient initials were to be used and at times full names came through. Every time a patient was added to the schedule a popup on the physician’s, tech’s, and nurses’ personal phones would flash the procedure, time, and patient. Jennifer knew all this was not correct as none of the phones or tools had been approved via the Compliance Officer or Information Technology. The most difficult thing was the unit manager was in agreement with the mobile communications and Jennifer felt she had nowhere to go to stop this potential breach of patient information. HIPAA: An Issue of Patient Privacy Essay.

• Identify the issues related to patient privacy and confidentiality in this scenario.
• Describe strategies your organization uses to safeguard patient information from the use of mobile devices.
• Discuss the use of mobile devices for patient care in your organization and any organizational policies related to mobile devices. Specifically address the use of text messages to communicate patient care information and explain what happens to the message after it is sent.
• Analyze your personal strategies used to protect patient health information on mobile devices.
• Do these strategies adequately protect information in your patient care setting?

HIPAA – an issue of patient privacy

  • Identify the issues related to patient privacy and confidentiality in this scenario.

There are three issues that can be seen in the scenario. Firstly, there is an issue of confidentiality that focuses on the health professionals’ obligation to hold patient information in confidence, especially when they have access to the information. The social media postings violate the confidentiality expectations. Besides that, communicating using the patients’ names rather than initials also violates confidentiality expectations. Secondly, there is an issue of privacy that concerns the patients’ right to make independent decisions on whether and how their personal information should be shared. None of the patients was consulted when the information was shared on social media. Finally, there is an issue of security that concerns that absence of protection protocols that support medical personnel in holding patient information in confidence. The facility is using Google technology which does not provide adequate protection for the information. HIPAA: An Issue of Patient Privacy Essay.

  • Describe strategies your organization (or one with which you are familiar) might use to safeguard patient information from the use of mobile devices.

There are two strategies for safeguarding patient information from the use of mobile phones. The first strategy is to educate mobile personnel on the need to protect patient information and how the use of mobile phones can violate this need. The second strategy is to mobile devices use policies that punish persons who violate security expectations. Finally, implementing a breach protocol the involves containing and evaluating the scope of the breach, notifying the affected persons, conducting an investigation to identify the nuances of the breach, and remediation (Bromwich, M. & Bromwich, R., 2016) HIPAA: An Issue of Patient Privacy Essay.

  • Discuss the use of mobile devices for patient care in your organization (or one with which you are familiar) and any organizational policies related to mobile devices. Specifically, address the use of text messages to communicate patient care information and explain what happens to a message after it is sent.

Mobile devices have offered medical personnel new ways for carrying out professional communication, ease access to decision support, and accelerated consultations. In fact, it is not uncommon for medical personnel to communicate among themselves and with patients using text messages that communicate diagnosis, test results, care progress, make and confirm appointments, access medical records, and so on. Although mobile devices offer communication conveniences, they present some concerns with regards to breaching privacy expectations, insecure data storage, and legal liability for failing to obtain the patient’s consent. This is particularly true when the possibility of data hacking and access by a third party is considered (McGonigle & Mastrian 2018). HIPAA: An Issue of Patient Privacy Essay.

  • Analyze your personal strategies used to protect patient health information on mobile devices.

I implement four personal strategies to protect patient health information on mobile devices. The first strategy is authentication controls that involve locking my devices when not in use and requiring biometrics and passcodes to access secured information. The second strategy is an automatic and remote lock and wipe policy that comes into play if the device is stolen or a loose it. HIPAA: An Issue of Patient Privacy Essay. The fourth strategy is positional awareness whereby I only access patient information away from prying eyes so that no third party unintentionally sees the information. The final strategy involves installing regularly updated security programs that protect the device from malicious programs such as viruses as well as hackers (Maki & Petterson 2013).

  • Do your personal strategies adequately protect information in a patient care setting?

I do not believe that my personal strategies offer adequate protection of patient information within the care setting. That is because these strategies still has a loophole for breaches. The loophole is that patient information is not typically encrypted. This implies that any person who can intercept the information while being transmitted will be able to view the information. This loophole can be addressed by employing encryption that prevents unauthorized persons from reading the information even if they can access it (Maki & Petterson 2013). HIPAA: An Issue of Patient Privacy Essay.

  • Provide examples of alternate or additional methods that could be used to insure patient privacy and confidentiality is maintained.

Other than the mentioned strategies, there are two additional strategies that can be applied. The first strategy is to implement a mobile device use policies that controls how the device is used if it contains vital information. The strategy focuses on evaluating applications. At the very least, unsecured and unapproved applications should not be used. The second strategy is to regularly update operating systems, applications and other software. The updates plug previous security vulnerabilities. The mobile device users should be informed of these updates while the more sensitive devices should include options for forced security updates (Davis & LaCour, 2016). HIPAA: An Issue of Patient Privacy Essay.

References

Bromwich, M. & Bromwich, R. (2016). Privacy risks when using mobile devices in health care. CMAJ, 188(12), 855-856. doi: 10.1503/cmaj.160026

Davis, N. & LaCour, M. (2016). Foundations of health information management. Amsterdam: Elsevier Health Sciences.

Maki, S. & Petterson, B. (2013). Using the electronic health record: in the health care provider practice (2nd ed.). Mason, OH: Cengage Learning. HIPAA: An Issue of Patient Privacy Essay.

McGonigle, D., & Mastrian, K. G. (2018). Nursing informatics and the foundation of knowledge (4th ed.). Burlington, MA: Jones and Bartlett Learning. HIPAA: An Issue of Patient Privacy Essay.