Assessment 4 Instructions: Recommendations and Action Plans

Prepare a final risk report (5-7 pages) that identifies privacy and security-related risks from throughout the quarter. Include evidence-based recommendations; action plans; and best practices, policies, and procedures to support the recommendations and action plans.

Throughout this course you have examined health care’s legal landscape, considering security and privacy safeguards set forth by the Health Insurance Portability and Accountability Act (HIPAA). The HIPAA standards protect the security and privacy of health information. Health care organizations are responsible to ensure proper controls are in place to make data available, but also to protect patients. Privacy and security violations must be identified; preventive policies and procedures need to be put in place to mitigate risks related to those violations. Health care organizations often use risk reports to identify, assess, and monitor risks throughout the organization.

In this final assessment, the risk management director has asked you compile a report based on all of your findings throughout the quarter. The director has an executive meeting with various stakeholders and would like to discuss recent risk issues identified throughout the hospital. In addition to identifying the risks, you will also make evidence-based recommendations and develop action items for identified privacy and security risks.

Demonstration of Proficiency

By successfully completing this assessment, you will demonstrate your proficiency in the course competencies through the following assessment scoring guide criteria:

• Competency 3: Analyze the relationship between privacy and security in health care.
  • Create evidence-based recommendations to avoid privacy and security violations identified in audit results.
• Competency 4: Analyze legal and ethical implications related to Health Information Management.
  • Develop action plans to accompany recommendations.
  • Describe best practices, policies, and procedures that directly support the recommendations and action plans.
  • Summarize the use of HIPAA standards and legal and ethical implications relating to the recommendations and action plans.
• Competency 5: Communicate effectively in a professional and ethical manner.
  • Create a clear, well-organized, professional final risk report that is generally free of errors in grammar, punctuation, and spelling.
  • Follow APA style and formatting guidelines for citations and references.

Preparation

To successfully prepare to complete this final course assessment:

• Review these three Vila Health media pieces:
  • Vila Health: Identifying Risks.
  • Vila Health: Privacy.
  • Vila Health: Security.
• Review your three previous assessments:
  • Assessment 1: You prepared a SWOT analysis focused on privacy and security-related issues.
  • Assessment 2: You developed a release of patient information compliance checklist for hospital staff members to follow.
  • Assessment 3: You wrote a security report that identified potential security and technical safeguard violations in Valley City Regional Hospital’s audit report. Your security report included evidence-based recommendations to address these potential violations and prevent them from occurring in the future.

Based on the content presented in these media pieces and the work you completed in your previous assessments, you will compile evidence-based recommendations; action plans; and best practices, policies, and or procedures to remedy the privacy and security issues that have surfaced at Valley City Regional Hospital.

Instructions

In this final assessment, the risk management director has asked you to compile a final risk report based on all of your findings related to privacy and security. The director has an executive meeting with various stakeholders and would like to share the recent risk issues identified throughout the hospital. In addition to identifying the risks, you will also make evidence-based recommendations and develop action items for the identified privacy and security related risks.

Download the Final Risk Report Template and use it to complete your assessment. Follow these guidelines when completing your final risk report template:

• Introduction (1 to 2 paragraphs)
  • The point of the introduction is to orient the reader to the information presented in the final risk report.
  • Summarize the main types of risks identified at Valley City Regional Hospital.
  • Summarize the mains types of recommendations; action plans; and best practices, policies, and procedures provided.
  • Consider including a brief explanation of the differences among recommendations; action plans; and best practices, policies, and procedures.
• Identified Privacy or Security Risk (Column 1)
  • In Column 1 you will create a master list of the privacy and security risks you uncovered throughout the quarter.
  • Consider grouping the privacy risks together and the security risks together.
• Evidence-Based Recommendations (Column 2)
  • In Column 2 enter your evidence-based recommendations to address the identified risk and prevent it from occurring in the future.
  • Include three recommendations for each identified risk.
• Action Plans (Column 3)
  • In Column 3 enter the action plans associated with each recommendation.
  • Include three action plans for each recommendation. This will be a total of nine action plans for each identified risk.
• Best Practices, Policies, and/or Procedures to Support Recommendations and Actions Plans (Column 4)
  • Pay attention to the distinctions among recommendations; action plans; and best practices, policies, and/or procedures when constructing your plan.
    • Recommendations indicate what must be done.
    • Action plans show how it must be done.
    • Best practices, policies, and/or procedures outline how, by whom, and in which settings and circumstances the recommendations and action plans will be put into effect.
• Summary (1 to 2 paragraphs)
  • Briefly summarize the use of HIPAA standards and legal and ethical implications relating to the recommendations and action plans.
  • Help Valley City Regional Hospital prioritize the most critical recommendations to implement first. Provide the rationale for your prioritization and substantiate your rationale with references to current, scholarly, and/or authoritative sources.

Additional Requirements

• Format: Complete your assessment using the Final Risk Report Template provided. Use Times Roman, 12-point type.
• Length: 5 to 7 pages.
• References: Follow APA style and formatting guidelines for citations and references. Include a separate works cited page for your references. For an APA refresher, consult this resource: APA Style and Format.
• Writing: Create a clear, well-organized, professional final risk report that is generally free of errors in grammar, punctuation, and spelling.

Resources: Best Practices

• PRINT
• • Capella University Health Care Administration Undergraduate Library Research Guide.
    • Please consult this guide as needed to conduct independent research on course topics. This resource will direct you to scholarly, peer-reviewed, and authoritative resources.
  • Luoma, C. (2016). Being prepared in the age of HIPAA audits. Health Management Technology, 37(8), 24.
  • Merrill, R. J., & Groden, S. L. (2017). A due diligence “to do”: Evaluate privacy and security compliance and calibrate risk prior to signing on the dotted line: Take steps now to mitigate the risk of non-compliance. Journal of Health Care Compliance, 19(3), 5–14.
  • Strauss, L. J. (2017). The value of auditing and audit controls: Recent HIPAA settlement highlights the importance of audit controls. Journal of Health Care Compliance, 19(5), 43–53.

  Resources: Innovation and Action Planning

  • PRINT
  • Burns, A. J., Johnson, M. E., & Honeyman, P. (2016). A brief chronology of medical device security. Communications of the ACM, 59(10), 66–72.
  • Roemer, K. (2017). Innovations for healthcare that ensure patient privacy, while transforming care delivery. Health Management Technology, 38(10), 10.
  • Wider, J. (2018). Telehealth impacts ROI, patient safety. Health Management Technology, 39(2), 6–11.