Write a security report (4-5 pages) that identifies potential security and technical safeguard violations in a health care organization’s audit report. Include evidence-based recommendations to address these potential violations and prevent them from occurring in the future.

The shift from paper to electronic health records has created the need for organizations to design proper controls and auditing procedures. These controls and procedures must assure the appropriate handling of data in compliance with HIPAA security and privacy rules. At the same time, access to electronically stored health data can be a matter of life and death. Controls must include access to the data needed to manage emergency situations.

Prior to the passage of the Health Insurance and Portability Accountability Act (HIPAA), national guidelines or legal security standards for protecting health information did not exist. Even so, technological advances continued, and organizations began to rely more heavily on electronic processes, creating an evident need for security standards. The HIPAA Security Rule is designed to protect the privacy of health information when using communication technologies and electronic processes. Privacy and security are intimately linked. Any organization that houses private data must also guard against its release so that information remains secure and private.

For this assessment, you will continue your work as a HIM analyst at Valley City Regional Hospital. A quality control report released by risk management indicated potential security issues, including password protection. As a result, the risk management department completed a risk audit. The hospital’s risk management manager has provided additional information about the audit he conducted. You have been asked to evaluate the audit and compile a security report.

Demonstration of Proficiency

By successfully completing this assessment, you will demonstrate your proficiency in the course competencies through the following assessment scoring guide criteria:

• Competency 3: Analyze the relationship between privacy and security in health care.
  • Describe access, authentication, and authorized use of health information.
  • Compare/contrast the HIPAA Security Rule and the HIPAA Privacy Rule.
  • Distinguish between proper and improper parameters for physical safeguards.
  • Recommend a list of evidence-based technical safeguards and security controls, including examples of types of uses and users.
• Competency 5: Communicate effectively in a professional and ethical manner.
  • Create a clear, well-organized, professional security report that is generally free of errors in grammar, punctuation, and spelling.
  • Follow APA style and formatting guidelines for citations and references.

Preparation

As part of your preparation for Assessment 3, please complete the following:

• View this media piece: Vila Health: Security | Transcript.
  • As you view the media piece, consider security requirements and the potential security violations presented. Based on your analysis of the media piece, you will prepare a security report that outlines the security issues you identified and presents recommendations to remedy the identified issues.
• Revisit your previous assessments. Because of the close relationship between privacy and security, you may choose to incorporate elements of these previous assessments into this one.
  • In Assessment 1, you prepared a SWOT analysis and a risk report, the narrative accompanying the SWOT analysis.
  • In Assessment 2, you analyzed potential privacy violations that occurred in Valley City Regional Hospital and prepared a compliance checklist. This checklist outlined for staff members the steps they need to follow when releasing patient information. Health care organizations often use checklists, such as the one you developed, as quality control measures.

Instructions

For this assessment, you will continue your work as an HIM analyst at Valley City Regional Hospital. The quality control committee has released notification that potential issues with password protection exist within the organization. Computers containing patient information are not secure; passwords are openly displayed.

As a result, the risk management department completed a comprehensive risk audit. The hospital’s risk management manager has provided you with additional information about the audit he conducted. You will find this information in the Vila Health: Security media piece. The audit specifically addressed issues related to security and technical safeguards. Your task is to evaluate the audit, compile a master list of potential security violations, and then present recommendations to address these potential violations and prevent them from occurring in the future.

Be sure to include all of the following headings in your 4–5 page security report and answer the questions underneath each heading:

Proper Access, Authentication, and Use of Health Information (1 page)

• What constitutes proper access, authentication, and authorized use of health information?

HIPAA Privacy Rule vs. HIPAA Security Rule (1 page)

• What are the HIPAA Privacy Rule’s requirements?
• What are the HIPAA Security Rule’s requirements?
• How are these rules the same?
• How are they different?

Note: Consider which elements from Assessment 1 might be appropriate to incorporate here.

Proper vs. Improper Parameters for Physical Safeguards (1 page)

Note: The names of these safeguards come from the Security Rule.

• What are these safeguards?
• How do the security parameters for these safeguards vary by level of authority and job role?

Recommendations (1 to 1 1/2 pages)

• What are the potential security violations you identified in the Vila Health: Security media piece?
• What evidence-based technical safeguards and security controls would you recommend to address and prevent the identified security violations from occurring?
• What are some examples of uses and users with your evidence-based recommendations?

Note: Throughout your security report:

• Incorporate specific examples from the media piece, your experience in this course and/or the workplace, and from your readings and research.
• Substantiate your assertions and recommendations with references to current, scholarly and/or authoritative sources.

Additional Requirements

• Length: 4- to 5-page double-spaced security report.
• Format: Times Roman, 12-point type.
• References: Follow APA style and formatting guidelines for citations and references. Include a separate works cited page for your references. For an APA refresher, consult this resource: APA Style and Format.
• Writing: Create a clear, well-organized, professional security report that is generally free of errors in grammar, punctuation, and spelling.

Resources: Security

• PRINT
• • Andre, T. (2017). Cybersecurity: An enterprise risk issue. HFM (Healthcare Financial Management), 71(2), 40–45.
  • McLaughlin, P. (2017). HIPAA security challenges in the current technology ecosystem. Journal of Health Care Compliance, 19(2), 5–12.

Resources: Personal Health Access

• PRINT
• • Capella University Health Care Administration Undergraduate Library Research Guide.
    • Please consult this guide as needed to conduct independent research on course topics. This resource will direct you to scholarly, peer-reviewed, and authoritative resources.
  • Sampat, B., & Prabhakar, B. (2017). Privacy risks and security threats in mHealth apps. Journal of International Technology & Information Management, 26(4), 126–153.

  Resources: Mobile Devices and Cybersecurity

  • PRINT
  • Hegwer, L. R. (2017). Securing data against cyber threats. Healthcare Executive, 32(5), 10–18.
  • Liss, B. (2017). HIPAA and mobile health: Where’s the app for that? Computer & Internet Lawyer, 34(9), 9–12.
  • Oachs, P. K., & Watters, A. L. (Eds.). (2016). Health information management: Concepts, principles, and practice (5th ed.). Chicago, IL: AHIMA Press. Available from the bookstore.
    • Chapter 15, “Health Information Exchange,” pages 449–477.