Assignment 1: HIPAA Requirements
Prior to beginning work on this discussion, read Chapter 15 in the textbook, review the Summary of the HIPAA Privacy Rule, and play the Cybersecure: Your Medical Practice game.
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule defines the types of protected information and the safeguards that must be in place to ensure appropriate protection of electronic protected health information. For this activity, you will identify protected health information (PHI) that will require protection and identify control types to be placed on the protected HIPPAA data.
For your initial post, consider the scenario below.
Tom Jones completed his yearly medical checkup, and the doctor found that he had a small growth on his kidney that will require additional testing. Using what you have learned in this week, carefully evaluate the tables below with consideration of the HIPAA governance requirements. Table 1 has common personal information about Tom that you may see on most hospital visit forms. Table 2 has information about individuals and entities with some type of relationship with Tom. In your initial post, identify from Table 1 all the rows that are considered PHI. Evaluate the information and explain which should be encrypted at storage and which information should be left in clear text. Additionally, identify from Table 2 all the rows you believe HIPAA considers as associates of Tom. Support your statements with evidence from your sources.
Table 1
Tom Jones' Diagnostics: Liver Issue (Nephropathy)
Name
Telephone Number
Electronic email address
Social Security Number
Medical Record Number
IP address of his computer
Toms' Hobby
Toms' Driver's license number
Table 2
Tom's circle and relationship
Doctor
Kidney Specialist
Pharmacist
Priest
Medical Billing Organization
Insurance company
Children
Wife
Best Friend
Soccer Coach
Assignment 2: Issues of Non-Compliance
Prior to beginning work on this discussion, please read Chapter 15 in the textbook, review the Summary of the HIPAA Privacy Rule resource and Health Information Technology for Economic and Clinical Health (HITECH) Act, and play the Cybersecure: Your Medical Practice game.
For your initial post, consider the scenario below.
Mary Salvatore works at the New Ashford General Hospital in downtown San Diego. Mary is a nurse helper and sometimes works at the front desk to admit patients. She frequently works with computer equipment and printers. On November 1, 2015, Mary was working a night shift when an ambulance brought a young man to the emergency room. He had four gunshot wounds in his chest. Mary quickly recognized him as one of her son's friends and was in utter shock. His name was Jason Smith and lived only a few blocks from her.
Later that evening, Mary reviewed his file from her computer to see his progress and saw that he was in a coma. She then called her son to let him know about Jason. Her son then called several of his friends to let them know about Jason's situation. Mary discussed Jason's case with nurses and fellow workers, and even posted Jason's situation on her Facebook page. In addition, Mary used her cell phone to take a picture of Jason in his hospital bed and sent it to several of her friends and neighbors.
On her way home from work, Mary stopped by the grocery store and could not help but talk about Jason's injuries to local shoppers. At one point there were at least five shoppers sympathizing with her about his injuries. Once she got home, Mary logged into the hospital network almost every hour to check on Jason's file and progress. When she got back to work the next day, Jason was smiling and showed some signs of recovery. Mary was relieved and thankful.
Carefully review the scenario and analyze the actions taken by Mary Salvatore following Jason's admission to the hospital. Explain how the actions taken by Mary violated HIPAA rules as well as the fines that the hospital could face based on her actions. Support your statements with evidence from your sources.
Evaluate the HIPAA regulations and the IT governance policies that would need to be in place in order to ensure that those in roles like Mary's would not have access to medical record files like those she accessed in order to determine Jason's coma status. Explain how the network should be segmented so that Mary's access would be limited to just those records necessary for her role to admit patients.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.