Business Finance Homework Help
Ashford University Week 5 HIPAA Privacy Rule and IT Governance Polices Discussion
Discussion 1: due Jul 29
Prior to beginning work on this discussion, please read Chapter 15 in the textbook, review the Summary of the HIPAA Privacy Rule (Links to an external site.), and play the Cybersecure: Your Medical Practice (Links to an external site.) game.
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule defines the types of protected information and the safeguards that must be in place to ensure appropriate protection of electronic protected health information. For this activity, you will identify protected health information (PHI) that will require protection and identify control types to be placed on the protected HIPPAA data.
For your initial post, consider the scenario below.
Tom Jones completed his yearly medical checkup, and the doctor found that he had a small growth on his kidney that will require additional testing. Using what you have learned in this week, carefully evaluate the tables below with consideration of the HIPAA governance requirements. Table 1 has common personal information about Tom that you may see on most hospital visit forms. Table 2 has information about individuals and entities with some type of relationship with Tom. In your initial post, identify from Table 1 all the rows that are considered PHI. Evaluate the information and explain which should be encrypted at storage and which information should be left in clear text. Additionally, identify from Table 2 all the rows you believe HIPAA considers as associates of Tom. Support your statements with evidence from your sources.
Table 1
Tom Jones’ Diagnostics: Liver Issue (Nephropathy)
Name
Telephone Number
Electronic email address
Social Security Number
Medical Record Number
IP address of his computer
Toms’ Hobby
Toms’ Driver’s license number
Table 2
Tom’s circle and relationship
Doctor
Kidney Specialist
Pharmacist
Priest
Medical Billing Organization
Insurance company
Children
Wife
Best Friend
Soccer Coach
Your initial post should be a minimum of 150 words.
Discussion 2: Due Jul 29
For your initial post, consider the scenario below.
Mary Salvatore works at the New University of Arizona Global Campus General Hospital in downtown San Diego. Mary is a nurse helper and sometimes works at the front desk to admit patients. She frequently works with computer equipment and printers. On November 1, 2015, Mary was working a night shift when an ambulance brought a young man to the emergency room. He had four gunshot wounds in his chest. Mary quickly recognized him as one of her son’s friends and was in utter shock. His name was Jason Smith and lived only a few blocks from her.
Later that evening, Mary reviewed his file from her computer to see his progress and saw that he was in a coma. She then called her son to let him know about Jason. Her son then called several of his friends to let them know about Jason’s situation. Mary discussed Jason’s case with nurses and fellow workers, and even posted Jason’s situation on her Facebook page. In addition, Mary used her cell phone to take a picture of Jason in his hospital bed and sent it to several of her friends and neighbors.
On her way home from work, Mary stopped by the grocery store and could not help but talk about Jason’s injuries to local shoppers. At one point there were at least five shoppers sympathizing with her about his injuries. Once she got home, Mary logged into the hospital network almost every hour to check on Jason’s file and progress. When she got back to work the next day, Jason was smiling and showed some sign of recovery. Mary was relieved and thankful.
Carefully review the scenario and analyze the actions taken by Mary Salvatore following Jason’s admission to the hospital. Explain how the actions taken by Mary violated HIPAA rules as well as the fines that the hospital could face based on her actions. Support your statements with evidence from your sources.
Evaluate the HIPAA regulations and the IT governance polices that would need to be in place in order to ensure that those in roles like Mary’s would not have access to medical record files like those she accessed in order to determine Jason’s coma status. Explain how the network should be segmented so that Mary’s access would be limited to just those records necessary for her role to admit patients.