Develop a written proposal ? Using data supplied in the case study outline how you, the community health nurse, would work with this community integrating the concepts of population health promotion, primary health care and health promotion.

Develop a written proposal ? Using data supplied in the case study outline how you, the community health nurse, would work with this community integrating the concepts of population health promotion, primary health care and health promotion..

Develop a written proposal ? Using data supplied in the case study outline how you, the community health nurse, would work with this community integrating the concepts of population health promotion, primary health care and health promotion.

Description
You are the community health nurse in the following case study and your objective is to convince the manager of your community health unit to grant you dedicated nursing time to work with this community beyond your day-to-day community health nursing practice routine of working with families in immunization clinics and home visits.First ? read this short case study:You are a community health nurse employed in a rural Alberta health unit. In your district, the unemployment rate is over 20%, and the incidence of small grocery store theft has increased markedly during the past year. During routine infant and preschool immunization clinics and home visits you have noted signs of fatigue, anemia, and susceptibility to respiratory infections in family members of all ages. In addition you have noticed that many of the parents that you see in their homes seem to be smoking more. During clinic and home visits, many parents express concern about the adequacy of the diet that they are able to provide, and say that the funding they receive from Social Services is insufficient to meet their families? basic food needs. The largest urban centre where large discount food stores are available is a four-hour-drive away. Most families in the district do their grocery shopping at the local general stores, where prices are higher. Many of these families have large debts. The owners of these stores are unable to extend the credit lines of many of their customers much further, although they are sympathetic to the overall situation. The general tone within the district towards the employment and economic situation is pessimistic, although many parents do comment during clinic and home visits that they are still waiting for things to ?turn around.?Recently a small group of farmers and local businessmen expressed interest in developing a food bank, although no one has any experience in organizing one. The only condition that they have placed on their offer is that ?needy families become directly involved in helping themselves and each other, and nobody just gets a free handout.? The provincial nutritionist, a good friend of yours, has indicated her support and is willing to be involved in consultation and teaching. Second ? Prepare the following for submission to your unit manager.Develop a written proposal ? Using data supplied in the case study outline how you, the community health nurse, would work with this community integrating the concepts of population health promotion, primary health care and health promotion.


 

PLACE THIS ORDER OR A SIMILAR ORDER WITH THE NURSING PROFESSIONALS TODAY AND GET AN AMAZING DISCOUNT

get-your-custom-paper


Buy Custom Nursing Papers

Buy Nursing Papers

 

The post Develop a written proposal ? Using data supplied in the case study outline how you, the community health nurse, would work with this community integrating the concepts of population health promotion, primary health care and health promotion. appeared first on THE NURSING PROFESSIONALS.

Develop a written proposal ? Using data supplied in the case study outline how you, the community health nurse, would work with this community integrating the concepts of population health promotion, primary health care and health promotion.

Which of the following describe your present conceptionof death?

Which of the following describe your present conceptionof death?.

Which of the following describe your present conception
of death?

APA FORMAT 2-4 PAGE, IN-TEXT CITATION REFERENCE PAGE ETC. IF YOU CAN NOT ADHERE TO THE DETAILS OR DEADLINE DO NOT TAKE THIS ASSIGNMENT.

USE THE UPLOADED REFERENCE IN DEVELOPMENT OF THIS PAPER. TUTOR PLEASE ADD AT LEAST 2 MORE REFERENCS FOR IN-TEXT CITATION REFERENCE PAGE

Models of Grieving
The death of a loved one is a significant event that everyone experiences. An individual’s social environment, including societal and familial cultural factors, may influence how an individual approaches death or grieves the loss of someone else who dies. You can anticipate addressing grief in your social work practice and, therefore, should develop an understanding of the grieving process.

Two models of grieving?the Kubler-Ross and Westburg models?identify stages through which an individual progresses in response to the death of a loved one. Understanding the various ways individuals cope with grief helps you to anticipate their responses and to assist them in managing their grief. Select one model of grieving?the Kubler-Ross or Westburg model?to address in this assignment.

Addressing the needs of grieving family members can diminish your personal emotional, mental, and physical resources. In addition to developing strategies to assist grieving individuals in crisis, you must develop strategies that support self-care.
In this Assignment, you apply a grieving model to work with families in a hospice environment and suggest strategies for self-care.

Submit by SATURDAY 8PM NEW YORK TIME a 2- to 4-page paper in which you:
Explain how you, as a social worker, might apply the grieving model you selected to your work with families in a hospice environment.
Identify components of the grieving model that you think might be difficult to apply to your social work practice. Explain why you anticipate these challenges.
Identify strategies you might use for your own self care as a social worker dealing with grief counseling. Explain why these strategies might be effective.

References
Zastrow, C. H., & Kirst-Ashman, K. K. (2016). Understanding human behavior and the social environment (10th ed.). Boston, MA: Cengage Learning.

Support your Assignment with specific references to the resources. Be sure to provide full APA citations for your references.

grandchildren and great-grandchildren with gifts,
loans, and babysitting.
Because older people are living longer, four and
even five generations of families are becoming more
common. Papalia et al. (2009, p. 613) note:
Grandparents and great-grandparents are important
to their families. They are sources of wisdom,
companions in play, links to the past, and symbols
of the continuity of family life. They are engaged
in the ultimate generative function: expressing the
human longing to transcend mortality by investing
themselves in the future generations.
Guidelines for Positive
Psychological Preparation
for Later Adulthood:
The Strengths Perspective
Growing old is a lifelong process. Becoming 65 does
not destroy the continuity of what a person has been,
is now, and will be. Recognizing this should lessen the
fear of growing old. For those who are financially
secure and in good health and who have prepared
thoughtfully, later adulthood can be a period of
at least reasonable pleasure and comfort, if not
luxury.
Some may be able to start small home businesses,
based on their hobbies, or become involved in meaningful
activities with churches and other organizations.
Others may relax while fishing or traveling around the
country. Still others may continue to pursue such interests
as gardening, woodworking, reading, needlework,
painting, weaving, and photography. Many older people
have contributed as much (or more) to society as
they did in their earlier years. One role model in this
area is Jimmy Carter; see Highlight 15.1.
Our lives depend largely on our goals and our
efforts to achieve those goals. How we live before
retiring will largely determine whether later adulthood
will be a nightmare or will be gratifying and
fulfilling. The importance of being physically and
mentally active throughout life was discussed in
Chapter 14. Here are some factors that are closely
related to satisfaction in later adulthood:
1. Close personal relationships. Having close relationships
with others is important throughout life.
Older people who have close friends are more satisfied
with life. Practically everyone needs a person
to whom one can confide one?s private thoughts or
feelings. Older people who have confidants are
better able to handle the trials and tribulations of
HIGHLIGHT 15.1
Jimmy Carter: Stumbled as President, Excelled in Later Adulthood
Jimmy Carter (James Earl Carter Jr.) was born October 1,
1924, in the small rural community of Plains, Georgia. Carter
graduated from the U.S. Naval Academy in Annapolis in 1946.
After seven years as a naval officer, he returned to Plains,
where he ran a peanut-producing business. In 1962, he entered
state politics. Eight years later, he was elected governor of
Georgia. In 1976, he was elected president of the United States.
Although he had some noteworthy accomplishments as president,
there were serious setbacks economically and in foreign
affairs. Inflation, interest rates, and unemployment rates were
at near-record highs. During Carter?s four-year administration,
the economy went into a recession. In 1979, more than 50
members of the U.S. Embassy staff in Iran were taken as hostages
by militants. Despite 14 months of trying, the Carter administration
was unable to secure release of the hostages. After
a devastating defeat for reelection in 1980, Carter retired from
political life?and left being very unpopular.
But the best was yet to come. He did not throw in the
towel. Today he is a professor at Emory University in
Georgia and a leading advocate for Habitat for Humanity,
which helps build houses for low-income families. He established
the Carter Center, which sponsors international
programs in human rights, preventive health care, education,
agricultural techniques, and conflict resolution.
Carter and the Carter Center have secured the release of
hundreds of political prisoners. He has become an elder
statesman, a roving peacemaker, and a guardian of freedom.
He oversaw the Nicaraguan elections that ousted
the dictatorship of the Sandinistas. He brokered a ceasefire
between the Serbs and the Bosnian Muslims. He has
pressured China to release political prisoners. He was the
first former U.S. president to visit Communist Cuba. He
has helped set up fair elections in China, Mozambique,
Nigeria, Indonesia, and several other developing countries.
In addition, he has written 14 books. In 2002, at age 78, he
was awarded the Nobel Peace Prize. Clearly, Carter?s accomplishments
in later adulthood surpass his accomplishments
in his earlier years.
660 Understanding Human Behavior and the Social Environment
Copyright 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
aging. Through sharing their deepest concerns,
people are able to ventilate their feelings and to
talk about their problems and possibly arrive at
some strategies for handling them. Those who are
married are more likely than the widowed to have
confidants, and the widowed are more likely to
have confidants than those who have never married.
For those who are married, the spouse is apt
to be the confidant, especially for men.
2. Finances. Health and income are two factors
closely related to life satisfaction in later adulthood.
When people feel good and have money,
they can be more active. Those who are active?
who go out to eat, go to meetings or museums, go
to church, go on picnics, or travel?are happier
than those who mostly stay at home. Saving
money for later years is important, and so is
learning to manage or budget money wisely.
3. Interests and hobbies. Psychologically, people
who are traumatized most by retirement are those
whose self-image and life interests center on their
work. People who have meaningful hobbies and
interests look forward to retirement in order to
have sufficient time for these activities.
4. Self-identity. People who are comfortable and realistic
about who they are and what they want
from life are better prepared to deal with stresses
and crises that arise.
5. Looking toward the future. A person who dwells
on the past or rests on past achievements is apt to
find the older years depressing. On the other
hand, a person who looks to the future generally
has interests that are alive and growing and is
therefore able to find new challenges and new satisfaction
in later years. Looking toward the future
involves planning for retirement, including deciding
where one would like to live, in what type of
housing and community, and what one looks forward
to doing with his or her free time.
6. Coping with crises. If a person learns to cope effectively
with crises in younger years, these coping
skills will remain useful when a person is
older. Effective coping is learning to approach
problems realistically and constructively.
Grief Management and Death
Education
In the remainder of this chapter, we will discuss reactions
to death in our society, including social work
roles in grief management and guidelines for relating
to a dying person and to survivors.
Death in Our Society: The Impact
of Social Forces
People in primitive societies handle death better than
we do. They are more apt to view death as a natural
occurrence, partly because they have shorter life expectancies.
They also frequently see friends and relatives
die. Because they view death as a natural
occurrence, they are better prepared to handle the
death of loved ones. Spotlight 15.3 illustrates the
cultural-historical context of death and bereavement.
In our society, we tend to shy away from
thinking about death. The terminally ill generally
die in institutions (hospitals and nursing homes),
away from their homes. Therefore, we are seldom
exposed to people dying. Many people in our society
seek to avoid thinking about death. They avoid going
to funerals and avoid conversations about death.
Many people live as if they believe they will live
indefinitely.
We need to become comfortable with the idea of
our own eventual death. If we do that, we will be
better prepared for the deaths of close friends and
relatives. We will also then be better prepared to
relate to the terminally ill and to help survivors
who have experienced the death of a close friend or
relative.
Funerals are needed for survivors. Funerals help
initiate the grieving process so that people can work
through their grief. (Delaying the grieving process
may intensify the eventual grief.) For some, funerals
also serve the function of demonstrating that the person
is dead. If survivors do not actually see the dead
body, some may mystically believe that the person is
still alive. For example, John F. Kennedy was assassinated
in 1963 and had a closed-casket funeral.
Because the body was not shown, rumors abounded
for many years that he was still alive.
The sudden death of a young person is more difficult
to cope with, for three reasons. First, we do
not have time to prepare for the death. Second, we
feel the loss as more severe because we feel the person
is missing out on many of the good things in life.
Third, we do not have the opportunity to obtain a
sense of closure in the relationship; we may feel we
did not have the opportunity to tell the person how
we felt about him or her, or we did not get the opportunity
to resolve interpersonal conflicts. (Because
the grieving process is intensified when closure does
Psychological Aspects of Later Adulthood 661
Copyright 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
not occur, it is advisable to actively work toward
closure in our relationships with others.)
Children should not be sheltered from death.
They should be taken to funerals of relatives and
friends and their questions answered honestly. It is
a mistake to say, ?Grandmother has gone on a trip
and won?t be back.? The child will wonder if other
significant people in his or her life will also go on a
trip and not come back; or the child may be puzzled
about why grandmother won?t return from the trip.
It is much better to explain to children that death is
a natural process. It is desirable to state that death is
unlikely to occur until a person is quite old, but that
there are exceptions?such as an automobile accident.
Parents who take their children to funerals almost
always find the children handle the funeral
better than they expected. Funerals help children
learn that death is a natural process.
It is generally a mistake for survivors to seek to
appear strong and emotionally calm following the
death of a close friend or relative. Usually such people
want to avoid dealing with their loss, and there is
a danger that when they do start grieving they will
experience more intense grief?partly because they
will feel guilty about denying that they are hurting,
and partly because they will feel guilty because they
de-emphasized (by hiding their pain and feelings) the
importance of the person who died.
Many health professionals (such as medical doctors)
find death difficult to handle. Health professionals
are committed to healing. When someone is
found to have a terminal illness, health professionals
are apt to experience a sense of failure. In some
cases, they experience guilt because they cannot do
more, or because they might have made mistakes
that contributed to a terminal illness. Therefore, do
not be too surprised if you find that some health
professionals do not know what to say or do when
confronted by terminal illness.
The Grieving Process
Nearly all of us are currently grieving about some
loss that we have had. It might be the end of a romantic
relationship, or moving away from friends
and parents, or the death of a pet, or failing to get
a grade we wanted, or the death of someone.
It is a mistake to believe that grieving over a loss
should end in a set amount of time. The normal
grieving process is often the life span of the griever.
When we first become aware of a loss of great importance
to us, we are apt to grieve intensively?by
crying or by being depressed. Gradually, we will
have hours, then days, then weeks, then months
when we will not think about the loss and will not
grieve. However, there will always be something that
reminds us of the loss (such as anniversaries), and we
SPOTLIGHT ON DIVERSITY 15.3
The Cultural-Historical Context of Death and Bereavement
Cultural customs concerning the disposal and remembrance
of the dead, the transfer of possessions, and even expressions
of grief vary greatly from culture to culture. Often, religious
or legal prescriptions about these topics reflect a society?s
view of what death is and what happens afterward.
In ancient Greece, bodies of heroes were publicly burned
as a symbol of honor. Public cremation is still practiced by
Hindus in India and Nepal. In contrast, cremation is prohibited
under Orthodox Jewish law, as it is believed that the dead
will rise again for a ?last judgment? and the chance for eternal
life. To this day, some Polynesians in the Tahitian Islands
bury their parents in the front yard of their parents? home as a
way of remembering them.
In ancient Romania, warriors went laughing to their
graves, expecting to meet Zalmoxis, their supreme god.
In Mayan society, which prospered several centuries ago
in Mexico and Central America, death was seen as a gradual
transition. At first a body was given only a provisional burial.
Survivors continued to perform mourning rites until the body
decayed to the point where it was thought the soul had left it
and transcended into the spiritual realm.
In Japan, religious rituals expect survivors to maintain
contact with the deceased. Families keep an altar in their
homes that is dedicated to their ancestors; they offer them
cigars and food and talk to the altar as if they were talking
to their deceased loved ones. In contrast, the Hopi (Native
American tribe) fear the spirits of the deceased and try to forget,
as quickly as possible, those who have died.
Some modern cultural customs have evolved from ancient
ones. The current practice of embalming, for example,
evolved from the mummification practice in ancient Egypt
and China about 3,000 years ago that was designed to preserve
a body so that the soul could eventually return to it.
Today, Muslims in Bali are encouraged to suppress sadness,
and instead to laugh and be joyful at burials. In contrast,
Muslims in Egypt are encouraged to express their grief with
displays of deep sorrow.
662 Understanding Human Behavior and the Social Environment
Copyright 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
will again grieve. The intense grieving periods will,
however, gradually become shorter, occur less frequently,
and decrease in intensity.
Two models of the grieving process will be presented
here: the K?bler-Ross (1969) model and the
Westberg (1962) model. These models help us to understand
the grief we feel from any loss.
The K?bler-Ross Model
This model posits five stages of grief:
1. Stage One: Denial. During this stage, we tell ourselves,
?No, this can?t be. There must be a mistake.
This just isn?t happening.? Denial is often
functional because it helps cushion the impact of
the loss.
2. Stage Two: Rage and Anger. During this stage,
we tell ourselves, ?Why me? This just isn?t fair!?
For example, terminally ill patients resent that
they will soon die while other people will remain
healthy and alive. During this stage, God is sometimes
a target of the anger. The terminally ill, for
example, blame God as unfairly imposing a death
sentence.
3. Stage Three: Bargaining. During this stage, people
with losses attempt to strike bargains to regain
all or part of the loss. For example, the
terminally ill may bargain with God for more
time. They promise to do something worthwhile
or to be good in exchange for another month or
year of life. K?bler-Ross indicates that even agnostics
and atheists sometimes attempt to bargain
with God during this stage.
4. Stage Four: Depression. During this stage, those
having losses tell themselves, ?The loss is true,
and it?s really sad. This is awful. How can I go
on with life??
5. Stage Five: Acceptance. During this stage, the
person fully acknowledges the loss. Survivors
accept the loss and begin working on alternatives
to cope with the loss and to minimize its impact.
The Westberg Model
This model is represented graphically in Figure 15.1.
? Shock and Denial. According to the Westberg
model, many people, when informed of a tragic
loss, are so numb, and in a state of such shock,
that they are practically devoid of feelings. It
could well be that when emotional pain is unusually
intense, a person?s response system experiences
?overload? and temporarily ?shuts down.?
The person feels hardly anything and acts as if
nothing has happened. Such denial is a way of
avoiding the impact of a tragic loss.
? Emotions Erupt. As the realization of the loss becomes
evident, the person expresses the pain by
crying, screaming, or sighing.
? Anger. At some point, a person usually experiences
anger. The anger may be directed at God for causing
the loss. The anger may be partly due to the
unfairness of the loss. If the loss involves the death
of a loved one, there is often anger at the dead person
for what is termed ?desertion.?
? Illness. Because grief produces stress, stress-related
illnesses are apt to develop, such as colds, flu,
ulcers, tension headaches, diarrhea, rashes, and
insomnia.
? Panic. Because the grieving person realizes he or
she does not feel like the ?old self,? the person
may panic and worry about going insane. Nightmares,
unwanted emotions that appear uncontrollable,
physical reactions, and difficulties in
concentrating on day-to-day responsibilities all
contribute to the panic.
? Guilt. The grieving person may blame himself
or herself for having done something that
Loss/Hurt Healed/New
Strengths
Shock and
denial
Emotions erupt
Affirming
reality
Anger
Hope
Illness
Reentry difficulties
Panic Depression and loneliness
Guilt
FIGURE 15.1 Westberg Model of the Grieving Process
? Cengage Learning 2013
Psychological Aspects of Later Adulthood 663
Copyright 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
contributed to the loss, or feel guilty for not doing
something that might have prevented the loss.
? Depression and Loneliness. At times, the grieving
person is apt to feel very sad about the loss and
also to have feelings of isolation and loneliness.
The grieving person may withdraw from others,
who are viewed as not being supportive or
understanding.
? Reentry Difficulties. When the grieving person
makes efforts to put his or her life back together,
reentry problems are apt to arise. The person may
resist letting go of attachments to the past, and
loyalties to memories may hamper the pursuit of
new interests and activities.
? Hope. Gradually, hopes of putting one?s life back
together return and begin to grow.
? Affirming Reality. The grieving person puts his or
her life back together again, and the old feeling
of having control of one?s life returns. The
reconstructed life is not the same as the old, and
memories of the loss remain. However, the reconstructed
life is satisfactory. The grieving person
resolves that life will go on.
Evaluation of Models of the Grieving Process
K?bler-Ross and Westberg note that some people
continue grieving and never do reach the final stage
(the acceptance stage in the K?bler-Ross model, or
the affirming reality stage in the Westberg model).
K?bler-Ross and Westberg also caution that it is a
mistake to rigidly believe everyone will progress
through these stages as diagrammed. There is often
considerable movement back and forth among the
stages. For example, in the K?bler-Ross model, a
person may go from denial and depression to anger
and rage, then back to denial, then to bargaining,
then again to depression, back to anger and rage,
and so on.
How to Cope with Grief
The following suggestions are given to help those
who are grieving:
? Crying is an acceptable and valuable expression of
grief. Cry when you feel the need. Crying releases
the tension that is part of grieving.
? Talking about your loss and about your plans is
very constructive. Sharing your grief with friends,
family, the clergy, a hospice volunteer, or a professional
counselor is advisable. You may seek to
become involved with a group of others having
similar experiences. Talking about your grief eases
loneliness and allows you to ventilate your feelings.
Talking with close friends gives you a sense
of security and brings you closer to others you
love. Talking with others who have similar losses
helps put your problems into perspective. You will
see you are not the only one with problems, and
you will feel good about yourself when you assist
others in handling their losses.
? Death often causes us to examine and question
our faith or philosophy of life. Do not become
concerned if you begin questioning your beliefs.
Talk about them. For many, a religious faith provides
help in accepting the loss.
? Writing out a rational self-analysis on your grief
will help you to identify irrational thinking that is
contributing to your grief (see Chapter 8). Once
any irrational thinking is identified, you can relieve
much of your grief through rational challenges
to your irrational thinking.
? Try not to dwell on how unhappy you feel. Become
involved and active in life around you. Do
not waste your time and energy on self-pity.
? Seek to accept the inevitability of death?yours
and that of others.
? If the loss is the death of a loved one, holidays and
the anniversaries of your loved one?s birth and
death can be stressful. Seek to spend these days
with family and friends who will give you
support.
? You may feel that you have nothing to live for
and may even think about suicide. Understand
that many people who encounter severe losses
feel this way. Seek to find assurance in the fact
that a sense of purpose and meaning will return.
? Intense grief is very stressful. Stress is a factor that
leads to a variety of illnesses, such as headaches,
colitis, ulcers, colds, and flu. If you become ill,
seek a physician?s help, and tell him or her that
your illness may be related to grief you are
experiencing.
? Intense grief may also lead to sleeplessness, sexual
difficulties, loss of appetite, or overeating. If a
loved one has died, do not be surprised if you
dream the person is still alive. You may find you
have little energy and cannot concentrate. All of
these reactions are normal. Do not worry that you
are going crazy or losing your mind. Seek to take
a positive view. Eat a balanced diet, get ample
rest, and exercise moderately. Every person?s grief
is individual?if you are experiencing unusual
664 Understanding Human Behavior and the Social Environment
Copyright 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
physical reactions (such as nightmares), try not to
become overly alarmed.
? Medication should be taken sparingly and only
under the supervision of a physician. Avoid trying
to relieve your grief with alcohol or other drugs.
Many drugs are addictive and may stop or delay
the necessary grieving process.
? Recognize that guilt, real or imagined, is a normal
part of grief. Survivors often feel guilty about
things they said or did, or feel guilty about things
they think they should have said or done. If you
are experiencing intense guilt, it is helpful to share
it with friends or with a professional counselor. It
might also be helpful to write a rational selfanalysis
of the guilt (see Chapter 8). Learn to forgive
yourself. All humans make mistakes.
? You may find that friends and relatives appear to
be shunning you. If this is happening, they probably
are uncomfortable around you, as they do not
know what to say or do. Take the initiative and
talk with them about your loss. Inform them
about ways in which you would like them to be
supportive.
? If possible, put off making major decisions (changing
jobs, moving) until you become more emotionally
relaxed. When you?re highly emotional, you?re
more apt to make undesirable decisions.
Application of Grief Management Theory
to Client Situations
Most people are grieving about one or more losses?
the end of a romantic relationship, the death of a
pet, or the death of a loved one. Social workers
may take on a variety of roles in the areas of grief
management and death education: They can be initiators
of educational programs in schools,
churches, and elsewhere for the general public.
They can be counselors in a variety of settings (including
hospices, nursing homes, and hospitals) in
which they work on a one-to-one basis with the terminally
ill and with survivors. They can be group
facilitators and lead grief management groups (including
bereavement groups for survivors) in settings
such as hospitals, hospices, mental health clinics,
and schools. They may also serve as brokers in
linking individuals who are grieving, or who have
unrealistic views about death and dying, with appropriate
community resources.
In order for social workers to be effective in these
roles, they need to become comfortable with the idea
of their own eventual deaths. They also need to develop
skills for relating to the terminally ill and to
survivors. The following sections present some
guidelines in these areas. The material is useful not
only for social workers but also for anyone who has
contact with a dying person or with survivors.
How to Relate to a Dying Person
First, you need to accept the idea of your own
eventual death and view death as a normal process.
If you cannot accept your own death, you will probably
be uncomfortable talking to someone who is
terminally ill and will not be able to discuss the concerns
that the dying person has in an understanding
and positive way. The questions in Highlight 15.2
will help you assess your attitudes toward the reality
of death.
Second, tell the dying person that you are willing
to talk about any concerns that he or she has. Let
When a person?s spouse dies, he or she is apt to feel sad, lonely,
and isolated. Gradually, the grieving person reaches out to others.
Photodisc/Getty Images
Psychological Aspects of Later Adulthood 665
Copyright 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
HIGHLIGHT 15.2
Questions About Grief, Death, and Dying
Arriving at answers to these questions is one way to work
toward becoming more comfortable with your own eventual
death.
1. Which of the following describe your present conception
of death?
a. Cessation of all mental and physical activity
b. Death as sleep
c. Heaven-and-hell concept
d. A pleasant afterlife
e. Death as being mysterious and unknown
f. The end of all life for you
g. A transition to a new beginning
h. A joining of the spirit with an unknown cosmic
force
i. Termination of this physical life with survival of the
spirit
j. Something other than what is on this list
2. Which of the following aspects of your own death do
you find distasteful?
a. What might happen to your body after death
b. What might happen to you if there is a life after
death
c. What might happen to your dependents
d. The grief that it would cause to your friends and
relatives
e. The pain you may experience as you die
f. The deterioration of your body before you die
g. All your plans and projects coming to an end
h. Something other than what is on this list
3. If you could choose, what age would you like to be
when you die?
4. When you think of your own eventual death, how do
you feel?
a. Depressed
b. Fearful
c. Discouraged
d. Purposeless
e. Angry
f. Pleasure in being alive
g. Resolved as you realize death is a natural process
of living
h. Other (specify)
5. For what, or for whom, would you be willing to
sacrifice your life?
a. An idea or moral principle
b. A loved one
c. In combat
d. An emergency where another life could be saved
e. Not for any reason
6. If you could choose, how would you prefer to die?
a. A sudden, violent death
b. A sudden but nonviolent death
c. A quiet and dignified death
d. Death in the line of duty
e. Suicide
f. Homicide victim
g. Death after you have achieved your life goals
h. Other (specify)
7. If it were possible, would you want to know the exact
date on which you would die?
8. Would you want to know if you had a terminal illness?
9. If you had six more months to live, how would you
want to spend the time?
a. Satisfying hedonistic desires such as sex
b. Withdrawing
c. Contemplating or praying
d. Seeking to prepare loved ones for your death
e. Completing projects and tying up loose ends
f. Considering suicide
g. Other (specify)
10. Have you seriously contemplated suicide? What are
your moral views of suicide? Are there circumstances
under which you would take your life?
11. If you had a serious illness and the quality of your life
had substantially deteriorated, what measures do you
believe should be taken to keep you alive?
a. All possible heroic medical efforts should be taken
b. Medical efforts should be discontinued when there is
practically no hope of returning to a life with quality
c. Other (specify)
12. If you are married, would you prefer to outlive your
spouse? Why?
13. How important do you believe funerals and grief
rituals are for survivors?
14. If it were up to you, how would you like to have your
body disposed of after you die?
a. Cremation
b. Burial
c. Donation of your body to a medical school or to
science
d. Other (specify)
15. What kind of funeral would you prefer?
a. A church service
b. As large as possible
c. Small with only close friends and relatives present
d. A lavish funeral
e. A simple funeral
f. Whatever your survivors want
g. Other (specify)
16. Have you made a will? Why or why not?
17. Were you able to arrive at answers to most of these
questions? Were you uncomfortable in answering these
questions? If you were uncomfortable, what were you
feeling, and what made you uncomfortable? For the
questions you do not have answers to, how might you
arrive at answers?
666 Understanding Human Behavior and the Social Environment
Copyright 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
the person know that you are emotionally ready and
supportive, that you care, and that you are available.
Remember, the person has a right not to talk
about concerns if he or she so chooses. Touching or
hugging the dying person is also very helpful.
Third, answer the dying person?s questions as
honestly as you can. If you do not know an answer,
find someone who can provide the requested information.
Evasion or ambiguity in response to a dying
person?s questions only increases his or her concerns.
If there is a chance for recovery, this should be mentioned.
Even a small margin of hope can be a comfort.
Do not, however, exaggerate the chances for
recovery.
Fourth, a dying person should be allowed to accept
the reality of the situation at his or her own pace. Relevant
information should not be volunteered, nor
should it be withheld. People who have terminal illnesses
have rights to have access to all the relevant
information. A useful question that may assist a dying
person is, ?Do you want to talk about it??
Fifth, if people around the dying person are able
to accept the death, the dying person is helped to
accept the death. Therefore, it is therapeutic to
help close family members and friends accept the
death. Remember, they may have a number of concerns
that they want to discuss, and they may need
help to do this.
Sixth, if you have trouble with certain subjects
involving death, inform the dying person of your
limitations. This takes the guesswork out of the
relationship.
Seventh, the religious or philosophical viewpoint
of the dying person should be respected. Your own
personal views should not be imposed.
How to Relate to Survivors
These suggestions are similar to the suggestions on
relating to a dying person. It is very helpful to become
accepting of the idea of your own death. If you
are comfortable about your own death, you will be
better able to calmly listen to the concerns being expressed
by survivors.
It is helpful to initiate the first encounter with a
survivor by saying something like, ?I?m sorry,? and
then touching or hugging the person. Then convey
that if he or she wants to talk or needs help, you?re
available. Take your lead from what the survivor
expresses. You should seek to convey that you
care, that you share his or her loss, and that you?re
available if he or she wants to talk.
It is helpful to use active listening with both survivors
and persons who are terminally ill. In using
active listening, the receiver of a message feeds back
only what he or she feels was the intent of the sender?s
message. In using this approach, the receiver
does not send a message of his or her own, such as
asking a question, giving advice, expressing personal
feelings, or offering an opinion.
It is frequently helpful to share with a survivor
pleasant and positive memories you have about the
person who has died. This conveys that you sincerely
care about and miss the deceased person and also
that the deceased person?s life had positive meaning.
ETHICAL DILEMMA
Whether to Insert a Feeding Tube
New technology has made it possible for patients
with irreversible brain damage to be
kept alive for decades. A key component of
keeping someone alive is the insertion of a
feeding tube. Once a feeling tube has been inserted,
it is extremely difficult to obtain a
court order to have it removed. Some patients
have been kept alive in a chronic vegetative state for 10 to 15
years after a feeding tube has been inserted.
Assume the following: Your mother has a tragic automobile
accident, and her brain is deprived of oxygen for 15 minutes.
She is in a coma for 30 days, and medical tests indicate that
she has suffered irreversible brain damage. It will take a miracle
for your mother to ever regain consciousness. Your mother has
not signed a living will, a document in which the signer asks to
be allowed to die rather than be kept alive by artificial means if
disabled and there is no reasonable expectation of recovery.
The attending doctors ask you if you want to give permission
for a feeding tube to be inserted. If a tube is not inserted, your
mother will starve to death; however, she probably will experience
little or no pain, as she is in a coma. If a tube is inserted,
she will probably live in a vegetative state for many years.
What do you do?
This dilemma is obviously heartrending, but is included
here to help prepare you for a decision you may someday
have to make.
EP 2.1.2
Psychological Aspects of Later Adulthood 667
Copyright 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Relating your memories will often focus the survivor?s
thoughts on pleasant and positive memories
of his or her own.
Continue to visit the survivors if they show interest
in such visits. It is also helpful to express your
caring and support through a card, a little gift, or
a favorite casserole. If a survivor is unable to resume
the normal functions of living, or remains deeply
depressed, suggest seeking professional help. Joining
a survivor self-help group is another possible
suggestion.
The religious or philosophical viewpoint of survivors
should be respected. You should not seek to
impose your views on the survivors.
How to Become Comfortable with the Idea
of Your Own Eventual Death: The Strengths
Perspective
Perhaps the main reason people are uncomfortable
about death is that in our culture we are socialized
to avoid seeing death as a natural process. We would
be more comfortable with the idea of our own death
if we could talk about it more openly and actively
seek answers to our own questions and concerns.
Comfort with the idea of our own death helps us
be more supportive in relating to and understanding
those who are dying. If you are uncomfortable about
death, including your own eventual death, here are
some things you can do to become more
comfortable.
Identify what your concerns are and then seek
answers to these concerns. Numerous excellent
books provide information on a wide range of subjects
involving death and dying. Many colleges, universities,
and organizations provide workshops
and courses on death and dying. If you have intense
fears about death and dying, consider talking to
authorities in the field, such as professional counselors,
or to clergy with experience and training in
grief counseling.
Taboos against talking about death and dying
need to be broken in our society. You may find
that tactfully initiating discussions about death and
dying with friends and relatives will be helpful to
you, and to people close to you.
It is probably accurate that we will never become
fully accepting of the idea of our own death, but we
can learn a lot more about the subject and obtain
answers to many of the questions and concerns we
have. In talking about death, it is advisable to avoid
using euphemisms such as ?passed on,? ?gone to
heaven,? and ?taken by the Lord.? It is much better
to be accurate and say the person has died. Using
euphemisms gives an unrealistic impression of death
and is part of an avoidance approach to facing
death. Fortunately, an open communications approach
about death is emerging in our society.
Additional ways to become more informed about
death and dying are attending funerals; watching
quality films and TV programs that cover aspects
of dying; providing support to friends or relatives
who are terminally ill; being supportive to survivors;
talking to people who do grief counseling to learn
about their approach; keeping a journal of your
thoughts and concerns related to death and dying;
and planning the details of your own funeral. Some
persons move toward becoming more comfortable
with their own death by studying the research that
has been conducted on near-death experiences, as
described in Highlight 15.3.
Mwalimu Imara (1975) views dying as having a
potential for being the final stage of growth. Learning
to accept death is similar to learning to accept
other losses?such as the breakup of a romantic relationship
or leaving a job we cherished. If we learn
to accept and grow from the losses we encounter,
such experiences will help us in facing the deaths of
loved ones and our own eventual death.
Having a well-developed sense of identity (that is,
who we are and what we want out of life) is an important
step in learning to become comfortable with
our own eventual death. If we have well-developed
blueprints of what will give meaning and direction to
our lives, we are emotionally better prepared to accept
that we will eventually die.
Ethical Question 15.5
Are you comfortable with the fact
that someday you will die? Most
people are not. If you are not, what
do you need to work on to become
more comfortable? EP 2.1.2
668 Understanding Human Behavior and the Social Environment
Copyright 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
Chapter Summary
The following summarizes this chapter?s content in
terms of the learning objectives presented at the beginning
of the chapter.
A. Describe the developmental tasks of later
adulthood.
Older adults must make a number of developmental
psychological adjustments, such as adjusting to retirement
and lower income and to changing physical
strength and health.
B. Present theoretical concepts about developmental
tasks in late adulthood.
Theoretical concepts about developmental tasks in
later adulthood include integrity versus despair,
shifting from work-role preoccupation to selfdifferentiation;
shifting from body preoccupation to
body transcendence; shifting from self-occupation to
self-transcendence; conducting a life review; the importance
of self-esteem; the significance of having a
high level of life satisfaction; the negative effects of
low status and ageism; the prevalence of depression
HIGHLIGHT 15.3
Life After Life
Raymond Moody (1975) interviewed a number of people who
had near-death experiences. These people had been pronounced
clinically dead but then shortly afterward were revived.
Moody provides the following composite summary of
typical experiences that have been reported. (It is important to
bear in mind that the following narrative is not a representation
of any one person?s experience; rather, it is a composite
of the common elements found in many accounts.)
A man is dying and, as he reaches the point of greatest
physical stress, he hears himself pronounced dead by his
doctor. He begins to hear an uncomfortable noise, a loud
ringing or buzzing, and at the same time feels himself moving
very rapidly through a long dark tunnel. After this, he
suddenly finds himself outside of his own physical body, but
still in the immediate physical environment, and he sees his
own body from a distance, as though he is a spectator. He
watches the resuscitation attempt from his unusual vantage
point and is in a state of emotional upheaval.
After a while, he collects himself and becomes more accustomed
to his odd condition. He notices that he still has a
?body,? but one of a very different nature and with very
different powers from the physical body he has left behind.
Soon other things begin to happen. Others come to meet
and to help him. He glimpses the spirits of relatives and
friends who have already died, and a loving, warm spirit of
a kind he has never encountered before?being of light?
appears before him. This being asks him a question, nonverbally,
to make him evaluate his life and helps him along by
showing him a panoramic, instantaneous playback of the
major events of his life. At some point he finds himself approaching
some sort of barrier or border, apparently representing
the limit between earthly life and the next life. Yet,
he finds that he must go back to the earth; that the time for
his death has not yet come. At this point he resists, for by
now he is taken up with his experiences in the afterlife and
does not want to return. He is overwhelmed by his intense
feelings of joy, love, and peace. Despite his attitude, though,
he somehow reunites with his body and lives.
Later he tries to tell others, but he has trouble doing so.
In the first place, he can find no human words adequate to
describe this unearthly episode. He also finds that others
scoff, so he stops telling other people. Still, the experience
affects his life profoundly, especially his views about death
and its relationship to life.
No one is sure why such experiences are reported. Various
explanations have been suggested (Siegel, 1981). One is that it
suggests there may be a pleasant afterlife. This explanation
gives comfort to those who dislike seeing death as an absolute
end. Another explanation, however, is that these near-death
experiences are nothing more than hallucinations triggered by
chemicals released by the brain or induced by lack of oxygen
to the brain. Scientists involved with near-death research
acknowledge that so far there is no conclusive evidence that
these near-death experiences prove there is life after death.
Nelson, Mattingly, and Schmitt (2007) suggest that some
people may be biologically predisposed to near-death experiences.
They interviewed 55 Europeans who said they had had
such experiences. The researchers found that these research
subjects also had these experiences in the transition between
wakefulness and sleep. The researchers theorized that such people
may have disturbances in the brain?s arousal system that
permit an intrusion of REM sleep elements when they are not
quite asleep, bringing on temporary visual hallucinations.
SOURCE: Raymond A. Moody, Jr., 1975, Life After Life. New York:
Bantam Books, pp. 21?23. Reprinted by permission of the copyright
owner, Mockingbird Books, St. Simon?s Island, GA.
Psychological Aspects of Later Adulthood 669
Copyright 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.

69.

UNIV B201 Career Management /Development Plan Instructions

The Development Plan is comprised of an industry outlook and SMART goals. The purpose of this assignment is to enable you to research your target industry, better understand the requirements and expectations of the field, and to develop strategies for achieving your professional goals.

I. Industry Outlook
You will write a two paragraph overview of your target position and industry. This information will include employment outlooks and projections, required education and licensure, and average salary ranges for entry level professionals. It is necessary to use external sources (see below) and cite this information. There should be two other resources used besides the BLS website.
? Occupational Outlook Handbook (Dept of Labor) http://www.bls.gov/OCO/
? Occupational Information Network/O*Net http://online.onetcenter.org/
? Vault Career Insider [e-resource via Hagerty Library]

II. SMART Goals
You will use the SMART goal format to address four categories (two required and two additional categories) from the list below.
Required Categories:
? Networking
? Industry/Technical Skills Additional Categories:
? Identifying a Mentor
? Personal Growth
? Social Integration within Company
? Financial Planning
? Community Integration
? Cross Cultural Awareness
? Leadership Skills
? Advanced Education/Professional Licensure
? Other (you can create a category more relevant to your career goals)

Specific-The goal should define specific results and provide concrete details
Measurable-When writing the goal, define how you can measure success
Attainable-Goals should be challenging but realistic
Relevant-State the results to be achieved
Time-Bound-Establish a time limit
Example of a SMART goal statement (please note the level of detail written):
Category SMART Goal Statement
Networking Complete three informational interviews, during the fall of 2016, with mid to high level professionals working in economic development, public policy, or international economics working for the federal government or applicable agency within the Washington D.C. area to identify:
– Viable career paths and entry level positions
– Recommendations for advanced degrees and development of admission strategies, highlighting topics including:
o Differentiators amongst programs (MS, MPA, MPP, MAIEF or PhD)
o Application process
o Creation of candidate profiles and interest statements
o Recommended universities and colleges
– Insight into the federal government?s job search process:
o Navigating USAJOBS
o Creation of federal resume
– Overview of salary schedule (GS grades)


 

PLACE THIS ORDER OR A SIMILAR ORDER WITH THE NURSING PROFESSIONALS TODAY AND GET AN AMAZING DISCOUNT

get-your-custom-paper


Buy Custom Nursing Papers

Buy Nursing Papers

 

The post Which of the following describe your present conceptionof death? appeared first on THE NURSING PROFESSIONALS.

Which of the following describe your present conceptionof death?

Identify and include a definition of the four concepts of the nursing metaparadigm (common components or concepts in all nursing theories)

Identify and include a definition of the four concepts of the nursing metaparadigm (common components or concepts in all nursing theories).

Identify and include a definition of the four concepts of the nursing metaparadigm (common components or concepts in all nursing theories)

person, nursing, health, and environment, with reference to the Nurse Practitioner professional practice.
Write a 2 pages essay that includes the following points:

Identify and include a definition of the four concepts of the nursing metaparadigm (common components or concepts in all nursing theories): person, nursing, health, and environment, with reference to the Nurse Practitioner professional practice.
Explain how these concepts developed
Mention at least with 2 examples how these 4 concepts are employed in nursing practice.


 

PLACE THIS ORDER OR A SIMILAR ORDER WITH THE NURSING PROFESSIONALS TODAY AND GET AN AMAZING DISCOUNT

get-your-custom-paper


Buy Custom Nursing Papers

Buy Nursing Papers

 

The post Identify and include a definition of the four concepts of the nursing metaparadigm (common components or concepts in all nursing theories) appeared first on THE NURSING PROFESSIONALS.

Identify and include a definition of the four concepts of the nursing metaparadigm (common components or concepts in all nursing theories)

What is the history behind gerontological nursing?This APA formatted paper assignment consists of your philosophy of gerontological nursing and should entail what you believe to be a good gerontology nurse.

What is the history behind gerontological nursing?This APA formatted paper assignment consists of your philosophy of gerontological nursing and should entail what you believe to be a good gerontology nurse..

What is the history behind gerontological nursing?This APA formatted paper assignment consists of your philosophy of gerontological nursing and should entail what you believe to be a good gerontology nurse.

This APA formatted paper assignment consists of your philosophy of gerontological nursing and should entail what you believe to be a good gerontology nurse. In order to do this, the documented discussion should explain some of the following areas: 1) the history behind gerontological nursing; 2) any landmarks that this type of nursing has developed over the past few decades; 3) any definitions that have been developed in this scope of practice with the elderly; 4) roles and core competencies of the gerontological nurses; and 5) any documented research in gerontological nursing that brings evidenced-based practice to light for the elderly. Support your philosophy with at least 2 nursing peer reviewed journal articles no older than 5 years.


 

PLACE THIS ORDER OR A SIMILAR ORDER WITH THE NURSING PROFESSIONALS TODAY AND GET AN AMAZING DISCOUNT

get-your-custom-paper


Buy Custom Nursing Papers

Buy Nursing Papers

 

The post What is the history behind gerontological nursing?This APA formatted paper assignment consists of your philosophy of gerontological nursing and should entail what you believe to be a good gerontology nurse. appeared first on THE NURSING PROFESSIONALS.

What is the history behind gerontological nursing?This APA formatted paper assignment consists of your philosophy of gerontological nursing and should entail what you believe to be a good gerontology nurse.

Evolution of Professional Nursing and Culturally Diverse Workforce Analysis Assignment 2: Evolution of Professional Nursing and Culturally Diverse Workforce Analysis. of RA1:

Evolution of Professional Nursing and Culturally Diverse Workforce Analysis Assignment 2: Evolution of Professional Nursing and Culturally Diverse Workforce Analysis. of RA1:.

Evolution of Professional Nursing and Culturally Diverse Workforce Analysis
Assignment 2: Evolution of Professional Nursing and Culturally Diverse Workforce Analysis.
of RA1:

In this module, we looked at the evolution of the nursing profession and how it relates to the continued issue of achieving a culturally diverse workforce. Despite our progress in moving toward a culturally diverse nursing workforce, efforts are needed to achieve nursing workforce diversity to meet patient care needs. The report produced by the Sullivan Commission on Diversity in the Healthcare Workforce (2004) provided a framework from which one can understand nursing workforce diversity issues. In particular, it provided a way to systematically review issues surrounding the historical context of nursing workforce diversity, why increasing workforce diversity is important, how we might achieve a more diverse workforce and how it may be paid for, and who is accountable for achieving the diversity goal.


 

PLACE THIS ORDER OR A SIMILAR ORDER WITH THE NURSING PROFESSIONALS TODAY AND GET AN AMAZING DISCOUNT

get-your-custom-paper


Buy Custom Nursing Papers

Buy Nursing Papers

 

The post Evolution of Professional Nursing and Culturally Diverse Workforce Analysis Assignment 2: Evolution of Professional Nursing and Culturally Diverse Workforce Analysis. of RA1: appeared first on THE NURSING PROFESSIONALS.

Evolution of Professional Nursing and Culturally Diverse Workforce Analysis Assignment 2: Evolution of Professional Nursing and Culturally Diverse Workforce Analysis. of RA1:

How might what you have mentioned in your response to either or both questions 1 and 2 above be helpful in your work with patients?

How might what you have mentioned in your response to either or both questions 1 and 2 above be helpful in your work with patients?.

How might what you have mentioned in your response to either or both questions 1 and 2 above be helpful in your work with patients?

Here is our Discussion Board Question for Unit 3, Part A, for you to use in composing your original post. Please make sure you make your posts for this Unit in the Forum designated for Unit 3, Part A. You are required to answer all parts of the question below. You are also required to label your responses as separate paragraphs for your original post according to the way the original questions are labeled below.

PART A: Regarding our Unit 3 assigned reading, chapter 7 of Spirituality in Nursing:
Name and discuss at least 3 key points that you found to be especially helpful in thinking about the spiritual needs of patients with an acute illness? Do you have any specific examples or questions regarding how what you have learned might be helpful to you, as you think about working with patients who have an acute illness?

PART B: Regarding our Unit 3 assigned reading, chapter 8 of Spirituality in Nursing:
Name and discuss at least 3 key points that you found to be especially helpful in thinking about the spiritual needs of patients with a chronic illness? Do you have any specific examples or questions regarding how what you have learned might be helpful to you, as you think about working with patients who have a chronic illness?

PART C: Regarding your viewing of the video by Mother Angelica on Suffering and other truths regarding our spiritual life:
1) What did Mother Angelica help you understand about the value of human suffering, from a spiritual point of view, at a deeper level? Be specific in quoting from Mother Angelica’s teaching on the video and then open up what you have learned from her in your own words.
2) What did Mother Angelica help you learn about the Lord’s dealings with human persons, in general, that was either new for you entirely or provided you with a better understanding of a truth you already knew?
3) What questions did Mother Angelica’s teaching leave you with?
4) How might what you have mentioned in your response to either or both questions 1 and 2 above be helpful in your work with patients?

Video


 

PLACE THIS ORDER OR A SIMILAR ORDER WITH THE NURSING PROFESSIONALS TODAY AND GET AN AMAZING DISCOUNT

get-your-custom-paper


Buy Custom Nursing Papers

Buy Nursing Papers

 

The post How might what you have mentioned in your response to either or both questions 1 and 2 above be helpful in your work with patients? appeared first on THE NURSING PROFESSIONALS.

How might what you have mentioned in your response to either or both questions 1 and 2 above be helpful in your work with patients?

Briefly introduce family & basic elements of assessment. Include family form & membership?i.e., who is in the family you are discussing.

Briefly introduce family & basic elements of assessment. Include family form & membership?i.e., who is in the family you are discussing..

Briefly introduce family & basic elements of assessment. Include family form & membership?i.e., who is in the family you are discussing.

Paper details
5 pages APA format with level 1 headings- make sure to include all 5 of the requirements

1. Briefly introduce family & basic elements of assessment. Include family form & membership?i.e., who is in the family you are discussing.
Information to include:
The family is the Garcia family. They are a middle class family that lives in nice community. The Garcia family consists of a mother, father, and 3 children . Daughter age 20, Son age 13, and daughter age 12 . The oldest daughter (age 20) was from the mother in a previous marriage. The father and mother both work outside of the home. Both parents share decision making and caregiving of the children . Grandmother lives nearby to help when needed. The family is Catholic but does not attend church every Sunday. All family members are in good health.
This is a made up family, please add anything else to this family to support the paper.

2. One type of Family Structure discussion

3. One type of Family Function discussion

4. ONE nursing or non-nursing theory (Include explanation of theory components and application to this family)
The nursing theorist for this paper is: Murray Bowens- family systems theory ( make up anything about the family to support how this theory was applied to this family)

5. Conclusion


 

PLACE THIS ORDER OR A SIMILAR ORDER WITH THE NURSING PROFESSIONALS TODAY AND GET AN AMAZING DISCOUNT

get-your-custom-paper


Buy Custom Nursing Papers

Buy Nursing Papers

 

The post Briefly introduce family & basic elements of assessment. Include family form & membership?i.e., who is in the family you are discussing. appeared first on THE NURSING PROFESSIONALS.

Briefly introduce family & basic elements of assessment. Include family form & membership?i.e., who is in the family you are discussing.

write a formal paper in 6th edition APA style on Atrial-septal defect. You will need to identify the following in your paper: the population you are assessing (adult, elderly, child, pregnant woman, etc.),

write a formal paper in 6th edition APA style on Atrial-septal defect. You will need to identify the following in your paper: the population you are assessing (adult, elderly, child, pregnant woman, etc.),.

write a formal paper in 6th edition APA style on Atrial-septal defect. You will need to identify the following in your paper: the population you are assessing (adult, elderly, child, pregnant woman, etc.),

Description
This paper must be correct APA format, I have had problems with this, please make it correct
You will write a formal paper in 6th edition APA style on Atrial-septal defect. You will need to identify the following in your paper: the population you are assessing (adult, elderly, child, pregnant woman, etc.), historical data you will need to collect, assessment data you will need to collect, abnormal and normal findings, tests that will be completed, a plan of care based on current guidelines, and all individuals/departments that will be involved in the plan of care. You need to include at least 6 current (within the last 5 years) research articles within your paper. The paper needs to be at least 4 pages in length. See attached grading rubric

You will write a formal paper in 6th edition APA style on Atrial-septal defect. You will need to identify the following in your paper: the population you are assessing (adult, elderly, child, pregnant woman, etc.), historical data you will need to collect, assessment data you will need to collect, abnormal and normal findings, tests that will be completed, a plan of care based on current guidelines, and all individuals/departments that will be involved in the plan of care. You need to include at least 6 current (within the last 5 years) research articles within your paper. The paper needs to be at least 4 pages in length. This paper will need to be completed in 4 days (10/20/2016). The grading rubric is as follows:

FINAL PAPER GRADING RUBRIC

Criteria A (18-20) B (16-17) C (14-15) D (12-13) F (0)
Quality of Sources Peer reviewed, current within 5 years, nursing oriented journals Demonstrates skillful use of high-quality, credible, relevant sources to develop ideas that are appropriate for the discipline and genre of the writing Demonstrates consistent use of credible, relevant sources to support ideas that are situated within the discipline and genre of the writing.
Demonstrates an attempt to use credible and/or relevant sources to support ideas that are appropriate for the discipline and genre of the writing. Demonstrates an attempt to use sources to support ideas in the writing. Does not demonstrate or demonstrates very poorly that sources support the ideas in the writing.
Plagiarism
Mechanics Punctuation spelling grammar, and style Uses graceful language that skillfully communicates meaning to readers with clarity and fluency, and is virtually error-free. Uses straightforward language that generally conveys meaning to readers. The language in the portfolio has few errors. Uses language that generally conveys meaning to readers with clarity, although writing may include some errors. Uses language that sometimes impedes meaning because of errors in usage. Very poor use of grammar, punctuation, spelling that consistently alters the meaning intended in the writing.
Context and Purpose
Demonstrates a thorough understanding of context, audience, and purpose that is responsive to the assigned task(s) and focuses all elements of the work. Demonstrates adequate consideration of context, audience, and purpose and a clear focus on the assigned task(s) (e.g., the task aligns with audience, purpose, and context). Demonstrates awareness of context, audience, purpose, and to the assigned tasks(s) (e.g., begins to show awareness of audience’s perceptions and assumptions). Demonstrates minimal attention to context, audience, purpose, and to the assigned tasks(s) (e.g., expectation of instructor or self as audience). Demonstrates no attention to context, audience, purpose, and to the assigned task(s).
Content
Uses appropriate, relevant, and compelling content to illustrate mastery of the subject, conveying the writer’s understanding, and shaping the whole work. Uses appropriate, relevant, and compelling content to explore ideas within the context of the discipline and shape the whole work. Uses appropriate and relevant content to develop and explore ideas through most of the work. Uses appropriate and relevant content to develop simple ideas in some parts of the work. Does not use appropriate or relevant content to develop or support simple ideas throughout the work.
APA Format 0 errors 1-2 errors 3-4 errors 5-7 or more errors 8 or more errors


 

PLACE THIS ORDER OR A SIMILAR ORDER WITH THE NURSING PROFESSIONALS TODAY AND GET AN AMAZING DISCOUNT

get-your-custom-paper


Buy Custom Nursing Papers

Buy Nursing Papers

 

The post write a formal paper in 6th edition APA style on Atrial-septal defect. You will need to identify the following in your paper: the population you are assessing (adult, elderly, child, pregnant woman, etc.), appeared first on THE NURSING PROFESSIONALS.

write a formal paper in 6th edition APA style on Atrial-septal defect. You will need to identify the following in your paper: the population you are assessing (adult, elderly, child, pregnant woman, etc.),

Identify potential impacts of a failure to log off or exit from the patient record.

Identify potential impacts of a failure to log off or exit from the patient record..

Identify potential impacts of a failure to log off or exit from the patient record.

Read and Review Chapter 10 that is attached below
Pay special attention to the topics relating to workforce security, information access management, security awareness and training, and security incident procedures.
Based on these areas, define at least four different specific threats to our information security (beyond the example given), plus a way of managing or mitigating that threat and a plan for response in case the information does become breached by that threat type. Complete a table such as the following as part of your essay. The completed table needs to show the ability to apply the principles named in a real-life scenario. Your assignment should be at least three pages long. The first row has been completed as an example.
Type of standard or threat Method to reduce threat Response plan if threat is encountered
Access Establishment and modification: The facility considers how access to EPHI is established and modified. Each system user has a unique ID and password assigned by the institution. Passwords are not shared and must be changed every 90 days to prevent unauthorized access.
Employees are trained in appropriate access and password usage. Employee shared their ID and password with fellow employee who forgot theirs:
1. The relevant user’s ID and password are immediately disabled upon issue discovery. A new user ID will be established for that user.
2. The staff member is disciplined and given official warning to never share passwords.
3. System use and audit logs for that user are reviewed by IT and HIM manager.
4. Repeated breach will result in employee dismissal

Chapter 10 Privacy and Security of Health Records
Learning Outcomes

After completing this chapter, you should be able to:

? List HIPAA transactions and uniform identifiers
? Understand HIPAA privacy and security concepts
? Apply HIPAA privacy policy in a medical facility
? Discuss HIPAA security requirements and safeguards
? Follow security policy guidelines in a medical facility
? Explain electronic signatures

Understanding HIPAA

In Chapter 11 we will discuss various ways the Internet is being used for healthcare, including various implementations of EHR on the Internet, Internet-based personal health records (PHR), and remote access. In Chapter 12 we will explore the relationship of the EHR data to the determination of codes required for medical billing. Before moving to those topics it is prudent to understand HIPAA. HIPAA is an acronym for the Health Insurance Portability and Accountability Act, passed by Congress in 1996.

The HIPAA law was intended to:

? Improve portability and continuity of health insurance coverage.
? Combat waste, fraud, and abuse in health insurance and healthcare delivery.
? Promote use of medical savings accounts
? Improve access to long-term care
? Simplify administration of health insurance

HIPAA law regulates many things. However, a portion known as the Administrative Simplification Subsection1 of HIPAA covers entities such as health plans, clearinghouses, and healthcare providers. HIPAA refers to these as covered entities or a covered entity. This means a healthcare facility or health plan and all of its employees. If you work in the healthcare field, these regulations likely govern your job and behavior. Therefore, it is not uncommon for healthcare workers to use the acronym HIPAA when they actually mean only the Administrative Simplification Subsection of HIPAA.
Note Covered Entity

HIPAA documents refer to healthcare providers, plans, and clearing-houses as covered entities. In the context of this chapter, think of a covered entity as a healthcare organization and all of its employees.

As someone who will work with patients? health records, it is especially important for you to understand the regulations regarding privacy and security. However, let us begin with a quick review of HIPAA, then study the privacy and security portions in more depth.

HIPAA implementation and enforcement is under the jurisdiction of several entities within the U.S. Department of Health and Human Services (HHS). This chapter will make extensive use of documents prepared by HHS.
Administrative Simplification Subsection

The Administrative Simplification Subsection has four distinct components:

1. Transactions and code sets
2. Uniform identifiers
3. Privacy
4. Security

HIPAA Transactions and Code Sets

The first section of the regulations to be implemented governed the electronic transfer of medical information for business purposes such as insurance claims, payments, and eligibility. When information is exchanged electronically, both sides of the transaction must agree to use the same format in order to make the information intelligible to the receiving system. Before HIPAA, transactions for nearly every insurance plan used a format that contained variations that made it different from another plan?s format. This meant that plans could not easily exchange or forward claims to secondary payers and that most providers could only send to a few plans electronically.
Eight HIPAA Transactions

HIPAA standardized these formats by requiring specific transaction standards for eight types of EDI or Electronic Data Interchange. Two additional EDI transactions are not yet finalized. The HIPAA transactions are:

1. Claims or Equivalent Encounters and Coordination of Benefits (COB)
2. Remittance and Payment Advice
3. Claims Status
4. Eligibility and Benefit Inquiry and Response 1Health Insurance Portability and Accountability Act, Title 2, subsection f.
5. Referral Certification and Authorization
6. Premium Payments
7. Enrollment and De-enrollment in a Health Plan
8. Retail Drug Claims, Coordination of Drug Benefits and Eligibility Inquiry
9. Health Claims Attachments (Not Final)
10. First Report of Injury (Not Final)

Standard Code Sets

In an EDI transaction, certain portions of the information are sent as codes. For the receiving entity to understand the content of the transaction, both the sender and the receiver must use the same codes. In most cases, these are not the nomenclature codes discussed in Chapter 2, but rather standardized codes used to effectively communicate demographic and billing information.

For example, in an insurance claim, charges for patient visits are sent as procedure codes instead of their long descriptions. The medical reasons for the procedure are sent in the claim as diagnosis codes. HIPAA requires the use of standard sets of codes. Two of those standards are:

? Diagnoses (ICD-9-CM) codes
? Procedure (CPT-4 and HCPCS) codes

You have already been introduced to the ICD-9-CM codes. CPT-4 and HCPCS codes will be discussed in Chapter 12.

There are additional codes sets for demographic and payment information. Under HIPAA, any coded information within a transaction is also subject to standards. Just a few examples of the hundreds of other codes include codes for sex, race, type of provider, and relation of the policyholder to the patient.
HIPAA Uniform Identifiers

You can see the importance of both the sending and receiving system using the same formats and code sets to report exactly what was done for the patient. Similarly, it is necessary for multiple systems to identify the doctors, nurses, and healthcare businesses sending the claim or receiving the payment. ID numbers are used in a computer processing instead of names because, for example, there could be many providers named John Smith.

However, before HIPAA, all providers had multiple ID numbers assigned to them for use on insurance claims, prescriptions, and so on. A provider typically received a different ID from each plan and sometimes multiple numbers from the same plan. This created a problem for the billing office to get the right ID on the right claim and made electronic coordination of benefits all but impossible.

HIPAA established uniform identifier standards to be used on all claims and other data transmissions. These include:

? National Provider Identifier This type of identifier is assigned to doctors, nurses, and other healthcare providers.
? Employer Identifier This identifier is used to identify employer-sponsored health insurance. It is the same as the federal Employer Identification Number (EIN) employers are assigned for their taxes by the Internal Revenue Service.
? National Health Plan Identifier This identifier has not yet been implemented, but when it is it will be a unique identification number assigned to each insurance plan and to the organizations that administer insurance plans, such as payers and third-party administrators.

HIPAA Privacy Rule

The HIPAA privacy standards are designed to protect a patient?s identifiable health information from unauthorized disclosure or use in any form, while permitting the practice to deliver the best healthcare possible. When the HIPAA legislation was passed, ?Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information.?2
Note PHI

HIPAA privacy rules frequently refer to PHI or Protected Health Information. PHI is the patient?s personally identifiable health information.

Healthcare providers have a strong tradition of safeguarding private health information and have established privacy practices already in effect for their offices. For instance:

? ?By speaking quietly when discussing a patient?s condition with family members in a waiting room or other public area;
? By avoiding using patients? names in public hallways and elevators, and posting signs to remind employees to protect patient confidentiality;
? By isolating or locking file cabinets or records rooms; or
? By providing additional security, such as passwords, on computers maintaining personal information.

However, The Privacy Rule establishes, for the first time, a foundation of federal protections for the privacy of protected health information. The Rule does not replace federal, state, or other law that grants individuals even greater privacy protections, and covered entities are free to retain or adopt more protective policies or practices.?3

To comply with the law, privacy activities in the average medical facility might include:

? Providing a copy of the office privacy policy informing patients about their privacy rights and how their information can be used. 2 Guidance on HIPAA Standards for Privacy of Individually Identifiable Health Information (Washington, DC: U.S. Department of Health and Human Services Office for Civil Rights, December 3, 2002, and revised April 3, 2003). 3Ibid.
? Asking the patient to acknowledge receiving a copy of the policy or signing a consent form.
? Obtaining signed authorization forms and in some cases tracking the disclosures of patient health information when it is to be given to a person or organization outside the practice for purposes other than treatment, billing, or payment purposes.
? Adopting clear privacy procedures for its practice.
? Training employees so that they understand the privacy procedures.
? Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed.
? Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.

Let us examine each of these points.
Privacy Policy

?The HIPAA Privacy Rule gives individuals a fundamental new right to be informed of the privacy practices of their health plans and of most of their healthcare providers, as well as to be informed of their privacy rights with respect to their personal health information. Health plans and covered healthcare providers are required to develop and distribute a notice that provides a clear explanation of these rights and practices. The notice is intended to focus individuals on privacy issues and concerns, and to prompt them to have discussions with their health plans and healthcare providers and exercise their rights.

?Covered entities are required to provide a notice in plain language that describes:

? How the covered entity may use and disclose protected health information about an individual.
? The individual?s rights with respect to the information and how the individual may exercise these rights, including how the individual may complain to the covered entity.
? The covered entity?s legal duties with respect to the information, including a statement that the covered entity is required by law to maintain the privacy of protected health information.
? Whom individuals can contact for further information about the covered entity?s privacy policies.?4

The privacy policy must meet the requirements of HIPAA law and the use or disclosure of PHI must be consistent with the privacy notice provided to the patient.
Consent

The term consent has multiple meanings in a medical setting. Informed consent refers to the patient?s agreement to receive medical treatment having been provided sufficient information to make an informed decision. Consent for medical procedures must still be obtained by the practice.

4Ibid.
Figure 10-1 The patient acknowledges receipt of the medical facility?s privacy policy.

Under the Privacy Rule the term consent is only concerned with use of the patient?s information, and should not be confused with consent for the treatment itself. The Privacy Rule originally required providers to obtain patient ?consent? to use and disclose PHI except in emergencies. The rule was almost immediately revised to make it easier to use PHI for the purposes of treatment, payment, or operation of the healthcare practice.

Under the revised Privacy Rule, the patient gives consent to the use of their PHI for the purposes of treatment, payment, and operation of the healthcare practice. The patient does this by signing a consent form or signing an acknowledgment that he or she has received a copy of the office?s privacy policy. Figure 10-1 shows a patient receiving a copy of the medical facility?s privacy policy. The patient signs a form acknowledging receipt of the privacy policy.

Although most healthcare providers who see patients obtain HIPAA ?consent? as part of the routine demographic and insurance forms that patients sign, the rule permits some uses of PHI without the individual?s authorization:

? A healthcare entity may use or disclose PHI for its own treatment, payment, and healthcare operations activities. For example, a hospital may use PHI to provide healthcare to the individual and may consult with other healthcare providers about the individual?s treatment.
? A healthcare provider may disclose PHI about an individual as part of a claim for payment to a health plan.
? A healthcare provider may disclose PHI related to the treatment or payment activities of any healthcare provider (including providers not covered by the Privacy Rule). Consider these examples:
A doctor may send a copy of an individual?s medical record to a specialist who needs the information to treat the individual. A hospital may send a patient?s healthcare instructions to a nursing home to which the patient is transferred. A physician may send an individual?s health plan coverage information to a laboratory that needs the information to bill for tests ordered by the physician. A hospital emergency department may give a patient?s payment information to an ambulance service that transported the patient to the hospital in order for the ambulance provider to bill for its treatment.
? A health plan may use protected health information to provide customer service to its enrollees.

Others within the office can use PHI also. For example, doctors and nurses can share the patient?s chart to discuss what the best course of care might be. The doctor?s administrative staff can access patient information to perform billing, transmit claims electronically, post payments, file the charts, type up the doctor?s progress notes, and print and send out patient statements.

The office administrators can also use PHI for operation of the medical practice?for example, to determine how many staff they will need on a certain day, whether they should invest in a particular piece of equipment, what types of patients they are seeing the most of, where most of their patients live, and any other uses that will help make the office operate more efficiently.

The HHS Guidance document states: ?A covered entity may voluntarily choose, but is not required, to obtain the individual?s consent for it to use and disclose information about him or her for treatment, payment, and healthcare operations. A covered entity that chooses to have a consent process has complete discretion under the Privacy Rule to design a process that works best for its business and consumers.?5
Modifying HIPAA Consent

?Individuals have the right to request restrictions on how a covered entity will use and disclose protected health information about them for treatment, payment, and healthcare operations. A covered entity is not required to agree to an individual?s request for a restriction, but is bound by any restrictions to which it agrees.

?Individuals also may request to receive confidential communications from the covered entity, either at alternative locations or by alternative means. For example, an individual may request that her healthcare provider call her at her office, rather than her home. A healthcare provider must accommodate an individual?s reasonable request for such confidential communications.?6
Authorization

?A consent document is not a valid permission to use or disclose protected health information for a purpose that requires an authorization under the Privacy Rule.?7

Authorization differs from consent in that it does require the patient?s permission to disclose PHI.

Some instances that would require an authorization include sending the results of an employment physical to an employer and sending immunization records or the results of an athletic physical to the school.

5Ibid.

6Ibid.

7Ibid.
Figure 10-2 Sample authorization form with elements required by HIPAA.

The appearance of an authorization form is up to the practice, but the Privacy Rule requires that it contain specific information. Specific elements required by HIPAA are highlighted in yellow on the sample form shown in Figure 10-2. The required elements are:

? Date signed
? Expiration date
? To whom the information may be disclosed
? What is permitted to be disclosed
? For what purpose the information may be used

Unlike the Privacy Rule concept of consent, authorizations are not global. A new authorization is signed each time there is a different purpose or need for the patient?s information to be disclosed.
Research

Authorizations are usually required for researchers to use PHI. The only difference in a research authorization form is that it is not required to have an expiration date. The authorization may be combined with consent to participate in a clinical trial study for example.
Research Exceptions

To protect the patient?s information while at the same time ensuring that researchers continue to have access to medical information necessary to conduct vital research, the Privacy Rule does allow some exceptions that permit researchers to access PHI without individual authorizations. Typically, these are cases where the patients are deceased; where the researcher is using PHI only to prepare a research protocol; or where a waiver has been issued by an internal review board, specifying that none of the information will be removed or used for any other purpose.
Marketing

The Privacy Rule specifically defines marketing and requires individual authorization for all uses or disclosures of PHI for marketing purposes with limited exceptions. These exceptions are generally when information from the provider is sent to all patients in the practice about improvements or additions to the practice; or when the information is sent to the patient about their own treatments. For example, a reminder about an annual checkup is not marketing.
Government Agencies

One area that permits the disclosure of PHI without a patient?s authorization or consent is when it is requested by an authorized government agency. Generally, such requests are for legal (law enforcement, subpoena, court orders, and so on) or public health purposes. A request by the FDA for information on patients who are having adverse reactions to a particular drug might be an example. Another example might be an audit of medical records by CMS to determine if sufficient documentation exists to justify Medicare claims.

The Privacy Rule also permits the disclosure of PHI, without authorization, to public health authorities for the purpose of preventing or controlling disease or injury as well as maintaining records of births and deaths. This would include, for example, the reporting of a contagious disease to the CDC or an adverse reaction to a regulated drug or product to the FDA.

Similarly, providers are also permitted to disclose PHI concerning on-the-job injuries to workers? compensation insurers, state administrators, and other entities to the extent required by state workers? compensation laws.

To ensure that covered entities protect patients? privacy as required, the Privacy Rule requires that health plans, hospitals, and other covered entities cooperate with efforts by the HHS Office for Civil Rights (OCR) to investigate complaints or otherwise ensure compliance.
Minimum Necessary

The Privacy Rule minimum necessary standard is intended to limit unnecessary or inappropriate access to and disclosure of PHI beyond what is necessary. For example, if an insurance plan requests the value of a patient?s hematocrit test to justify a claim for administering a drug, then the minimum necessary disclosure would be to send only the hematocrit result, not the patient?s entire panel of tests.
No Restrictions on PHI for Treatment of the Patient

The minimum necessary standard does not apply to disclosures to or requests by a healthcare provider for PHI used for treatment purposes.

?The Privacy Rule generally requires covered entities to take reasonable steps to limit the use or disclosure of, and requests for, protected health information to the minimum necessary to accomplish the intended purpose. The minimum necessary standard does not apply to the following:

? Disclosures to or requests by a healthcare provider for treatment purposes.
? Disclosures to the individual who is the subject of the information.
? Uses or disclosures made pursuant to an individual?s authorization.
? Uses or disclosures required for compliance with the Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification Rules.
? Disclosures to the Department of Health and Human Services (HHS) when disclosure of information is required under the Privacy Rule for enforcement purposes.
? Uses or disclosures that are required by other law.

The implementation specifications for this provision require a covered entity to develop and implement policies and procedures appropriate for its own organization, reflecting the entity?s business practices and workforce.?8
Incidental Disclosures

8Ibid.

?Many customary healthcare communications and practices play an important or even essential role in ensuring that individuals receive prompt and effective healthcare. Due to the nature of these communications, as well as the various environments in which individuals receive healthcare, the potential exists for an individual?s health information to be disclosed incidentally.

For example, a hospital visitor may overhear a provider?s confidential conversation with another provider or a patient, or may glimpse a patient?s information on a sign-in sheet or nursing station whiteboard.

The HIPAA Privacy Rule is not intended to impede customary and essential communications and practices and, thus, does not require that all risk of incidental use or disclosure be eliminated to satisfy its standards. In fact the Privacy Rule permits certain incidental uses and disclosures of protected health information to occur where there is in place reasonable safeguards and minimum necessary policies and procedures that normally protect an individual?s privacy?9

Incidental disclosure is one of the exceptions to the Breach Notification Requirements discussed later in the chapter.
Critical Thinking Exercise 60: What Is Required?

You are employed at a medical facility. One of your patients is being treated as a result of an accident. The doctor asks you to take the patient?s x-rays to a colleague for an opinion on the best treatment.

1. What HIPAA form does the patient need to sign to permit you to do this? The same patient is suing the company responsible for the accident. His attorney has asked for copies of the x-rays to prepare his case.
2. What HIPAA form does the patient need to sign to permit you to do this?

A Patient?s Right to Know about Disclosures

Whether the practice has disclosed PHI based on a signed authorization or to comply with a government agency, the patient is entitled to know about it. Therefore, in most cases the medical facility must track the disclosure.

The Privacy Rule gives individuals the right to receive a report of all disclosures made for purposes other than treatment, payment, or operation of the healthcare facility. The report must include the date of the disclosure, to whom the information was provided, a description of the information, and the stated purpose for the disclosure. The patient can request the report at any time and the practice must keep the records for at least six years.

Furthermore, Breach Notification Requirements, discussed later in the chapter, require the patient to be notified in writing when a breach of his or her PHI has occurred.
Patient Access to Medical Records

9Ibid.

In addition to protecting privacy, the law generally allows patients to be able to see and obtain copies of their medical records and request corrections if they identify errors and mistakes. Health plans, doctors, hospitals, clinics, nursing homes, and other covered entities generally must provide access to these records within 30 days of a patient request, but may charge patients for the cost of copying and sending the records.
Personal Representatives

?There may be times when individuals are legally or otherwise incapable of exercising their rights, or simply choose to designate another to act on their behalf with respect to these rights. Under the Rule, a person authorized to act on behalf of the individual in making healthcare related decisions is the individual?s personal representative.

?The Privacy Rule requires covered entities to treat an individual?s personal representative as the individual with respect to uses and disclosure of the individual?s protected health information, as well as the individual?s rights under the Rule.

?The personal representative stands in the shoes of the individual and has the ability to act for the individual and exercise the individual?s rights?. In addition to exercising the individual?s rights under the Rule, a personal representative may also authorize disclosures of the individual?s protected health information.?10

In general, the personal representative?s authority over privacy matters parallels his or her authority to act on other healthcare decisions.

? Where the personal representative has broad authority in making healthcare decisions, the personal representative is treated as the individual for all purposes under the Privacy Rule.
? Examples include a parent with respect to a minor child or a legal guardian of a mentally incompetent adult.
? Where the representative?s authority is limited to particular healthcare decisions, his or her authority concerning PHI is limited to the same area.
? For example, a person with limited healthcare power of attorney about artificial life support could not sign an authorization for the disclosure of protected health information for marketing purposes.
Figure 10-3 Persons automatically recognized as personal representatives for patients.

10Ibid.
? When the patient is deceased, a person who has authority to act on the behalf of the deceased or the deceased?s estate is the personal representative for all purposes under the Privacy Rule.

Figure 10-3 provides a chart of who must be recognized as the personal representative for a category of individuals.
Minor Children

In most cases, the parent, guardian, or other person acting as parent is the personal representative and acts on behalf of the minor child with respect to PHI. Even if a parent is not the child?s personal representative, the Privacy Rule permits a parent access to a minor child?s PHI when and to the extent it is permitted or required by state or other laws.

Conversely, regardless of the parent?s status as personal representative, the Privacy Rule prohibits providing access to or disclosing the child?s PHI to the parent, when and to the extent it is expressly prohibited under state or other laws.

However, the Privacy Rule specifies three circumstances in which the parent is not the personal representative with respect to certain health information about the minor child. ?The three exceptional circumstances when a parent is not the minor?s personal representative are:

? When State or other law does not require the consent of a parent or other person before a minor can obtain a particular healthcare service, and the minor consents to the healthcare service; Example: A State law provides an adolescent the right to obtain mental health treatment without the consent of his or her parent, and the adolescent consents to such treatment without the parent?s consent.
? When a court determines or other law authorizes someone other than the parent to make treatment decisions for a minor; Example: A court may grant authority to make healthcare decisions for the minor to an adult other than the parent, to the minor, or the court may make the decision(s) itself.
? When a parent agrees to a confidential relationship between the minor and the physician. Example: A physician asks the parent of a 16-year-old if the physician can talk with the child confidentially about a medical condition and the parent agrees.

If state or other laws are silent or unclear about parental access to the minor?s PHI, the Privacy Rule grants healthcare professionals the discretion to allow or deny a parent access to a minor?s PHI based on their professional judgment.?11
Critical Thinking Exercise 61: Comparison of Privacy Policy

The purpose of this exercise is let you compare what you have learned in this chapter to an example from the real world. Visit a medical office or other healthcare facility and ask for a copy of their HIPAA Privacy Policy. Some providers have their privacy policy on their web site as well. You may print a copy of that as an acceptable alternative for the purpose of this exercise.

11Ibid.

Figure 10-4 provides a summary of patient rights under the Privacy Rule. It is published by HHS Office of Civil Rights, which enforces the HIPAA Privacy Rule.

Compare the contents of the privacy policy you obtained with the points in the sample CMS brochure shown in Figure 10-4. Write a brief paper comparing the points of the government document with the copy of the privacy policy you obtained. Give your instructor a copy of the privacy policy you obtained along with your paper.
Figure 10-4 Patient Privacy Summary published by the U.S. Department of Health and Human Services Office for Civil Rights.

Business Associates

?The HIPAA Privacy Rule applies only to covered entities?healthcare providers, plans, and clearinghouses. However, most healthcare providers and health plans do not carry out all of their healthcare activities and functions by themselves. Instead, they often use the services of a variety of other persons or businesses. The Privacy Rule allows covered providers and health plans to disclose protected health information to these business associates if the providers or plans obtain written satisfactory assurances that the business associate will use the information only for the purposes for which it was engaged by the covered entity, will safeguard the information from misuse, and will help the covered entity comply with some of the covered entity?s duties under the Privacy Rule.

?The covered entity?s contract or other written arrangement with its business associate must contain the elements specified in the privacy rule. For example, the contract must:

? Describe the permitted and required uses of protected health information by the business associate;
? Provide that the business associate will not use or further disclose the protected health information other than as permitted or required by the contract or as required by law; and
? Require the business associate to use appropriate safeguards to prevent a use or disclosure of the protected health information other than as provided for by the contract.?12

It will generally fall to the privacy officer (or in larger healthcare organizations, the legal department) to ensure that business associate agreements are on file for clearinghouses, transcription services, and other businesses with whom your employer will exchange PHI.
Civil and Criminal Penalties

?Congress provided civil and criminal penalties for covered entities that misuse personal health information. For civil violations of the standards, OCR may impose monetary penalties up to $100 per violation, up to $25,000 per year, for each requirement or prohibition violated. Criminal penalties apply for certain actions such as knowingly obtaining protected health information in violation of the law. Criminal penalties can range up to $50,000 and one year in prison for certain offenses; up to $100,000 and up to five years in prison if the offenses are committed under ?false pretenses?; and up to $250,000 and up to 10 years in prison if the offenses are committed with the intent to sell, transfer or use protected health information for commercial advantage, personal gain or malicious harm.?13
Note HIPAA Duties of OCR versus CMS

OCR within HHS oversees and enforces the Privacy Rule, whereas CMS oversees and enforces all other Administrative Simplification requirements, including the Security Rule.

The Health Information Technology and Economic Clinical Health (HITECH) Act, introduced in Chapter 1, also addressed privacy and security concerns associated with the electronic transmission of health information, in part through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules. Subtitle D of the HITECH Act strengthens the civil and criminal enforcement of the HIPAA rules by establishing:

? Four categories of violations that reflect increasing levels of culpability
? Four corresponding tiers of penalty amounts that significantly increase the minimum penalty amount for each violation
? A maximum penalty amount of $1.5 million for all violations of an identical provision

12Ibid.

13Fact Sheet: Protecting the Privacy of Patients? Health Information (Washington, DC: U.S. Department of Health and Human Services Press Office, April 14, 2003).
Real-Life Story The First HIPAA Privacy Case

From the United States Attorney?s Office, Western District of Washington 14

The first legal case under the privacy rule concerned the theft of patient demographic information (name, address, date of birth, Social Security number) by an employee in a medical office.

The former employee of a cancer care facility pled guilty in federal court in Seattle, Washington, to wrongful disclosure of individually identifiable health information for economic gain. This is the first criminal conviction in the United States under the health information privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA), which became effective in April 2003. Those provisions made it illegal to wrongfully disclose personally identifiable health information.

The former employee admitted that he obtained a cancer patient?s name, date of birth, and Social Security number while employed at the medical facility, and that he disclosed that information to get four credit cards in the patient?s name. He also admitted that he used several of those cards to rack up more than $9,000 in debt in the patient?s name. He used the cards to purchase various items, including video games, home improvement supplies, apparel, jewelry, porcelain figurines, groceries, and gasoline for his personal use. He was fired shortly after the identity theft was discovered.

?Too many Americans have experienced identity theft and the nightmare of dealing with bills they never incurred. To be a vulnerable cancer patient, fighting for your life, and having to cope with identity theft is just unconscionable,? stated United States Attorney John McKay. ?This case should serve as a reminder that misuse of patient information may result in criminal prosecution.?

The case was investigated by the Federal Bureau of Investigation (FBI) and prosecuted by the United States Attorney?s Office. The man was sentenced to a term of 10 to 16 months. He also has agreed to pay restitution to the credit card companies, and to the patient for expenses he incurred as a result of the misuse of his identity.

Although identity theft is serious, the consequences are much greater in a medical setting than if the same information had been stolen from an ordinary business. Why? Because even the patient?s name and date of birth are part of the PHI. Additionally, the disclosure of medical information for financial gain could have resulted in a sentence of 10 years for each violation. The case serves as a reminder for everyone in the healthcare field of the personal responsibility for protecting PHI.

Although the patient privacy rule under HIPAA does not restrict the internal use of health information by the staff for treatment, payment, and office operations, you should make every effort to protect your patients? privacy and always follow the privacy policy of the practice.

14Press release, United States Attorney?s Office, Western District of Washington, August 19, 2004.
HIPAA Security Rule

To fully comply with the Privacy Rule, it is necessary to understand and implement the requirements of the Security Rule. There are clearly areas in which the two rules supplement each other because both the HIPAA Privacy and Security rules are designed to protect identifiable health information. However, the Privacy Rule covers PHI in all forms of communications, whereas the Security Rule covers only electronic information. Because of this difference, security discussions are assumed to be about the protection of electronic health records, but the Security Rule actually covers all PHI that is stored electronically. This is called EPHI.
Note PHI?EPHI

The Security Rule applies only to EPHI, whereas the Privacy Rule applies to PHI, which may be in electronic, oral, and paper form.

In this section, you will learn about the Security Rule. As with the previous section, much of the information provided is drawn directly from HHS documents. HHS regulates and enforces HIPAA using two different divisions for enforcement. OCR or Office of Civil Rights enforces the Privacy Rule whereas CMS enforces the Security Rule. As an employee of a covered entity, it is important that you participate in the security training and follow the security policy and procedures of your healthcare organization.
Why a Security Rule?

Before HIPAA, no generally accepted set of security standards or general requirements for protecting health information existed in the healthcare industry. At the same time, new technologies were evolving, and the healthcare industry began to move away from paper processes and rely more heavily on the use of computers to pay claims, answer eligibility questions, provide health information, and conduct a host of other administrative and clinically based functions.

In order to provide more efficient access to critical health information, covered entities are using web-based applications and other ?portals? that give physicians, nurses, medical staff as well as administrative employees more access to electronic health information. Although this means that the medical workforce can be more mobile and efficient (i.e., physicians can check patient records and test results from wherever they are), the rise in the adoption rate of these technologies creates an increase in potential security risks. As the country moves towards its goal of a National Health Information Infrastructure (NHII), and greater use of electronic health records, protecting the confidentiality, integrity, and availability of EPHI becomes even more critical.

The security standards in HIPAA were developed for two primary purposes.

? First, and foremost, the implementation of appropriate security safeguards protects certain electronic healthcare information that may be at risk.
? Second, protecting an individual?s health information, although permitting the appropriate access and use of that information, ultimately promotes the use of electronic health information in the industry.

The Privacy Rule and Security Rule Compared

The Privacy Rule sets the standards for, among other things, who may have access to PHI, while the Security Rule sets the standards for ensuring that only those who should have access to EPHI will actually have access. The primary distinctions between the two rules follow:

? Electronic versus oral and paper: The Privacy Rule applies to all forms of patients? protected health information, whether electronic, written, or oral. In contrast, the Security Rule covers only protected health information that is in electronic form. This includes EPHI that is created, received, maintained, or transmitted.
? ?Safeguard? requirement in Privacy Rule: While the Privacy Rule contains provisions that currently require covered entities to adopt certain safeguards for PHI, the Security Rule provides for far more comprehensive security requirements and includes a level of detail not provided in the Privacy Rule section.

Security Standards

The security standards are divided into the categories of administrative, physical, and technical safeguards. Each category of the safeguards is comprised of a number of standards, which generally contain a number of implementation specifications.

? Administrative safeguards: In general, these are the administrative functions that should be implemented to meet the security standards. These include assignment or delegation of security responsibility to an individual and security training requirements.
? Physical safeguards: In general, these are the mechanisms required to protect electronic systems, equipment and the data they hold, from threats, environmental hazards and unauthorized intrusion. They include restricting access to EPHI and retaining off-site computer backups.
? Technical safeguards: In general, these are primarily the automated processes used to protect data and control access to data. They include using authentication controls to verify that the person signing onto a computer is authorized to access that EPHI, or encrypting and decrypting data as it is being stored and/or transmitted.

In addition to the safeguards (listed above), the Security Rule also contains several standards and implementation specifications that address organizational requirements, as well as policies and procedures and documentation requirements.15
Implementation Specifications

An implementation specification is an additional detailed instruction for implementing a particular standard. Implementation requirements and features within the categories were listed in the Security Rule by alphabetical order to convey that no one item was considered to be more important than another.

Implementation specifications in the Security Rule are either ?Required? or ?Addressable.? Addressable does not mean optional.

To help you understand the organization of safeguards, security standards, and implementation specifications, a matrix of the HIPAA Security Rule is provided in Figure 10-5. The matrix is a part of the official rule and published as an appendix to the rule.16 You may wish to refer to Figure 10-5 as we discuss each of the following sections.

15Adapted from Security 101 for Covered Entities, HIPAA Security Series (Baltimore, MD: Centers for Medicare and Medicaid Services, November 2004 and revised March 2007).

16Figure adapted from Appendix A to Subpart C of Part 164, Health Insurance Reform: Security Standards; Final Rule.
Figure 10-5 HIPAA Security Standards Matrix.

Administrative Safeguards

The name Security Rule sounds like it might be very technical, but the largest category of the rule is Administrative Safeguards. The Administrative Safeguards comprise over half of the HIPAA security requirements.

Administrative Safeguards are the policies, procedures, and actions to manage the implementation and maintenance of security measures to protect EPHI. The Administrative Standards are as follows:

17Adapted from Security Standards: Administrative Safeguards, HIPAA Security Series #2 (Baltimore, MD: Centers for Medicare and Medicaid Services, May 2005 and revised March 2007).

Security Management Process

The Security Management Process is the first step. It is used to establish the administrative processes and procedures. There are four implementation specifications in the Security Management Process standard.

1. Risk Analysis Identify potential security risks and determine how likely they are to occur and how serious they would be.
2. Risk Management Make decisions about how to address security risks and vulnerabilities. The risk analysis and risk management decisions are used to develop a strategy to protect the confidentiality, integrity, and availability of EPHI.
3. Sanction Policy Define for employees what the consequences of failing to comply with security policies and procedures are.
4. Information System Activity Review Regularly review records such as audit logs, access reports, and security incident tracking reports. The information system activity review helps to determine if any EPHI has been used or disclosed in an inappropriate manner.

Assigned Security Responsibility

Similar to the Privacy Rule, which requires an individual be designated as the privacy official, the Security Rule requires one individual be designated the security official. The security official and privacy official can be the same person, but do not have to be. The security official has overall responsibility for security; however, specific security responsibilities may be assigned to other individuals. For example, the security official might designate the IT Director to be responsible for network security. Figure 10-6 shows a staff meeting at which security policy is being reviewed.

Figure 10-6 Medical office staff review security policy and appoint security officer.

Workforce Security

Within Workforce Security there are three addressable implementation specifications:

1. Authorization or Supervision Authorization is the process of determining whether a particular user (or a computer system) has the right to carry out a certain activity, such as reading a file or running a program.
2. Workforce Clearance Procedure Ensure members of the workforce with authorized access to EPHI receive appropriate clearances.
3. Termination Procedures Whether the employee leaves the organization voluntarily or involuntarily, termination procedures must be in place to remove access privileges when an employee, contractor, or other individual previously entitled to access information no longer has these privileges.

Information Access Management

Restricting access to only those persons and entities with a need for access is a basic tenet of security. By managing information access, the risk of inappropriate disclosure, alteration, or destruction of EPHI is minimized. This safeguard supports the ?minimum necessary standard? of the HIPAA Privacy Rule.

The Information Access Management standard has three implementation specifications.

1. Access Authorization In the Workforce Security standard (see preceding section) the healthcare organization determines who has access. This section requires the organization to identify who has authority to grant that access and the process for doing so.
2. Access Establishment and Modification Once a covered entity has clearly defined who should get access to what EPHI and under what circumstances, it must consider how access is established and modified.
3. Isolating Healthcare Clearinghouse Functions A clearinghouse is a unique HIPAA-covered entity whose function is to translate nonstandard transactions into HIPAA standards. In the very rare case that your healthcare organization also operates a clearinghouse, the rule requires the isolation of clearinghouse computers from other systems in the organization.

Security Awareness and Training

Security awareness and training for all new and existing members of the workforce is required. Figure 10-7 illustrates training an employee. In addition, periodic retraining should be given whenever environmental or operational changes affect the security of EPHI.
Figure 10-7 Training a new employee on security policy and procedures.

Regardless of the Administrative Safeguards a covered entity implements, those safeguards will not protect the EPHI if the workforce is unaware of its role in adhering to and enforcing them. Many security risks and vulnerabilities within covered entities are internal. This is why the Security Awareness and Training standard is so important.

The Security Awareness and Training standard has four implementation specifications.

1. Security Reminders Security reminders might include notices in printed or electronic form, agenda items and specific discussion topics at monthly meetings, focused reminders posted in affected areas, as well as formal retraining on security policies and procedures.
2. Protection from Malicious Software One important security measure that employees need to be reminded of is that malicious software is frequently brought into an organization through email attachments and programs that are downloaded from the Internet. As a result of an unauthorized infiltration, EPHI and other data can be damaged or destroyed or, at a minimum, can require expensive and time-consuming repairs.
3. Log-In Monitoring Security awareness and training also should address how users log onto systems and how they are supposed to manage their passwords. Typically, an inappropriate or attempted login is when someone enters multiple combinations of user names or passwords to attempt to access an information system. Fortunately, many information systems can be set to identify multiple unsuccessful attempts to log in. Other systems might record the attempts in a log or audit trail. Still other systems might disable a password after a specified number of unsuccessful log in attempts. Once capabilities are established, the workforce must be made aware of how to use and monitor them.
4. Password Management In addition to providing a password for access, entities must ensure that workforce members are trained on how to safeguard the information. Train all users and establish guidelines for creating passwords and changing them during periodic change cycles.

Security Incident Procedures

Security incident procedures must address how to identify security incidents and provide that the incident be reported to the appropriate person or persons. Examples of possible incidents include:

? Stolen or otherwise inappropriately obtained passwords that are used to access EPHI
? Corrupted backup tapes that do not allow restoration of EPHI
? Virus attacks that interfere with the operations of information systems with EPHI
? Physical break-ins leading to the theft of media with EPHI
? Failure to terminate the account of a former employee that is then used by an unauthorized user to access information systems with EPHI
? Providing media with EPHI, such as a PC hard drive or laptop, to another user who is not authorized to access the EPHI before removing the EPHI stored on the media

There is one required implementation specification for this standard:

1. Response and Reporting Establish adequate response and reporting procedures for these and other types of events.

Contingency Plan

What happens if a healthcare facility experiences a power outage, a natural disaster, or other emergency that disrupts normal access to healthcare information? A contingency plan consists of strategies for recovering access to EPHI should the organization experience a disruption of critical business operations. The goal is to ensure that EPHI is available when it is needed.

The Contingency Plan standard includes five implementation specifications:

1. Data Backup Plan Data backup plans are an important safeguard and a required implementation specification. Most covered entities already have backup procedures as part of current business practices.
2. Disaster Recovery Plan These are procedures to restore any loss of data.
3. Emergency Mode Operation Plan When operating in emergency mode because of a technical failure or power outage, security processes to protect EPHI must be maintained.
4. Testing and Revision Procedures Periodically test and revise contingency plans.
5. Application and Data Criticality Analysis Analyze software applications that store, maintain, or transmit EPHI and determine how important each is to patient care or business needs. A prioritized list of specific applications and data will help determine which applications or information systems get restored first or that must be available at all times.

Evaluation

Ongoing evaluation of security measures is the best way to ensure all EPHI is adequately protected. Periodically evaluate strategy and systems to ensure that the security requirements continue to meet the organization?s operating environments.
Business Associate Contracts and Other Arrangements

The Business Associate Contracts and Other Arrangements standard is comparable to the Business Associate Contract standard in the Privacy Rule, but is specific to business associates that create, receive, maintain, or transmit EPHI. The standard has one implementation specification:

1. Written Contract or Other Arrangement Covered entities should have a written agreement with business associates ensuring the security of EPHI. Government agencies that exchange EPHI should have a Memorandum of Understanding.

Real-Life Story Contingency Plans Ensure Continued Ability to Deliver Care

By Tanya Townsend

Chief information Officer at HSHS?Eastern Division in Greenbay, Wisconsin.

Several years ago I had the opportunity to set up a new hospital that used all-digital health records?that is, there were no paper patient records, charts, or orders. As I talked to other hospitals and IT professionals about our accomplishments, one question I was frequently asked was, ?What are your contingency plans in case of a power or system failure??

Much of our plan was designed to avoid an outage in the first place. We had several redundancies in place to prevent that. For example, there are two WAN (wide-area network) connections?completely separate links going out different sides of the building to our core data center. The idea is that if one of those lines were to become disconnected for any reason, the other would seamlessly continue to function. In actual capacity they are balanced to make sure that can be accomplished. We also have redundancies on the LAN (local-area network) with wireless access points. As mobile as we are, we are very dependent on wireless.

For data protection we have multiple data centers. On the hospital side we have two different data centers that are redundant. On the ambulatory side there are three. In addition to these data centers, we also back up all the data in real time to another off-site location in Madison, which is a couple of hours away.

Should we lose connectivity because both links are down, we have a satellite antenna on the roof that can access the backup data in Madison. So as long as you can still power up your computer, you can get to the historical information. Electrical power can be supplied by an emergency generator that is designed to come online automatically in the event of a power loss.

Should the systems ever be completely down, we still need to take care of patients. In that event, we have downtime procedures for using paper forms that would allow us to continue to function. The necessary forms can be printed on demand but we have some preprinted copies on hand in case a power loss prevented us from printing. Once the system again becomes available, we have a policy and process for incorporating that paper documentation back into the system so we are not forced to carry that paper record forward.

The other area where we have built redundancy is our voice communications. We are using Voice-over-IP technology for our telecommunications, so a power or network outage would mean our phones would not work either. We plan for that by having cell phones and radios available. We also have certain phones that use traditional phone lines so we can continue to communicate.

We do a practice run, a mock downtime situation twice a year. One run is just simulated, but for the second one we actually take the systems down to make sure that we know how we are going to function. We also have planned outages, where we need to take the system down because we are upgrading it or doing maintenance on it. We continue to strive to keep those outages as brief as possible, but in those events we go to our downtime procedures and we continuously learn and improve on these.
Physical Safeguards18

The Security Rule defines physical safeguards as physical measures, policies, and procedures to protect a covered entity?s electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion.

18Adapted from Security Standards: Physical Safeguards, HIPAA Security Series #3 (Baltimore, MD: Centers for Medicare and Medicaid Services, February 2005 and revised March 2007).
Figure 10-8 Review facility security and emergency contingency plans periodically.
Facility Access Controls

Facility Access Controls are policies and procedures to limit physical access to electronic information systems and the facility or facilities in which they are housed. Figure 10-8 illustrates a staff meeting on facility security.

There are four implementation specifications.

1. Access Control and Validation Procedures Access Control and Validation are procedures to determine which persons should have access to certain locations within the facility based on their role or function.
2. Contingency Operations Contingency operations refer to physical security measures to be used in the event of the activation of contingency plans.
3. Facility Security Plan The Facility Security Plan defines and documents the safeguards used to protect the facility or facilities. Some examples include:
? Locked doors, signs warning of restricted areas, surveillance cameras, alarms
? Property controls such as property control tags, engraving on equipment
? Personnel controls such as identification badges, visitor badges, or escorts for large offices
? Private security service or patrol for the facility
In addition, all staff or employees must know their roles in facility security.
4. Maintenance Records Document facility security repairs and modifications such as changing locks, making routine maintenance checks, or installing new security devices.

Workstation Use

Inappropriate use of computer workstations can expose a covered entity to risks, such as virus attacks, compromise of information systems, and breaches of confidentiality. Specify the proper functions to be performed by electronic computing devices.

Workstation use also applies to workforce members using off-site workstations that can access EPHI. This includes employees who work from home, in satellite offices, or in another facility.
Workstation Security

Although the Workstation Use standard addresses the policies and procedures for how workstations should be used and protected, the Workstation Security standard addresses how workstations are to be physically protected from unauthorized users.
Device and Media Controls

Device and Media Controls are policies and procedures that govern the receipt and removal of hardware and electronic media that contain EPHI, into and out of a facility, and the movement of these items within the facility.

The Device and Media Controls standard has four implementation specifications, two required and two addressable.

1. Disposal When disposing of any electronic media that contains EPHI, make sure it is unusable or inaccessible.
2. Media Reuse Instead of disposing of electronic media, covered entities may want to reuse it. The EPHI must be removed before the media can be reused.
3. Accountability When hardware and media containing EPHI are moved from one location to another, a record should be maintained of the move. Portable computers and media present a special challenge. Portable technology is getting smaller, is less expensive, and has an increased capacity to store large quantities of data, making accountability even more important and challenging.
4. Data Backup and Storage This specification protects the availability of EPHI and is similar to the Data Backup Plan for the contingency plan.

Technical Safeguards19

The Security Rule defines technical safeguards as ?the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.?

19Adapted from Security Standards: Technical Safeguards, HIPAA Security Series #4 (Baltimore, MD: Centers for Medicare and Medicaid Services, May 2005 and revised March 2007).

Because security technologies are likely to evolve faster than legislative rules, specific technologies are not designated by the Security Rule. Where the CMS guidance documents provide examples of security measures and technical solutions to illustrate the standards and implementation specifications, these are just examples. The Security Rule is technology neutral; healthcare organizations have the flexibility to use any solutions that help them meet the requirements of the rule.
Access Control

The Access Control standard outlines the procedures for limiting access to only those persons or software programs that have been granted access rights by the Information Access Management administrative standard (discussed earlier). Figure 10-9 shows one of the most common methods of access control.
Figure 10-9 A clinician logs on Allscripts Enterprise using a unique user ID and secure password.

Courtesy of Allscripts, LLC.

Four implementation specifications are associated with the Access Controls standard.

1. Unique User Identification Unique User Identification provides a way to identify a specific user, typically by name or number. This allows an entity to track specific user activity and to hold users accountable for functions performed when logged into those systems.
2. Emergency Access Procedure Emergency Access procedures are documented instructions and operational practices for obtaining access to necessary EPHI during an emergency situation. Access Controls are necessary under emergency conditions, although they may be very different from those used in normal operational circumstances.
3. Automatic Logoff As a general practice, users should log off the system they are working on when their workstation is unattended. However, there will be times when workers may not have the time, or will not remember, to log off a workstation. Automatic logoff is an effective way to prevent unauthorized users from accessing EPHI on a workstation when it is left unattended for a period of time. Many applications have configuration settings for automatic logoff. After a predetermined period of inactivity, the application will automatically log off the user. Some systems that may have more limited capabilities may activate an operating system screen saver that is password protected after a period of system inactivity. In either case, the information that was displayed on the screen is no longer accessible to unauthorized users.
4. Encryption and Decryption Encryption is a method of converting regular text into code. The original message is encrypted by means of a mathematical formula called an algorithm. The receiving party uses a key to convert (decrypt) the coded message back into plain text. Encryption is part of access control because it prevents someone without the key from viewing or using the information.

Audit Controls

Audit Controls are ?hardware, software, and/or procedural mechanisms that record and examine activity in information systems.?

Most information systems provide some level of audit controls and audit reports. These are useful, especially when determining if a security violation occurred. This standard has no implementation specifications.
Integrity

Protecting the integrity of EPHI is a primary goal of the Security Rule. EPHI that is improperly altered or destroyed can result in clinical quality problems, including patient safety issues. The integrity of data can be compromised by both technical and nontechnical sources.

There is one addressable implementation specification in the Integrity standard.

1. Mechanism to Authenticate Electronic Protected Health Information Once risks to the integrity of EPHI data have been identified during the risk analysis, security measures are put in place to reduce the risks.

Person or Entity Authentication

The Person or Entity Authentication standard has no implementation specifications. This standard requires ?procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.?

There are several ways to provide proof of identity for authentication.

? Require something known only to that individual, such as a password or PIN.
? Require something that individuals possess, such as a smart card, a token, or a key. An example of a smart card is shown in Figure 10-10.
? Require something unique to the individual, such as a biometric. Examples of biometrics include fingerprints, voice patterns, facial patterns, or iris patterns.

Most covered entities use one of the first two methods of authentication. Many small provider offices rely on a password or PIN to authenticate the user.

Figure 10-10 A staff ID card that uses smart card technology.

Courtesy of Digital Identification Solutions, LLC.
Transmission Security

Transmission Security procedures are the ?measures used to guard against unauthorized access to electronic protected health information that is being transmitted.?

The Security Rule allows for EPHI to be sent over an electronic open network as long as it is adequately protected. This standard has two implementation specifications.

1. Integrity Controls Protecting the integrity of EPHI maintained in information systems was discussed previously in the Integrity standard. Integrity in this context is focused on making sure the EPHI is not improperly modified during transmission. A primary method for protecting the integrity of EPHI being transmitted is through the use of network communications protocols. Using these protocols, the computer verifies that the data sent is the same as the data received.
2. Encryption As previously described in the Access Control standard, encryption is a method of converting an original message of regular text into encoded or unreadable text that is eventually decrypted into plain comprehensible text. Encryption is necessary for transmitting EPHI over the Internet. There are various types of encryption technology available, but for encryption technologies to work properly both the sender and receiver must be using the same or compatible technology. Currently no single interoperable encryption solution for communicating over open networks exists.

Organizational, Policies and Procedures, and Documentation Requirements20

In addition to the standards in the Administrative, Physical, and Technical Safeguards categories of the Security Rule, there also are four other standards that must be implemented. These are not listed in the Security Standards Matrix (Figure 10-5), but they must not be overlooked.

20Adapted from Security Standards: Organizational, Policies and Procedures, HIPAA Security Series #5 (Baltimore, MD: Centers for Medicare and Medicaid Services, May 2005, and revised March 2007).
Organizational Requirements

There are two implementation specifications of this standard.

1. Business Associate Contracts The Business Associate Contracts are used if the business associate creates, receives, maintains, or transmits EPHI must meet the Security Rule requirements.
2. Other Arrangements The Other Arrangements implementation specifications apply when both parties are government entities. There are two alternative arrangements:
? A memorandum of understanding (MOU), which accomplishes the objectives of the Business Associate Contracts section of the Security Rule
? A law or regulations applicable to the business associate that accomplishes the objectives of the Business Associate Contracts section of the Security Rule

Policies and Procedures

Although this standard requires covered entities to implement policies and procedures, the Security Rule does not define either ?policy? or ?procedure.? Generally, policies define an organization?s approach. Procedures describe how the organization carries out that approach, setting forth explicit, step-by-step instructions that implement the organization?s policies. Policies and procedures may be modified as necessary.
Documentation

The Documentation standard has three implementation specifications.

1. Time Limit Retain the documentation required by the rule for 6 years from the date of its creation or the date when it last was in effect, whichever is later.
2. Availability Make documentation available to those persons responsible for implementing the procedures to which the documentation pertains.
3. Updates Review documentation periodically, and update as needed, in response to environmental or operational changes affecting the security of the electronic protected health information.

The Security Rule also requires that a covered entity document the rationale for all security decisions.
Breach Notification Requirements21

The HITECH Act also added new requirements regarding the occurrence of a breach of unsecured protected health information. A breach is defined as an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the PHI such that the use or disclosure poses a significant risk of financial, reputation, or other harm to the affected individual.

21Breach Notification Interim Final Regulation (45 CFR 164.408).

There are three exceptions to the definition of ?breach?:

? Unintentional acquisition, access, or use of PHI by an employee of a covered entity or business associate
? Inadvertent disclosure of PHI from an authorized person to another authorized person at the covered entity or business associate
? If the covered entity or business associate has a good faith belief that the unauthorized individual, to whom the impermissible disclosure was made, would not have been able to retain the information

Covered entities must notify affected individuals, the Secretary of Health and Human Services, and, in certain circumstances, the media following the discovery of a breach of unsecured PHI. Business associates must notify covered entities if a breach has occurred. The OCR must post a list of breaches that affect 500 or more individuals.
Individual Notice

Covered entities must provide affected individuals written notice by first-class mail, or alternatively, by e-mail if the affected individual has agreed to receive such notices electronically. If the covered entity has insufficient or out-of-date contact information for 10 or more individuals, the covered entity must provide substitute individual notice by either posting the notice on the home page of its web site or by providing the notice in major print or broadcast media where the affected individuals likely reside. If the covered entity has insufficient or out-of-date contact information for fewer than 10 individuals, the covered entity may provide substitute notice by an alternative form of written, telephone, or other means.

These individual notifications must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and must include, to the extent possible, a description of the breach, a description of the types of information that were involved in the breach, the steps affected individuals should take to protect themselves from potential harm, a brief description of what the covered entity is doing to investigate the breach, mitigate the harm, and prevent further breaches, as well as contact information for the covered entity. Additionally, for substitute notice provided via web posting or major print or broadcast media, the notification must include a toll-free number for individuals to contact the covered entity to determine if their PHI was involved in the breach.
Media Notice

Covered entities that experience a breach affecting more than 500 residents of a State or jurisdiction are, in addition to notifying the affected individuals, required to provide notice to prominent media outlets serving the State or jurisdiction. Covered entities will likely provide this notification in the form of a press release to appropriate media outlets serving the affected area. Like individual notice, this media notification must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and must include the same information required for the individual notice.
Notice to the Secretary

In addition to notifying affected individuals and the media (where appropriate), covered entities must notify the Secretary of Health and Human Services of breaches of unsecured PHI. Covered entities will notify the Secretary by visiting the HHS web site and filling out and electronically submitting a breach report form. If a breach affects 500 or more individuals, covered entities must notify the Secretary without unreasonable delay and in no case later than 60 days following a breach. If, however, a breach affects fewer than 500 individuals, the covered entity may notify the Secretary of such breaches on an annual basis. Reports of breaches affecting fewer than 500 individuals are due to the Secretary no later than 60 days after the end of the calendar year in which the breaches occurred.
Notification by a Business Associate

If a breach of unsecured PHI occurs at or by a business associate, the business associate must notify the covered entity following the discovery of the breach. A business associate must provide notice to the covered entity without unreasonable delay and no later than 60 days from the discovery of the breach. To the extent possible, the business associate should provide the covered entity with the identification of each individual affected by the breach as well as any information required to be provided by the covered entity in its notification to affected individuals.
Electronic Signatures for Health Records

The HIPAA Security Rule was originally titled ?Security and Electronic Signature Standards.? The original Security Rule also proposed a standard for electronic signatures. The final rule covered only security standards.

The Electronic Signatures in Global and National Commerce Act22 made digital signatures as binding as their paper-based counterparts for commerce. However, HIPAA does not yet require the use of electronic signatures, because HIPAA does not yet have a Rule for Electronic Signature standards. Electronic Signature standards eventually will be necessary to achieve a completely paperless EHR. In this section, we will discuss electronic signatures and the criteria required for successful implementation.
What Is an Electronic Signature and What Is Not?

Compare Figure 10-11 and Figure 10-12. Which of these has an electronic signature? If you said Figure 10-12, you would be correct. An electronic signature is not a scanned image of someone?s paper signature. Valid electronic signatures must meet three criteria.

1. Message Integrity Message Integrity means the recipient must be able to confirm that the document has not been altered since it was signed.
2. Nonrepudiation The signer must not be able to deny signing the document.
3. User Authentication The recipient must be able to confirm that the signature was in fact ?signed? by the real person.

22Electronic Signatures in Global and National Commerce Act (ESIGN, Pub.L. 106-229, 14 Stat. 464, enacted June 30, 2000, 15 U.S.C. ch. 96.

Figure 10-11 Scanned document with an image of signature.

Figure 10-12 Electronically signed document with a PKI signature.

The electronic signature process involves the successful identification and authentication of the signer at the time of the signature, binding of the signature to the document, and nonalterability of the document after the signature has been affixed. Only ?digital signatures? meet all three of these criteria.
How Digital Signatures Work

Digital signatures use a branch of mathematics called cryptography and PKI, which stands for Public Key Infrastructure. Each PKI user has two ?keys,? a private key for signing documents and a public key for verifying his or her signature. Only you know your private key, whereas your public key is available to all through a public directory.

Usually the directory for your public key is maintained by a certificate authority. The certificate authority is a trusted third party who has validated your identity and issued a certificate to that effect. A certificate is an electronic record of your public key, which has been digitally signed by the certificate authority. The certificate can be validated by its own key. This provides reasonable assurance that the signer and their public key are genuine.
Figure 10-13 How a digital signature works.

23Figure adapted from Digital Signature Standard, published By U.S. Department of Commerce/National Institute of Standards and Technology, 2000.

Figure 10-13 illustrates the electronic signature and verification process of PKI.23 Compare Figure 10-13 with the following steps:

1. A computer software program performs a mathematical calculation on the entire contents of the electronic document to be signed.
2. The result is a unique code referred to as the ?message digest.?
3. This code is encrypted using your ?private? key. Your private key might be similar to a password, which you must keep secret so that no one else can ?forge? your signature. The digital signature is then typically attached to or sent with the document. When the recipient wishes to validate your signature, that person uses a computer program that decodes the signature with your public key, and determines if the message digest is identical to that which was originally sent.
4. The validation process uses the same algorithm as the original program to produce a ?message digest? of the text of the document.
5. The public key is retrieved from a public directory or certificate authority.
6. The signature verification process decodes the digital signature using your public key and compares it to the message digest. If the results of the algorithm match, the signature is verified.

PKI digital signatures not only confirm that you are the signer but also that the document has not been altered since you signed it.
Some EHR Signatures Are Not True Electronic Signatures

Even though HIPAA has not adopted an official standard for electronic signatures, they are already necessary in the EHR. Prescriptions are sent to a pharmacy, dictation and electronic medical records are ?signed,? and orders are issued from EHR systems every day. However, most of the systems currently in use do not use the process described earlier to produce and store an electronic signature.

Many systems have a process to ?sign? their records with a PIN, a password, or even a fingerprint, but the underlying software simply sets a field in the database indicating the provider ?signed? the record. This is adequate to the particular EHR system, but it would not meet the criteria of an electronic signature if it were necessary to send a copy of the record to an outside entity. Partly this is the fault of HHS. Until there is a national infrastructure for issuing certificates and national standards for signing and validating digital signatures, EHR software cannot comply.

Whether electronic signatures in your office are true digital signatures or just mechanisms for locking and protecting EHR system records, it is important that you follow the policies and procedures of your facility. Most EHR systems have an internal audit trail detailing who has created each document and medical record.

? Always log on to the EHR as yourself.
? Always log off when you are through.
? Always keep your passwords or PIN numbers private.

This will prevent someone else from signing medical records under your ID.
The Future of Electronic Signatures

The Joint Commission (JCAHO) accepts the use of electronic signatures in hospital, ambulatory care, home care, long-term care, and mental health settings.

The Joint Commission requirement for electronic signatures and computer key signatures is simple: ?The practitioner must sign a statement that he or she alone will use it.?24

Currently, CMS permits the authentication of medical records by computer key but does not specify methods. The President of the United States directed the U.S. Department of Commerce, National Institute of Standards and Technology to develop a set of standards for Digital Signatures. HHS will likely adopt the same cryptographically based digital signature for the HIPAA standard.

State laws vary on electronic signatures for medical records and some do not address it at all. States will likely come into alignment only after HHS publication of HIPAA standards for electronic signatures. If you have any question about regulations in your state, check with the medical licensing authority in your state.
Critical Thinking Exercise 62: Your Electronic Signature

1. What is the legal status of the electronic signature in the EHR in your state?
2. How can you protect your own electronic signature?
3. Identify potential impacts of a failure to log off or exit from the patient record.

HIPAA Privacy, Security, and You

As someone who will work with patients? health records, it is especially important for you to understand the regulations regarding privacy and security. Follow the privacy policy and security rules at your place of work. Know who the privacy and security officials are. Ask them if you have any questions regarding policies at your practice or if you feel that you need additional training.

It is especially important not to give others your password and to always log out of a medical records computer when you are not using it. Remember to treat every medical record (paper or electronic) in a confidential manner.
Chapter Ten Summary

The Health Insurance Portability and Accountability Act, or HIPAA, was passed in 1996. The Administrative Simplification Subsection (Title 2, f) (hereafter just called HIPAA) has four distinct components:

1. Transactions and code sets
2. Uniform identifiers
3. Privacy
4. Security

HIPAA regulates health plans, clearinghouses, and healthcare providers as ?covered entities? or a ?covered entity? with regard to these four areas.

24Comprehensive Accreditation Manual for Hospitals (CAMH), Standard IM. 6.10, Joint Commission on Accreditation of Healthcare Organizations, 2004.

HIPAA standardized formats for EDI or Electronic Data Interchange by requiring specific Transaction Standards. These currently are used for eight types of transactions between covered entities. This was the first of the Administrative Simplification Subsection to be implemented. This section also requires standardized code sets such as HCPCS, CPT-4, ICD-9-CM, and others to be used.

HIPAA also established uniform identifier standards, which will be used on all claims and other data transmissions. These will include:

? National provider identifier for doctors, nurses, and other healthcare providers
? Federal employer identification number used to identify employer-sponsored health insurance
? National health plan identifier, a unique identification number that will be assigned to each insurance plan, and to the organizations that administer insurance plans, such as payers and third-party administrators

The privacy and security rules use two acronyms: PHI, which stands for Protected Health Information, and EPHI, which stands for Protected Health Information in an Electronic Format.

The HIPAA privacy standards are designed to protect a patient?s identifiable health information from unauthorized disclosure or use in any form, while permitting the practice to deliver the best healthcare possible. To comply with the law, privacy activities in the average medical office might include:

? Providing a copy of the office privacy policy informing patients about their privacy rights and how their information can be used
? Asking the patient to acknowledge receiving a copy of the policy or signing a consent form
? Obtaining signed authorization forms and in some cases tracking the disclosures of patient health information when it is to be given to a person or organization outside the practice for purposes other than treatment, billing, or payment
? Adopting clear privacy procedures for its practice
? Training employees so that they understand the privacy procedures
? Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed
? Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them

When the Privacy Rule initially was issued, it required providers to obtain patient ?consent? to use and disclose PHI for the purposes of treatment, payment, and healthcare operations, except in emergencies. The rule was almost immediately revised to make consent optional. In general, the practice can use PHI for almost anything related to treating the patient, running the medical practice, and getting paid for services. This means doctors, nurses, and other staff can share the patient?s chart within the practice.

Authorization differs from consent in that it does require the patient?s permission to disclose PHI. Some examples of instances that would require an authorization would include sending the results of an employment physical to an employer, immunization records, or the results of an athletic physical to the school.

The authorization form must include a date signed, an expiration date, to whom the information may be disclosed, what is permitted to be disclosed, and for what purpose the information may be used. The authorization must be signed by the patient or a representative appointed by the patient. Unlike the open concept of consent, authorizations are not global. A new authorization is signed each time there is a different purpose or need for the patient?s information to be disclosed.

Practices are permitted to disclose PHI without a patient?s authorization or consent when it is requested by an authorized government agency. Generally, such requests are for legal (law enforcement, subpoena, court orders, and so on) public health purposes, or for enforcement of the Privacy Rule itself. Providers also are permitted to disclose PHI concerning on-the-job injuries to workers? compensation insurers, state administrators, and other entities to the extent required by state law.

Whether the practice has disclosed PHI based on a signed authorization or to comply with a government agency, the patient is entitled to know about it. The Privacy Rule gives the individuals the right to receive a report of all disclosures made for purposes other than treatment, payment, or operations. Therefore, in most cases the medical office must track the disclosure and keep the records for at least six years.

Most healthcare providers and health plans use the services of a variety of other persons or businesses. The Privacy Rule allows covered providers and health plans to disclose protected health information to these ?business associates.? The Privacy Rule requires that a covered entity obtain a written agreement from its business associate, which states the business associate will appropriately safeguard the protected health information it receives or creates on behalf of the covered entity.

Congress provided civil and criminal penalties for covered entities that misuse personal health information. The privacy rule is enforced by the HHS Office for Civil Rights (OCR).

The Privacy Rule sets the standards for, among other things, who may have access to PHI, whereas the Security Rule sets the standards for ensuring that only those who should have access to EPHI actually will have access. The Privacy Rule applies to all forms of patients? protected health information, whether electronic, written, or oral. In contrast, the Security Rule covers only protected health information that is in electronic form.

Security standards were designed to provide guidelines to all types of covered entities, while affording them flexibility regarding how to implement the standards. Covered entities may use appropriate security measures that enable them to reasonably implement a standard.

Security standards were designed to be ?technology neutral.? The rule does not prescribe the use of specific technologies, so that the healthcare community will not be bound by specific systems or software that may become obsolete.

The security standards are divided into the categories of administrative, physical, and technical safeguards.
Administrative safeguards.

In general, these are the administrative functions that should be implemented to meet the security standards. These include assignment or delegation of security responsibility to an individual and security training requirements.
Physical safeguards.

In general, these are the mechanisms required to protect electronic systems, equipment, and the data they hold, from threats, environmental hazards, and unauthorized intrusion. They include restricting access to EPHI and retaining off-site computer backups.
Technical safeguards.

In general, these are primarily the automated processes used to protect data and control access to data. They include using authentication controls to verify that the person signing onto a computer is authorized to access that EPHI, or encrypting and decrypting data as it is being stored or transmitted.

Breach Notification Requirements require covered entities to notify affected individuals, the Secretary of Health and Human Services, and in certain circumstances the media, the occurrence of a breach of unsecured PHI. Business associates must notify covered entities if a breach has occurred. The OCR must post a list of breaches that affect 500 or more individuals.

The original Security Rule also proposed a standard for electronic signatures. The final rule covered only security standards.

The Electronic Signatures in Global and National Commerce Act made digital signatures as binding as their paper-based counterparts. Although the law made digital signatures valid for commerce, HIPAA does not require the use of electronic signatures. Electronic signature standards will eventually be necessary to achieve a completely paperless EHR. A Rule for Electronic Signature standards may be proposed at a later date.

A valid electronic signature must meet three criteria.

1. Message Integrity?the recipient must be able to confirm that the document has not been altered since it was signed.
2. Nonrepudiation?the signer must not be able to deny signing the document.
3. User Authentication?the recipient must be able to confirm that the signature was in fact ?signed? by the real person.

Digital signatures meet all three of these criteria. Digital signatures use a branch of mathematics called cryptography and PKI, which stands for Public Key Infrastructure.

Each PKI user has two ?keys,? a private key for signing documents and a public key for verifying his or her signature. A computer software program performs a mathematical calculation on the entire contents of the electronic document to be signed. The result is a unique ?message digest,? which is then encrypted using the ?private? key.

The digital signature is then attached to or sent with the document. When the recipient wishes to validate the signature, a similar computer program regenerates the ?message digest? and decodes the digital signature with the public key. Comparing the two, the program determines if the message digest is identical to that which was originally sent. In this way digital signatures not only confirm that you are the signer but also that the document has not been altered since it was signed.


 

PLACE THIS ORDER OR A SIMILAR ORDER WITH THE NURSING PROFESSIONALS TODAY AND GET AN AMAZING DISCOUNT

get-your-custom-paper


Buy Custom Nursing Papers

Buy Nursing Papers

 

The post Identify potential impacts of a failure to log off or exit from the patient record. appeared first on THE NURSING PROFESSIONALS.

Identify potential impacts of a failure to log off or exit from the patient record.