Name (Enter your name here)
HCS / 468
Instructor: Taryn Zubich
Date (Enter the date here)
Week 5 Assignment Writing Prompts Worksheet
Privacy and Confidentiality Report
Review the following scenario:
ABC Health Systems (AHS) was founded in 1959 by a group of 10 doctors in a mid-sized city in the southeastern United States. Beginning with a 30-bed hospital, AHS has expanded to its current bed complement of 305 acute care beds, a 110-bed skilled rehab and nursing facility on its campus, a 65-bed assisted living facility, outpatient rehab services, ER, and a cancer treatment clinic. AHS has 1,195 full-time employees’ campus-wide and is accredited by The Joint Commission, Commission on Accreditation of Rehabilitation Facilities, and also has other credentialed or accredited services throughout the campus.
Ben Smithfield was recently hired as the privacy officer for AHS. Previously, he worked for the third-largest faith-based health system, which is in the Midwest. In his new job, he reports to the vice president for risk management, who served as AHS’s privacy officer prior to Ben’s recruitment. AHS felt their privacy and security concerns could be best met with a full-time program manager dedicated to training, compliance, and management of this function.
Ben’s first week on the job proved to be very busy. While eating breakfast at a local fast-food restaurant, he overheard 2 doctors discussing AHS’ first successful robotic surgery on Paul Petersen. The MDs enthusiastically reported on Mr. Petersen’s condition stating that “although the surgery took longer than expected, Mr. Petersen’s vital signs were good. His pain level is high, and we are closely monitoring a post-op infection.” Later that day, Ben was contacted by Mr. Petersen, who was surprised to see his case discussed on the local news. That was not the only time Ben saw AHS in the news that day. He saw a press release from administration that reported that an ER patient, Violet Jones, was arrested after she physically assaulted 2 nurses who were attempting to insert her catheter.
Observations Found on Tour
During Ben’s first day, there was also a tour of the hospital and Ben took note of the following violations:
- A USB drive was unattended in the IT department and was clearly visible from an open door to the department.
- A maintenance worker was throwing old laptops in a dumpster, along with digital printer/copy cartridges.
- A high school student was shadowing a medical resident and observed her charting in an electronic health record (EHR) at the nurses station.
- A resident answered questions for the spouse of Mr. Petersen at the nurses’ station, which was heard by the high school student and Ben.
- The high school student, the medical resident, and Mr. Petersen’s spouse left the nurses station to meet with Mr. Petersen. The medical resident did not log out of the terminal. Ben sat at the terminal and scrolled through the open EHR.
- Charge RN Betsy Brown approached Ben and explained that she was excited to meet the new recruit that the VP spoke so enthusiastically about. When Betsy left, Ben was unable to view the open record due to a timeout provision. He asked an LPN if he would log Ben in and the LPN gladly complied.
- Across from the nurses desk in the hall, Ben noticed a white board that listed all patients on the unit, the name of the attending physician, the purpose of their admission (hip surgery, knee replacement, gall bladder removal, etc.), along with their code status—full code, no code, Do Not Resuscitate (DNR), etc.
- Taking a break from viewing electronic charts, Ben headed to the staff break room on the unit. As he tossed his drink can in the trash can, Ben saw vital signs logs for patients on that unit completed the previous day. The logs contained patient and staff names, along with patient information, including temperatures, blood pressure, pulse rate, and blood sugar test strip results.
- Heading back to his office, Ben decided to stop by the IT department and check further about the unattended USB drive. He found the door unlocked and the area unattended. No one was around and the USB drive was still in plain sight on the desk.
- On his way to his first staff meeting later that day, Ben passed the radiology waiting area. He observed a crew filming what appeared to be a commercial using the full waiting room as a backdrop.
- In the staff meeting, Ben asked when the last HIPAA security assessment was completed. The staff was vague as to an actual date, but the consensus was “about 3 years ago.” The VP of nursing asked if Ben would check to see what follow-up was done about the missing or stolen laptop off West B 18 months ago. Her concern was the missing patient data since this was a common laptop used by numerous people; so many, in fact, that the laptop had a simple password: 12345.
After his first day on the job, Ben felt there was a need for him to summarize 3 major violations he observed and develop a plan of action that could be used to prevent these violations in the future. Each incident on the Observations Found on Tour list is either a legal or regulatory compliance violation.
PLAN OF ACTION:
Select 3 compliance violations from the list to focus on in your plan of action.
Respond to the five writing prompts below to develop a plan of action. Insert your answer beneath the prompt.
Please be sure to research your information and properly cite your sources.
- Compliance Violations
Summarize three compliance violations you selected from the scenario and the regulations or laws that address these violations.
In this section of your paper, you want to identify three compliance violations you selected from the scenario presented in the worksheet. Provide a brief summary of each violation you selected, and please be sure to identify regulations or laws that address these violations. Please be sure to include any citations in your work (i.e. if you reference laws and law descriptions) to give credit to your sources and meet APA requirements (Zubich, 2021).
- Regulatory Stakeholders
Analyze the roles and responsibilities of regulatory agencies, accrediting and certifying bodies, and state professionals’ boards and their influence on facility operations and compliance to regulatory standards in the scenario.
In this section of your paper, you want to identify any regulatory agencies, accrediting and certifying bodies, and state professional boards which may play a role in the three compliance violation scenarios in which you described above. For example, with a HIPAA violation, a report must be made to the Office of Civil Rights (OCR). What would the OCR do to investigate? How would the report be made? Please provide detail on any state investigation that might occur and identify the potential fines or penalties which the covered entity might face if a violation is verified. Please be sure to include any citations in your work to give credit to your sources and meet APA requirements (HIPAA, 2021).
- Patient and Provider Rights
Explain the patient and provider rights and responsibilities and what impact regulations have on standards of care and potential liabilities as they relate to the violations.
In this section of your paper, you want to identify the patient and provider rights and responsibilities which relate to the violations. For example, the patient’s right to restrict sharing of their health data would be violated in a HIPAA violation. Expand on any other patient rights which might be violated, or what other provider rights or responsibilities may have also been violated in the three scenarios you discussed. Please be sure to include any citations in your work to give credit to your sources and meet APA requirements (Zubich, 2021).
- Compliance and Risk Management Factors of the Medical Records
Analyze the potential risk management issues as they relate to the violations selected and the organization’s responsibility to protect the medical records and protected health information.
In this section of your paper, you want to analyze the potential risk management issues as they related to the violations. How do the violations impact medical record management? How does the violation impact the patient protected health information? What type of risk will the healthcare organization face? Please be sure to include any citations in your work to give credit to your sources and meet APA requirements (HIPAA, 2021).
- Create a basic plan of action and implementation process that could be used to prevent these violations in the future. Include industry-recognized strategies and best practices in your plan.
This section of your paper will detail a plan of action that could be implemented to prevent these violations in the future. Here, you want to detail steps that could be taken to avoid issues from occurring in the future and best practices which could be put in place. Research to identify best practice standards. Please be sure to include any citations in your work to give credit to your sources and meet APA requirements (Zubich, 2021).
REFERENCES (minimum of 2 required):
HIPAA, J. (2021). The Rules of HIPAA. Retrieved from HIPAA.org
Zubich, Taryn (2021). Week 5 Assignment Extra Help. Retrieved from extrahelp.org
Name (Enter your name here)
HCS / 468
Instructor: Taryn Zubich
Date (Enter the date here)
Week 5 Assignment Writing Prompts Worksheet
Privacy and Confidentiality Report
Review the following scenario:
ABC Health Systems (AHS) was founded in 1959 by a group of 10 doctors in a mid-sized city in the southeastern United States. Beginning with a 30-bed hospital, AHS has expanded to its current bed complement of 305 acute care beds, a 110-bed skilled rehab and nursing facility on its campus, a 65-bed assisted living facility, outpatient rehab services, ER, and a cancer treatment clinic. AHS has 1,195 full-time employees’ campus-wide and is accredited by The Joint Commission, Commission on Accreditation of Rehabilitation Facilities, and also has other credentialed or accredited services throughout the campus.
Ben Smithfield was recently hired as the privacy officer for AHS. Previously, he worked for the third-largest faith-based health system, which is in the Midwest. In his new job, he reports to the vice president for risk management, who served as AHS’s privacy officer prior to Ben’s recruitment. AHS felt their privacy and security concerns could be best met with a full-time program manager dedicated to training, compliance, and management of this function.
Ben’s first week on the job proved to be very busy. While eating breakfast at a local fast-food restaurant, he overheard 2 doctors discussing AHS’ first successful robotic surgery on Paul Petersen. The MDs enthusiastically reported on Mr. Petersen’s condition stating that “although the surgery took longer than expected, Mr. Petersen’s vital signs were good. His pain level is high, and we are closely monitoring a post-op infection.” Later that day, Ben was contacted by Mr. Petersen, who was surprised to see his case discussed on the local news. That was not the only time Ben saw AHS in the news that day. He saw a press release from administration that reported that an ER patient, Violet Jones, was arrested after she physically assaulted 2 nurses who were attempting to insert her catheter.
Observations Found on Tour
During Ben’s first day, there was also a tour of the hospital and Ben took note of the following violations:
- A USB drive was unattended in the IT department and was clearly visible from an open door to the department.
- A maintenance worker was throwing old laptops in a dumpster, along with digital printer/copy cartridges.
- A high school student was shadowing a medical resident and observed her charting in an electronic health record (EHR) at the nurses station.
- A resident answered questions for the spouse of Mr. Petersen at the nurses’ station, which was heard by the high school student and Ben.
- The high school student, the medical resident, and Mr. Petersen’s spouse left the nurses station to meet with Mr. Petersen. The medical resident did not log out of the terminal. Ben sat at the terminal and scrolled through the open EHR.
- Charge RN Betsy Brown approached Ben and explained that she was excited to meet the new recruit that the VP spoke so enthusiastically about. When Betsy left, Ben was unable to view the open record due to a timeout provision. He asked an LPN if he would log Ben in and the LPN gladly complied.
- Across from the nurses desk in the hall, Ben noticed a white board that listed all patients on the unit, the name of the attending physician, the purpose of their admission (hip surgery, knee replacement, gall bladder removal, etc.), along with their code status—full code, no code, Do Not Resuscitate (DNR), etc.
- Taking a break from viewing electronic charts, Ben headed to the staff break room on the unit. As he tossed his drink can in the trash can, Ben saw vital signs logs for patients on that unit completed the previous day. The logs contained patient and staff names, along with patient information, including temperatures, blood pressure, pulse rate, and blood sugar test strip results.
- Heading back to his office, Ben decided to stop by the IT department and check further about the unattended USB drive. He found the door unlocked and the area unattended. No one was around and the USB drive was still in plain sight on the desk.
- On his way to his first staff meeting later that day, Ben passed the radiology waiting area. He observed a crew filming what appeared to be a commercial using the full waiting room as a backdrop.
- In the staff meeting, Ben asked when the last HIPAA security assessment was completed. The staff was vague as to an actual date, but the consensus was “about 3 years ago.” The VP of nursing asked if Ben would check to see what follow-up was done about the missing or stolen laptop off West B 18 months ago. Her concern was the missing patient data since this was a common laptop used by numerous people; so many, in fact, that the laptop had a simple password: 12345.
After his first day on the job, Ben felt there was a need for him to summarize 3 major violations he observed and develop a plan of action that could be used to prevent these violations in the future. Each incident on the Observations Found on Tour list is either a legal or regulatory compliance violation.
PLAN OF ACTION:
Select 3 compliance violations from the list to focus on in your plan of action.
Respond to the five writing prompts below to develop a plan of action. Insert your answer beneath the prompt.
Please be sure to research your information and properly cite your sources.
- Compliance Violations
Summarize three compliance violations you selected from the scenario and the regulations or laws that address these violations.
In this section of your paper, you want to identify three compliance violations you selected from the scenario presented in the worksheet. Provide a brief summary of each violation you selected, and please be sure to identify regulations or laws that address these violations. Please be sure to include any citations in your work (i.e. if you reference laws and law descriptions) to give credit to your sources and meet APA requirements (Zubich, 2021).
- Regulatory Stakeholders
Analyze the roles and responsibilities of regulatory agencies, accrediting and certifying bodies, and state professionals’ boards and their influence on facility operations and compliance to regulatory standards in the scenario.
In this section of your paper, you want to identify any regulatory agencies, accrediting and certifying bodies, and state professional boards which may play a role in the three compliance violation scenarios in which you described above. For example, with a HIPAA violation, a report must be made to the Office of Civil Rights (OCR). What would the OCR do to investigate? How would the report be made? Please provide detail on any state investigation that might occur and identify the potential fines or penalties which the covered entity might face if a violation is verified. Please be sure to include any citations in your work to give credit to your sources and meet APA requirements (HIPAA, 2021).
- Patient and Provider Rights
Explain the patient and provider rights and responsibilities and what impact regulations have on standards of care and potential liabilities as they relate to the violations.
In this section of your paper, you want to identify the patient and provider rights and responsibilities which relate to the violations. For example, the patient’s right to restrict sharing of their health data would be violated in a HIPAA violation. Expand on any other patient rights which might be violated, or what other provider rights or responsibilities may have also been violated in the three scenarios you discussed. Please be sure to include any citations in your work to give credit to your sources and meet APA requirements (Zubich, 2021).
- Compliance and Risk Management Factors of the Medical Records
Analyze the potential risk management issues as they relate to the violations selected and the organization’s responsibility to protect the medical records and protected health information.
In this section of your paper, you want to analyze the potential risk management issues as they related to the violations. How do the violations impact medical record management? How does the violation impact the patient protected health information? What type of risk will the healthcare organization face? Please be sure to include any citations in your work to give credit to your sources and meet APA requirements (HIPAA, 2021).
- Create a basic plan of action and implementation process that could be used to prevent these violations in the future. Include industry-recognized strategies and best practices in your plan.
This section of your paper will detail a plan of action that could be implemented to prevent these violations in the future. Here, you want to detail steps that could be taken to avoid issues from occurring in the future and best practices which could be put in place. Research to identify best practice standards. Please be sure to include any citations in your work to give credit to your sources and meet APA requirements (Zubich, 2021).
REFERENCES (minimum of 2 required):
HIPAA, J. (2021). The Rules of HIPAA. Retrieved from HIPAA.org
Zubich, Taryn (2021). Week 5 Assignment Extra Help. Retrieved from extrahelp.org