Review the literature regarding HIPAA, and one to two other policies that govern electronic health record (EHR) design and development; write a 3 page report addressing the following:
- Explain policies and standards that govern EHR.
- Evaluate the policies that aim to improve health through the use of EHR.
- Evaluate issues that surround system design and development. Include at least three items to consider in system designing.
Part Two:
An important step in securing electronic protected health information (ePHI) is to implement reasonable and appropriate administrative safeguards. In order to assure compliance with the
Administrative Safeguards standards an evaluation of the security controls, an accurate and thorough risk analysis, and a series of documented solutions should be performed. Using the modified risk assessment tool from The National Learning Consortium (NLC), conduct a risk assessment for your organization.
Instructions:
- Using the risk assessment tool attached.
- Using the information in the “Existing Measures” column, answer the risk analysis questions. Your answers should be in the risk assessment column. Tip: When examining each of the individual questions, consider the question and your organization’s current posture.
- Likelihood: This is a judgment by the respondent as to how likely an ‘Undesirable Event’, such as power outage or fire, is to occur to the medical practice. Please select from the dropdown menu the appropriate corresponding choice of Low, Medium or High for each asset.
- Very Likely would be defined as having a probable chance of occurrence.
- Likely would be defined as having a significant chance of occurrence.
- Not Likely would be defined as a modest or insignificant chance of occurrence.
- Impact – In the event that an ‘Undesirable Event’ such as a power outage or a fire occurs, what is the level of impact to the practice? The response is a completely subjective judgment by the practitioner as to what the impact of an occurrence of the threat would have upon the medical practice. Please select from the dropdown menu the appropriate corresponding choice of High, Medium, or Low for each asset.
- High would be defined as having a catastrophic impact on the medical practice; the medical practice is incapable of offering medical treatments or services and a significant number of medical records have been lost or compromised.
- Medium would be defined as having a significant impact on the medical practice; the medical practice may offer a reduced array of treatment services to patients. A moderate number of medical records within the practice have been lost or compromised.
- Low would be defined as having a modest or insignificant impact on the medical practice; the medical practice can continue to offer treatment to patients and some medical records may be lost or compromised.
- Provide your recommended control measures in the last column for each item.