Assume the role of a chief privacy officer (CPO) in a healthcare setting who has experienced a breach. You will determine how many patients were affected in the breach, develop a focused risk analysis of the breach, identify software that should be implemented, and create a breach notification letter using the “Breach Notification Letter” template provided in the Supporting Documents section below.
The purpose of this task is to (1) examine the role of different types of healthcare information systems in health information management (HIM), (2) examine the structure, function, and security associated in an HIM setting, and (3) evaluate privacy and security concerns involved in the use of technology in a healthcare setting.
SCENARIO
You are the chief privacy officer (CPO) at WGU Hospital, a large teaching facility. A doctor brought a mobile device when going on break, during which the device was stolen from the doctor’s car. The mobile device has access to the hospital’s electronic health record (EHR).
As the CPO, you must determine how many patients’ information was breached. Additionally, you must conduct a focused risk analysis of the breach to see which safeguards should be implemented to prevent future breaches, as well as identify which software should be implemented to ensure all regulatory concerns are appropriately addressed. Furthermore, you must craft a letter notifying all the patients affected in the breach.
REQUIREMENTS
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect.
A. Using the scenario above, complete the following:
1. Develop a plan to determine the number of patients whose information was breached.
2. Describe the steps that should be taken to perform the focused risk analysis of the breach.
3. Recommend an administrative safeguard that should be reviewed and updated to prevent future breaches from occurring.
4. Recommend a technical safeguard that should be reviewed and updated to prevent future breaches from occurring.
5. Recommend a physical safeguard that should be reviewed and updated to prevent future breaches from occurring.
6. Discuss two safekeeping practices the physician in the scenario should follow to prevent a future breach.
7. Discuss the applicable fines and penalties that could be imposed on the facility for this disclosure.
8. Describe a software the hospital should implement to make accessing mobile devices safer in the future.
B. Create a breach notification letter using the attached “Breach Notification Letter” template for all the patients affected in the breach that includes the following:
• a description of what happened
• a description of the type(s) of protected health information (PHI) involved in the breach
• steps the patient should take
• a description of the organization’s breach mitigation plan
C. Acknowledge sources, using APA-formatted in-text citations and references, for content that is quoted, paraphrased, or summarized.
D. Demonstrate professional communication in the content and presentation of your submission.