Reflect back to the proposal you created for the Week 1 assignment to meet an organization’s needs and determine how the components from this week align with your proposal.
Summarize key points of your Health Information System Case Selection and Proposal from Week 1 to include the concepts from the Health Insurance Portability and Accountability Act (HIPAA) Violations assignment:
Defend the laws and standards you applied to your Week 4 Health Insurance Portability and Accountability Act (HIPAA) Violations assignment.
Defend how HIPAA Privacy and Security is exclusively applied.
Formulate at least one question to prompt a discussion around an area of interest you would like your classmate to address.
1
Health Information System Case Selection and Proposal
2
BACKGROUND
ABC health care facility is a medium size facility with 2000 staff members, attending to
more than 90,000 patients in a year and has 350 patient beds. The healthcare facility in Jersey
City serves a community of more than 300,000 people. The facility records about 30,000
emergency and ambulatory visits. Based on such, the facility requires a well-structured
information technology team to ensure efficient record keeping. The hospital uses TechMed as
the main EHR system that supports admissions, patient index, transfer and discharge. EHR is an
essential part of healthcare record keeping today because of its perceived benefits that include
more secure patient record keeping, increased accuracy and dependability, and enabling
caregivers to collaborate and share patient records for improved patient treatment outcome
(Hossain et al., 2019)
Setting
The healthcare facility takes care of different patients. They undergo the admission
process when they first visit the facility. The facility uses an EHR system to obtain and record
important information about the patient, which may fail. The project will focus on this area to
address challenges that may occur.
Healthcare service:
The main focus of the research paper will be on the Crashing of the Admitting System,
highlighted in Case 16 of the module reading, Health Care Information System. The research
paper will also address the action needed when such incidents occur.
Problem
3
EHR records important patient information. However, the system has been in place for
more than a decade, and sometimes it malfunctions. The challenges experienced from the
breakdown are enormous, from recording patient history to delayed reporting. Also, the
breakdown contributes to the complete shift from online services to paperwork which takes time
and causes a delay in service delivery (Atasoy et al., 2019). A complete shift to the manual
system may lead to human errors in data collection or taking patient history, which affects the
quality of care offered to the patient.
Barriers to quality
Failure of the EHR system has various challenges, affecting the patient’s safety and
quality of services delivered. Data is lost; hence, medical history, including those under critical
health conditions, cannot be accessed. Healthcare providers cannot offer the best care services,
impacting the quality delivered.
THE INTERVENTIONS
There is a need to conduct detailed research on the best way to address the challenges that
occur during system failures. Implementation of a new system with an upgraded interface is the
first intervention. Also, implementing backup toolkits that are easily located should be in place.
In case of a complete breakdown, guidance on accurately collecting manual information should
be implemented. Staff training is also essential to ensure accuracy while conducting manual
admissions and reporting.
Process defect
The project aims to have a better approach to solving the crash of the admitting system through
the Plan, Do, Check, Act technique (PDCA).
Aim
4
The aim is to have an upgraded EHR system that does not crash easily and ensures effective data
backup for quality patient care.
STRATEGY FOR IMPLEMENTATION
The IT team will communicate strategically with staff to ensure a smooth transition.
There is also the need to communicate with the finance department on the budget needed for a
new system. A backup of data held in the current system will be done and then transferred to the
new system. Staff members will be trained on the new system and how to ensure they back up
data frequently. Also, securing the system against data breaches will be done to protect patient’s
information.
Measures
The system’s effectiveness will be determined by ensuring there are no errors in data and
the system is safe against breaks downs regardless of workload.
Barriers to change
Resistance from workers, management may be unwilling to fund the new system,
healthcare workers may be overwhelmed by the system in place, unwilling to learn the new
system, and negative history of the previous changes in the system (Loncar-Turukalo et al.,
2019).
Simple rules
Implementation of the system has considered the safety of employees. The EHR system
should always be operational to ensure accuracy, patient information should be safeguarded
effectively, and the healthcare organization have an efficient backup system in place.
Cost implication
5
The hospital has an EHR system, yet it needs an upgraded one. The cost of buying a new
system, installation and training the staff is expected to be high. However, the implications are
worth the risk as they safeguard against future downtimes, which may cause more losses. The
system will reduce wasted time and improve productivity in the long run.
6
References
Atasoy, H., Greenwood, B. N., & McCullough, J. S. (2019). The digitization of patient care: a
review of the effects of electronic health records on health care quality and
utilization. Annual review of public health, pp. 40, 487–500.
Hossain, A., Quaresma, R., & Rahman, H. (2019). Investigating factors influencing the
physicians’ adoption of electronic health record (EHR) in the healthcare system of
Bangladesh: An empirical study. International Journal of Information Management, 44,
76-87.
Loncar-Turukalo, T., Zdravevski, E., da Silva, J. M., Chouvarda, I., & Trajkovik, V. (2019).
Literature on wearable technology for connected health: A scoping review of research
trends, advances, and barriers. Journal of medical Internet research, 21(9), e14017.
Wager, K. A., Lee, F. W., & Glaser, J. P. (2017). Health care information systems: A practical
approach for health care management (4th Ed.). Retrieved from
https://www.vitalsource.com
1
HIPPA Privacy and Security Case Study
Candace Wistrich
MHA616: Health Care Management Information Systems
Dr. David Cole
May 22, 2023
2
HIPPA Privacy and Security Case Study
HIPPA has helped protect patients’ private health information in various ways
since it was developed and enacted in 1996. It has seen several amendments relating to
technology, among other crucial components critical to patients’ electronic information
sharing or access (Homer et al., 2009). In several instances, HIPPA has played a role in
bringing justice to patients whose private information has been violated. For instance, in
October 2018, OCR settled a case with Allergy Associates for $125,000 for disclosing a
patient’s Private Health Information (PHI) to a reporter. The incident happened after the
reporter interviewed an allergy patient in February 2015 (Office for Civil Rights, 2018).
Therefore, it is essential to understand the impact or importance of HIPPA on patients’
PHI. The case of Allergy Associates will be instrumental in analyzing the HIPPA privacy
and security regulations violated and the penalties imposed, apart from developing a
health system improvement plan.
Specific HIPPA privacy and security rules broken
In the case of Allergy Associates, several HIPPA privacy and security rules were
violated. The broken regulations include the impermissible disclosure of the protected
health information as established in Title 45 CFR section 164.502(a), the minimum
necessary rule as per Title 45 CFR section 164.502(b), and the administrative safeguards
illustrated in Title 45 CFR sections 164.308 and 164.310. The doctor impermissibly
disclosed the patient’s protected health information to a reporter without the patient’s
knowledge or authorization. His act violated HIPPA’s privacy requirements that require
an individual to disclose information only when permitted by the involved individuals.
Title 45 CFR section 164.502(b) has established minimum necessities required for an
3
individual to disclose protected health information or when requesting them. For
instance, one is required to disclose PHI when requested by a healthcare provider for
treatment purposes (Govinfo.gov, n.d.). Disclosing the patient’s PHI by the doctor goes
beyond what is necessary or required by law when addressing the dispute between the
patient and the doctor. First, the doctor needed to have consulted the patient. Finally,
Title 45 CFR sections 164.308 and 164.310, which discuss safeguards and administrative
safeguards, were violated. Allergy Associates failed to implement appropriate measures
to protect patients’ PHI because HIPPA requires covered entities to have protective
mechanisms to uphold the confidentiality and integrity of patients’ PHI.
Penalties imposed
The penalty imposed on Allergy Associated after investigations were completed
and a ruling made involved the settlement of $125,000 (Office for Civil Rights, 2018).
The settlement represented the penalty imposed on Allergy Associated for violating the
various HIPPA rules by the doctor who disclosed the patient’s PHI to the reporter.
Health system improvement plan
The plan will involve conducting a comprehensive review of the existing privacy
and security policies to ensure they comply with HIPPA rules. After conducting a review,
the next phase of the plan is to develop a training program on HIPPA regulations to train
all staff members on what is expected of them and how to conduct themselves. The
training will revolve around the importance of patient privacy, security awareness and
how to efficiently and effectively handle patients’ PHI (Hughes, 2008). The third thing is
to develop a standardized authorization form and procedure outlining information
4
disclosure purposes or for people wanting to obtain patients’ consent. The facility
implements regular audits and monitoring processes to ensure HIPPA regulations are
followed.
Risk analysis strategy addressing HIPPA regulations
Conducting a risk analysis strategy will involve a lot of steps. First, one must
determine the risk analysis’s scope and the assets involved. After identifying the scope of
analysis, the next one is to determine or identify the potential threats that could
compromise the integrity, confidentiality and availability of the protected health
information (Hippajournal.com, 2023). This will include aspects such as data breaches,
unauthorized access or malware attacks. The next step is to conduct a risk assessment and
determine the risk levels. After determination, the next step is to develop a mitigation
strategy and monitor the implemented strategies’ functionality.
Lessons learned
There are several lessons learned from these cases that are applicable in the
future. For instance, I have learned that healthcare providers must know what they need
to disclose and the processes involved in disclosing patients’ PHI. They need to
understand that patient authorization is critical for medical use (Homer et al., 2009).
Secondly, it is important to train medical staff about privacy and security. Providing
comprehensive training regularly on HIPPA privacy and security rules will help them
maintain patient security. Finally, conducting regular compliance audits and assessments
is crucial in identifying potential risks in an organization (Bizjak & Kontić, 2019).
Understanding these concepts enables organizations to enhance their privacy and security
5
measures while complying with HIPAA regulations. In conclusion, HIPPA regulations
are critical in maintaining patient safety and security. Healthcare facilities must
implement its use and ensure compliance to avoid being penalized for violating
established regulations.
6
References
Bizjak, T., & Kontić, B. (2019). Auditing in addition to compliance monitoring: a way to
improve public health. International Journal of Public Health, 64(9), 1259.
https://doi.org/10.1007/S00038-019-01291-4
Govinfo.gov. (n.d.). Q:\45\45V2.TXT PC31 kpayne on VMOFRWIN702 with $$_JOB.
Govinfo.Gov.
Hippajournal.com. (2023). HIPAA Risk Assessment – updated for 2023. The HIPPA
Journal. https://www.hipaajournal.com/hipaa-risk-assessment/
Homer, N., Szelinger, S., Redman, M., Duggan, D., Tembe, W., Muehling, J., Pearson, J.
V., Stephan, D. A., Nelson, S. F., & Craig, D. W. (2009). HIPAA, the Privacy Rule,
and Its Application to Health Research. PLoS Genetics, 4(8).
https://doi.org/10.1371/JOURNAL.PGEN.1000167
Hughes, R. G. (2008). Tools and Strategies for Quality Improvement and Patient Safety.
Patient Safety and Quality: An Evidence-Based Handbook for Nurses.
https://www.ncbi.nlm.nih.gov/books/NBK2682/
Office for Civil Rights, H. (2018). 2018 OCR HIPAA Enforcement Actions.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
