Patient Data Access and Handling Policy Manual Paper
You are tasked to analyze the use of information technology resources and assess the applicability to United General Hospital and the video scenario presented in this week’s Discussion. Your response to this assessment will be to write policy statements that address specific issues related to patient health care records and align with HIPAA regulations. Assess threats related to issues presented in the case study that United General Hospital must address.
Part I: Policy Manual Introduction (1–2 pages)
United General’s hospital administrator reviews the hospital’s policy manual and discovers that it inadequately addresses the area of patient records. The hospital administrator tasks you with reviewing the hospital policy manual and reporting on the thoroughness of its coverage of patient records. After a review of the policy manual, you report that the coverage of patient records is sparse and outdated. The hospital administrator then asks you to update the policy manual.
The policy manual introduction should include:
- An update to the manual’s introduction to include more depth in the area of patient records. As you write this section, describe the purpose of patient record protection and its importance to the organization.
- An explanation of the legal requirements for protecting patient health records.
Part II: Risk Assessment (3–5 pages)
Because Pete compromised Winnie’s patient records, the hospital administrator tasks you with identifying other potential risks that the hospital and the primary care physicians may need to address to protect patient records.
Your risk assessment should:
- Identify risks to both electronic and paper patient records, and recommend remedies United General can put in place to protect the records from compromise.
- Create policy statements that comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations addressing access to and disclosure of electronic and paper patient records.
- Describe relevant training topics that will educate the staff on accessing and disclosing patient records.
Part III: Alignment with Regulatory Requirements (3–5 pages)
Winnie’s lawsuit refers to United General’s violation of patient record protection and privacy regulations as the prime cause of the problem. This has now opened United General to governmental inquiries as well as to federal lawsuits.
Write a 3–5 page APA style paper addressing the following:
- Review the requirements of the HIPAA regulations and identify areas in the case study that breached HIPAA regulations, remembering your analysis of the hospital’s policy manual—the policies applicable to patient record handling and disposal require an update to align with HIPAA regulations.
- Create policy statements that align with HIPAA regulations that address patient health care record handling and disposal.
- Describe relevant training topics for staff in order to educate them on the handling and disposal of patient records.
Part IV: Managerial Oversight (3–4 pages)
During Pete’s exit interview he states that he did not receive managerial direction or training in regard to accessing computer systems and online patient records. The hospital administrator reviews the management training manual and finds that the area detailing instructions that management needs to give to staff is sparse. The hospital administrator asks that you write a section of the management training manual to provide clear instructions for management oversight in the area of handling and accessing patient records. As part of managerial oversight of hospital staff, access to patient records should be restricted and only available to appropriate staff members. For instance, in this case study, Pete should not have had access to Winnie’s patient record.
This section of the management training manual should:
- Include clear instructions for management oversight in the area of handling and accessing patient records.
- Include policy statements for role-based security level access to patient records.
- Describe methods to set security levels for accessing patient records to support the policy statements.