Module 5: Compliance Audit in Action
For this assignment, you will need to review the Case Study presented perform a compliance audit to determine gaps in privacy and security compliance.
Expand AllPanels Collapse AllPanels
Case Study
DeVry Medical Group provides primary care, pediatric care, and urology services. Recently, the Medical Group implemented an electronic health record system that interfaces with their laboratory management system for streamlined syncing of patient lab results in their charts. Post implementation, concerns have come about on the quality of the privacy and security measures in place. As the Privacy & Security Officer, you have determined that a compliance audit is needed to ensure DeVry medical Group is in compliance with HIPAA regulations.
The compliance audit has revealed potential compliance issues related to the new electronic health record system, there are inadequate access controls, lack of encryption for data transmittals, and less than half of the employees on staff have been trained properly on privacy and security measures.
Action Plan
You are tasked with identifying the gaps and proposing strategies to assist with being compliant with HIPAA Privacy and Security Rules.
Steps you will complete as part of your proposed strategies to meet HIPAA compliance:
1. Assess the access control mechanisms for the electronic health record to determine that patient data is accessible only to authorized personnel.
2. Evaluate data protection measures, including encryption protocols for data at rest and data in transit.
3. Review the employee training programs on the use of the electronic health record and HIPAA compliance.
4. Propose strategies to correct issues you have identified during steps 1-3.
Your deliverable method can be either in the form of a half-page to full page proposal or PowerPoint slides that outline each of the strategies you are proposing with an action plan for implementing them. For PowerPoint slides, the slides should outline your key points/recommendations and utilize the Notes section under your slides to provide complete sentences for your report as if you were presenting to a board for approval to implement.
Note: If you utilize your textbook or any references to support your recommendations, provide a reference list.
Action
Select the Start Assignment button to begin.
Once you have uploaded your file, select Submit Assignment.
Rubric
M5 Compliance Audit in Action
|
M5 Compliance Audit in Action
|
|
Criteria
|
Ratings
|
Pts
|
|
This criterion is linked to a Learning OutcomeParameter
Parameters
Paper Option
-Uses standard double-spacing without extra spaces between bullets or paragraphs
-Minimum length 1/2 page, maximum length 1 page
-Free of grammatical & spelling errors
-Uses APA in-text citations and reference list IF applicable
PowerPoint Option
-No more than 5 bullets per slide
-Keep slides uncluttered so easy to follow
-Notes Section of slides should contain a detailed outline of what slide is presenting (speaker notes)
-Free of grammatical & spelling errors
-Uses APA in-text citations and reference list on a reference slide IF applicable
|
|
5 pts
Meets or Exceeds
Student submission clearly encompasses all of PowerPoint presentation parameters -Minimum of 5 content slides, Maximum of 8 content slides -Includes a title slide -Includes a reference slide if needed -Presentation developed from perspective as if being presented to the board -No more than 5 bullets per slide -Keep slides uncluttered so easy to follow -Includes use of graphical representations to give visual emphasis & credibility to presentation -Notes Section of slides should contain a detailed outline of what slide is presenting (speaker notes) -Free of grammatical & spelling errors -Uses APA in-text citations and reference list on a reference slide IF applicable
|
3 pts
In Progress
Student submission clearly encompasses all paper or PowerPoint parameters -Free of grammatical & spelling errors -Uses APA in-text citations and reference list IF applicable
|
1 pts
Little Evidence
Student submission does not clearly meet the paper or PowerPoint parameters -Has 4 or more grammatical & spelling errors -does not use APA in-text citations and reference list IF applicable
|
0 pts
No Evidence
Student submission clearly does not meet the required Parameters
|
|
5 pts
|
|
This criterion is linked to a Learning OutcomeControl Mechanisms
Control Mechanisms
-Assesses control mechanisms in place or in absence of control mechanisms identifies what should be in place
CO5
|
|
7 pts
Meets or Exceeds
Student submission provides clear summary of current or lacking control mechanisms for accessing patient data
|
5 pts
In Progress
Student submission mostly provides a summary of current or lacking control mechanisms for accessing patient data – may be missing pertinent information
|
2 pts
Little Evidence
Student submission is off topic for control mechanisms or does not identify current or lacking control mechanisms for accessing patient data
|
0 pts
No Evidence
Student submission does not clearly meet the expectations for identifying control mechanisms for accessing patient data
|
|
7 pts
|
|
This criterion is linked to a Learning OutcomeData Protection Measures
Data Protection Measures
-Addresses encryption protocols for data at rest
-Addresses encryption protocols for data in transit
-Any other potential deficiencies
CO5
|
|
7 pts
Meets or Exceeds
Student submission on Data Protection Measures clearly -Addresses encryption protocols for data at rest -Addresses encryption protocols for data in transit -Any other potential deficiencies
|
5 pts
In Progress
Student submission on Data Protection Measures mostly -Addresses encryption protocols for data at rest -Addresses encryption protocols for data in transit -Any other potential deficiencies
|
2 pts
Little Evidence
Student submission on Data Protection Measures does not all issues -Data at Rest -Data in Transit -Any other potential deficiencies
|
0 pts
No Evidence
Student submission on Data Protection Measures clearly does not meet expectations or nothing submitted
|
|
7 pts
|
|
This criterion is linked to a Learning OutcomeTraining Programs
Training Programs
-Findings of review on training program deficiencies encompasses assessment on proper use/protocols on electronic health record and HIPAA compliance
CO5
|
|
7 pts
Meets or Exceeds
Student submission on Training Programs clearly addresses findings of review on training program deficiencies and encompasses assessment on proper use/protocols on electronic health record and HIPAA compliance
|
5 pts
In Progress
Student submission on Training Programs mostly addresses findings of review on training program deficiencies and encompasses assessment on proper use/protocols on electronic health record and HIPAA compliance but may be lacking details
|
2 pts
Little Evidence
Student submission on Training Programs is off topic or does not clearly address findings of a review covering training program deficiencies relating to use/protocols on electronic health record and/or HIPAA compliance
|
0 pts
No Evidence
Student submission clearly does not meet expectations on addressing training program review findings or nothing submitted
|
|
7 pts
|
|
This criterion is linked to a Learning OutcomeStrategy Proposals
Strategy Proposals
Proposes strategies to correct issues on
-Access control mechanisms for electronic health records
-Data protection measurs
-Employee training programs
CO5
|
|
9 pts
Meets or Exceeds
Student submission of Proposed Strategies clearly addresses ways to correct issues on -Access control mechanisms for electronic health records -Data protection measurs -Employee training programs
|
6 pts
In Progress
Student submission of Proposed Strategies mostly addresses ways to correct issues on -Access control mechanisms for electronic health records -Data protection measurs -Employee training programs
|
3 pts
Little Evidence
Student submission of Proposed Strategies is off topic or does not clearly give a minimum of 2 risks with the greatest potential impact or is proposing strategies for risks that are not the highest priority based on potential impact
|
0 pts
No Evidence
Student submission does not clearly meet expectations to provide recommendations for threats or nothing is submitted
|
|
9 pts
|
|
Total Points: 35
|
