The College of St. Scholastica
HIM 3132 Medicolegal Issues Unit 5
Breach Notification Risk Assessment
You are the new HIPAA Privacy Officer at a local clinic in Duluth, MN. The previous privacy officer was very organized and ran a great HIPAA Privacy Compliance Program. Your first week on the job, you were analyzing old data breaches looking for trends or commonalities between the breaches. You noticed that only the following information was being collected during the Data Breach Risk Assessment Process:
- Date of the Data Breach
- Date of the Discovery of the Data Breach
- What information was breached
- Who breached the information (internally)
- Short description of the breach
- What was done to reduce another breach from happening
- Any workforce disciplines that resulted from the breach
Based on your previous role, you knew that there were additional data elements that should be collected during the breach risk assessment process. You have been asked to create a new breach risk assessment form to make sure the clinic is collecting all the necessary information to comply with the regulation and report a data breach.
- Analyze the Data Breach Risk Assessment Requirements below:
- https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-securityguide.pdf (Chapter 7, page 56)
- Analyze the HIPAA Audit Protocol to determine what information needs to be collected on the breach risk assessment – 164.402 Section (it helps if you use the find functionality and search “Risk Assessment.”)
- Review the information that is reported on the HHS Breach Notification Report (hint: all the elements on this reported are information that must be reported)
- Compare the current information that is being collected to discover what information is missing from the current data collection process of the HIPAA Breach Notification Risk Assessment
- Create a Risk Assess Template that the organization will use to collect all the information necessary for a proper and complete
- Be creative in this process and create a form that will work for the organization and support evidence of the breach investigation and outcome
During this assignment, please make sure you don’t complete an actual breach reporting through the Department of Health and Human Services’ Portal.
- 25 Points Possible
- Critical thinking for analyzing the different Breach Notification sources
- Comparison of the current process and the missing components
- Creation of the form
- Core Components
MUST BE WRITTEN IN APA FORMAT 7TH EDITION
I don’t know if this helps but here are course’s textbooks
Brodnik, M., McCain, M., Rinehart-Thompson, L., & Reynolds, R. (2017). Fundamentals of Law for Health Informatics and Information, 3rd Edition Edition, Management. Chicago: AHIMA. ISBN: 978-1-58426-530-6 AHIMA Product # AB241816
Publication Manual of the American Psychological Association Edition: 7th Edition Author: American Psychological Association. ISBN: 9781433805615
Expert Solution Preview
As the new HIPAA Privacy Officer at a local clinic in Duluth, MN, I am assigned to create a new breach risk assessment form to ensure that the clinic is collecting all the necessary information to comply with regulations and report a data breach.
To create a new breach risk assessment form in compliance with HIPAA regulations, the following steps should be followed:
1. Analyze the Data Breach Risk assessment requirements mentioned in the HHS website and the privacy and security guide. Comparing the requirements of the old form with that of the requirements mentioned in these documents will enable the collection of additional information required for reporting.
2. Analyze the Audit Protocol and determine the information that needs to be collected on the breach risk assessment, according to 164.402 Section. This information should be included in the new form.
3. Review the information presented on the HHS Notification Report to identify additional information need to be collected.
4. Identify the missing components of the current data collection process of the HIPAA Breach Notification Risk Assessment by comparing them with the new requirements.
5. Create a Risk Assessment Template that includes all the essential components, usability, and identification of the breach investigation and outcome. The form should be creative enough to work for the organization.
Therefore, following these steps, a new breach risk assessment form can be created, which will ensure that the information is collected in compliance with the HIPAA regulations.