ES 3

ExecutiveSummary9-1-21.docx

Executive Summary

This article discusses the importance of HIPAA and Privacy Act of 1974 compliance through the implementation of privacy policies within healthcare organization. The high rates of privacy law non-compliance is alarming and most healthcare organizations often end up being slapped with huge penalties. Furthermore, to ensure the security of patients’ information, which is an important aspect of healthcare, organizations need to enforce privacy policies. This article discusses the current organization’s privacy policy, its loopholes, correctional strategies, and policy revision recommendation.

Introduction

The main problem of interest to evaluate at the practice site is how medical records and sensitive patient data is handled, managed, and stored. If felt that there is a huge problem with how the health records and information management procedures are handled within the organization. Although there are guidelines and policies in place to protect medical records, some of the documents are often left lying around and they therefore can be accessed by unauthorized individuals (Mbonihankuye et al., 2019). Most of the healthcare professionals do not adhere to the privacy policy implemented in the organization and this is also a huge HIPAA law violation.

Objectives

The objective of this documentation is to highlight one of the main problems in the healthcare organization. The objective is to also come up with strategies and action programs that could lead to policy compliance by the organization’s workforce. The main aim of this documentation is to enforce the HIPAA and privacy laws within the organization.

Current Policy

The healthcare organization has privacy and confidentiality policies which forbid its employees from discussing or sharing patient statuses and information with third parties (Greenleaf, 2020). The organization’s privacy and confidentiality policy maintains the guidelines stipulated by the Privacy Act of 1974. The organization’s policy on patient records privacy and confidentiality protects individuals’ medical records and other identifiable information. This policy has also ensured that patients have the right to request for their medical records such as X-Ray scans whenever they need.

Organizations Affecting the Policy

The federal government, state government and the legislative agency have an influence on the privacy and HIPAA policy of organization. The federal and state governments work to enforce the laws passed by the legislative agency of the government. The federal and state governments work to ensure compliance. The legislative agency, on the other hand, works to make changes to the existing policy (Kim Theodos, 2021). The legislature may add other requirements in the privacy policy, enact them into law and ensure compliance.

Factors Affecting Policy Compliance

One of the main factors that may influence the policy is organizational culture. Organizational culture affects whether a workforce would comply with the policy or not. In the current organization I am in, the organizational culture does not value privacy issues. This therefore affects how individuals organize and manage patient records.

Literature Review

The failure to implement safeguards to ensure the availability, integrity, and confidentiality of medical records can be punishable by law since it is the basis of HIPAA violation. Therefore, the organizational policy on privacy covers some of the main aspects of HIPAA and the Privacy Act of 1974 thus ensuring compliance. This policy appropriately addresses the problem of law compliance by ensuring that every employee has read and understood the privacy laws, as an organizational requirement.

According to Greenleaf, (2020), The Privacy Act of 1974 has improved patient and provider interactions in the sense that patients have faith on their providers’ ability to keep their medical interactions confidential. Ensuring the privacy of patient interactions helps to promote effective communications between them and their providers (Greenleaf, 2020). The organizational privacy policy promotes quality patient care since when patients are able to talk more freely with their service providers, their issues can be properly addressed. Furthermore, according to Greenleaf, (2020), effective communication between patients and their providers also improved the workflow due to effective communication.

Strategies

The main strategies to address the problem of policy compliance is to implement safeguards. These safeguards may be physical, logical, or both. Physical safeguards include perimeter walls, locking server rooms, implementing physical access controls, and locking rooms when leaving. Logical controls include use of passwords, two step authentication procedures, antiviruses, and firewalls. In additional to implementing these safeguards, employees need to be trained on the importance of enforcing the safeguards and complying with the privacy laws (Arain et al., 2019).

Action Program

The actionable program is to deliberate and plan for the problem, implement training and sensitization programs, and finally access the effectiveness of the program before incorporating the feedback back to the plan.

Financial Expectation

To implement the solution, that is to install the safeguards and train the workforce, the budget would stand at $25,000. However, the solution would save the organization from financial penalties for non-compliance.

Recommended Policy Revision

The organization’s privacy policy should include a statement that mandates the conduction of periodic updates and security checkups by the IT department staff. This statement would ensure that there are no security loopholes in the information system. The policy should also be revised to ensure that all new personnel and interns are trained on the importance of maintaining the security and confidentiality of the patients’ health records (Arain et al., 2019). The training should include how to periodically change system passwords, how to handle sensitive information, and how to dispose medical records that are no longer needed.

Appendix A: Interview Transcript

Interviewer: Welcome and thank you for accepting to participate in this interview.

Interviewee: Thank you.

Interviewer: What is the main problem you would say your organization faces?

Interviewee: One of the main problems affecting the organization is ensuring that the HIPAA and Privacy Law of 1974 are enforced and adhered to by our employees.

Interviewer: How is the organization addressing the problem?

Interviewee: The organization is addressing the problem by ensuring that proper security controls are implemented to safeguard sensitive data.

Interviewer: What policies have been enforced to address the issue at organizational level?

Interviewee: The main policies that have been enforced include the organizational privacy policy.

Interviewer: What are the difficulties surrounding the policy

Interviewee: One of the main difficulties surrounding the policy include compliance. Most of the employees are not locking doors when leaving their offices and some are sharing patient information with unauthorized individuals.

Interviewer: What measures have been enforced to ensure policy compliance?

Interviewee: One of the main measures enforced include periodic training of the employees on the importance of policy compliance.

Interviewer: This has been an insightful interview. Thank you for your time.

Interviewee: You are welcome.

Appendix B: Media Materials for Implementation

$C:\Users\hp\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8860B708.tmp$

Image 1.0: Image of employees being trained on the importance of policy compliance.

References

Arain, M. A., Tarraf, R., & Ahmad, A. (2019). Assessing staff awareness and effectiveness of educational training on IT security and privacy in a large healthcare organization. Journal of multidisciplinary healthcare, 12, 73.

Greenleaf, G. (2020). California’s CCPA 2.0: Does the US finally have a data privacy Act?

Kim Theodos, J. D. (2021). Health Information Privacy Laws in the Digital Age: HIPAA Doesn’t Apply. Perspectives in Health Information Management, 1-11.

Mbonihankuye, S., Nkunzimana, A., & Ndagijimana, A. (2019). Healthcare data security technology: HIPAA compliance. Wireless Communications and Mobile Computing, 2019.