Compliance Audit in Action

profileisdory
Home>Homework Answsers>English homework help
case

 

Compliance Audit in Action

  • a year ago
  • 15
Report issue
files (1)

Module7.docx

Module 5: Compliance Audit in Action

For this assignment, you will need to review the Case Study presented perform a compliance audit to determine gaps in privacy and security compliance.

 Expand AllPanels Collapse AllPanels

Case Study

DeVry Medical Group provides primary care, pediatric care, and urology services. Recently, the Medical Group implemented an electronic health record system that interfaces with their laboratory management system for streamlined syncing of patient lab results in their charts. Post implementation, concerns have come about on the quality of the privacy and security measures in place. As the Privacy & Security Officer, you have determined that a compliance audit is needed to ensure DeVry medical Group is in compliance with HIPAA regulations.

The compliance audit has revealed potential compliance issues related to the new electronic health record system, there are inadequate access controls, lack of encryption for data transmittals, and less than half of the employees on staff have been trained properly on privacy and security measures.

Action Plan

You are tasked with identifying the gaps and proposing strategies to assist with being compliant with HIPAA Privacy and Security Rules.

Steps you will complete as part of your proposed strategies to meet HIPAA compliance:

1. Assess the access control mechanisms for the electronic health record to determine that patient data is accessible only to authorized personnel.

2. Evaluate data protection measures, including encryption protocols for data at rest and data in transit.

3. Review the employee training programs on the use of the electronic health record and HIPAA compliance.

4. Propose strategies to correct issues you have identified during steps 1-3.

Your deliverable method can be either in the form of a half-page to full page proposal or PowerPoint slides that outline each of the strategies you are proposing with an action plan for implementing them. For PowerPoint slides, the slides should outline your key points/recommendations and utilize the Notes section under your slides to provide complete sentences for your report as if you were presenting to a board for approval to implement.

Note: If you utilize your textbook or any references to support your recommendations, provide a reference list.

Action

Select the Start Assignment button to begin.

Once you have uploaded your file, select Submit Assignment.

Rubric

M5 Compliance Audit in Action

M5 Compliance Audit in Action

Criteria

Ratings

Pts

This criterion is linked to a Learning OutcomeParameter

Parameters Paper Option -Uses standard double-spacing without extra spaces between bullets or paragraphs -Minimum length 1/2 page, maximum length 1 page -Free of grammatical & spelling errors -Uses APA in-text citations and reference list IF applicable PowerPoint Option -No more than 5 bullets per slide -Keep slides uncluttered so easy to follow -Notes Section of slides should contain a detailed outline of what slide is presenting (speaker notes) -Free of grammatical & spelling errors -Uses APA in-text citations and reference list on a reference slide IF applicable

5 pts

Meets or Exceeds

Student submission clearly encompasses all of PowerPoint presentation parameters -Minimum of 5 content slides, Maximum of 8 content slides -Includes a title slide -Includes a reference slide if needed -Presentation developed from perspective as if being presented to the board -No more than 5 bullets per slide -Keep slides uncluttered so easy to follow -Includes use of graphical representations to give visual emphasis & credibility to presentation -Notes Section of slides should contain a detailed outline of what slide is presenting (speaker notes) -Free of grammatical & spelling errors -Uses APA in-text citations and reference list on a reference slide IF applicable

3 pts

In Progress

Student submission clearly encompasses all paper or PowerPoint parameters -Free of grammatical & spelling errors -Uses APA in-text citations and reference list IF applicable

1 pts

Little Evidence

Student submission does not clearly meet the paper or PowerPoint parameters -Has 4 or more grammatical & spelling errors -does not use APA in-text citations and reference list IF applicable

0 pts

No Evidence

Student submission clearly does not meet the required Parameters

5 pts

This criterion is linked to a Learning OutcomeControl Mechanisms

Control Mechanisms -Assesses control mechanisms in place or in absence of control mechanisms identifies what should be in place CO5

7 pts

Meets or Exceeds

Student submission provides clear summary of current or lacking control mechanisms for accessing patient data

5 pts

In Progress

Student submission mostly provides a summary of current or lacking control mechanisms for accessing patient data – may be missing pertinent information

2 pts

Little Evidence

Student submission is off topic for control mechanisms or does not identify current or lacking control mechanisms for accessing patient data

0 pts

No Evidence

Student submission does not clearly meet the expectations for identifying control mechanisms for accessing patient data

7 pts

This criterion is linked to a Learning OutcomeData Protection Measures

Data Protection Measures -Addresses encryption protocols for data at rest -Addresses encryption protocols for data in transit -Any other potential deficiencies CO5

7 pts

Meets or Exceeds

Student submission on Data Protection Measures clearly -Addresses encryption protocols for data at rest -Addresses encryption protocols for data in transit -Any other potential deficiencies

5 pts

In Progress

Student submission on Data Protection Measures mostly -Addresses encryption protocols for data at rest -Addresses encryption protocols for data in transit -Any other potential deficiencies

2 pts

Little Evidence

Student submission on Data Protection Measures does not all issues -Data at Rest -Data in Transit -Any other potential deficiencies

0 pts

No Evidence

Student submission on Data Protection Measures clearly does not meet expectations or nothing submitted

7 pts

This criterion is linked to a Learning OutcomeTraining Programs

Training Programs -Findings of review on training program deficiencies encompasses assessment on proper use/protocols on electronic health record and HIPAA compliance CO5

7 pts

Meets or Exceeds

Student submission on Training Programs clearly addresses findings of review on training program deficiencies and encompasses assessment on proper use/protocols on electronic health record and HIPAA compliance

5 pts

In Progress

Student submission on Training Programs mostly addresses findings of review on training program deficiencies and encompasses assessment on proper use/protocols on electronic health record and HIPAA compliance but may be lacking details

2 pts

Little Evidence

Student submission on Training Programs is off topic or does not clearly address findings of a review covering training program deficiencies relating to use/protocols on electronic health record and/or HIPAA compliance

0 pts

No Evidence

Student submission clearly does not meet expectations on addressing training program review findings or nothing submitted

7 pts

This criterion is linked to a Learning OutcomeStrategy Proposals

Strategy Proposals Proposes strategies to correct issues on -Access control mechanisms for electronic health records -Data protection measurs -Employee training programs CO5

9 pts

Meets or Exceeds

Student submission of Proposed Strategies clearly addresses ways to correct issues on -Access control mechanisms for electronic health records -Data protection measurs -Employee training programs

6 pts

In Progress

Student submission of Proposed Strategies mostly addresses ways to correct issues on -Access control mechanisms for electronic health records -Data protection measurs -Employee training programs

3 pts

Little Evidence

Student submission of Proposed Strategies is off topic or does not clearly give a minimum of 2 risks with the greatest potential impact or is proposing strategies for risks that are not the highest priority based on potential impact

0 pts

No Evidence

Student submission does not clearly meet expectations to provide recommendations for threats or nothing is submitted

9 pts

Total Points: 35