The objective of the course project is to tie together all the TCOs in a comprehensive manner, while giving students the chance to take on the role of Privacy Officer.
For your course project, you will play the role of a Privacy Officer. You have been asked by management to develop the content of an organization’s security and privacy training and awareness program. You will select privacy and security topics that need to be communicated to all workforce members, and you will develop a plan. In addition, you will create a presentation to introduce your proposal.
Medical Center of DeVry is a leading healthcare organization specializing in pediatric healthcare and has an expanded network of physicians and pediatric specialists. It is the beginning of the fiscal budgetary year, and all assessments, improvement projects, and proposals are due within the next 30 days. As Privacy Officer, you will have to create a privacy and security plan. This process will consist of three components: an assessment of the organization, a training and awareness program, and a communication plan.
The purpose of the assessment is to review the current condition and the effectiveness of your privacy and security program in order to move forward with HIPAA’s privacy and security requirements.
Once the assessment is complete, you will use the results to make a decision about improvement tools, and you will create a training and awareness plan. The purpose of the training and awareness plan is to bring awareness to the organization for a collaborative effort in improving the privacy and security of the facility. The plan will, preferably, focus on areas that need special attention, such as issues related to HIPAA compliance, including physical safeguards.
Once both the assessment and the training and awareness plan are complete, you will then need to develop communication tools to convey to the rest of the organization.
You completed your assessment and found that several policies are out of date or are missing critical elements. You submitted a plan to management, and management has approved your proposed actions to implement two new policies, to create two reporting tools to ensure easy compliance with the new policies, and to train employees on the new policies and tools. Following the directions below, create the new policies, reporting tools, and inform staff of training. Once you have completed these three elements, compile all the information into a fifteen minute presentation that you will give to management discussing your overall findings, policies, tools, and the training conducted.
Based on your review, you determined that specific polices related to incident reporting and physical safeguards need revising. Develop two separate policies, using the template below, to address the following topics.
Address what types of incidents should be reported to include:
Inappropriate use of a computer
Release of information to patients and outside agencies or individuals without authorization
Address the expectations for reporting to include:
Time Frame in which employees need to report
How employees will report
Outline the procedures for reporting incidents to include:
Who receives complaints
How complaints are investigated
How notification to affected individuals occurs
Securing workstations to include:
Auto lock feature
Securing equipment, such as laptops
Record disposal to include:
Electronic media such as hard drives and CDs
Use the following template:
B. Reporting Tools
After completing the policies and procedures, you determine that it will be useful to develop some new tools to reinforce compliance of the revised policies and procedures.
Your reporting tools should consist of the following:
An incident reporting form that includes the following elements:
Date of incident;
Type of complaint or incident;
Complaint details; and
Staff questioned or involved.
A checklist for security staff to use for audits and compliance that includes the following elements:
Media disposal; and
C. Communication Tools
Communicate the new policies and tools to employees of the organization. This will be helpful in training employees in order to have direction on privacy and security efforts for the year.
Your two communication tools could be in the following format:
A flyer, brochure, intranet announcement, e-mail, handout, poster, or other form of communication.
In addition, your communication tools need to address:
Why training is being provided;
Dates of training; and
Location of training.
You now have to prepare a presentation of your findings and overall evaluation of the privacy and security program for the executive leaders. The presentation should be 15 minutes in length, with approximately 15-20 slides. Your presentation should include privacy and security plan details such as
the purpose of plan;
what your assessment revealed, that is, problems identified;