Description
You are tasked to analyze the use of information technology resources and assess the applicability to United General Hospital and the video scenario presented in this week’s Discussion. Your response to this assessment will be to write policy statements that address specific issues related to patient health care records and align with HIPAA regulations. Assess threats related to issues presented in the case study that United General Hospital must address.
Part I: Policy Manual Introduction (1–2 pages)
United General’s hospital administrator reviews the hospital’s policy manual and discovers that it inadequately addresses the area of patient records. The hospital administrator tasks you with reviewing the hospital policy manual and reporting on the thoroughness of its coverage of patient records. After a review of the policy manual, you report that the coverage of patient records is sparse and outdated. The hospital administrator then asks you to update the policy manual.
The policy manual introduction should include:
- An update to the manual’s introduction to include more depth in the area of patient records. As you write this section, describe the purpose of patient record protection and its importance to the organization.
- An explanation of the legal requirements for protecting patient health records.
Part II: Risk Assessment (3–5 pages)
Because Pete compromised Winnie’s patient records, the hospital administrator tasks you with identifying other potential risks that the hospital and the primary care physicians may need to address to protect patient records.
Your risk assessment should:
- Identify risks to both electronic and paper patient records, and recommend remedies United General can put in place to protect the records from compromise.
- Create policy statements that comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations addressing access to and disclosure of electronic and paper patient records.
- Describe relevant training topics that will educate the staff on accessing and disclosing patient records.
Part III: Alignment with Regulatory Requirements (3–5 pages)
Winnie’s lawsuit refers to United General’s violation of patient record protection and privacy regulations as the prime cause of the problem. This has now opened United General to governmental inquiries as well as to federal lawsuits.
Write a 3–5 page APA style paper addressing the following:
- Review the requirements of the HIPAA regulations and identify areas in the case study that breached HIPAA regulations, remembering your analysis of the hospital’s policy manual—the policies applicable to patient record handling and disposal require an update to align with HIPAA regulations.
- Create policy statements that align with HIPAA regulations that address patient health care record handling and disposal.
- Describe relevant training topics for staff in order to educate them on the handling and disposal of patient records.
Part IV: Managerial Oversight (3–4 pages)
During Pete’s exit interview he states that he did not receive managerial direction or training in regard to accessing computer systems and online patient records. The hospital administrator reviews the management training manual and finds that the area detailing instructions that management needs to give to staff is sparse. The hospital administrator asks that you write a section of the management training manual to provide clear instructions for management oversight in the area of handling and accessing patient records. As part of managerial oversight of hospital staff, access to patient records should be restricted and only available to appropriate staff members. For instance, in this case study, Pete should not have had access to Winnie’s patient record.
This section of the management training manual should:
- Include clear instructions for management oversight in the area of handling and accessing patient records.
- Include policy statements for role-based security level access to patient records.
- Describe methods to set security levels for accessing patient records to support the policy statements.
Note: The paper should be 10–16 pages, not including the title and reference pages. Your Assignment must be written in standard edited English. Be sure to support your work with 4–6 specific citations from this week’s Learning Resources and additional scholarly sources as appropriate. Refer to the Essential Guide to APA Style for Walden Students to ensure that your in-text citations and reference list are correct. Your Assignment should show effective application of triangulation of content and resources to show your conclusion and recommendations. See the Week 9 Assignment Rubric for additional requirements related to research and scholarly writing.

Explanation & Answer

Attached.
United General Hospital Patient Information Policy
I.
Part 1: Policy Manual Introduction
a. Importance of Patient Record Protection
b. Legal Requirements for Protecting Patient Health Records
II.
Part II: Risk Assessment
a. Possible Risks to both Electronic and Paper Patient Records
b. United General Hospital Privacy and Security Policy Statement in Addressing
Access to and Disclosure of Electronic and Paper Patient Records
c. Relevant Training topic for Staff on Accessing and Handling of Patient Record
III.
Part III: Alignment with Regulatory Requirements
a. The requirement by HIPAA Regulations
b. Areas of HIPAA Regulation that United General Hospital Breached
c. United General Hospital Privacy and Security Policy Statement
d. Relevant Training topic for Staff on Handling and Disposal of Patient Record
IV.
Part IV: Managerial Oversight
a. Management oversight in the area of handling and accessing patient records
b. Policy statements for role-based security level access to patient records.
c. Methods to set security levels for accessing patient records to support the policy
statements
Running head: PROTECTING PATIENT INFORMATION
United General Hospital Patient Information Policy
Student’s Name
Institutional Affiliation
1
PROTECTING PATIENT INFORMATION
2
United General Hospital Patient Information Policy
Part 1: Policy Manual Introduction
This manual provides the updated patient data policy for United General Hospital aimed
at enhancing the Hospital’s information privacy. This includes protection of patient records to
avoid possible information breach, which is often very expensive for a health facility. The
purpose of the revised manual is to offer updated regulations on accessibility and the extent to
which staff should use or share patient information stored in the hospital HIT. Besides, the
revised data protection manual aligns and complies with the provided regulations by the HIPAA
and HITECH Acts and includes security measures taken by the healthcare to increase the
security of sensitive institutional and patient record information.
Significance of Patient Record Protection
It is important to note that the updated policy will heighten the ability of the hospital to
i.
Increased trust between patient and physician
ii.
Promote the alleviation of patient stigma and discrimination by avoiding instances of
the data breach.
iii.
Promote and instill public confidence and trust with the health services offered by
United General Hospital.
Legal Needs for Protecting Patient Records
Privacy of patient data is a requirement both the states rules and guidelines that require
consideration before disclosure of patient health data. The legal needs guarding patient health
records hold and provide a patient with rights to accessing and restricting the utilization and
disclosure of the PHI (AHIMA, 2018). The legal needs for guarding the patient health
documentation include
PROTECTING PATIENT INFORMATION
i.
3
Privacy rule is one of the legal requirements that the hospital must comply with that
governs the protection of patient data under the HIPAA act. The confidentiality rules
establish the national standards aimed at protecting patient medical records as well as
other forms of health information. Under the legal requirement, the hospital requires
implementing necessary defends to safeguard the privacy of patient health data stored
in the hospital's Electronic Health Record System (EHRs). This includes setting limits
and essential conditions when a health provider can use or disclose personal health
information without patient auth...
