1. Nicole Jiggetts
MHA 690: Health Care Capstone

2. 

Patient privacy and security are major concerns in the
health care industry.
The development of health information technology
software, electronic health records, cutting edge
Internet health services, and government regulations
establish distinct security challenges (Security and
Privacy of Electronic Medical Records, n.d.).

3. 


HIPAA “was designed to protect the privacy,
confidentiality, and security of patient information”
(Pozgar, 2012, p, 282).
Patient information and medical records are considered
protected health information.
The privacy standards under HIPAA refer to the
limitations placed on access to identifiable health
information and the use and disclosure of this
information. This includes electronic, paper, and oral
health information (Pozgar, 2012).

4. Examples of protected health information and
identifiable health information include:
 The mental or physical health of any patient
 Names and social security numbers of patients
 Medical record numbers and health plan beneficiary
numbers.
Past, present, or future health care diagnoses, treatments,
care plans, and overall medical history.


5. 
Confidentiality of health information is controversial
public policy issue due to a lack of compliance and
adherence to HIPAA guidelines, and insufficient
security regulations. According to the American
College of Healthcare Executives, “maintaining
confidentiality is difficult due to the increased risk of
unauthorized use, access, and disclosure of confidential
patient information that advancing information
technology creates” (Health Information
Confidentiality, 2012, para. 1).

6. 


Confidentiality, privacy, and security protocols were
disregarded at UCLA hospital.
Staff members breached security policies and did not
adhere to organization HIPAA laws or state laws.
Data breaches are costly and also damage the
credibility of a the entire organization.

7. 


Educate healthcare personnel on confidentiality and
data security requirements.
Confirm that confidentiality and security policies and
guidelines are coherent to HIPAA laws and
regulations.
Implement periodic data security audits and risk
assessments (Health Information Confidentiality,
2012, para. 8-9).

8. 





Review and modify privacy and security policies.
Updating employee training programs
Establish breach notification protocols
Assure authorized access of patient information
Monitor the access and disclosure of PHI
Develop an information protection strategy and
framework (Information Protection Framework, 2010,
p. 2).

9. 


These are steps every manager must take to ensure
compliance and adherence to privacy, security, and
confidentiality protocol.
Managers must also implement disciplinary measures
for staff members who violate these guidelines.
The protection of patient information is a requirement
in health care; ethically and legally (Security and
Privacy of Electronic Medical Records, n.d.).

10. 
Security and privacy of electronic medical records. (n.d.).
Nitrosecurity. Retrieved
http://www.himss.org/files/HIMSSorg/content/files/Securityan
dPrivacyofElectronicMedicalRecords.pdf

Pozgar, G. (2012). Legal aspects of health care administration
(11 ed.). Sudbury, Massachusetts: Jones and Bartlett.

Health information confidentiality. (2012). The American
College of Healthcare Executives. Retrieved from
http://www.ache.org/policy/hiconf.cfm

11. Information protection framework: Data security compliance
and today’s healthcare industry
(2010). At&t Business. Retrieved from
http://www.business.att.com/content/whitepaper/seccon_infopro
framework.pdf
2013 Privacy and security training: Putting the pieces
Together. (2013). Samaritan Health Services. Retrieved
from
http://www.samhealth.org/SiteCollectionDocuments/Edu
cation/MedEd_PoliciesTrainings/ConfidentialityTraining.
pdf