12205 .1\" '5' [3' Llllb Udldl Group 2(Cybersecurity Part 1: Critical Analysis of the Law 1. Evaluate HIPAA security requirements for a security risk assessment (SRA). o How would you complete a security risk assessment that meets HIPAA security requirements? Outline it. o What physical, administrative, and technical safeguards would you recommend to keep data secure? 2. Evaluate HIT audits as a compliance tool. Describe an audit process you recommend that would meet the following criteria. 0 The audit is fair and unbiased and free from conflict of interest (1-2 points). 0 The audit results are effectively communicated to senior levels of the organization (1-2 strategies). 0 There is a process in place to correct any problems identified in the audit (1-2 actions). 1. How could a strong HIT audit system and the ACHE Code of Ethics serve to prevent the situation described in The Tracks We Leave: Chapter 9 Information Technology Setback: Heartland Health care System? Be specific and demonstrate understanding of the risks and how the compliance tool can be used specifically to control the risks. 8 learn.umgc.edu 1205 all "5\" C} Part 1: Critical Analysis of the Law 1. Evaluate medical record release requirements in litigation When should medical records be released? 0 Describe privileges and immunities that would protect records from release (one of each). 0 Describe how the medical record can be used as evidence and what information would be admissible. 0 Evaluate whether a medical record release in response to a medical record request of subpoena violates HIPAA. 2. Evaluate how you can balance the need to communicate via e-mail or text messaging with the HIPAA duty to keep personally identifiable information secure. 0 How would you balance HIPAA requirements with business necessities? Does e-mailing or texting violate HIPAA? Why or why not? 0 What policies and procedures would you put in place for e-mail and text messaging for a hospital (one of each)? Why? 3. Evaluate the relationship of a medical record retention policy, record destruction policies, and a litigation hold. 0 How does the litigation hold impact the other policies? 0 How can medical records, medical record retention and destruction, 3 learn.umgc.edu