Breach and Risk Mitigation

Overview

The final project for this course will be submitted in two pieces. The first part of the project will be a risk analysis, and the second part will be a security policy. Healthcare has become a huge business that requires the management of information at the most intricate levels of granularity. This is done best when information is managed, maintained, and protected by health information management (HIM) professionals. The protection and security of personal health information within the business setting is driven by regulatory requirements. This course is designed to examine the regulatory requirements that help to incentivize and drive compliance with specific criteria associated with privacy and security expectations. This course takes you through the journey of the data life cycle. You will evaluate how the HIM professional assesses risks in the creation, storage, and disclosure of data to prevent any violation of regulatory requirements or exposure of the information. When violations occur, the HIM professional needs to be able to take certain steps to evaluate gaps in the protection of the information and the approaches the organization will need to take to mitigate against further exposure or risks.

For this piece of the final project, you will take on the role of the HIM director within the Utah Department of Health (UDOH), where there has been a health information data breach. You will develop a risk analysis based on the information in the scenario provided to you. The project is divided into two milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules One and Four. The final project will be submitted in Module Five.

Prompt

Specifically, the following critical elements must be addressed:

1. Access: In this section, you will identify those involved with the breach and the responsibilities associated with mitigation of risk.
   1. Determine the Promoting Interoperability and Minimum Necessary of stakeholder access (including third-party vendors) to the breached health information and support your response with examples.
   1. Describe the roles and responsibilities of those who will participate in the risk analysis and mitigation of the breach.

1. Rating: In this section, you will weigh the impact that this breach will have and the potential for future risk.
   1. Explain whether the levels of access and disclosure to the health information are in compliance with health information regulations, and defend your answer.
   1. In relation to securing health information in patient portals, examine potential impacts on patient engagement as a result of the data breach.