Module 2: A Case for Analyzing Privacy Violations
For this assignment, you will need to review the Case Study presented and assess the impact of the data breach that occurred under your third-party vendor’s system and provide a short report of your conclusions, corrective actions to take, and policy change recommendations.
Expand AllPanels Collapse AllPanels
Case Study
As the Privacy Officer for a mid-sized healthcare organization, it has been identified that the organization has suffered a breach when a third-party vendor’s system was compromised. When the third-party vendor provided billing services to your patients for all services provided for the past 60-days, a breach resulted in unauthorized access to patient billing information, including names, addresses, and social security numbers. The investigation into the breach provided insight that the third-party vendor did not have ample security measures in place. Unfortunately, the healthcare organization did not conduct their due diligence of ensuring that there were regular audits being performed and that there were strong security measures in place. As a result of this lapse in follow through, the discovered breach exposed the personal and financial information of hundreds of patients.
Action Plan
As the Privacy Officer, you have been tasked with digging deeper into the privacy breach that just occurred and to make corrective action recommendations, as well as provide a proposal of changes to the policies and procedures to prevent similar data breaches from occurring in the future. You should focus on the aspect of the vendor management and compliance with HIPAA regulations.
Steps you will complete the following as part of your report:
1. Assess the HIPAA Privacy Rule violations relevant to the third-party vendor management and the protection of patient information. What are your conclusions?
2. Based upon the breach investigation findings, provide a list of corrective actions that should be taken to improve the security measures and for the oversight of the third-party vendor.
3. Provide a recommendation of policy changes that would better support vendor management practices and ensure adherence to compliance with privacy regulations.
Your deliverable method can be either in the form of a half-page to full page report or PowerPoint slides that outline your recommendations for updating/revising the organization’s privacy policy that includes a proposed corrective action plan of what is needed to prevent additional breaches from occurring.
Note: If you utilize your textbook or any references to support your recommendations, provide a reference list.
Action
Select the Start Assignment button to begin.
Once you have uploaded your file, select Submit Assignment.
Rubric
M2 A Case for Analyzing Privacy Violations
M2 A Case for Analyzing Privacy Violations |
Criteria |
Ratings |
Pts |
This criterion is linked to a Learning OutcomeParameters Parameters
Paper Option
-Uses standard double-spacing without extra spaces between bullets or paragraphs
-Minimum length 1/2 page, maximum length 1 page
-Free of grammatical & spelling errors
-Uses APA in-text citations and reference list IF applicable PowerPoint Option
-No more than 5 bullets per slide
-Keep slides uncluttered so easy to follow
-Notes Section of slides should contain a detailed outline of what slide is presenting (speaker notes)
-Free of grammatical & spelling errors
-Uses APA in-text citations and reference list on a reference slide IF applicable |
7 pts
Meets or Exceeds Student submission clearly encompasses all paper or PowerPoint parameters -Free of grammatical & spelling errors -Uses APA in-text citations and reference list IF applicable |
5 pts
In Progress Student submission mostly meets paper or PowerPoint parameters -1-3 grammatical & spelling errors -Uses some APA in-text citations and reference list IF applicable |
2 pts
Little Evidence Student submission does not clearly meet the paper or PowerPoint parameters -Has 4 or more grammatical & spelling errors -does not use APA in-text citations and reference list IF applicable |
0 pts
No Evidence Student submission clearly does not meet the required Parameters |
| 7 pts |
This criterion is linked to a Learning OutcomeHIPAA Privacy Rule HIPAA Privacy Rule
-Clearly identifies any violations relevant to the third-party vendor management
CO2 |
9 pts
Meets or Exceeds Student submission clearly provides for any violations relevant to the third-party vendor management |
6 pts
In Progress Student submission mostly identifies the violations relevant to the third-party vendor management |
3 pts
Little Evidence Student submission is off topic or does not clearly identify the violations relevant to the third-party vendor management |
0 pts
No Evidence Student submission does not clearly meet compliance issue audit findings or nothing submitted |
| 9 pts |
This criterion is linked to a Learning OutcomePolicy Changes Policy Changes
-Clearly identified policy changes that would support vendor management practices
-A plan for meeting compliance with privacy regulations
CO2 |
9 pts
Meets or Exceeds Student submission clearly identified policy changes that would support vendor management practices -A plan for meeting compliance with privacy regulations |
6 pts
In Progress Student submission mostly contains identified policy changes that would support vendor management practices -A plan for meeting compliance with privacy regulations |
3 pts
Little Evidence Student submission does not clearly provide policy changes for vendor management practices or a plan for meeting compliance with privacy regulations |
0 pts
No Evidence Student submission does not clearly meet a security measure assessment or nothing submitted |
| 9 pts |
This criterion is linked to a Learning OutcomeCorrective Actions Corrective Actions
-Provides a clear list of corrective actions that should be taken to improve security measures and oversight of third-party vendors
CO2 |
10 pts
Meets or Exceeds Student submission has clear list of corrective actions that should be taken to improve security measures and oversight of third-party vendors |
7 pts
In Progress Student submission contains a mostly clear list of corrective actions that should be taken to improve security measures and oversight of third-party vendors compliance deficiencies |
4 pts
Little Evidence Student submission may be slightly off topic or does not clearly provide list of corrective actions that should be taken to improve security measures and oversight of third-party vendors |
0 pts
No Evidence Student submission does not clearly give a list of corrective actions or nothing is submitted |
| 10 pts |
Total Points: 35 |
