Week 3: Health Data Breach Response Plan: A Managed Care Organization’s Comprehensive Plan (7 pages, 5 references)
As the Chief Privacy Officer (CPO) of a competitive managed care organization, you have been advised of a breach in the privacy, security and confidentiality of sensitive patient data that occurred at the hands of an employee who was a willing participant in a large identify theft ring. After a tip received from the FBI, a six (6) month investigation was conducted. The employee sold hundreds of health records over the span of three (3) years for an undisclosed amount of money. After immediate termination and prosecution, the next step is to develop a comprehensive HealthData Breach Response Plan, a project assigned to you by the CEO.
Deliverables: The final product to submit is a comprehensive plan that includes the following:
- Propose a data response plan that address the following:
- Step One: The organization’s response to the notification of a breach
- Step Two: Identify those responsible parties (by titles) to respond to the notification of breach and explain each of their roles in the process
- Step Three: Procedure(s) to confirm the occurrence of a breach & identify the involved scope/type of data involved
- Step Four: A three (3)-point system measure, to impact of the data breach & the action(s) taken for each level of impact
- Step Five: Data breach response and corrective practices
- Step Six: Monitor/test effectiveness of response and corrective practices
- Step Seven: Notification (public and customer (specify whether all customers are notified or just those impacted)
- Proposed annual schedule of conducted risk analysis (frequency) to access the organization’s susceptibility of data security risks and identify the identified person(s) to conduct the scheduled risks analysis
- Create a risk analysis data security checklist to identify human, technical, environmental, and natural threats
- Required checklist categories: identified threat, contributing factors, example of threat, the likeliness of occurrence and the potential impact to the organization (negative impacts)
- Determine a system to determine/rate the likeliness of occurrence and the potential impact to the managed care organization
- A list of specific resources in place to respond to a data breach
- Identification and the incorporation Health Insurance Portability and Accountability Act (HIPAA) security standards safeguards within the data response plan:
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
- Create an agenda of topics to present in an organization-wide employee training on the topic “What is My Role in the Prevention of an Organization’s Breach of Data”
Week 5: Ethics Training Module Development( 7 pages, 5 references)
You have been hired as an expert healthcare legal consult by large religious-based healthcare system to develop a training module on the topic of “Healthcare Ethics”. Recently the facility has experienced a number of negative blows to it’s overall public image due to a string of ethical violations that have occurred over the past five (5) years. Based on the terms of legal contract that you and the organization agreed upon, below are the specifications that the health system has requested to include within the module:
- Accompanying Materials
- Create an agenda that includes at minimum five (5) objectives as an measurement of effectiveness, the purpose of the training, along with the targeted audio (who will benefit from participating in the module)
- Layout of Module
- Design an actual forty-five (45) minute to one (1) hour virtual training module for departmental and organizational use on the topic of Healthcare Ethics (the intent is for a future mandatory automated training; therefore audio is required)
- Module can include clip art, links to additional sources
- Must include recorded audio of each presentation’s slide
- Topics must include at minimum discussion on the following: employees, patient care, importance, alignment with mission, vision of and values of the organization, define and discuss ethics, compare and contrast ethics, morals and values, it’s impact on decision making, measures to ensure employees practice and adhere to high ethical standards, impacts (financial, legal, reputation-wise in the event a issue occurs), outcome to expect in the event an employee is non-compliant.
- assess their knowledge and understanding throughout the completion of the module (at minimum incorporate three (3) – four (4) assessments that must include a post-assessment (final assessment)
- Incorporate real-life current healthcare ethics events as supporting evidence (for example, links to cases, news reports, article write ups etc.)
- To assess the level of knowledge and understanding of participants throughout the completion of the module, design at minimum three (3) – four (4) assessments (that must include a post-assessment (final assessment) periodically placed within the module
Performing the Role of a Compliance Officer Team Project
You are the very first compliance officer at a hospital system comprised of four hospitals and seven physician offices. The hospital system has a non-profit status. The chairman of the board wants to know more about your role and what you will be accomplishing for the hospital system. More importantly, he is very concerned about possible liability both enterprise wide and personal in nature. The Chairman also serves as the chief surgeon of the hospital system. Other members of the board include the COO, CEO, Attorney, an anesthesiologist, an oncologist, an accountant and a nurse manager.
Deliverables: (7 page paper, 5 references and 14 slides with speaker notes)
You were asked to draft a memo and corresponding presentation for the board of directors. The board needs you to present a paper and presentation addressing the following.
- What are your duties as a compliance officer? Why See: http://www.hcca-info.org/ Make the case that you should report to the Board of Directors.
- What is the Stark Law? Who does the law pertain to exactly? How does it differ from the Anti-Kickback Statute? See: http://oig.hhs.gov/compliance/provider-compliance-training/files/StarkandAKSChartHandout508.pdf
- Describe the exceptions to the Stark Law. Focus in on how the compensation agreement exception works. What is the rationale for it? Give an example of a fact pattern that will legally trigger the exception.
- Which federal agencies provide information and support regarding the Stark Law? Provide specific examples.
- What is a corporate integrity agreement? Find one that mentions either a Stark or Anti-Kickback violation. Which provider was cited? What was their penalty?
- Can the board of directors be held personally liable for Stark and/or Anti-Trust violations? What do they need to know to avoid personal exposure? Where can they learn more about their potential legal liability?
- Create a list of sources for future use: the CFR section, a law review article, links to federal websites, stakeholder associations for hospitals, one hospital website that describes their compliance program, a white paper or journal article and a news article.
Your submission must be submitted in the form of a typed double-spaced paper. The final draft of the paper shall consist of 7 pages (not to exceed 10 pages). The page count does not include the required APA formatted cover page, reference page and/or any graphical illustrations. Use headings to organize your paper. Legal citations should be used to the best of your ability.
For the corresponding presentation, you can use PPT or any tool of your choice. The professor will serve as the board of directors and will ask the team three questions. The length and focus of the presentation is a team decision. Remember that your audience is physicians and executives. How do you present to VIPs? Also, the objective of the PPT is to inform, advise, influence and convince. The presentation is not just a summary of the paper
Week Eight: Developing a Case Study Assignment (1 page, 2 references)
According to Merriam-Webster Dictionary, a case study may be defined as a published report about a person, group, or situation that has been studied over time; a situation in real life that can be looked at or studied to learn about something. For this particular assignment in HCAD 650, this time, you will be required to develop a 250-word count case study scenario related to any of the below topic of choice:
- Patient Consent
- Separation of Powers
- Professional Liability
Your case study must include at minimum four (4) accompanying questions. Your submission must include an APA-formatted cover sheet. Submit one (1) single document which includes the 1 page case study and the 4 questions at the end.