The College of St. Scholastica HIM 3132 Medicolegal Issues Unit 5 Breach Notification Risk Assessment Case Discussion: You are the new HIPAA Privacy Officer at a local clinic in Duluth, MN. The p

The College of St. Scholastica 

HIM 3132 Medicolegal Issues Unit 5 

Breach Notification Risk Assessment 

Case Discussion: 

You are the new HIPAA Privacy Officer at a local clinic in Duluth, MN.  The previous privacy officer was very organized and ran a great HIPAA Privacy Compliance Program.  Your first week on the job, you were analyzing old data breaches looking for trends or commonalities between the breaches.  You noticed that only the following information was being collected during the Data Breach Risk Assessment Process: 

• Date of the Data Breach
• Date of the Discovery of the Data Breach
• What information was breached
• Who breached the information (internally)
• Short description of the breach
• What was done to reduce another breach from happening
• Any workforce disciplines that resulted from the breach

Based on your previous role, you knew that there were additional data elements that should be collected during the breach risk assessment process.  You have been asked to create a new breach risk assessment form to make sure the clinic is collecting all the necessary information to comply with the regulation and report a data breach.   

Assignment Requirements  

1. Analyze the Data Breach Risk Assessment Requirements below:
   1. https://www.hhs.gov/hipaa/for-professionals/breach-notification/
   2. https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-securityguide.pdf (Chapter 7, page 56)
2. Analyze the HIPAA Audit Protocol to determine what information needs to be collected on the breach risk assessment – 164.402 Section (it helps if you use the find functionality and search “Risk Assessment.”)
   1. https://www.hhs.gov/hipaa/for-professionals/complianceenforcement/audit/protocol/
3. Review the information that is reported on the HHS Breach Notification Report (hint: all the elements on this reported are information that must be reported)
   1. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
4. Compare the current information that is being collected to discover what information is missing from the current data collection process of the HIPAA Breach Notification Risk Assessment
5. Create a Risk Assess Template that the organization will use to collect all the information necessary for a proper and complete
   1. Be creative in this process and create a form that will work for the organization and support evidence of the breach investigation and outcome

During this assignment, please make sure you don’t complete an actual breach reporting through the Department of Health and Human Services’ Portal. 

Grading Criteria: 

• 25 Points Possible
• Critical thinking for analyzing the different Breach Notification sources
• Comparison of the current process and the missing components
• Creation of the form
  • Usability
  • Identification
  • Core Components

MUST BE WRITTEN IN APA FORMAT 7TH EDITION

I don’t know if this helps but here are course’s textbooks 

Required Texts: 

Brodnik, M., McCain, M., Rinehart-Thompson, L., & Reynolds, R. (2017). Fundamentals of Law for Health Informatics and Information, 3rd Edition Edition, Management. Chicago: AHIMA. ISBN: 978-1-58426-530-6 AHIMA Product # AB241816 

Publication Manual of the American Psychological Association Edition: 7th Edition Author: American Psychological Association. ISBN: 9781433805615