Technology

Section 1 - State Overview of HIPAA Privacy Rule
The Health Insurance Portability and Accountability Acts privacy rule sets out the ways, means, and standards that ought to be followed in seeking to have the records of individuals, especially those regarding their private or personal health, protected or kept in privacy. The rule applies to most health care institutions that in one way or another handle information on patients, and more so where such information is in electronic form and so capable of being transmitted in electronic means. It requires that protection is given to private information at all costs. This is to be done without the permission of the patient and it is the same rule that gives patients the sole right to have access to their personal health information as and when they require it. In essence, although the rule requires that health care institutions through their relevant staff or professionals are accountable to the privacy of personal health information as well as any other private information they are supposed to give such information to the owner on request.

Section 2  Respond to the following questions.
1. Steering Committee  Who would you include on the steering committee that is responsible for ongoing HIPAA privacy compliance Who should lead this committee

The steering committee will have to be inclusive of the leading people in every department of the hospital. This is because having records and personal information will entail involving all these departments. Therefore, departmental heads for every department will have to be in the steering committee. Although it is not a real issue who heads the committee, it is critical that such a person is able to have a clear, concise, and succinct understanding of not only the hospital operations but also the HIPAA requirements as well. Given that the departmental heads have expertise in only one or two areas of that touch on the privacy matters of patients, it will be unwise to have any lead this committee. Instead, I will have to lead it myself because I have expertise in this area and can lead offer consultancy. In addition, the key experts in legal affairs, technology, compliance, and the CIO herself will have to be on the committee even if it is as ex-officio members.

2. HIPAA Education - What type of ongoing education activities would you provide for the workforce of this organization to facilitate compliance with the HIPAA Privacy rule How would you implement these activities

The education that will be offered will include the provisions of the HIPAA, with a particular emphasis on its privacy rule. Then there will be education on the importance of the privacy of personal information not only for the benefit of the individual but more so for that of the hospital. Every member will be educated on how to go about this tedious process in ones own department, and how each one will manage to keep this process an ongoing one, having informed the staff under ones department of the expectations of the hospital on them as far as privacy of personal information is concerned. To ensure such activities are implemented, I would have specific training or education days for different departmental leaders and those senior officers under them so that once they are trained they can individually train their juniors. In the end, all staff will have this education.

3. Business Associates - How would you ensure that you have identified all of the organizations current business associates and developed business associate agreements with them

I would identify and develop agreements with all the business associates of the organization by planning an associates workshop, seminar, or conference where they are all invited to share in and be a part of the organizations endeavors in the field of HIPAA compliance. Every associate will be inclined to be associated with an achieving and successful organization and developing business agreements with such might entail guaranteeing them that they are bound to benefit themselves and the organization if they become part of the program.

4. HIPAA Compliance - What process would you use to update these policies and procedures How frequently would you update them How would you ensure that they continue to be valid and HIPAA compliant

To update these policies, I would use a practical approach where organized workshops will be ongoing for as long as the policies are still not understood fully by all. This will be done on a monthly basis through retreats when people are not bound by duty. To ensure the policies are valid and comply with HIPAA, I will keep updating them over time, especially the time between successive meetings.