Protecting Patient Information: Ensuring Confidentiality and Integrity
VerifiedAdded on  2019/10/18
|22
|4093
|283
Report
AI Summary
The assignment content discusses various ethical, legal, and regulatory frameworks for the EHR system of a clinic. Twenty aspects were covered, including HIPAA Privacy Rule, HIPAA Security Rule, Business Associate Contracts, Authentication, Authorization, Encryption, Technical Safeguards, Healthcare Ethical Principles, and more. The most difficult issue was found to be data comprehensiveness, which requires constant monitoring and training to ensure timely updates of patient records.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
EHR System
Introduction and Section I + II
Introduction and Section I + II
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Introduction................................................................................................................................2
I. Organizational Analysis and Requirements (Stage 1)............................................................2
A. Introduction.....................................................................................................................2
B. Strategic Use of Technology...........................................................................................3
C. Components of an Information System...........................................................................3
D. Functional Requirements................................................................................................5
E. Summary.........................................................................................................................6
II. Sharing Data..........................................................................................................................7
A. Introduction.......................................................................................................................7
B. Need to Share Data............................................................................................................7
B.1. External Organization #1 and purpose of communication..........................................7
B.2. External Organization #2 and purpose of communication..........................................7
C. Types of Data to be shared................................................................................................8
D. Data Interchange Standards...............................................................................................9
D.1. External Organization #1: Laboratories......................................................................9
D.2. External Organizaiton #2: Health Insurance Providers............................................10
E. Summary..........................................................................................................................10
III. Ethical, Legal and Regulatory Policy Issues......................................................................10
A. Introduction.....................................................................................................................10
B. Table of Ethical, Legal and Regulatory Policy Issues.....................................................11
C. Addressing the Most Difficult Issue................................................................................22
D. Summary..........................................................................................................................22
Introduction................................................................................................................................2
I. Organizational Analysis and Requirements (Stage 1)............................................................2
A. Introduction.....................................................................................................................2
B. Strategic Use of Technology...........................................................................................3
C. Components of an Information System...........................................................................3
D. Functional Requirements................................................................................................5
E. Summary.........................................................................................................................6
II. Sharing Data..........................................................................................................................7
A. Introduction.......................................................................................................................7
B. Need to Share Data............................................................................................................7
B.1. External Organization #1 and purpose of communication..........................................7
B.2. External Organization #2 and purpose of communication..........................................7
C. Types of Data to be shared................................................................................................8
D. Data Interchange Standards...............................................................................................9
D.1. External Organization #1: Laboratories......................................................................9
D.2. External Organizaiton #2: Health Insurance Providers............................................10
E. Summary..........................................................................................................................10
III. Ethical, Legal and Regulatory Policy Issues......................................................................10
A. Introduction.....................................................................................................................10
B. Table of Ethical, Legal and Regulatory Policy Issues.....................................................11
C. Addressing the Most Difficult Issue................................................................................22
D. Summary..........................................................................................................................22
Introduction
The current paper is concerned with the assessment of current operational procedures of
Midtown Family Clinic and suggestion of suitable Electronic Health Record System.
Midtown Family Clinic is owned by Dr Harold Thomson. The clinic employs two female
staff and caters to the local patients of the local town. The entire procedures within the clinic
are manual. One staff assists the doctor during the patient visit, while another staff handles
the various paper work such as form fill-up, prescription refill, answering the phone.
Gradually it was identified that the manual handling of the entire processes is cumbersome.
Dr Harold decided to implement EHR within the organization. The current paper assesses the
various aspects of operational activities within the clinic and based on the study, a suitable
EHR system will be suggested. The paper is divided into four main parts. The first part
analyses the organization and the requirements. The second part focuses on the data sharing
within and outside the organization. The third part focuses on the ethical, legal, and
regulatory policy issues in relation to the implementation of the new system. The fourth part
recommends the EHR system to Dr Harold for his clinic.
I. Organizational Analysis and Requirements (Stage 1)
A. Introduction
The current section analyses the goals of the organization considering the EHR
implementation. The sub-section C discusses people, organizational processes, and
data/information in relation to the information system requirements. The sub-section D looks
into the functional requirements of the system. The sub-section E summarizes the entire
section II.
The current paper is concerned with the assessment of current operational procedures of
Midtown Family Clinic and suggestion of suitable Electronic Health Record System.
Midtown Family Clinic is owned by Dr Harold Thomson. The clinic employs two female
staff and caters to the local patients of the local town. The entire procedures within the clinic
are manual. One staff assists the doctor during the patient visit, while another staff handles
the various paper work such as form fill-up, prescription refill, answering the phone.
Gradually it was identified that the manual handling of the entire processes is cumbersome.
Dr Harold decided to implement EHR within the organization. The current paper assesses the
various aspects of operational activities within the clinic and based on the study, a suitable
EHR system will be suggested. The paper is divided into four main parts. The first part
analyses the organization and the requirements. The second part focuses on the data sharing
within and outside the organization. The third part focuses on the ethical, legal, and
regulatory policy issues in relation to the implementation of the new system. The fourth part
recommends the EHR system to Dr Harold for his clinic.
I. Organizational Analysis and Requirements (Stage 1)
A. Introduction
The current section analyses the goals of the organization considering the EHR
implementation. The sub-section C discusses people, organizational processes, and
data/information in relation to the information system requirements. The sub-section D looks
into the functional requirements of the system. The sub-section E summarizes the entire
section II.
B. Strategic Use of Technology
The three strategic goals identified by the Midtown Family Clinic are given below:
1. Strategic Goal 1: Operate medical practice more efficiently
Explanation: The use of HER is likely to automate most of the repetitive processes and
reduce the effort of the staffs in digging out the historic data of the patients. This will
eliminate the manual form filling and fast track the entire process. This will eventually make
the medical practice operation efficient.
2. Strategic Goal 2: Make Financial Profit
Explanation: The EHR will help the organization handle more patients in lesser time frame.
This will help in increasing the revenue for the organization.
3. Strategic Goal 3: Upgrade and Expand the clinic
Explanation: HER systems are equally efficient in handling small group of patients or large
influx of patients. Therefore, expanding will be easier with the same EHR system.
C. Components of an Information System
The current sub-section will look into the various components related to the information
system, namely, people, organizational processes, and data or information.
C.1. People
The table given below are the people who will be using the new EHR:
Person Role Functions
Dr Harold Doctor Past record of medical
The three strategic goals identified by the Midtown Family Clinic are given below:
1. Strategic Goal 1: Operate medical practice more efficiently
Explanation: The use of HER is likely to automate most of the repetitive processes and
reduce the effort of the staffs in digging out the historic data of the patients. This will
eliminate the manual form filling and fast track the entire process. This will eventually make
the medical practice operation efficient.
2. Strategic Goal 2: Make Financial Profit
Explanation: The EHR will help the organization handle more patients in lesser time frame.
This will help in increasing the revenue for the organization.
3. Strategic Goal 3: Upgrade and Expand the clinic
Explanation: HER systems are equally efficient in handling small group of patients or large
influx of patients. Therefore, expanding will be easier with the same EHR system.
C. Components of an Information System
The current sub-section will look into the various components related to the information
system, namely, people, organizational processes, and data or information.
C.1. People
The table given below are the people who will be using the new EHR:
Person Role Functions
Dr Harold Doctor Past record of medical
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
treatment of patient
View scheduled
appointments
Vivian Staff Schedule appointments for
the doctor
Patient Information Entry
Maria Staff Generate automated bills
Automatically manage clinic
insurances
C.2. Organizational Processes
Three processes that can be improved by the organization are listed below:
Process 1: Scheduling Appointment
The patients can schedule appointment with the doctor from the comfort of their home and
don’t have to make calls to the staff. The system will show the patients available schedule
and appointment can be made through mobile application or web portal (Tang & McDonald,
2006).
Process 2: Billing
All the bills will be generated automatically based on the medicine required and the doctor’s
fees. Staff will not have to invest manual effort.
Process 3: Easy Patient Record Management
The patient past personal information and past treatment information can be stored in a
database and can be retrieved with ease (Hsiao & Hing, 2012).
View scheduled
appointments
Vivian Staff Schedule appointments for
the doctor
Patient Information Entry
Maria Staff Generate automated bills
Automatically manage clinic
insurances
C.2. Organizational Processes
Three processes that can be improved by the organization are listed below:
Process 1: Scheduling Appointment
The patients can schedule appointment with the doctor from the comfort of their home and
don’t have to make calls to the staff. The system will show the patients available schedule
and appointment can be made through mobile application or web portal (Tang & McDonald,
2006).
Process 2: Billing
All the bills will be generated automatically based on the medicine required and the doctor’s
fees. Staff will not have to invest manual effort.
Process 3: Easy Patient Record Management
The patient past personal information and past treatment information can be stored in a
database and can be retrieved with ease (Hsiao & Hing, 2012).
C.3. Data/Information
The table below lists down the ten types of data that will be needed by the clinic:
Data/Information Items Needed for EHR System
1. Name of the Patient
2. Age of the Patient
3. Male/Female
4. Address
5. Phone Number
6. Email Address
7. Blood Group
8. Emergency Contact Number
9. Relation with the Emergency Contact
10. Employer
D. Functional Requirements
The table below show the necessary requirements for the EHR system as per the case study:
Functional Requirements
1. Auto-schedule appointments and show available schedule
2. Print out information when needed
3. Record patient data
4. Update patient data
5. Manage bills and invoices automatically
6. Manage insurance bills automatically
7. Automatically notify doctor of next appointment
The table below lists down the ten types of data that will be needed by the clinic:
Data/Information Items Needed for EHR System
1. Name of the Patient
2. Age of the Patient
3. Male/Female
4. Address
5. Phone Number
6. Email Address
7. Blood Group
8. Emergency Contact Number
9. Relation with the Emergency Contact
10. Employer
D. Functional Requirements
The table below show the necessary requirements for the EHR system as per the case study:
Functional Requirements
1. Auto-schedule appointments and show available schedule
2. Print out information when needed
3. Record patient data
4. Update patient data
5. Manage bills and invoices automatically
6. Manage insurance bills automatically
7. Automatically notify doctor of next appointment
8. Show patients past record (on screen and printable)
9. Online check-in of patients
10. Online record of laboratory copy
E. Summary
The overall goals of the clinic are to improve the patient check in and increase the revenue of
to expand further. The new HER system can be used strategically for the activities that are
repetitive and requires less human intervention. The necessary data of the patients such as
name, location, age, and others can be recorded to keep track of patient improvement and
reduce the need for repetitive manual entry of the information.
9. Online check-in of patients
10. Online record of laboratory copy
E. Summary
The overall goals of the clinic are to improve the patient check in and increase the revenue of
to expand further. The new HER system can be used strategically for the activities that are
repetitive and requires less human intervention. The necessary data of the patients such as
name, location, age, and others can be recorded to keep track of patient improvement and
reduce the need for repetitive manual entry of the information.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
II. Sharing Data
A. Introduction
In the second stage, the focus of the paper is on the sharing of the data among the two
external organizations. The two external organizations are laboratories, and the health
insurance providers. The next few sections will look into the data sharing needs with these
organizations, types of data to be shared, and the applicable data interchange standards.
B. Need to Share Data
The following sub-sections details on the two external organizations with whom the data
interchange will take place and the purpose of the communication. Data sharing in healthcare
ensures that the outcomes for the patients can be improved (Wicks et al, 2010)
B.1. External Organization #1 and purpose of communication
The first organization is the laboratory where the various tests of the patients are carried out
such as blood test, urine test, and others. Whenever a patient visits a doctor, then different
tests are conducted which can only be done at laboratories maintained by the other
organizations. Unless doctor will not see the report, it will be difficult to make the right
treatment decision. Therefore, information from these laboratories are necessary for the
doctor’s clinic.
B.2. External Organization #2 and purpose of communication
The second organization is the insurance provider. The doctor is mostly visited by patients
with health insurance. Here, the payment to the doctor is partly made by the patient and the
rest is paid by the insurance companies. Therefore, it becomes important for the doctor to
know the amount which will be paid by the patients and the amount to be paid by the
A. Introduction
In the second stage, the focus of the paper is on the sharing of the data among the two
external organizations. The two external organizations are laboratories, and the health
insurance providers. The next few sections will look into the data sharing needs with these
organizations, types of data to be shared, and the applicable data interchange standards.
B. Need to Share Data
The following sub-sections details on the two external organizations with whom the data
interchange will take place and the purpose of the communication. Data sharing in healthcare
ensures that the outcomes for the patients can be improved (Wicks et al, 2010)
B.1. External Organization #1 and purpose of communication
The first organization is the laboratory where the various tests of the patients are carried out
such as blood test, urine test, and others. Whenever a patient visits a doctor, then different
tests are conducted which can only be done at laboratories maintained by the other
organizations. Unless doctor will not see the report, it will be difficult to make the right
treatment decision. Therefore, information from these laboratories are necessary for the
doctor’s clinic.
B.2. External Organization #2 and purpose of communication
The second organization is the insurance provider. The doctor is mostly visited by patients
with health insurance. Here, the payment to the doctor is partly made by the patient and the
rest is paid by the insurance companies. Therefore, it becomes important for the doctor to
know the amount which will be paid by the patients and the amount to be paid by the
insurance companies. Therefore, for this purpose, the doctor needs to communicate with the
insurance companies, every time a patient visits the clinic.
C. Types of Data to be shared
Both the organizations have different data needs and they can share only specific type of data.
Therefore, in this section, data types have been identified which will be shared among the
clinic and the external organization.
Organization #1: Laboratories
Data Element or Item Data Goes TO/FROM Midtown Family
Clinic
1. Patient Name From
2. Patient Phone Number From
3. Number of Completed Test To
4. Full Report of completed test To
5. Tests in Progress To
Organization #2: Health Insurance Providers
Data Element or Item Data Goes TO/FROM Midtown Family
Clinic
1. Patient Name From
2. Patient Phone Number From
3. Bill to be paid From
insurance companies, every time a patient visits the clinic.
C. Types of Data to be shared
Both the organizations have different data needs and they can share only specific type of data.
Therefore, in this section, data types have been identified which will be shared among the
clinic and the external organization.
Organization #1: Laboratories
Data Element or Item Data Goes TO/FROM Midtown Family
Clinic
1. Patient Name From
2. Patient Phone Number From
3. Number of Completed Test To
4. Full Report of completed test To
5. Tests in Progress To
Organization #2: Health Insurance Providers
Data Element or Item Data Goes TO/FROM Midtown Family
Clinic
1. Patient Name From
2. Patient Phone Number From
3. Bill to be paid From
4. Amount to be paid by Patient To
5. Amount to be paid by Insurance Provider To
6. Due date of payment transfer To
D. Data Interchange Standards
The current section will focus on the various interchange standards with the external
organizations.
D.1. External Organization #1: Laboratories
The data interchange standard refers to the rules or policies that should be followed to ensure
that the quality of the data is maintained (Mead, 2006). It also ensures that the stakeholders
such as patient, doctor, and others receive appropriate information needed for uninterrupted
treatment or other required action. The DIS requires that the different parties value the
importance of privacy, security, and availability of right data. It is important as it helps all the
parties access the data easily and responsibly.
As per the data exchange with the laboratories are concerned, given below are the standards
that have been defined:
- All the data should be in the electronic form. The organizations must record all the
data on the computer and it should be in shareable format such as .pdf, .docx, .rtf,
or .txt
- Data should be uploaded to the clinic’s database and the patients should be given a
copy of the same on their email addresses.
- Laboratories are required to verify the availability of name and phone number from
the clinic.
5. Amount to be paid by Insurance Provider To
6. Due date of payment transfer To
D. Data Interchange Standards
The current section will focus on the various interchange standards with the external
organizations.
D.1. External Organization #1: Laboratories
The data interchange standard refers to the rules or policies that should be followed to ensure
that the quality of the data is maintained (Mead, 2006). It also ensures that the stakeholders
such as patient, doctor, and others receive appropriate information needed for uninterrupted
treatment or other required action. The DIS requires that the different parties value the
importance of privacy, security, and availability of right data. It is important as it helps all the
parties access the data easily and responsibly.
As per the data exchange with the laboratories are concerned, given below are the standards
that have been defined:
- All the data should be in the electronic form. The organizations must record all the
data on the computer and it should be in shareable format such as .pdf, .docx, .rtf,
or .txt
- Data should be uploaded to the clinic’s database and the patients should be given a
copy of the same on their email addresses.
- Laboratories are required to verify the availability of name and phone number from
the clinic.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
- Only full patient report should be uploaded to the clinic’s database to avoid confusion
and data duplication.
- Laboratories will update the system about the incomplete report submission.
D.2. External Organizaiton #2: Health Insurance Providers
The presence of data standards will ensure that the necessary flow of information is
maintained throughout the network while ensuring the safety of the patient data (Souza et al,
2007). As per the insurance provider is concerned, it is required that the data regarding the
insurance payment are exchanged securely with the clinic. The information should be in the
human readable format and on the encrypted network to prevent data theft. The key
information transfer to take among the clinic and the insurance company is regarding the
payment due and whether the patient can avail treatment on insurance. The timely delivery of
this information is necessary for appropriate actions from the clinic in favour of the patients.
E. Summary
In the second stage, the sharing of data has been discussed. The organizations that have been
identified, with whom the data interchange will take place, are laboratories, and the health
insurance providers. The types of data that will be shared among these organizations are
listed. The patient name and the phone number are the common set of data to be transferred
from the clinic to these organizations for patient identification. Appropriate data interchange
standards have been discussed too.
III. Ethical, Legal and Regulatory Policy Issues
A. Introduction
In the current section, the ethical, legal, and regulatory policy issues have been considered for
the discussion in relation to the implementation of EHR system in the Midtown Family
Clinic. In the second sub-section, twenty ethical, legal, and regulatory policy issues have
and data duplication.
- Laboratories will update the system about the incomplete report submission.
D.2. External Organizaiton #2: Health Insurance Providers
The presence of data standards will ensure that the necessary flow of information is
maintained throughout the network while ensuring the safety of the patient data (Souza et al,
2007). As per the insurance provider is concerned, it is required that the data regarding the
insurance payment are exchanged securely with the clinic. The information should be in the
human readable format and on the encrypted network to prevent data theft. The key
information transfer to take among the clinic and the insurance company is regarding the
payment due and whether the patient can avail treatment on insurance. The timely delivery of
this information is necessary for appropriate actions from the clinic in favour of the patients.
E. Summary
In the second stage, the sharing of data has been discussed. The organizations that have been
identified, with whom the data interchange will take place, are laboratories, and the health
insurance providers. The types of data that will be shared among these organizations are
listed. The patient name and the phone number are the common set of data to be transferred
from the clinic to these organizations for patient identification. Appropriate data interchange
standards have been discussed too.
III. Ethical, Legal and Regulatory Policy Issues
A. Introduction
In the current section, the ethical, legal, and regulatory policy issues have been considered for
the discussion in relation to the implementation of EHR system in the Midtown Family
Clinic. In the second sub-section, twenty ethical, legal, and regulatory policy issues have
been covered. In the third section, the most difficult issue among these twenty issues has been
picked and discussed. In the end, a summary has been provided.
B. Table of Ethical, Legal and Regulatory Policy Issues
Table of Ethical, Legal and Regulatory Policy Issues
Topic Definition of the Topic
How the topic impacts and
will be addressed in the
selection and use of an
EHR system
1 Safe Design
The safe design refers to the
system that is safe for the user
to use and does not harm them
in any way.
The users will be accessing
the system through their
personal devices, it should
be safe to use and does not
disrupt other parallel
systems. This has been
addressed by understanding
the compatibility of the new
system with the existing
system and appropriate
design steps will be taken.
2 Meaningful Use The system should be of use to
the users and must help them
resolve any challenge or
support the users in the
intended way.
The EHR should be able to
fulfill the need of the users.
The EHR to be developed
has been based entirely on
the current requirement of
picked and discussed. In the end, a summary has been provided.
B. Table of Ethical, Legal and Regulatory Policy Issues
Table of Ethical, Legal and Regulatory Policy Issues
Topic Definition of the Topic
How the topic impacts and
will be addressed in the
selection and use of an
EHR system
1 Safe Design
The safe design refers to the
system that is safe for the user
to use and does not harm them
in any way.
The users will be accessing
the system through their
personal devices, it should
be safe to use and does not
disrupt other parallel
systems. This has been
addressed by understanding
the compatibility of the new
system with the existing
system and appropriate
design steps will be taken.
2 Meaningful Use The system should be of use to
the users and must help them
resolve any challenge or
support the users in the
intended way.
The EHR should be able to
fulfill the need of the users.
The EHR to be developed
has been based entirely on
the current requirement of
the clinic and no
unnecessary modules have
been introduced.
The functions of the systems
are as per the need of all the
stakeholders. The dashboard
for the doctor, other staff
members. A dashboard for
the laboratory will be there
for data entry on various
tests.
3 Quality Improvement
The implementation of the
system should be able to
improve the quality of the
process.
The EHR should be able to
fast track the process. At
present, all the processes are
manual and the newly
implemented EHR system
will bring everything online
and the doctor and the other
staff members will be able
to reduce the paper work
and increase the time for the
patient services. This is
more likely to increase the
quality.
unnecessary modules have
been introduced.
The functions of the systems
are as per the need of all the
stakeholders. The dashboard
for the doctor, other staff
members. A dashboard for
the laboratory will be there
for data entry on various
tests.
3 Quality Improvement
The implementation of the
system should be able to
improve the quality of the
process.
The EHR should be able to
fast track the process. At
present, all the processes are
manual and the newly
implemented EHR system
will bring everything online
and the doctor and the other
staff members will be able
to reduce the paper work
and increase the time for the
patient services. This is
more likely to increase the
quality.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 Data Accuracy
The data accuracy refers to the
aspect where it is judged that
whether the data values entered
into the system is correct.
This aspect will help the
doctors and patients in easily
accessing the right
information. This can further
improve service by reducing
time in recollecting and
verifying the data. Various
conditional tags will be
placed in the system that
will allow the users to enter
specific type of data. Also,
the duplicate data will be
crossed checked and data
operator will be notified of
the same for further
verification.
5 Data Accessibility The data accessibility refers to
the availability of the data to all
the concerned stakeholders.
This will allow everyone to
participate equally in the
service. The wide
availability of the data also
reduces the chances of errors
as all the concerned person
can check and verify the
data at their end, be it doctor
The data accuracy refers to the
aspect where it is judged that
whether the data values entered
into the system is correct.
This aspect will help the
doctors and patients in easily
accessing the right
information. This can further
improve service by reducing
time in recollecting and
verifying the data. Various
conditional tags will be
placed in the system that
will allow the users to enter
specific type of data. Also,
the duplicate data will be
crossed checked and data
operator will be notified of
the same for further
verification.
5 Data Accessibility The data accessibility refers to
the availability of the data to all
the concerned stakeholders.
This will allow everyone to
participate equally in the
service. The wide
availability of the data also
reduces the chances of errors
as all the concerned person
can check and verify the
data at their end, be it doctor
patient, or staff.
6
Data
Comprehensiveness
The data should be up to date,
and near the event or the
observation. The focus should
be on current data.
This will help in timely
decision making by the
doctors. The doctor will be
able to diagnose the issues
on time. In the clinic, all the
data will be entered in real
time, whether from the
doctor’s side, staff, or
laboratory. It will be ensured
that no paper and pen mode
is used for any relevant note
taking or data entry.
Information will be brought
and kept online. All the
individuals will be put in the
habit of online note making
in the built in dashboard.
7 Data Consistency Data in the system should act,
behave, stored, and transact
only in the established process.
Data consistency is
necessary to increase the
reliability on the data. It
helps the stakeholders to see
and expect the data to
behave in a particular way.
6
Data
Comprehensiveness
The data should be up to date,
and near the event or the
observation. The focus should
be on current data.
This will help in timely
decision making by the
doctors. The doctor will be
able to diagnose the issues
on time. In the clinic, all the
data will be entered in real
time, whether from the
doctor’s side, staff, or
laboratory. It will be ensured
that no paper and pen mode
is used for any relevant note
taking or data entry.
Information will be brought
and kept online. All the
individuals will be put in the
habit of online note making
in the built in dashboard.
7 Data Consistency Data in the system should act,
behave, stored, and transact
only in the established process.
Data consistency is
necessary to increase the
reliability on the data. It
helps the stakeholders to see
and expect the data to
behave in a particular way.
In the current EHR system,
the data rules will be defined
for data manipulation in the
system and outside the
system. Also, it will be
ensured that the operations
related to the data
transaction is taking place
with accuracy and not
violating any predefined
rules.
8 Privacy
System should allow disclosure
or misuse of the information. It
should only be used after the
appropriate authorization
(CDCP, 2003).
This will increase the faith
of the customers on the
system. They can readily
support the new system
through providing accurate
information.
The privacy policy will be
written and implemented in
the clinic. It will be ensured
that each individual abides
by those rules.
9 Confidentiality The data in the system should
be confidential and accessible
This will increase the faith
of the patients on the
the data rules will be defined
for data manipulation in the
system and outside the
system. Also, it will be
ensured that the operations
related to the data
transaction is taking place
with accuracy and not
violating any predefined
rules.
8 Privacy
System should allow disclosure
or misuse of the information. It
should only be used after the
appropriate authorization
(CDCP, 2003).
This will increase the faith
of the customers on the
system. They can readily
support the new system
through providing accurate
information.
The privacy policy will be
written and implemented in
the clinic. It will be ensured
that each individual abides
by those rules.
9 Confidentiality The data in the system should
be confidential and accessible
This will increase the faith
of the patients on the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
only to the authorized
personnel. The data should
have limited accessibility under
the predefined rules and
regulation.
hospital. The customers will
share the information with
confidence with the doctor.
The doctor, staff and the
laboratory staffs, and
insurance company will not
share the information with
any third party. If there is
any need, then the consent
of the concerned patients
will be taken.
1
0
Security
The system should be secure
from any external or internal
threat. Also, the system should
be protected from theft of
damage either in software or
hardware (Annas, 2003).
This will ensure that the
system can provide support
to the clinic without
disruption. It will also
protect the data from being
stolen. For the current EHR,
appropriate antivirus, and
firewall will be placed. Also,
users will be trained on
ways to protect the system
from any data breach.
1
1
Individually
Identifiable Health
These are the personal
information of the patients
The protection of this
information is necessary as
personnel. The data should
have limited accessibility under
the predefined rules and
regulation.
hospital. The customers will
share the information with
confidence with the doctor.
The doctor, staff and the
laboratory staffs, and
insurance company will not
share the information with
any third party. If there is
any need, then the consent
of the concerned patients
will be taken.
1
0
Security
The system should be secure
from any external or internal
threat. Also, the system should
be protected from theft of
damage either in software or
hardware (Annas, 2003).
This will ensure that the
system can provide support
to the clinic without
disruption. It will also
protect the data from being
stolen. For the current EHR,
appropriate antivirus, and
firewall will be placed. Also,
users will be trained on
ways to protect the system
from any data breach.
1
1
Individually
Identifiable Health
These are the personal
information of the patients
The protection of this
information is necessary as
Information
visiting the hospital. It must be
kept confidential.
it is directly associated with
the reputation of the clinic.
Also, it is an ethically sound
step to protect the personal
information.
In the current EHR system,
the individual information of
the patients will be stored
securely. Only the relevant
individuals will be given
access to it.
1
2
Protected Health
Information
It refers to any information
related to health status,
provisions, payment, and others
that are collected by a business.
These information needs to
protected from unsolicited
sharing. Most of these
information are directly
related to patients and
therefore the protection is
considered mandatory for
the sake of clinic’s
reputation and credibility.
The appropriate measures
will be taken to protect such
information. The
information will be shared
visiting the hospital. It must be
kept confidential.
it is directly associated with
the reputation of the clinic.
Also, it is an ethically sound
step to protect the personal
information.
In the current EHR system,
the individual information of
the patients will be stored
securely. Only the relevant
individuals will be given
access to it.
1
2
Protected Health
Information
It refers to any information
related to health status,
provisions, payment, and others
that are collected by a business.
These information needs to
protected from unsolicited
sharing. Most of these
information are directly
related to patients and
therefore the protection is
considered mandatory for
the sake of clinic’s
reputation and credibility.
The appropriate measures
will be taken to protect such
information. The
information will be shared
with the appropriate
organizations only.
1
3
HIPAA Privacy Rule
This rule provides standards
that protect the medical records
of an individual.
The rule is important to
protect the clinic patients’
records. It also provides
standards that should be
followed to protect other
health records of the
patients.
In the clinic, most of the
policies will be directly
picked from this rule. It will
be ensured that the clinic
and the associated
institutions or organizations
abide by this rule.
1
4
HIPAA Security Rule This rule has stated certain
standards that should be
followed to protect the
electronic version of the patient
records.
This rule will require that
the clinic place all the online
data under given standards
for the security. This will
help in improving the
reputation of the clinic.
The clinic will include all
the necessary standards
organizations only.
1
3
HIPAA Privacy Rule
This rule provides standards
that protect the medical records
of an individual.
The rule is important to
protect the clinic patients’
records. It also provides
standards that should be
followed to protect other
health records of the
patients.
In the clinic, most of the
policies will be directly
picked from this rule. It will
be ensured that the clinic
and the associated
institutions or organizations
abide by this rule.
1
4
HIPAA Security Rule This rule has stated certain
standards that should be
followed to protect the
electronic version of the patient
records.
This rule will require that
the clinic place all the online
data under given standards
for the security. This will
help in improving the
reputation of the clinic.
The clinic will include all
the necessary standards
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
mentioned under this rule.
1
5
Business Associate
Contracts
This is a contract between
HIPAA covered entity and the
HIPAA business associate.
The business associates of
the clinic have to ensure that
the protected health
information is secured. The
disclosure of the information
should only be under
permissible limit.
The clinic will sign contract
with all its business
associates. An electronic
version of the contract will
be shared with all.
1
6
Authentication It is a process in which the
credentials given by the user is
verified against data stored in
the system and then access is
given.
This will require that the
EHR system has user
authentication system. The
users can only access the
system after keying in
particular codes, it can be
username password, or
thumb print.
In the current EHR system,
all the users will be provided
individual username and
1
5
Business Associate
Contracts
This is a contract between
HIPAA covered entity and the
HIPAA business associate.
The business associates of
the clinic have to ensure that
the protected health
information is secured. The
disclosure of the information
should only be under
permissible limit.
The clinic will sign contract
with all its business
associates. An electronic
version of the contract will
be shared with all.
1
6
Authentication It is a process in which the
credentials given by the user is
verified against data stored in
the system and then access is
given.
This will require that the
EHR system has user
authentication system. The
users can only access the
system after keying in
particular codes, it can be
username password, or
thumb print.
In the current EHR system,
all the users will be provided
individual username and
password. The users will be
required to enter the id and
password every time they
access the system.
1
7
Authorization
Giving access rights of
resources to particular entity or
individual only.
This will require that the
data should segregated into
less and highly critical.
Based on the importance,
the accessibility to different
users will be provided.
In the current EHR system,
the access to the data will be
based on the need of each
user. The doctor will be
given the full data access,
staff will be given only
access to certain
information, the laboratory
staffs will be given access to
name, address, and contact
of the patients along with
the data they enter into the
system.
1 Encryption It is the process in which the This will require that the
required to enter the id and
password every time they
access the system.
1
7
Authorization
Giving access rights of
resources to particular entity or
individual only.
This will require that the
data should segregated into
less and highly critical.
Based on the importance,
the accessibility to different
users will be provided.
In the current EHR system,
the access to the data will be
based on the need of each
user. The doctor will be
given the full data access,
staff will be given only
access to certain
information, the laboratory
staffs will be given access to
name, address, and contact
of the patients along with
the data they enter into the
system.
1 Encryption It is the process in which the This will require that the
8
data is encrypted so that only
the intended users can access
the data and not someone else.
system uses encryption
technology. The clinic
information will be
encrypted with SSL
encryption.
1
9
Technical Safeguards
It is the technology and the
policy that helps in protecting
the health records and ensures
control accesses.
This requires that the health
information of the patients is
protected. Also, it requires
that access to information
should be limited to
authorized personnel.
In the current EHR
authorized personnel will be
given access such as doctor
and staff. Also right security
measures will be there to
safeguard the information.
2
0
Healthcare Ethical
Principles
It states that the medical
practice should adhere to
autonomy, justice, beneficence,
and non-maleficence.
This aspect requires that the
entire medical team work for
the good of the patients and
do not engage in any
activities that may harm the
patients in any manner.
data is encrypted so that only
the intended users can access
the data and not someone else.
system uses encryption
technology. The clinic
information will be
encrypted with SSL
encryption.
1
9
Technical Safeguards
It is the technology and the
policy that helps in protecting
the health records and ensures
control accesses.
This requires that the health
information of the patients is
protected. Also, it requires
that access to information
should be limited to
authorized personnel.
In the current EHR
authorized personnel will be
given access such as doctor
and staff. Also right security
measures will be there to
safeguard the information.
2
0
Healthcare Ethical
Principles
It states that the medical
practice should adhere to
autonomy, justice, beneficence,
and non-maleficence.
This aspect requires that the
entire medical team work for
the good of the patients and
do not engage in any
activities that may harm the
patients in any manner.
1 out of 22
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.