Academic Paper Writing Service
Our best writers will gladly help you with:
Trusted by thousands of studentsOrder Now
We are ready to assist you anytime.Talk to an expert
Health Information Technology
Audit Compliance Evaluation
Name: Haley Hemsworth
Date: October 5, 3021
|Audit Findings||The Law and Code Section||Legal requirements & Penalties for
non-compliance with the Law
based on audit findings
Justify your rating.
|Priority Rank for
1 First to need action
10 Last to need acti0n
For each audit finding determine its priority for action based on the compliance risk assessment
(Number each audit finding from 1-10 in order of priority with 1 being the first priority and each having a different number)
Justify your priorities
|The next managerial action you would take to comply with the law
Describes the action you would take next.
State reasons to support your action and explain why it is the next action
|1. The audit finds that the company has a good record retention policy in place and a solid process to de-identify personal health information (PHII) before removal of PHI from computers. This process has been in place for one year.
However, two years ago the company sold 10 office computers on e-bay and replaced them with newer models. PHI of 10,000 patients was found on the 10 computers after they were sold. The company learned of this 1 ½ years ago and did nothing to follow-up. There is no breach notice policy.
|2. The audit found that the organization has a patient portal where patients can review their electronic health information (EHI) through a secure portal. This has been popular with patients and there have been no security breaches. However recent patient satisfaction surveys indicate patients would like to be able to access their prescription drug records through the portal. The organization outsources its pharmacy through a national vendor. The vendor is willing to make the information available, but the organization EHR system is not compatible with the vendor so it would be very expensive. The organization currently charges $12 for patient access to pharmacy records.||21st Century Cures Act and Patient Access to EHI
|3. The audit showed that a security risk analysis was done 5 years ago and that the issues identified were corrected. No security risk analysis has been completed since then even though the organization purchased a new electronic health record (EHR) system 2 years ago. The sellers of the EHR system said the system itself was a tool to manage risk.
The audit showed that there have been 5 security breached in the last 5 years and that they all involved “curious employees” looking at the records of high profile patients. The only action taken against the employees was a reprimand by the supervisor and attendance at an extra HIPAA training session.
|4. The audit found that your health care organization is known internationally. In the last 2 years, you have treated 25 international patients of whom 10 were from the European Union (EU). All 10 of the EU patients requested their medical records be sent to their health care providers in the EU. Your health care organization honored these requests for medical records as it would any other medical record request.||GDPR|
|5. The audit found that the organization has been involved in 10 large e-discovery requests in the last year related to lawsuits for claims of medical negligence. The audit found that in all 10 e-discovery responses sent the records electronically There was no process to review for privilege or whether the record request exceeded the scope of discovery.||E-Discovery Rule 26
|6. The audit revealed that there were 25 small discovery requests in the last year that went out by e-mail. In two of those requests, the e-mail was sent to opposing counsel instead of to the attorney requesting the organization in the court case. None of the e-mails were encrypted and 1 of the inadvertent e-mails to opposing counsel included mental health information of the patient. There was no follow-up. The organization has no policies or protocols for e-discovery.||E-Discovery
HIPAA mental health
State mental health
|7. The audit revealed that incident reports have regularly been released as part of court e-discovery. The CEO would like to find a way to keep the incident reports protected from discovery.||HCQIA peer review immunity
|8. Your audit revealed that one of your employees “Billing Betty” has been running a “side business” She is a secretary in the billing department. She copies the patient health information (PHI) onto a thumb drive once a month, takes it home, and bills Medicare for prescription drugs for these patients. She has been earning a nice side income of $100,000 a month with the billings. When her supervisor asked her about a thumb drive they found, “Billing Betty” denied that it was hers.
The company itself bills all patients once a month at the end of the month for services rendered.
|Medical Identity Theft
Red Flags Rule
False Claims Act
|9. Your audit revealed that hackers have been accessing information on medical devices including defibrillators as a back door to get to other network computers. Hackers have used this strategy to access personal health information on 251 patients in the last year. The last 45 involved ransomware attacks where the cyberattacker demanded $100,000 each time to unlock the data. The company paid the first 3 times before it created back up files of the data.||Cybersecurity
HIPAA Breach Notice
|10. The audit revealed that the organization is not yet using 2015 Edition CEHRT. The hospital can’t use EHR for electronic prescribing (eRx) and is not able to provide public health clinical date for reporting.||21st Century
CMS Program Requirements
+1 (289) 803-6873
Writers24x7.com is powered by AwasamT
Get it solved from our top experts within 8 hrs!Ask Your Question Now!