Hi, Need Assignment Help?

We are ready to assist you anytime.

Talk to an expert

Health Information Technology

Health Information Technology

Audit Compliance Evaluation

Matrix

ORDER NOW FOR CUSTOMIZED SOLUTION PAPERS

Name: Haley Hemsworth

Date: October 5, 3021

 

Audit Findings The Law and Code Section Legal requirements & Penalties for

non-compliance with the Law

Compliance

Assessment

 

Comply

 

Partial

Compliance

 

Non-compliance

 

(Support your

Compliance

rating)

Compliance

Risk

Assessment

 

High

Medium

Low

 

(Evaluate and

Rate Risk

Of Non

Compliance

based on audit findings

and penalties

for non-

compliance)

Justify your rating.

Priority Rank for

Action

 

1 First to need action

10 Last to need acti0n

 

For each audit finding determine its priority for action based on the compliance risk assessment

(Number each audit finding from 1-10 in order of priority with 1 being the first priority and each having a different number)

Justify your priorities

 

The next managerial action you would take to comply with the law

 

Describes the action you would take next.

State reasons to support your action and explain why it is the next action

1. The audit finds that the company has a good record retention policy in place and a solid process to de-identify personal health information (PHII) before removal of PHI from computers. This process has been in place for one year.

However, two years ago the company sold 10 office computers on e-bay and replaced them with newer models. PHI of 10,000 patients was found on the 10 computers after they were sold. The company learned of this 1 ½ years ago and did nothing to follow-up. There is no breach notice policy.

 

HIPAA Breach

Notice

         
2. The audit found that the organization has a patient portal where patients can review their electronic health information (EHI) through a secure portal. This has been popular with patients and there have been no security breaches. However recent patient satisfaction surveys indicate patients would like to be able to access their prescription drug records through the portal. The organization outsources its pharmacy through a national vendor. The vendor is willing to make the information available, but the organization EHR system is not compatible with the vendor so it would be very expensive. The organization currently charges $12 for patient access to pharmacy records. 21st Century Cures Act and Patient Access to EHI

 

CEHRT Interoperability

         
3. The audit showed that a security risk analysis was done 5 years ago and that the issues identified were corrected. No security risk analysis has been completed since then even though the organization purchased a new electronic health record (EHR) system 2 years ago. The sellers of the EHR system said the system itself was a tool to manage risk.

The audit showed that there have been 5 security breached in the last 5 years and that they all involved “curious employees” looking at the records of high profile patients. The only action taken against the employees was a reprimand by the supervisor and attendance at an extra HIPAA training session.

 

HIPAA Security          
4. The audit found that your health care organization is known internationally. In the last 2 years, you have treated 25 international patients of whom 10 were from the European Union (EU). All 10 of the EU patients requested their medical records be sent to their health care providers in the EU. Your health care organization honored these requests for medical records as it would any other medical record request. GDPR          
5. The audit found that the organization has been involved in 10 large e-discovery requests in the last year related to lawsuits for claims of medical negligence. The audit found that in all 10 e-discovery responses sent the records electronically There was no process to review for privilege or whether the record request exceeded the scope of discovery. E-Discovery Rule 26

Rule 502

 

HIPAA privacy

 

 

         
6. The audit revealed that there were 25 small discovery requests in the last year that went out by e-mail. In two of those requests, the e-mail was sent to opposing counsel instead of to the attorney requesting the organization in the court case. None of the e-mails were encrypted and 1 of the inadvertent e-mails to opposing counsel included mental health information of the patient. There was no follow-up. The organization has no policies or protocols for e-discovery. E-Discovery

 

HIPAA security

HIPAA mental health

 

State mental health

         
7. The audit revealed that incident reports have regularly been released as part of court e-discovery. The CEO would like to find a way to keep the incident reports protected from discovery. HCQIA peer review immunity

 

Discovery privileges

         
8. Your audit revealed that one of your employees “Billing Betty” has been running a “side business” She is a secretary in the billing department. She copies the patient health information (PHI) onto a thumb drive once a month, takes it home, and bills Medicare for prescription drugs for these patients. She has been earning a nice side income of $100,000 a month with the billings. When her supervisor asked her about a thumb drive they found, “Billing Betty” denied that it was hers.

The company itself bills all patients once a month at the end of the month for services rendered.

Medical Identity Theft

 

Red Flags Rule

 

False Claims Act

         
9. Your audit revealed that hackers have been accessing information on medical devices including defibrillators as a back door to get to other network computers. Hackers have used this strategy to access personal health information on 251 patients in the last year. The last 45 involved ransomware attacks where the cyberattacker demanded $100,000 each time to unlock the data. The company paid the first 3 times before it created back up files of the data. Cybersecurity

Response

 

HIPAA Security

HIPAA Breach Notice

         
10. The audit revealed that the organization is not yet using 2015 Edition CEHRT. The hospital can’t use EHR for electronic prescribing (eRx) and is not able to provide public health clinical date for reporting. 21st Century

Cures Act

 

CMS Program Requirements

 

Interoperability

Requirements

         

Get Help With Your Assignment.

We have worked on a similar assignment and our student scored better and met their deadline. All our tasks are done from scratch, well researched and 100% unique, so entrust us with your assignment and I guarantee you will like our services and even engage us for your future tasks. Click below button to submit your specifications and get order quote

Free Inquiry Order A Similar Paper Cost Estimate