Clinical Activity: Maintaining Alignment to Legal Changes
Policy and Procedures on Information System
My organization's priorities are maintaining the confidentiality of patients and also protecting the organization as a whole from any security impingements. All information is password-protected with strong passwords requiring six characters or more, at least one capital letter and one lower case letter, a number and a symbol of some kind. Passwords are also regularly changed. There is also an additional level of screening with security questions.
Employees are prohibited from using their work email address to conduct personal business. All work emails are monitored to ensure that employees do not disclose private data of patients, work passwords, or open up potentially corrupted files that could damage the system. Mobile devices must likewise be secured and data must only be accessed on secured networks. All employees are prohibited from disclosing any private data about patients with any third parties unless given permission to do so or for billing purposes.
Healthcare Informatics Laws
The most relevant law pertaining to this policy is the Health Insurance Privacy Act (HIPAA). HIPAA specifies that there must be safeguards to protect patient's healthcare information from security impingements and they are prohibited from disclosing health information "improperly" ("Your rights under HIPAA," 2016). HIPAA also states that...
There are also technical guidelines under various HIPAA provisions specifically detailing how data may be used: "Electronic transactions such as health care claims, claims status and remittance advices (RA), eligibility verifications and responses, referrals and authorizations, and coordination of benefits (COB) among others are included in the rule" ("HIPAA: Electronic Data Interchange (EDI) Rule," 2016).
Institutional Policy or Procedure
All patients' electronic data be password-protected and encrypted. All data accessed on mobile devices must be over secure connections
HIPAA (requires all electronically transmitted statements containing private information to be secured according to the provisions of the Electronic Data Interchange (EDI) rule)
All passwords must meet appropriate security guidelines
HIPAA (institutions must take measures to secure private data and train employees to observe these guidelines)
Employees must preserve the confidentiality of patients and their information by not disclosing the information to any unauthorized third parties; patient permission must be solicited for all disclosures
HIPAA (restricts entities to healthcare institutions may disclose information and…
