Assignment Task:
Module: A Case for Analyzing Privacy Violations
For this assignment, you will need to review the Case Study presented and assess the impact of the data breach that occurred under your third-party vendor's system and provide a short report of your conclusions, corrective actions to take, and policy change recommendations.
Case Study:
As the Privacy Officer for a mid-sized healthcare organization, it has been identified that the organization has suffered a breach when a third-party vendor's system was compromised. When the third-party vendor provided billing services to your patients for all services provided for the past 60-days, a breach resulted in unauthorized access to patient billing information, including names, addresses, and social security numbers. The investigation into the breach provided insight that the third-party vendor did not have ample security measures in place. Unfortunately, the healthcare organization did not conduct their due diligence of ensuring that there were regular audits being performed and that there was strong security measures in place. As a result of this lapse in follow through, the discovered breach exposed the personal and financial information of hundreds of patients.
Action Plan:
As the Privacy Officer, you have been tasked with digging deeper into the privacy breach that just occurred and to make corrective action recommendations, as well as provide a proposal of changes to the policies and procedures to prevent similar data breaches from occurring in the future. You should focus on the aspect of the vendor management and compliance with HIPAA regulations.
Steps you will complete the following as part of your report:
1. Assess the HIPAA Privacy Rule violations relevant to the third-party vendor management and the protection of patient information. What are your conclusions?
2. Based upon the breach investigation findings, provide a list of corrective actions that should be taken to improve the security measures and for the oversight of the third-party vendor.
3. Provide a recommendation of policy changes that would better support vendor management practices and ensure adherence to compliance with privacy regulations. Need Online Tutoring?
Your deliverable method can be either in the form of a half-page to full page report or PowerPoint slides that outline your recommendations for updating/revising the organization's privacy policy that includes a proposed corrective action plan of what is needed to prevent additional breaches from occurring.
Note: If you utilize your textbook or any references to support your recommendations, provide a reference list.