CMIT 320 University of Maryland HIPAA PII and PHI Training Project Instructions The human resource department is updating its HIPAA Basic Training for P

CMIT 320 University of Maryland HIPAA PII and PHI Training Project Instructions

The human resource department is updating its HIPAA Basic Training for Privacy and Security course. As a security analyst for the hospital, you have been tasked with covering the topics in the training related to the HIPAA security rule and the information that hospital staff need to know regarding personally identifiable information (PII), personal health information (PHI), and electronic personal health information (ePHI) to comply with federal regulations.

This week, you will submit your presentation. The presentation should include voice overlays as narrative for each slide. Include one to two slides explaining the following:

HIPAA Security Rule
HIPAA, PII, PHI, and ePHI Definitions
Safeguarding of PII, PHI, and ePHI
Disclosures of PII, PHI, and ePHI

Attached are the some resources. HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) was established in 1996 to
improve the security of the storage and use of health care data. These regulations define how
health care agencies must secure patients’ personal information and regulate its disclosure.
IT staff members should understand how HIPAA applies to their work so they can correctly
handle sensitive information and demonstrate the organization’s compliance with the law in
order to protect patients and the organization (DNS Stuff, n.d.). Unauthorized access or
release of data can lead to problems for the individuals whose data has been compromised and
also fines and penalties for organization (Ashraf, n.d.). Two important IT-related aspects of
HIPAA are the Privacy Rule and the Security Rule.
HIPAA Privacy Rule
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical
records and other personal health information and applies to health plans, health care
clearinghouses, and those health care providers that conduct certain health care transactions
electronically. The Privacy Rule requires appropriate safeguards to protect the privacy of
personal health information and sets limits and conditions on the uses and disclosures that
may be made of such information without patient authorization. The rule also gives patients
specific rights over their health information, including rights to examine and obtain a copy of
their health records, and to request corrections (HHS, “Privacy Rule,” n.d.).
The Privacy Rule protects all “individually identifiable health information” held or
transmitted by a covered entity or its business associate, in any form or media, whether
electronic, paper, or oral (HHS, “Summary of the HIPAA Privacy Rule,” n.d.). The Privacy
Rule calls this information “protected health information (PHI).” PHI is information,
including demographic data, that relates to:
•
•
•
the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it
can be used to identify the individual, such as name, address, birth date, Social
Security number).
HIPAA Security Rule
The Security Rule (HHS, “Summary of the HIPAA Security Rule,” n.d.). requires covered
entities to maintain reasonable and appropriate administrative, technical, and physical
safeguards for protecting electronic personal health information (ePHI). Specifically,
covered entities must:
1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive,
maintain or transmit;
2. Identify and protect against reasonably anticipated threats to the security or integrity of
the information;
3. Protect against reasonably anticipated, impermissible uses or disclosures; and
4. Ensure compliance by their workforce.
Note that the concept of personal health information is very similar to the term personally
identifiable information (PII), which is a broader term used by the federal government to
indicate “any information about an individual maintained by an agency, including any
information that can be used to distinguish or trace an individual’s identity, such as name,
Social Security number, date and place of birth, mother’s maiden name, or biometric records;
an any other information that is linked or linkable to an individual,” such as medical,
educational, financial, and employment information (GAO, 2008).
References
Ashraf, A. (n.d.). PII and PHI overview: What CISSPs need to know.
Infosec. https://resources.infosecinstitute.com/category/certificationstraining/cissp/domains/asset-security/protecting-privacy/#gref
Department of Health and Human Services (HHS). (n.d.). The HIPAA privacy
rule. https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
Department of Health and Human Services (HHS). (n.d.). The HIPAA security
rule. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
DNSStuff. (n.d.) What is HIPAA compliance? https://www.dnsstuff.com/what-is-hipaacompliance
United States Government Accountability Office (GAO). (2008). Privacy: Alternatives exist
for enhancing protection of personally identifiable
information. https://www.gao.gov/new.items/d08536.pdf
Information Security Breaches
According to HIPAA, a breach is any impermissible use or disclosure that compromises the
security or privacy of protected health information.
Covered entities (CEs) and business associates (BAs) are responsible for reporting any
breaches of unsecured personal health information (PHI).
CEs and BAs that fail to comply with the HIPAA rules can face civil and criminal penalties.
Resources
The following link will take you to a document that will discuss breach notificati on, HIPAA
enforcement, and other laws and requirements that an IT professional should be aware of:
Breach Notification, HIPAA Enforcement, and Other Laws and Requirements
Presentation Resources
A narrated presentation is for a specific audience to which you would ideally present in
person or online in real time, but for practical reasons, you need to record for later viewing.
While Microsoft PowerPoint is considered the default presentation tool for presentations, you
may consider using other presentation platforms or tools. Just be sure the tool supports
prerecorded narration.
Preparing for Your Presentation
As with any project, it is good to begin by creating an outline. This will help you determine
how many slides you will need to develop and how much information you will need to present
on each slide. It should also help determine a logical order in which to present material .
Be sure to dedicate enough time to the narrated presentation to get the timing for transitions
right, and ensure that the sound is clear and the narration is at the right volume.
Creating Slides
Source: cnythzl / Getty Images
A good recorded presentation shares most of the same traits as a good live presentation. Your
presentation should not be an academic paper cut into text-filled slides. You are giving a talk
to an audience, so the narrative should provide most of your ideas and argumentation. Be su re
the themes either flow or transition appropriately from slide to slide.
Here are some recommendations:
•
•
•
•
•
•
Keep slides uncluttered by using brief bullet points—only a few key words each.
An easy way to make your presentation look more appealing is to use one of the
designs provided within PowerPoint.
Adding images and/or clip art is another good way to add visual interest to your
presentation, but don’t overuse slide transitions or animations, as these can be
distracting.
When you are citing sources of information on a slide, use a small font size so the
citations don’t detract from the primary points.
Be sure to proofread carefully: Any errors on a slide will be particularly noticeable
because of the relatively small number of words.
When you record audio for each slide, a loudspeaker icon will appear in the middle of
the slide. You can drag this icon to a better position (often the bottom right corner of
the slide) so it doesn’t interfere with the text.
Writing the Script
The script for your presentation can be a complete word-for-word documentation of what you
intend to say as each slide is displayed, or it can be a much briefer set of notes to use as a
reminder while you are recording to ensure that you cover all the points. The latter approach
is preferable, because this makes it less likely that you will sound rushed or overly scripted
when speaking. Keep in mind that if you were making the presentation in person, you would
not want to be reading your comments; instead, you would want to make eye contac t with the
audience.
Here are some additional recommendations for your script:
•
•
•
Try to keep the amount of narration to less than two minutes per slide. If you need to
say more than that, create another slide so the audience doesn’t get bored.
Make sure the script and what appears on the slide are closely related so the audience
can easily follow what you have to say.
Don’t simply read the material on the slide—add value by providing additional
information.
Recording the Narration
Source: cnythzl / Getty Images
At this point, you have created and saved slides as a PowerPoint presentation, and you have
the script ready. Now it’s time to record the audio.
Here are a few general recommendations before you record:
•
•
•
•
•
•
If you are using a computer to record, use a headset/microphone combination rather
than using the computer’s built-in speakers and microphone for better audio quality. It
isn’t necessary to spend a lot on a headset/mic (typically $20 or less), and you will be
rewarded with better sound quality and less background noise.
Make sure the headset/mic is installed and working. There are simple programs on
both Macs and PCs that allow you to test whether recording is occurring and whether
the sound quality is acceptable.
Choose a quiet location to record so that background noise is minimal.
When you begin recording, speak clearly and conversationally without rushing.
Remember that it’s easy to redo the audio for a slide. If you’re not happy with the way
it sounds, you can do it again.
Once you have completed and narrated the presentation, it is a good idea to email the
file to another computer. If you are able to watch and listen to the slide show
successfully on the second computer, you will know that the audio files have been
successfully embedded in the presentation.

Purchase answer to see full
attachment