Assessment 1 Instructions: Identifying Risks

Analyze a health care organization’s strengths, weaknesses, opportunities and threats (SWOT analysis) in relation to
privacy and security risks and HIPAA compliance. Write a risk report (3-4 pages) providing background information
on privacy and security and summarizing SWOT analysis findings.
Health care has advanced tremendously over the years, and so have privacy and security issues. As health care
becomes more complex, the interaction between the law and health care continues to increase. This interaction
includes legal violations, such as malpractice and other litigation, and privacy breaches through electronic access.
Federal legislation, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), requires health
care organizations to protect health information. HIPAA also provides data privacy and security provisions for
safeguarding medical information. While no official, prescribed HIPAA compliance training program exists, health
care organizations typically offer training to employees to ensure adherence to HIPAA guidelines and regulations.
Requiring internal training is one way organizations can lower the risk of HIPAA violations occurring.
Many roles within the health care industry, including physicians, nurses, ancillary health professionals, and security
and compliance professionals, are required to conduct themselves according to a set of professional ethics. These
ethical standards are designed to ensure that patients feel safe sharing their private medical issues without fear of
having those issues shared inappropriately or indiscriminately. Health care professionals face ethical dilemmas
because of their access to this confidential information. For example, health care professionals may have access to
health records for neighbors, friends, or family members. Adhering to a professional code of ethics and creating an
environment of privacy and confidentiality is critical to adhering to the spirit of HIPAA laws. One way to assess risks
and HIPAA compliance is to analyze the organization’s strengths, weaknesses, opportunities, and threats in relation
to privacy and security. This is called a SWOT analysis. A SWOT can be an effective business tool to use as a starting
point to improve business practices.
For this first course assessment, you will assume the role of a HIM analyst for Valley City Regional Hospital, part of
the Vila Health system, in North Dakota. One of your major tasks is to create the hospital’s privacy and security plan.
As part of that task, the hospital’s director of quality assurance has asked you to prepare a SWOT analysis and
report.

Home

Demonstration of Proficiency
By successfully completing this assessment, you will demonstrate your proficiency in the course competencies
through the following assessment scoring guide criteria:
Competency 1: Describe the purposes and scope of the Health Information Portability and Accountability Act
(HIPAA).
Describe HIPAA’s purpose and scope.
Distinguish between privacy and security risks in health information management.
Competency 2: Integrate privacy rules and regulations into health information management processes.
Explain the purpose and benefits of identifying security and privacy risks.
Competency 3: Analyze the relationship between security and privacy in health care.
Compare/contrast privacy and security characteristics.
Competency 4: Analyze legal and ethical implications related to Health Information Management.
Course Navigation 
image of
Regina
Glenn
Regina Glenn
FACULTY

image of
Anissa
Aguilar
Anissa Aguilar Tutorials Support Log Out A
C
ng
O
e
A
lic
C
a
H
Albert 
17
11/15/22, 10:43 PM Assessment 1 Instructions: Identifying Risks – …
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_382399_1&content_id=_11780358_1 2/3
Determine professional, ethical, and legal risks in health information management.
Competency 5: Communicate effectively in a professional and ethical manner.
Create documents that are clear, well organized, professional, and generally free of errors in grammar,
punctuation, and spelling.
Follow APA style and formatting guidelines for citations and references.
Preparation
To prepare for this assessment you will need to view this media piece: Vila Health: Identifying Risks. Based on your
findings from the media piece, you will perform a SWOT analysis. Next, you will prepare a report that supplies the
narrative to accompany your SWOT analysis.
Instructions
In this first assessment, you will assume the role of a HIM analyst for Valley City Regional Hospital, part of the Vila
Health system, in North Dakota. One of your major tasks is to create the hospital’s privacy and security plan. As part
of that task, the hospital’s director of quality assurance has asked you to prepare a SWOT analysis. To help you
complete your SWOT analysis, the director of quality assurance has arranged for you to meet with the risk
management manager to gather information about the risk audit the hospital recently completed.
This assessment consists of two parts.
Part 1: Conduct a SWOT analysis based on your findings from the Vila Health: Identifying Risks media piece.
You will be able to create a PDF document of your SWOT analysis within the media piece. In accordance with HIPAA
law, professionalism, and ethical standards, your SWOT analysis will need to focus on Valley City Regional Hospital’s
strengths, weaknesses, threats, and opportunities related to protecting the privacy and security of health
information.
Within the weaknesses and threats quadrants of your SWOT analysis, be sure to answer these questions:
What health information management privacy and security risks did you identify for Valley City Regional
Hospital?
What health information management professional, ethical, and legal issues did you identify for Valley City
Regional Hospital?
Part 2: Prepare a risk report that provides introductory information about privacy and security in health
information and summarizes key SWOT analysis findings.
In your risk report, please be sure to include the following headings and address the questions under each heading:
HIPAA’s Purpose and Scope (1/2 page)
What is HIPAA?
What is its purpose?
What is its scope?
Privacy vs. Security (1/2 page)
What does privacy mean in health information management?
What does security mean in health information management?
How are privacy and security alike?
How are they different?
11/15/22, 10:43 PM Assessment 1 Instructions: Identifying Risks – …
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_382399_1&content_id=_11780358_1 3/3
Purpose and Benefits of Identifying Privacy and Security Risks (1/2 page)
Why do health care organizations want to identify privacy and security risks?
What are the benefits of identifying these risks?
Who benefits from health care organizations identifying privacy and security risks?
SWOT Analysis Findings (1 to 2 pages)
How would you headline the key findings from each of the four quadrants of your SWOT analysis?
Conclusion (1 to 2 paragraphs)
What are the two to three most important points you want the director of quality assurance to remember
from your risk report and your SWOT analysis?