Assessment 3 Instructions: Security
Write a security report (4-5 pages) that identifies potential security and technical safeguard violations in a health care
organization’s audit report. Include evidence-based recommendations to address these potential violations and
prevent them from occurring in the future.
The shift from paper to electronic health records has created the need for organizations to design proper controls
and auditing procedures. These controls and procedures must assure the appropriate handling of data in
compliance with HIPAA security and privacy rules. At the same time, access to electronically stored health data can
be a matter of life and death. Controls must include access to the data needed to manage emergency situations.
Prior to the passage of the Health Insurance and Portability Accountability Act (HIPAA), national guidelines or legal
security standards for protecting health information did not exist. Even so, technological advances continued, and
organizations began to rely more heavily on electronic processes, creating an evident need for security standards.
The HIPAA Security Rule is designed to protect the privacy of health information when using communication
technologies and electronic processes. Privacy and security are intimately linked. Any organization that houses
private data must also guard against its release so that information remains secure and private.
For this assessment, you will continue your work as a HIM analyst at Valley City Regional Hospital. A quality control
report released by risk management indicated potential security issues, including password protection. As a result,
the risk management department completed a risk audit. The hospital’s risk management manager has provided
additional information about the audit he conducted. You have been asked to evaluate the audit and compile a
security report.

Home

Demonstration of Proficiency
By successfully completing this assessment, you will demonstrate your proficiency in the course competencies
through the following assessment scoring guide criteria:
Competency 3: Analyze the relationship between privacy and security in health care.
Describe access, authentication, and authorized use of health information.
Compare/contrast the HIPAA Security Rule and the HIPAA Privacy Rule.
Distinguish between proper and improper parameters for physical safeguards.
Recommend a list of evidence-based technical safeguards and security controls, including examples of
types of uses and users.
Competency 5: Communicate effectively in a professional and ethical manner.
Create a clear, well-organized, professional security report that is generally free of errors in grammar,
punctuation, and spelling.
Follow APA style and formatting guidelines for citations and references.
Preparation
As part of your preparation for Assessment 3, please complete the following:
Course Navigation  
Tutorials Support Log Out Angelica Albert 20
11/16/22, 10:28 PM Assessment 3 Instructions: Security – HIM-FPX4660 – Fall…
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_382399_1&content_id=_11780346_1 2/3
View this media piece: Vila Health: Security | Transcript.
As you view the media piece, consider security requirements and the potential security violations
presented. Based on your analysis of the media piece, you will prepare a security report that outlines
the security issues you identified and presents recommendations to remedy the identified issues.
Revisit your previous assessments. Because of the close relationship between privacy and security, you may
choose to incorporate elements of these previous assessments into this one.
In Assessment 1, you prepared a SWOT analysis and a risk report, the narrative accompanying the
SWOT analysis.
In Assessment 2, you analyzed potential privacy violations that occurred in Valley City Regional Hospital
and prepared a compliance checklist. This checklist outlined for staff members the steps they need to
follow when releasing patient information. Health care organizations often use checklists, such as the
one you developed, as quality control measures.
Instructions
For this assessment, you will continue your work as an HIM analyst at Valley City Regional Hospital. The quality
control committee has released notification that potential issues with password protection exist within the
organization. Computers containing patient information are not secure; passwords are openly displayed.
As a result, the risk management department completed a comprehensive risk audit. The hospital’s risk management
manager has provided you with additional information about the audit he conducted. You will find this information in
the Vila Health: Security media piece. The audit specifically addressed issues related to security and technical
safeguards. Your task is to evaluate the audit, compile a master list of potential security violations, and then present
recommendations to address these potential violations and prevent them from occurring in the future.
Be sure to include all of the following headings in your 4–5 page security report and answer the questions
underneath each heading:
Proper Access, Authentication, and Use of Health Information (1 page)
What constitutes proper access, authentication, and authorized use of health information?
HIPAA Privacy Rule vs. HIPAA Security Rule (1 page)
What are the HIPAA Privacy Rule’s requirements?
What are the HIPAA Security Rule’s requirements?
How are these rules the same?
How are they different?
Note: Consider which elements from Assessment 1 might be appropriate to incorporate here.
Proper vs. Improper Parameters for Physical Safeguards (1 page)
Note: The names of these safeguards come from the Security Rule.
What are these safeguards?
How do the security parameters for these safeguards vary by level of authority and job role?
Recommendations (1 to 1 1/2 pages)
What are the potential security violations you identified in the Vila Health: Security media piece?
What evidence-based technical safeguards and security controls would you recommend to address and
prevent the identified security violations from occurring?
What are some examples of uses and users with your evidence-based recommendations?
Note: Throughout your security report:
11/16/22, 10:28 PM Assessment 3 Instructions: Security – HIM-FPX4660 – Fall…
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_382399_1&content_id=_11780346_1 3/3
Incorporate specific examples from the media piece, your experience in this course and/or the workplace,
and from your readings and research.
Substantiate your assertions and recommendations with references to current, scholarly and/or authoritative
sources.
Additional Requirements
Length: 4- to 5-page double-spaced security report.
Format: Times Roman, 12-point type.
References: Follow APA style and formatting guidelines for citations and references. Include a separate works
cited page for your references. For an APA refresher, consult this resource: APA Style and Format.
Writing: Create a clear, well-organized, professional security report that is generally free of errors in grammar,
punctuation, and spelling.