Assignment InstructionsYou are the IT and Security Manager for a small five-physician medical practice that uses electronic medical records (EMR) but has never performed a HIPAA security risk assessment. You need to prepare for the upcoming HIPAA Audit, and the healthIT.gov site recommends performing a security risk assessment using their Security Risk Assessment (SRA) tool (downloadable or paper).Based on the scenario above, review the questions in the Administrative Safeguards portion of the tool. This private practice has many written policies, but the policies are often not updated, and training of new personnel on HIPAA requirements is a bit haphazard and not well coordinated. The practice does not have a formally appointed security contact, although the office general manager is the one that most people go to. The one-person IT professional tries to protect the patient’s information and access to that information as best that is possible, but people that leave the organization are often not immediately removed from having that access. Physical access to the building does require a key card access, but the building entrance is not monitored by cameras or the need to sign in. The company has not formally documented and mapped relevant business associates and has not secured business associate agreements related to patient information security. Although the receptionist area has a high counter, and patients typically cannot see the receptionist’s computer screen, patients are able to hear the phone conversations in the receptionist area. Access to the medical records is password protected but not encrypted, and not all computer screens have automatic lock when the screens are idle.Identify at least 10 Administrative Safeguard questions from the tool that you think are particularly relevant to this organization. Identify each by number and the specific wording of the question.Discuss at least five identified threats or vulnerabilities and discuss the likelihood and overall impact of each of these vulnerabilities in a table like the one below for each threat/vulnerability(You should have five tables).LikelihoodImpactLowMediumHighLowLow RiskLow RiskLow RiskMediumLow RiskMedium RiskMedium RiskHighLow RiskMedium RiskHigh RiskFor each threat/vulnerability, describe one or more safeguards that could be implemented against the threat/vulnerability. Suggested safeguards can be found in the SRA tool.Write a summary that discusses what you learned by participating in this exercise. Discuss how difficult and costly completing this assessment might be for the small medical practice described in this case. Recommend possible solutions to make this assessment process possible for this small practice.Assignment Requirements5-6 pages of content (exclusive of cover sheet and references page), using Times New Roman font style, 12pt, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s)At least 1 credible source cited and referencedNo spelling errorsNo grammar errorsNo APA errorsFor more information and examples of APA formatting, visit APA Central or the library under Academic Tools in this course.Also review the Policy on Plagiarism. If you have any questions, please contact your professor.Directions for Submitting Your AssignmentName your Assignment document according to this convention: YourLastName_IT591_Unit4. Submit your completed Assignment to the Unit 4 Dropbox by the deadline.Review the rubric before beginning this activity.
assignment.pdf

Unformatted Attachment Preview

1/6/2019
Sample Content Topic
Assignment Details
Preparing for a HIPAA Audit
Outcomes addressed in this activity:
Unit Outcomes:
Define administrative, technical, and physical safeguards
for HIPAA.
Apply administrative, technical, and physical safeguards
in a case scenario.
Examine an audit process.
Apply a checklist to prepare for an audit in a real-world
scenario.
Course Outcome practiced in this unit:
IT591-3: Apply auditing processes within a technical scenario.
Purpose
In this assignment, you will be provided a scenario in which you
need to prepare for a HIPAA audit using materials found on the
healthIT.gov website and using a government provided online or
downloadable tool to perform a risk assessment.
Assignment Instructions
file:///Users/emmanuelnyarko/Downloads/Unit%204%20Assignment.html
1/5
1/6/2019
Sample Content Topic
You are the IT and Security Manager for a small five-physician
medical practice that uses electronic medical records (EMR) but
has never performed a HIPAA security risk assessment. You
need to prepare for the upcoming HIPAA Audit, and the
healthIT.gov site recommends performing a security risk
assessment using their Security Risk Assessment (SRA) tool
(downloadable or paper).
Based on the scenario above, review the questions in the
Administrative Safeguards portion of the tool. This private
practice has many written policies, but the policies are often not
updated, and training of new personnel on HIPAA requirements
is a bit haphazard and not well coordinated. The practice does
not have a formally appointed security contact, although the
office general manager is the one that most people go to. The
one-person IT professional tries to protect the patient’s
information and access to that information as best that is
possible, but people that leave the organization are often not
immediately removed from having that access. Physical access
to the building does require a key card access, but the building
entrance is not monitored by cameras or the need to sign in. The
company has not formally documented and mapped relevant
business associates and has not secured business associate
agreements related to patient information security. Although the
receptionist area has a high counter, and patients typically
cannot see the receptionist’s computer screen, patients are able
to hear the phone conversations in the receptionist area. Access
to the medical records is password protected but not encrypted,
and not all computer screens have automatic lock when the
screens are idle.
file:///Users/emmanuelnyarko/Downloads/Unit%204%20Assignment.html
2/5
1/6/2019
Sample Content Topic
1. Identify at least 10 Administrative Safeguard questions
from the tool that you think are particularly relevant to
this organization. Identify each by number and the
specific wording of the question.
2. Discuss at least five identified threats or vulnerabilities
and discuss the likelihood and overall impact of each of
these vulnerabilities in a table like the one below for each
threat/vulnerability (You should have five tables).
Likelihood
Impact
Low
Medium
High
Low
Low Risk Low Risk
Low Risk
Medium
Low Risk Medium
Risk
Medium
Risk
High
Low Risk Medium
Risk
High Risk
1. For each threat/vulnerability, describe one or more
safeguards that could be implemented against the
file:///Users/emmanuelnyarko/Downloads/Unit%204%20Assignment.html
3/5
1/6/2019
Sample Content Topic
threat/vulnerability. Suggested safeguards can be found in
the SRA tool.
2. Write a summary that discusses what you learned by
participating in this exercise. Discuss how difficult and
costly completing this assessment might be for the small
medical practice described in this case. Recommend
possible solutions to make this assessment process
possible for this small practice.
Assignment Requirements
5-6 pages of content (exclusive of cover sheet and
references page), using Times New Roman font style,
12pt, double-spaced, using correct APA formatting, and
include a cover sheet, table of contents, abstract, and
reference page(s)
At least 1 credible source cited and referenced
No spelling errors
No grammar errors
No APA errors
For more information and examples of APA formatting, visit
APA Central or the library under Academic Tools in this course.
Also review the Policy on Plagiarism. If you have any
questions, please contact your professor.
Directions for Submitting Your Assignment
Name your Assignment document according to this convention:
YourLastName_IT591_Unit4. Submit your completed
Assignment to the Unit 4 Dropbox by the deadline.
file:///Users/emmanuelnyarko/Downloads/Unit%204%20Assignment.html
4/5
1/6/2019
Sample Content Topic
Review the rubric before beginning this activity.
file:///Users/emmanuelnyarko/Downloads/Unit%204%20Assignment.html
5/5

Purchase answer to see full
attachment