In this module, you will
complete a case study activity with regards to Glenside Memorial Hospital
You are Certified in Healthcare
Privacy and Security (CHPS) by the American Health Information Management Association
(AHIMA). The CHPS credential denotes competence in designing, implementing, and
administering comprehensive privacy and security protection programs. It also
shows a commitment to advancing privacy and security management practices,
lifelong learning and professional development. You will complete a security
risk assessment using a toolkit provided by HIMSS (attached).
Company Background of Glenside
Glenside Memorial Hospital (GMH) is a fully accredited, not-for-profit,
500-bed, regional teaching hospital in Glenside, Pennsylvania. GMH has been
providing comprehensive, high-quality services to the Montgomery, Bucks and
Philadelphia counties for 50 years. With more than 34,000 inpatient admissions
annually and 86,000 visits to the Emergency Room, GMH has a long tradition of
personal, high-quality care in the following specialties: cancer, cardiac,
surgery (including orthopedic surgery and neurosurgery), trauma, maternity and
senior health services. The workforce (for HIPAA purposes) includes 2,000
employees, 500 physicians, 200 students, 250 residents and 250 volunteers.
GMH has a strong educational
mission and sponsors residency programs in family medicine, internal medicine,
obstetrics/gynecology, and general surgery. In addition, the hospital provides
postgraduate medical education in affiliation with several area medical
schools. The hospital also operates the Glenside Memorial Hospital School of
Nursing, and has programs in radiologic technology, nuclear medicine and
Glenside Memorial Hospital
offers two satellite campuses in Huntingdon Valley and Newtown which provide
laboratory testing, radiology (including MRI, nuclear medicine, mammography and
x-ray), same day surgery, psychiatric services and wound and diabetes care.
Primary care physician offices are available at these satellite campuses, as
well, offering access to top physicians and advanced technology in cardiology,
female pelvic medicine, neurosurgery, obstetrics/gynecology, pediatrics,
primary care and rehabilitation services.
Your expertise is needed:
In order to facilitate the flow
of information, staff are allowed to communicate internally using electronic
mail and facsimile (FAX). In the last year the number of Privacy complaints has
increased and there is an open investigation with the Office of Civil Rights
(OCR). The complaint under investigation involves an allegation of a failure to
secure Protected Health Information (PHI) in mobile devices.
GMH has implemented a Siemen’s
Hospital Information System (HIS) but not all portions of the patient’s record
are electronic at this point. Most areas have assumed a hybrid approach by
retaining the existing medical records in paper format while new encounters
will be documented in the HIS. Satellite locations will be last on the
implementation schedule so the records will remain completely on paper for
another 18 months (just in case GMH needs to respond to a billing audit or a
medical malpractice claim). Records must be kept in accordance with specific
regulations; however, GMH does not have a written Record Retention policy.
You have been hired as their
Security Officer. You come to the position with a background in information
management and while you worked closely with the Security Officer in your
previous position, compliance was not the focus. You see this new role as an
opportunity to expand your knowledge base and increase your skill set. The
CEO wants to know if GMH is in compliance with all applicable security
standards as well as next steps on mitigating risk going forward.
Review the grading rubric to aid in completion of assignment.
Review the HHS Risk Assessment document taken from the HIMSS
Risk Assessment Toolkit (attached)
This provides a good
overview of important concepts including threats, vulnerability and risk,
example risk analysis & risk management steps as well as a security
Write a short 2-3 page
paper that includes a response to the following:
Do you have enough information available to determine if GMH
is in compliance with the HIPAA Privacy & Security
Why is it important for organizations to
conduct a security risk assessment?
What are your recommendations for next steps in
achieving the CEO’s request of mitigating risk?
*Be sure to include references in APA format.
In this module, you will complete a case study activity with regards to Glenside
In this module, you will