POLICY AND PROCEDURE WRITING
As a Health Information Management Services Manager or HIPAA Security Officer, you are responsible for having policies and procedures in place regarding the security of protected information stored in the Electronic Health Record (EHR). These are essential to electronic health record integrity, confidentiality, and appropriate access. Mechanisms should be in place, including physical and personnel security measures, risk prevention, and monitoring of the EHR system’s security.
For this assignment, your goal is to design a policy and procedure for the security and monitoring of Protected Health Information (PHI) in your organization’s EHR. Use information from the readings to compose the policy and procedure (P&P). Click on the sample policy and procedure below for the formatting you should follow.
At a minimum, include the following categories:
- Safeguarding Access (physical and personnel security measures)
- Risk Assessment
- Monitoring (frequency and method of assessment)
Your assignment should be 1-2 pages in length. Be sure to follow the formatting used in the sample provided above.
Submit your completed assignment by following the directions linked below. Please check the Course Calendar for specific due dates.
Save your assignment as a Microsoft Word document. (Mac users, please remember to append the “.docx” extension to the filename.) The name of the file should be your first initial and last name, followed by an underscore and the name of the assignment, and an underscore and the date. An example is shown below:
The policy is aimed at describing the procedure for access to the Electronic Health Record and ensuring the protected health information is securely stored in the EHR. To define the process and procedure for employees’ access to health information and necessary measures that should be implemented to secure the information in the EHR. This is the procedure that will be used in safeguarding health records access. Every employee has the role of safeguarding access to health data. Employees will use access-control tools such as PIN and passwords so as to limit access to the health records to the authorized personnel only. Employees also have the responsibility of safeguarding protected information at any given point, like physical documents, which include forms, reports, and microfilms stored in cabinets, computers, USB, data networks, fax documents, and information exchanged in conversations. In order to address the probability of computer sabotage, there will be regular risk management and analysis to identify and eliminate vulnerabilities and exposures……….
APA 347 words