Read the following information about a typical dental practice:
- Community Dental has two offices in the same city — the North office and the South office. These offices offer the same dental services to patients. Patients can make appointments to either office at their convenience to see the dentist of their choice. Both offices are similarly equipped.
- The professional staff includes the dentists, hygienists, dental mechanics, and administrative staff (receptionist, billing clerk, and office manager).
- Each Community Dental office has a waiting area served by a receptionist who uses a computer to check in patients, schedule one of the examination rooms, and answer the phone. The waiting room has a door opening to the outside. A second door admits patients into the rest of the facility. Background music plays inside the waiting area. There is also a large aquarium on display.
- Each examination area is partitioned off from the adjacent ones. Each has a computer and LCD screen used to pull up patient information and record new dental data such as x-ray interpretations, examination and test results, and procedures done for the patient. A low-level sound masking system is installed in this area.
- After their treatment, the patient visits the billing clerk’s desk, which of course has a computer and a printer. Here patients pay (cash co-pay, credit card, or check), insurance information is verified, and an appointment is made. This clerk also mails out postcard appointment reminders and answers the phone.
- The Community Dental dentists share a private office that has a computer and a printer. Here they can review patient data, access the Internet, and exchange email with their patients, colleagues, and acquaintances.
- A database server containing patient data sits in a closet, next to a small tape library used for backup. Next to it sits a VPN server, firewall/router, and cable modem connected to the Internet. The VPN server accepts incoming connections from the dentist’s home computers. It also provides a permanent VPN connection between the North and South Offices. In this way, all patient data is available at all times at either office.
- Most patient data is stored electronically on the database server, but some data such as x-rays and third-party labs results are still filed in physical form. Community Dental also depends on third party service providers to build crowns, braces, false teeth, soft dental protectors, and such. Information is exchanged with service providers using telephone, fax, letter, and email.
- The network infrastructure’s management and maintenance are outsourced.
- Community Dental also maintains an informative website to advertise its practice. The site is remotely hosted.
Answer the following questions incorporated into an format. Make any sensible assumptions necessary in order to continue your analysis (stating them as needed for clarity). You are welcome to use the discussion board to share your assumptions with others in the class:
- What is all the electronic and non-electronic private health information (ePHI) that is stored, processed, and transmitted at Community Dental’s two offices?
- Assess the practice’s organization. Where are organizational processes most likely to be HIPAA compliant? What changes should be made to move the practice closer to compliance in its business operations?
- Assess the practice’s physical and technical safeguards. Where are they most likely HIPAA compliant? What changes should be made to move the practice closer to compliance?
- Community Dental exchanges data with external service providers and uses a third party to manage its IT infrastructure. What administrative and organizational safeguards should the practice expect these providers to adhere to?
Submit your in the usual double-spaced APA-styled report. Content should be a minimum of four double-spaced pages, APA style followed (title page, abstract, table of contents, and references section) to meet expectations.
- Answers contain sufficient information to adequately answer the questions
- No spelling errors
- No grammar errors
Assignment Details
Unit 6 Assignment: Information Security and the Healthcare Industry
Purpose
This assignment will help solidify and reinforce the concepts you have studied involving information security in the healthcare industry context to illustrate issues involving regulatory compliance.
Assignment Instructions
Read the following information about a typical dental practice:
- Community Dental has two offices in the same city — the North office and the South office. These offices offer the same dental services to patients. Patients can make appointments to either office at their convenience to see the dentist of their choice. Both offices are similarly equipped.
- The professional staff includes the dentists, hygienists, dental mechanics, and administrative staff (receptionist, billing clerk, and office manager).
- Each Community Dental office has a waiting area served by a receptionist who uses a computer to check in patients, schedule one of the examination rooms, and answer the phone. The waiting room has a door opening to the outside. A second door admits patients into the rest of the facility. Background music plays inside the waiting area. There is also a large aquarium on display.
- Each examination area is partitioned off from the adjacent ones. Each has a computer and LCD screen used to pull up patient information and record new dental data such as x-ray interpretations, examination and test results, and procedures done for the patient. A low-level sound masking system is installed in this area.
- After their treatment, the patient visits the billing clerk’s desk, which of course has a computer and a printer. Here patients pay (cash co-pay, credit card, or check), insurance information is verified, and an appointment is made. This clerk also mails out postcard appointment reminders and answers the phone.
- The Community Dental dentists share a private office that has a computer and a printer. Here they can review patient data, access the Internet, and exchange email with their patients, colleagues, and acquaintances.
- A database server containing patient data sits in a closet, next to a small tape library used for backup. Next to it sits a VPN server, firewall/router, and cable modem connected to the Internet. The VPN server accepts incoming connections from the dentist’s home computers. It also provides a permanent VPN connection between the North and South Offices. In this way, all patient data is available at all times at either office.
- Most patient data is stored electronically on the database server, but some data such as x-rays and third-party labs results are still filed in physical form. Community Dental also depends on third party service providers to build crowns, braces, false teeth, soft dental protectors, and such. Information is exchanged with service providers using telephone, fax, letter, and email.
- The network infrastructure’s management and maintenance are outsourced.
- Community Dental also maintains an informative website to advertise its practice. The site is remotely hosted.
Answer the following questions incorporated into an essay format. Make any sensible assumptions necessary in order to continue your analysis (stating them as needed for clarity). You are welcome to use the discussion board to share your assumptions with others in the class:
- What is all the electronic and non-electronic private health information (ePHI) that is stored, processed, and transmitted at Community Dental’s two offices?
- Assess the practice’s organization. Where are organizational processes most likely to be HIPAA compliant? What changes should be made to move the practice closer to compliance in its business operations?
- Assess the practice’s physical and technical safeguards. Where are they most likely HIPAA compliant? What changes should be made to move the practice closer to compliance?
- Community Dental exchanges data with external service providers and uses a third party to manage its IT infrastructure. What administrative and organizational safeguards should the practice expect these providers to adhere to?
Review the next tab for additional information.
Outcomes addressed in this activity:
Unit Outcomes:
- Evaluate the meaning of HIPAA administrative and organizational safeguards.
- Select the administrative and organizational safeguards HIPAA standards for a medical office.
- Differentiate the meaning of HIPAA physical and technical safeguards.
- Recommend the physical and technical safeguards HIPAA standards for a medical office.
Course Outcome:
IT540-4: Assess computer networks for regulatory compliance.
Assignment Requirements:
Note: All written assignments should be completed using APA format, unless otherwise noted in the instructions.
Submit your assignment in the usual double-spaced APA-styled report. Content should be a minimum of four double-spaced pages, APA style followed (title page, abstract, table of contents, and references section) to meet expectations.
- Answers contain sufficient information to adequately answer the questions
- No spelling errors
- No grammar errors
*Two points will be deducted from grade for each occurrence of not meeting these requirements.
For more information and examples of APA formatting, see the resources in Academic Tools.
Also review the university policy on plagiarism. This policy will be strictly enforced on all applicable assignments and discussion posts. If you have any questions, please contact your professor.
Directions for Submitting Your Assignment
Name your assignment document according to this convention:
Last_Name_IT540_Unit_6_Assignment (use your own name, of course). Submit your completed assignment to the Unit 6 Dropbox by the deadline.
Review the grading rubric to ensure you meet all criteria.