Question

Assess the main possible Health Insurance Portability and Accountability Act (HIPAA) violations that your facility risks by having a third party monitor the integrated database, and recommend at least one (1) method of preventing or addressing each identified violation.

Answer 1

Many institutions often find themselves in a position where they need to change their information system. Updating the system often comes with a lot of advantages such as the increase of efficiency in operations (Hahn et al. 2013). However such process also comes with a series of challenges that might affect the organization's information system if not addressed.

The first problem is the risk of losing information. During the change over from the old database into the new database, the facility might lose crucial data about their patients. This is a serious challenge since medical facilities use historical data to help treat a patient. To curb this problem, I will propose a parallel changeover where the old database is also kept until the day we are convinced the new database has everything it needs to have then the old database will be done away with.

The second problem is data conversion. Converting data from the old system into the new system often provides a lot of challenges mainly because data requirements for the new database might be more detailed as compared to that of the old system. Additionally, data elements of the new system might have different meanings as compared to the old system. To solve this problem, I will involve the facility's IT expert in choosing the new database to ensure it is compatible with the data we have on the old system.

Having a third party monitor the integration will violate patients' confidentiality since the person will have access to patients' digital files, to address this issue, the files will first be serialized by personnel with clearance to access them. This will remove the names of the patients before the third party accesses them and then the names returned after the exercise to prevent the identity of the patients.