Question

In: Computer Science

Business and Data Management Module 3 Case Study One Instructions Scenario: You have been hired as...

Business and Data Management

Module 3

Case Study One Instructions

Scenario:

You have been hired as a security analyst for Garbo Rheumatology Research Center. This lab is producing cutting edge treatments for rheumatology and similar autoimmune diseases. Despite being cutting edge, this research is not top secret. Funding is provided by government grants and sponsored by a major research university in the area.

While there is not an intense amount of security required, the data being researched does include medical and laboratory data taken from human and animal subjects. This information comes from a small, attached, on-site clinic and several small animal labs on university premise. Currently, accessibility to the facilities employ appropriate physical controls to ensure that only authorized individuals are permitted within the given facilities; via a combination of security badges and pin codes.

Laboratory

The labs are dedicated to research materials. Lab technicians utilize three shared desktops located in the rear of the labs to register their data. They use separate logins and are required to log out after they complete their work. Many of these technicians are Ph.D. candidates or post doctorate students who, also, utilize these computers to correspond with their advisors. Some of these advisors are the researchers who work on projects within the labs, while others are professors on the university’s main campus.

The actual data itself is stored in a server room, which also functions as the office of the systems administrator. Access to this room is available only to the systems administrator and the Primary investigator (PI) of the project. The medical doctors/researchers, who work on site, each have a private office where they review and analyze the research data. Each office is accessible only to the occupant and building maintenance. These researchers deal with patient medical records, student coursework, and research data produced by the lab.

Data held in the database -

  • Medical patient profile
  • Medical test results
  • Demographic information of Individual patients
  • Clinical visits organized by patient

Paperwork spread around the office -

  • Physical version of patient’s medical chart
  • Printouts of test results and biological samples from both human patients and animal subjects
  • Student assignments with and without grades

Medical Clinic

The medical clinic is permanently staffed with receptionists, office staff, and nurses. The medical doctors/researchers rotate shifts seeing patients and do not have permanent office space in this area. Instead they share desks and computers, while the nurses and office staff have permanent space and computers assigned to them individually. There is a shared workspace at the front desk which is utilized for patient booking, patient sign-in, and processing patient payments. Patients pay for appointments with credit and debit cards.

Data found in the Clinic –

  • Patient logs (sign-in sheets)
  • Printouts of credit card transactions
  • Receipts left by patients
  • Medical records of patients being seen that day
  • New patient profiles

Assignment:

Part of evaluating the security of an organization is understanding the environment which the business operates. It is important not to just identify the data being handled, but, also, to understand what laws and regulations protect the data. This information might force us to handle and protect the data in ways that we would not otherwise have planned to in order to comply with the regulations.

  • Based on the above scenario, list in “table format” the laws and regulations that this organization should consider in terms of welfare and data privacy best practices? There are numerous laws and regulations available to research.
  • Based on these standards (i.e., HIPAA), what best practices would you suggest for healthcare compliance requirements?

Solutions

Expert Solution

Let's discuss the laws and regulations that the organization should consider in terms of welfare and data privacry best practices:

  • Basically, the privacy standards are followed to protect certain health information.
  • The HIPAA ( Health Insurance Portability and Accountability Act) was implemented by the US Department of Health and Human Services in 1996 as privacy rule that every hospital has to follow.
  • The major goal of HIPAA is to protected health information by organizations subject to the Privacy Rule. This act mainly deals with without the permission of an individual patient, no one should use the patient information for any kind of research.

Below table give us a idea of laws and regulations that any act can cover related to Patient Data Privacy:

Laws and Regulations Purpose or Objective
Privacy Rule

According to various acts like HIPAA, the patient details should not be used at anycost without permission. This is the most important regulation that every hospital has too follow.

Security Regulations

The Electronic Medical Records(EMR) has to be protected correctly and there should not be any shared desktops. This should addresses the technical aspects of protecting electronic health information (majorly administrative security, physical security and Technical security)

Transaction and Code Set Rules

This rule mainly talks about the predefined transaction standards for communications and transactions in the health-care industry (Standards 5010 and ICT-10 are examples for this one)

Unique Identifiers

By following the unique identifiers laws and regulations, we can achieve standardization, efficiency and consistency

Enforcement Law

If some orgranizations are not following the above rules, then they have to pay the penalities for not following the rules.

Breach Notification Rule

organizations have up to 60 days to notify patients according the data usage, once it is crossed then it will be treated as data breach.

Final Omnibus Rule

It further tightens and clarifies provisions to the privacy, security laws.

Permitted Uses and Disclosures

The patient information should not be shared with any individual, organization or other hospitals etc., as per this rule.

Authorization Law

Only the authorized individual has to deal with data, other then the person no one is allowed to the data laboratory for any data.

Best practices for healthcare compliance requirements:

  • Establish the laws and regulations and inform about the same to larger audience.
  • Make sure everyone in the organization are following the standards and warn if someone is not following.
  • Data handling should be as per the rules and standards. Any misuse of patient information by anyone has to be reported and the organization should take appropriate action.
  • Develop policies and laws to enforce the standards of conduct.
  • Follow the National and International health organization standards.
  • Identify and appoint someone to make sure the data is handled correctly.
  • Establish the complaint systems in the organization where an individual can complaint about the data frauds.

Note: Current situation is like getting a patient data is easy through physical and virtual. So it is very important to know all possible ways of misusing data and implement the system such that patient data is protected and properly used.

PLEASE GIVE A THUMBS UP, IF THIS ANSWER IS HELPFUL

THANK YOU!


Related Solutions

Data Scenario: You have just been hired into a management position which requires the application of...
Data Scenario: You have just been hired into a management position which requires the application of your budgeting skills. You find out that budgeting has not been a priority of the company and that they have been experiencing cash shortages. You have contacted various areas on the organization and have accumulated the information below to assist you in preparing a comprehensive budget.                                                                                                                               The following is actual information that relates to the operations of a merchandiser named Sled Company, a wholesaler...
Data Scenario: You have just been hired into a management position which requires the application of...
Data Scenario: You have just been hired into a management position which requires the application of your budgeting skills. You find out that budgeting has not been a priority of the company. You have contacted various areas on the organization and have accumulated the information below to assist you in preparing a comprehensive budget. Manufacturing Inc. produces a part used in the production of engines. Actual Sales and Projected sales in units: March (Actual) 38,000 April 40,000 May 50,000 June...
Case Study for IT management You have been working in the IS/IT field as a consultant...
Case Study for IT management You have been working in the IS/IT field as a consultant for two years following graduation. Your clients have consisted of home users and a few small businesses. Recently you were referred to the owner of a small used car dealership. The owner is curious about endpoint security, however, not yet sold on the idea. The dealership has 4 sales consultants, two receptionists, two finance specialists and two reconditioning technicians. Each employee has a cell...
Case Study You have been hired to manage a portfolio of several specialty clinics in a...
Case Study You have been hired to manage a portfolio of several specialty clinics in a large multi-physician group practice in an academic medical center. The clinics reside in a multi-clinic facility that houses primary care and specialty practices, as well as satellite laboratory, radiology and pharmacy services. The practice provides the following centralized services for each of its clinics: Registration Payer Interface (e.g., authorization) Billing The CEO of the practice has asked you to initially devote your attention to...
Mini Case Assume you have just been hired as a business manager of PizzaPalace, a regional...
Mini Case Assume you have just been hired as a business manager of PizzaPalace, a regional pizza restaurant chain. The company’s EBIT was $120 million last year and is not expected to grow. PizzaPalace is in the 25% state-plus-federal tax bracket, the risk-free rate is 6 percent, and the market risk premium is 6 percent. The firm is currently financed with all equity, and it has 10 million shares outstanding. When you took your corporate finance course, your instructor stated...
It is Business Law, question no. 2 Case description You have just been hired by Widget...
It is Business Law, question no. 2 Case description You have just been hired by Widget Corporation and, unfortunately, this company has just had a suit filed against it in Texas. The President of Widget Corporation, your new boss, is going to hire an attorney to litigate the case, but wants to first understand the potential issues of the case. He has asked you to evaluate the situation and write a report identifying and discussing both the procedural law and...
3.   Assume you have just been hired as a business manager of Pamela’s Pizza, a regional...
3.   Assume you have just been hired as a business manager of Pamela’s Pizza, a regional      pizza restaurant chain. The firm is currently financed with all equity and it has 15 million shares outstanding. When you took your corporate finance course, your instructor stated that most firm’s owners would be financially better off if the firms used some        debt. When you suggested this to your new boss, he encouraged you to pursue the idea.         As a first...
CASE STUDIES - AHIMA 4.16 - COMPETENCY IV.3 you have just been hired as the revenue...
CASE STUDIES - AHIMA 4.16 - COMPETENCY IV.3 you have just been hired as the revenue cycle manager at a local acute care hospital. one of the first items of business is to review the processes in place for the revenue cycle, and you are surprised to see that no external coding audits have been done for several years. when you ask the coding manager why no external audits have been performed, she explains that the HIM director was told...
You have just been hired by the U.S. government to analyze the following scenario.
You have just been hired by the U.S. government to analyze the following scenario. Suppose the U.S. manufacturing industry is concerned about competition from overseas low-cost producers exporting their goods to the United States, a practice that hurts domestic producers. Lobbyists claim that implementing a tariff on imports would shrink the size of the trade deficit. The following exercise will help you to analyze this claim.The following graph shows the demand and supply of U.S. dollars in a model of...
Case 3 Antiock Hardware: An Inventory Case Study This case study presents a scenario where an...
Case 3 Antiock Hardware: An Inventory Case Study This case study presents a scenario where an error in the inventory valuation, that may prove to be significant, was found by the external auditor of a large wholesale hardware distributor during the course of their audit. Since the objective of all audit clients is to obtain an unqualified opinion, the case focuses on the ability of the client to correct the error to the extent possible and the procedures the external...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT