Part I: Policy Manual Introduction United General Hospital is, like many other health care organizations, working to develop processes and systems that will provide control to help protect against security breaches associated with patient confidentiality and data compromise. Protecting patient healthcare data is becoming a greater challenge for facilities as the industry transitions from manual to electronic information storage and sharing. The number of individuals that have been affected by health care data breaches is on the rise and has resulted in the pressure of regulating stricter guidelines and rules for organizations to abide by. Stricter and more in-depth guidelines are required to be integrated at United General Hospital due to the recent increase in volume of patients and updated use of technology to manage records. Additionally, this will allow our organization to implement penalties and disciplinary action where required for liable parties of any and all security breaches. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires the development of regulations to protect the privacy of health information. With the use of modernized clinical technology for patient records and other healthcare systems, the medical workforce has seen a rise in the potential security risks. This security law requires covered individuals to be ensured confidentiality, integrity and compliance by their workforce against improper access to their information. The purpose of this rule is to protect the privacy of individuals’ health information and to ensure that with the implementation of electronic records the likelihood of potential risk to electronic patient health information (e-PHI) is decreased. “HIPAA requirements grant patients several key privacy rights” (National Center for Medical Records 2018) while imposing obligations on health care providers to apply those safety measures. Although many rules and regulations are put into place, the risk analysis of manually
