Evaluate health information access and disclosure management practices for mitigating security risks and complying with regulatory control

You will take on the role of the HIM director within the Utah Department of Health (UDOH), where there has been a health information data breach. You will develop a risk analysis based on the information in the scenario provided to you.
In this assignment, you will demonstrate your mastery of the following course outcomes:
• Evaluate health information access and disclosure management practices for mitigating security risks and complying with regulatory control
• Evaluate the effectiveness of health information data systems in relation to the security of the health information life cycle
• Compare consumer informatics models in relation to standards of practice for promoting patient engagement and mitigating security risk
Prompt
Specifically, the following critical elements must be addressed:
I. Inventory: In this section, you will evaluate information about the data that was breached and the existing security measures in place in order to protect the health information.
A. Describe the data systems life cycle of the health information that was compromised.
B. Describe the existing transmission security measures used in the storage and transmission of data.
C. Explain the consumer informatics model used by the UDOH and how this model applies standards of practice for securing the health information.
D. On the basis of standards of practice for securing health information, evaluate the effectiveness of the existing transmission security measures.
II. Access: In this section, you will identify those involved with the breach and the responsibilities associated with mitigation of risk.
A. Present a case for why the Promoting Interoperability and Minimum Necessary component of the HIPAA privacy law in relation to stakeholder access (including third-party vendors) contributed to the breached health information. Support your response with examples.
B. In relation to the HIPAA privacy law, propose the roles and responsibilities of those who will participate in the risk analysis and mitigation of the breach.
III. Rating: In this section, you will weigh the impact that this breach will have and the potential for future risk.
A. Propose whether the levels of access and disclosure to the health information are in compliance with the HIPAA Privacy law and defend your answer.
B. In relation to securing health information in patient portals, examine potential impacts on patient engagement as a result of the data breach.