Medical Center of DeVry - Term Paper Example

? Privacy Assessment and Training Task Medical Center of DeVry Incidence Reporting Policy This policy will ensure the efficient orchestrating of duties by the hospital staff. This will improve services and streamline the communication channels of the patient’s details. It will ensure the proper use of a computer thus enabling the hospital equipment to be ultimately used for professional duties. This policy also covers the unauthorized propagation of a patient’s information. This entails how patient’s data is distributed to persons who are not warranted to receive it. The release of this data can be detrimental to the hospital privacy policy and possibly smudge its reputation. Moreover the safety of the patient can be compromised in result of this release when it is received by malicious individuals. In addition, how the information is reported is essential. Lastly it demonstrates the procedures followed in notification of any complaints. This policy governs of the entire hospital staff including the management, the physicians and nurses. a. Inappropriate use of a computer The hospital staff frequently utilizes the computers of the institution in an improper mode. Professionalism of the healthcare providers is tainted when loss of vital information is identified (Hubner, Costas &Pernul, 2007). Unwarranted use of computers entitled to shield the medical details of a patient can cause damage to it of inconvenience confidentiality (Castagna, 2009). Information inputted in the computer should have a medical basis. Procedures As a means of countering this vice, it is necessary to adopt a centralized system management to enhance data security. This will ensure adequate management of sensitive patient information thus enabling accurate distribution of medical assessments specifically to victims. In the incident of any inconsistencies experienced when undertaking this task it should be addressed to the central manager (King, 2008). The central manager will then evaluate the situation extensively and carefully categorize how that quandary might have happened. Any intrusion or distortion of information of which he is authorized to protect will be viewed as a lapse of the security capacity of the hospital (Hubner, Costas &Pernul, 2007). His expansive knowledge in this field will ensure his expert solutions are applied to incidents of a dire nature. Secondly, to initiate this investigation he is expected to make a program that will be connected to a central point. This will enable him to scrutinize the activities that the hospital staff is entering in the computer system. Thirdly, the centralized system office should only accommodate hospital based software thus restricting further use of computers by staff to execute personal functions (Hubner, Costas &Pernul, 2007). This will isolate the use of the computer equipment to hospital functions thus promoting efficiency in the hospital operations. This hospital programs should be comprehensive in recording of patient data. Fourth, the top management of the hospital should conduct unprecedented surveys of the computer system to oversee if the abuse of the hospital computers has been mitigated. This will reassure the hospital of its efforts to mitigate the improper engagement of the hospitals facilities and enhance confidence in the centralized system capabilities. The fifth entails employment of employees who will discreetly monitor their colleague’s use of this computer system will surely improve responsible computing (Hubner, Costas &Pernul, 2007). These doctors will be lieutenants of the top management which will take the prohibitive actions on the perpetrator. Lastly, the application of firewalls and passwords to limit the people accessing information of the patient is crucial. This will diminish the dissemination of information to unscrupulous persons who can have malicious motives towards the patient. Hospital professionals who are considered to be culprits should be addressed appropriately of the on the consequence of their activities which are destructive to their competence. Punishment of staff can be measured according to the magnitude of misconduct illustrated by the culprit. The punishment should be hard-hitting to sufficiently dispirit such endeavors in the hospital. b. Release of Patients information without Authorization Hospitals are institutions mandated to uphold the integrity and professionalism with acute precision. The medical staff should be endeared towards maintaining the patient’s diagnosis to authorized persons (King, 2008). Unsanctioned propagation of the patients information can the detrimental to the patients confidentiality and wellbeing. Procedures First is the establishment of an exclusive authoritative channel that will constitute of the patients doctors together with individuals who are closely associated to the patient. It is imperative that the hospital employs an office of untainted repute that will certify the trade of a patient’s information. This is with outside parties that may include courts or other interested bodies. Secondly, an elaborate channel or hierarchy of authority should be consulted to warrant the discharging of delicate details of a patient (Hubner, Costas &Pernul, 2007). This will ensure thorough consideration of the hospitals judgment in the dissemination of information. The senior management will have a broadened perspective of the patient’s data and conclude if its release will infringe his confidentiality and wellbeing. In addition, the authorization of the transaction of the information should be certified with genuine signatures of managers (King, 2008). As such, they are liable of any negative corollary that can originate from their decision. Thirdly, the inquisitive persons should exercise satisfactory documentation of permission to merit propagation of the patient’s data to other parties (Hubner, Costas &Pernul, 2007). The purpose of the details including his personal information and contacts is highly regarded. This will assure a reliable paper trail in case of any inconveniences or wrongful utilization of that information. Complaints should be forwarded to the oversight authority of the approving board that should be independent to ensure cautious analysis of the decision. This determines whether it was the negligence of the board (King, 2008). This evaluation should comprise of experts who will share their perspective on the situation with the oversight committee on the best direction to undertake. However, this policy has an exception in case a patient’s medical information is required by the court to authenticate evidence provided. c. Time Frame In the health profession, time is essential, as it is a determinant of the expectancy of life. The health professionals should report at the shortest time expected. First, the hospital should be equipped with the technology that will enable the hospital to communicate relevant facts with the attendants of the patients (Tenant, 2003). Secondly, the reporting should be consistent with the mandatory regulations of the hospital. It is imperative to allocate information about the date of recording of that detail and also when the patient is to return for treatment. If the existing mode of reporting consumes a large amount of time the hospital should install a swift system to undertake those tasks (Tenant, 2003). Also if there are any modifications to the time of reporting it should be communicated to the respective authority. Thirdly, the hospital should have time card that explain the time of reporting since it is necessary to know the period for treatment. This time card can be submitted in every case of a patient (Tenant, 2003). Nurses who are in charge of delicate patient reports can employ this technique in all cases. This guarantees there is no slip in the treatment of the ill patient who can be in dire need of attention. Fourth, the employment of a Pager System in communicating urgent issues that should be included in the report will make certain the produced report will be comprehensive (Tennant, 2003). Pagers are used in hospitals by doctors to communicate when urgent situations arise. They are instrumental in operations that saved lives and similar approaches are applicable by nurses. d. How to Report The format is to be understandable and flowing thus not complicating the interpretation of the individual who is to act on the information. Meticulous detailing of the report can be active in dispensing proper Medicare to the patient in consideration of all the supposition pertaining to him. First, the conduit of reporting can be a closed system which few persons are liable for (Tenant, 2003). This is a merit, as it will limit the amount of persons who have admittance to the patient’s personal details, which is key to his personal safety. The report will incorporate the tasks of the entities involved. Secondly, the name of the person preparing the report should be included in the report statement .His/her signature is also significant in affirming his identity. This notification will guarantee that the person handling the documents is aware of the consequences that can befall him in the event of potential negligence mistakes (King, 2008). Thirdly in case of inconsistencies the person who was liable is subject to inquiry. The investigative technique should lay squarely on the pressing issue and it is also try to assess the source documents to verify if the mistake originated from it. The persons mandated with the duty of reporting should be inquired to see if there elements of negligence in the partaking of their duties (Ballad& Ballad & Banks, 2010). If the problem is verified it should be corrected urgently and all persons who relied on the former statement advised appropriately about the changes. 2. Computer Security Stipulations The privacy of a patient’s health information is principal in the medical fraternity as related to the negative effects of its exposure to other parties (Castagna, 2009). Therefore, implementation of passwords or firewalls will diminish access to private information that could be trivial if exposed. Inadvertent modification of the patient’s files can be disastrous to his wellbeing (Hubner, Costas &Pernul, 2007). Another issue that can transpire is the destruction of the details or their disappearance from the system. Procedures First, the monitoring of malicious persons is a good measure to mitigate the dissemination of this information to ensure it is not exercise for disreputable objectives. The hospital should safeguard the patient’s information through appropriate training of individuals responsible for that privacy (Ballad& Ballad & Banks, 2010). Secondly, employment of experts to assist the in the training program to ensure optimum security of the information is helpful (Tenant, 2003). This will ensure the hospital staff acknowledges the rules of the system and hence behave consistent with the rules of the system. Thirdly, the employees should be appraised for the positive efforts they make towards this attainment. Hospital equipment for example laptops should also be installed with automatic locks on the sensitive patient data they contain (Roach & American Health Information Management Association, 2006). It is advisable that they as secluded to few individuals who have access so as to depress unauthorized disclosures. a. Storage of Information The system of the hospital can suffer from congestion of data which is inevitable. Therefore, the hospital should put up ways to record that information and store it safely. This is attainable using equipment such as hard drives, compact discs and flash discs. These are very convenient means of storing and transportation of the data. The devices should be secured in a safe that is only accessible by an executive that has been assigned for safekeeping. The access code of the safe should be altered often to diminish breach of their safety (Hubner, Costas &Pernul, 2007). It is essential for the persons requesting access to warrant their purpose of the information. Thereafter proper documentation to confirm this should follow. Paper documents of the patient’s information are a suitable reference if the electronic devices are compromised. They are more steadfast since they contain signatures of authorizing persons. 3. Reporting Tools The complaints of incidences can be communicated in the form below. Medical Complaints Records Form Name: Date: Address: Medical Record no: City: Telephone No: My Complaint Involves; . The Incident addressed was authorized by on / / . Signature: . Date: . Checklist Date Name Time Document Disposal Medical Disposal Unsecured Workstations 4. Communication Tools 1. A Flyer INTERNAL MEMO TRAINING OF ADMINISTRATIVE STAFF OF HOSPITAL Training of the employees as regarding the privacy of the patient’s information and computer system should be categorical. Their education should be according to the risks relative to their tasks. Therefore the training should be subjective to the hospitals administration. Training should produce relevant security skills that will enable development of awareness of the program. The training is to commence immediately but it will be conducted in phases that include the different departments of the hospital. The training procedures are as follows; 1.The management will be trained to oversee and control the outlet of the patient’s information. 2. The Central Manager will advise the executive management how they can efficiently monitor the execution of these policies. 3. The working staff should be trained how to execute Commands of the security system. Date: 13th -24th February 2012 Time: 3:00 O’clock in the Evening Venue: The Hospitals Conference Hall 2. Intranet announcement The communication on the requirements of the training program has been sent to every employees email account. It is recommended that you adhere to those requirements to assure your success in the program. Incase of further inquiries visit the hospitals website www.devry medical centre.com 5. Summary These policies are formed to address the issue of enhancing the activities that will enable elaborate reporting of patient’s details. Hospitals and their staff should ensure that they uphold the privacy of the patients. The doctors and hospital in large are supposed to limit the disclosure of the patients information to authorized persons. This incorporates persons who undertake health programs such as health firms, health plans, health plans whether individual or collective among others. In this paper I explore how the privacy of patients can be implemented efficiently in Hospital. I have to formulate two policies that will initiate the process of embracing this rule in DeVry Medical Centre. The policies to be introduced involve Policy on Incident Reporting and Computer Security Stipulations that should be applied. Incident reporting entails how the computers are being used by the medical staff and how transfer of sensitive patient information is orchestrated. The hospital attendants can be prudent in these tasks and hence safeguard his privacy. Also Computer Security Stipulations are imperative so as to restrict the patient’s private data to authorized persons. To mitigate reporting inefficiencies the hospital has developed forms such as the complaints form to enable feedback of errors committed in the approach of reporting. This will enable parties associated with the reporting to take ultimate responsibility of the inconsistencies experienced. There is also a checklist to illustrate the input and release of patient’s files and details to the hospitals staff or other involved parties. This will assist in managing the release of sensitive information and will act as a reference book in case of any query. The communication tools used are a flyer and intranet communication. The flyer will be pinned in all notice boards of the hospitals and also delivered to the various departments required to undertake the training. The intranet communication will ensure every person is able to comprehensively review the training procedures at his own convenience. References Ballad, B. & Ballad, T. & Banks, E. (2010). Access Control, Authentication, and Public Key Infrastructure. New York, NY: Jones & Bartlett Publishers. Castagna, G. (2009). Programming Languages and Systems: 18th European Symposium on Programming. New York, NY: Springer. Hubner, S. & Costas, L & Pernul, G. (2007). Trust, Privacy and Security in Digital Business: 6th International Conference, TrustBus 2007, Linz, Austria, September 3-4, 200, Proceedings. Noerdeshdt: King, P. (2008).The HIPAA Security Toolkit for Ambulatory Care. Digital Age Healthcare LLC. New York, NY: Springer Roach, W. & American Health Information Management Association.(2006).Medical records and the law. London, LDN: Jones & Bartlett Learning Tennant, R. (2003). Hipaa Toolbox: Information Critical to Your Practice. California, CA: Medical Group Management Assn Read More