Project 3: HIPAA, PII, and PHI Training
Project 3: HIPAA, PII, and PHI Training
Top of Form
The human resource department is updating its HIPAA Basic Training for Privacy and Security course. As a security analyst for the hospital, you have been tasked with covering the topics in the training related to the HIPAA security rule and the information that hospital staff need to know regarding personally identifiable information (PII), personal health information (PHI), and electronic personal health information (ePHI) to comply with federal regulations.
This week, you will submit your presentation. The presentation should include voice overlays as narrative for each slide. Include one to two slides for each bullet below (4-8 slides total) explaining the following:
· HIPAA Security Rule
· HIPAA, PII, PHI, and ePHI Definitions
· Safeguarding of PII, PHI, and ePHI
· Disclosures of PII, PHI, and ePHI
You may want to refer to the
HIPAA Learning Resources
from last week.
How Will My Work Be Evaluated? In this training guide, you will demonstrate how to integrate your IT skills in an organizational setting. You’ll be combining your technical skills with effective communication techniques to provide learning resources for the client/customer. You will not be evaluated on the voice recording quality. The following evaluation criteria aligned to the competencies will be used to grade your assignment: · 1.2.2: Employ a format, style, and tone appropriate to the audience, context, and goal. · 1.3.3: Integrate appropriate credible sources to illustrate and validate ideas. · 1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience. · 2.3.3: Explain inferences and deductions that follow logically from the evidence provided. · 12.1.3: Communicate policies, processes, and/or procedures to stakeholders. · 12.3.1: Select controls. · 12.3.2: Describe the implementation of controls. · 12.3.3: Explain how to assess controls. · 12.9.1: Describe organizational compliance with government legislation that impacts technology. · 12.9.2: Explain organizational compliance with industry regulations. |
9/16/2020
HIPAA
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-topic-list/hipaa.html?ou=510377 1/3
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) was established in 1996
to improve the security of the storage and use of health care data. These regulations
define how health care agencies must secure patients’ personal information and regulate
its disclosure.
IT staff members should understand how HIPAA applies to their work so they can
correctly handle sensitive information and demonstrate the organization’s
compliance
with the law in order to protect patients and the organization (DNS Stuff,
n.d.). Unauthorized access or release of data can lead to problems for the individuals
whose data has been compromised and also fines and penalties for organization (Ashraf,
n.d.). Two important IT-related aspects of HIPAA are the Privacy Rule and the Security
Rule.
HIPAA Privacy Rule
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical
records and other personal health information and applies to health plans, health care
clearinghouses, and those health care providers that conduct certain health care
transactions electronically. The Privacy Rule requires appropriate safeguards to protect
the privacy of personal health information and sets limits and conditions on the uses and
disclosures that may be made of such information without patient authorization. The rule
also gives patients specific rights over their health information, including rights to examine
and obtain a copy of their health records, and to request corrections (HHS, “Privacy
Rule,” n.d.).
The Privacy Rule protects all “individually identifiable health information” held or
transmitted by a covered entity or its business associate, in any form or media, whether
electronic, paper, or oral (HHS, “Summary of the HIPAA Privacy Rule,” n.d.). The Privacy
Rule calls this information “protected health information (PHI).” PHI is information,
including demographic data, that relates to:
Learning Topic
9/16/2020 HIPAA
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-topic-list/hipaa.html?ou=510377 2/3
the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the
individual, and that identifies the individual or for which there is a reasonable basis
to believe it can be used to identify the individual, such as name, address, birth date,
Social Security number).
HIPAA Security Rule
The Security Rule (HHS, “Summary of the HIPAA Security Rule,” n.d.). requires covered
entities to maintain reasonable and appropriate administrative, technical, and physical
safeguards for protecting electronic personal health information (ePHI). Specifically,
covered entities must:
1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive,
maintain or transmit;
2. Identify and protect against reasonably anticipated threats to the security or
integrity of the information;
3. Protect against reasonably anticipated, impermissible uses or disclosures; and
4. Ensure compliance by their workforce.
Note that the concept of personal health information is very similar to the term personally
identifiable information (PII), which is a broader term used by the federal government to
indicate “any information about an individual maintained by an agency, including any
information that can be used to distinguish or trace an individual’s identity, such as name,
Social Security number, date and place of birth, mother’s maiden name, or biometric
records; an any other information that is linked or linkable to an individual,” such as
medical, educational, financial, and employment information (GAO, 2008).
References
Ashraf, A. (n.d.). PII and PHI overview: What CISSPs need to know.
Infosec. https://resources.infosecinstitute.com/category/certifications-
training/cissp/domains/asset-security/protecting-privacy/#gref
Department of Health and Human Services (HHS). (n.d.). The HIPAA privacy
rule. https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
9/16/2020 HIPAA
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-topic-list/hipaa.html?ou=510377 3/3
Department of Health and Human Services (HHS). (n.d.). The HIPAA security
rule. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
DNSStuff. (n.d.) What is HIPAA compliance? https://www.dnsstuff.com/what-is-hipaa-
compliance
United States Government Accountability Office (GAO). (2008). Privacy: Alternatives exist
for enhancing protection of personally identifiable
information. https://www.gao.gov/new.items/d08536
Resources
Provider Responsibilities Under HIPAA
(/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/your-practice-
and-the-hipaa-rules.html?ou=510377)
Electronic Health Records, the HIPAA Security Rule, and Cybersecurity
(/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/electronic-
health-records–the-hipaa-security-rule–and-cybersec.html?ou=510377)
Educating and Training Your Workforce
(/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/educating-
and-training-your-workforce.html?ou=510377)
© 2020 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/your-practice-and-the-hipaa-rules.html?ou=510377
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/electronic-health-records–the-hipaa-security-rule–and-cybersec.html?ou=510377
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/educating-and-training-your-workforce.html?ou=510377
9/16/2020
Presentation Resources
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 1/7
Presentation Resources
Source: cnythzl / Getty Images
A narrated presentation is for a specific audience to which you would ideally present in
person or online in real time, but for practical reasons, you need to record for later
viewing.
While Microsoft PowerPoint is considered the default presentation tool for presentations,
you may consider using other presentation platforms or tools. Just be sure the tool
supports prerecorded narration.
Preparing for Your Presentation
As with any project, it is good to begin by creating an outline. This will help you determine
how many slides you will need to develop and how much information you will need to
present on each slide. It should also help determine a logical order in which to present
material.
Be sure to dedicate enough time to the narrated presentation to get the timing for
transitions right, and ensure that the sound is clear and the narration is at the right
volume.
Creating Slides
Course Resource
9/16/2020 Presentation Resources
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 2/7
Source: cnythzl / Getty Images
A good
recorded
presentation
shares most of
the same traits
as a good live
presentation.
Your
presentation
should not be
an academic
paper cut into
text-filled
slides. You are
giving a talk to
an audience, so
the narrative
should provide
most of your
ideas and
argumentation.
Be sure the
themes either
flow or
transition appropriately from slide to slide.
Here are some recommendations:
Keep slides uncluttered by using brief bullet points—only a few key words each.
An easy way to make your presentation look more appealing is to use one of the
designs provided within PowerPoint.
Adding images and/or clip art is another good way to add visual interest to your
presentation, but don’t overuse slide transitions or animations, as these can be
distracting.
When you are citing sources of information on a slide, use a small font size so the
citations don’t detract from the primary points.
Be sure to proofread carefully: Any errors on a slide will be particularly noticeable
because of the relatively small number of words.
When you record audio for each slide, a loudspeaker icon will appear in the middle
9/16/2020 Presentation Resources
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 3/7
Source: cnythzl / Getty Images
of the slide. You can drag this icon to a better position (often the bottom right
corner of the slide) so it doesn’t interfere with the text.
Writing the Script
The script for your presentation can be a complete word-for-word documentation of what
you intend to say as each slide is displayed, or it can be a much briefer set of notes to use
as a reminder while you are recording to ensure that you cover all the points. The latter
approach is preferable, because this makes it less likely that you will sound rushed or
overly scripted when speaking. Keep in mind that if you were making the presentation in
person, you would not want to be reading your comments; instead, you would want to
make eye contact with the audience.
9/16/2020 Presentation Resources
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 4/7
Source: cnythzl / Getty Images
Here are some additional recommendations for your script:
Try to keep the amount of narration to less than two minutes per slide. If you need
to say more than that, create another slide so the audience doesn’t get bored.
Make sure the script and what appears on the slide are closely related so the
audience can easily follow what you have to say.
Don’t simply read the material on the slide—add value by providing additional
information.
Recording the Narration
At this point, you have created and saved slides as a PowerPoint presentation, and you
9/16/2020 Presentation Resources
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 5/7
Source: cnythzl / Getty Images
have the script ready. Now it’s time to record the audio.
Here are a few general recommendations before you record:
If you are using a computer to record, use a headset/microphone combination rather
than using the computer’s built-in speakers and microphone for better audio quality.
It isn’t necessary to spend a lot on a headset/mic (typically $20 or less), and you will
be rewarded with better sound quality and less background noise.
Make sure the headset/mic is installed and working. There are simple programs on
both Macs and PCs that allow you to test whether recording is occurring and
whether the sound quality is acceptable.
Choose a quiet location to record so that background noise is minimal.
9/16/2020 Presentation Resources
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 6/7
Source: cnythzl / Getty Images
When you begin recording, speak clearly and conversationally without rushing.
Remember that it’s easy to redo the audio for a slide. If you’re not happy with the
way it sounds, you can do it again.
Once you have completed and narrated the presentation, it is a good idea to email
the file to another computer. If you are able to watch and listen to the slide show
successfully on the second computer, you will know that the audio files have been
successfully embedded in the presentation.
For Technical Support
Below are
specific
recording
instructions for
some common
tools for
presentations:
Record a Slide
Show With
Narration and
Slide Timings in
PowerPoint
(https://support.office.com/en-us/article/record-a-slide-show-with-narration-and-
slide-timings-0b9502c6-5f6c-40ae-b1e7-e47d8741161c)
Getting Started With Microsoft Sway (https://support.office.com/en-
us/article/getting-started-with-sway-2076c468-63f4-4a89-ae5f-424796714a8a)
https://support.office.com/en-us/article/record-a-slide-show-with-narration-and-slide-timings-0b9502c6-5f6c-40ae-b1e7-e47d8741161c
https://support.office.com/en-us/article/getting-started-with-sway-2076c468-63f4-4a89-ae5f-424796714a8a
9/16/2020 Presentation Resources
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 7/7
If you have technical difficulties with using PowerPoint, contact the UMGC 360 Help
Desk, available 24/7 http://support.umgc.edu Phone: 1-888-360-UMUC (8682).
© 2020 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
9/16/2020
Information Security Breaches
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-topic-list/information-security-breaches.html?ou=510377 1/2
yougyet / E+ / Getty Images
Information Security Breaches
According to HIPAA, a breach is any impermissible use or disclosure that compromises the
security or privacy of protected health information.
Covered entities (CEs) and business associates (BAs) are responsible for reporting any
breaches of unsecured personal health information (PHI).
CEs and BAs that fail to comply with the HIPAA rules can face civil and criminal penalties.
Learning Topic
9/16/2020 Information Security Breaches
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-topic-list/information-security-breaches.html?ou=510377 2/2
Resources
The following link will take you to a document that will discuss breach notification,
HIPAA enforcement, and other laws and requirements that an IT professional should
be aware of:
Breach Notification, HIPAA Enforcement, and Other Laws and Requirements
(/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/breach-notification-
-hipaa-enforcement–and-other-laws-and-requi.html?ou=510377)
© 2020 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.
https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/breach-notification–hipaa-enforcement–and-other-laws-and-requi.html?ou=510377