Running head: MIS: DEVELOPING IT COMPLIANCE PROGRAM
MIS: DEVELOPING IT COMPLIANCE PROGRAM
BA 602 MANAGEMENT OF INFORMATION SYSTEMS
Group Assignment 1: DEVELOPING IT COMPLIANCE PROGRAM
Aasheesh Deshmukh, Heena Goyal, Hima Gangasani, Lakshay Dilawri, Lavanya Duggineni, Madhuri Chunduri, Murahari Godwade, Rahulkumar Gohil, Sai Kumar Chitikela, Subhashree Dasgupta
Assess how IT governance will improve the IT division’s effectiveness to attain regulatory compliance
Information governance can be used to strengthen the IT department in complying with HIPAA through the formulation of more robust governance frameworks that can help appoint the multidisciplinary team, which can represent both the clinical enterprise and stakeholder’s interest.
The team has the role of examining the available frameworks in existence to determine the best and those to replace them with more robust practices. The team evaluates the standards besides best practices for designing and capturing data, integrity, and quality of information exchanged (Patten, Profitt, & Lucci, 2014). Through the team, data to be shared, authorized people to access it for which reasons and how they can share it should be determined. Extra functionality must be accountable for during an emergency to enable providers quick access to data besides the procedural impact requirements for addressing the scenario (Patten, Profitt, & Lucci, 2014). Role-based access must be the same throughout the concerned organization to ensure that partners attain the HIPAA minimum requirements.
Develop a broad vision, an architecture, and a detailed plan of action that follows a life cycle concept
IT Compliance program key rules and regulations – HIPAA (Subhashree Dasgupta, Id: 605331)
It is important to consider multiple keys and regulations that a company should comply with while building a strong IT Compliance program. One such key and regulation is The Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA regulation ensures security and privacy of electronic health records (EHRs) by taking preventative measures against fraud and abuse of health data. In order to come up with an efficient compliance program that adheres to the HIPAA policies, a company needs to take one step at a time and first start with building the right mindset for it. The upper management will need to instill the HIPAA culture within the organization across all levels and no matter how hard it might to embrace, it should be talked across on a positive note (Herold, Beaver, 2003). A true leader building this architecture needs to first continuously educate themselves about HIPAA and then share that knowledge with all members of the organization through ongoing seminars led by HIPAA professionals. Hence, a strong leadership team for an organization that has to comply with HIPAA policies strives to set the right plan to closely monitor ongoing changes and improve as necessary. The next important factor to consider is the cost of building the HIPAA vision for an organization which can depend on multiple aspects like size of the organization, geographic locations and headcount in the organization. Costs will include steady privacy gap analysis to understand the need of reinstating compliance, building and distributing privacy practice across all levels of the organization, hiring privacy officers and personnel answerable to any questions about HIPAA regulations, documenting all important plans and measures, managing and upgrading business continuity plans and technical costs. Lastly, it is very important to understand the importance of security and information privacy of the customer data, an organization needs to value security and privacy over business profitability. Health data if breached, not only puts the life of clients/customers into jeopardy but also highlights how weak the overall compliance program of the organization was, eventually putting them out of business and filing for bankruptcy.(Herold, Beaver, 2003) states several measures like access control and information integrity, security and privacy liability, regulation and policies, business agreements, training and mentoring in spreading awareness and backup plans to keep the health data confidential.
Key business processes and IT compliance factors of aggregate vision of IT compliance
The development of an aggregate vision of HIPAA compliance in an effective manner is a crucial task that involves research. The factors which comply with the implementation of the HIPAA compliance in the healthcare organization must be able to provide security to the organization. For effective IT compliance in the healthcare organization, research on the business value of the organization, their return of investments, organizational benefits and value of the business, a benefit which organization is providing to the people and society, and much more is required. Implementation of effective IT governance in the organization can improve productivity and promote the privacy of patients and employees in the organizational workplace.
For the effectiveness of the healthcare organization, some elements are considered to implement. These are:
• An integrated approach with a mission to come together and implement HIPAA in the healthcare organization (Gupta et al., 2019).
• Risk identification inside and outside the organization.
• Training of employees regarding policies and procedures of HIPAA.
• Internal monitoring and auditing of privacy implementation for safeguarding information.
• Development of an effective communication system in the organization enforced under disciplinary standards.
Once the organization has researched the above-mentioned elements in its facility, it becomes clear for the organization to implement an effective IT governance plan for monitoring and auditing the implementation of HIPAA compliance within the workplace. Organization officials must be serious in their job of implementation and must adhere to rules and regulations by hiring a senior business analyst for the process and financial undertakings. The business analyst has to comply with the following duties in the organization for the complete effectiveness of HIPAA compliance in the workplace (Walkup, 2018).
• They must ensure that manpower of the organization agrees with the implementation of HIPAA compliance and adhere to its rules and regulations. Once ensured, employees have to sign a document for the promotion of its implementation. Business analyst has to ensure that the employees are in an agreeable state with the compliance (Gupta et al., 2019).
• Business analyst must ensure that the licenses and insurances are covered while implementing HIPAA compliance.
• Monitoring of technical, physical, and privacy safeguards for HIPAA compliance is a task of responsibility therefore it must be given to the neutral person, inside, and outside the organization. The business analyst must make sure that the person is independent of all factors of personal indulgence.
• Regulatory compliance authorities and healthcare organization authorities must come together to set the monitoring activities of the compliance (Edemekong, Annamaraju, and Haydel, 2020).
• Training employees for making them aware of the policies and the rules of compliance is to be ensured.
• Threat training must be incorporated into the healthcare organization to see if laws and IT governance is implemented correctly in the organization.
Therefore, IT compliance effectiveness is dependent on many factors which are from inside and outside the healthcare organizations. Hence, considering these factors, it is important to adhere to the patient’s privacy and data in the healthcare organization under HIPAA compliance. Stakeholders must come together to understand the long-term implications of compliance and make it a part of their daily activities and duties. Every individual’s privacy of information is respected with the compliance in place at healthcare organizations (Carlson & Mandel, 2017).
|GROUP MEMBER NAME||WORK ACTIVITY|
|Sai Kumar Chitikela|
Patten, M., Profitt, K., & Lucci, S. (2014). Information Governance Initiatives Essential for Strategic Alliances. Journal of AHIMA, 85(4), 48-49.
Herold, R., & Beaver, K. (2003). The practical guide to HIPAA privacy and security compliance. CRC Press.
Gupta, V., Demirer, M., Bigelow, M., Little, K. J., Candemir, S., Prevedello, L. M., … & Erdal, B. S. (2019). Performance of a Deep Neural Network Algorithm Based on a Small Medical Image Dataset: Incremental Impact of 3D-to-2D Reformation Combined with Novel Data Augmentation, Photometric Conversion, or Transfer Learning. Journal of Digital Imaging, 1-8.
Walkup, K. L. (2018). Connect with your patients, not the screen: usability claims in electronic health records. Communication Design Quarterly Review, 6(2), 31-40.
Edemekong, P., Annamaraju, P., & Haydel, M. (2020). Health insurance portability and accountability act (HIPAA). StatPearls.
Carlson, S. F., & Mandel, J. R. (2017). Commentary on “Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance”. Journal of Hand Surgery, 42(6), 417-419.