Exercise 7: Privacy or Security Complaint to the Office of Civil Rights (OCR)
Learning Objectives and Outcomes
You will describe the process of submitting a privacy or security complaint to the OCR.
Assignment Requirements
Imagine that you are a sophomore at Premier College, living in Room 203, Graham Dormitory complex, 1212, University Road, Metropolis, West Virginia. The college requires you to maintain current medical and vaccination records as proof of your physical health. Over the past few months, you have not been well due to increased amounts of academic pressure. Also, your parents recently separated, and you found yourself unable to concentrate in class or sleep well at night. You went to the student medical center and requested some medicines to help you sleep. After consulting with the staff doctor, you were issued a prescription for the treatment of depression.
On your second day of the class, your professor tells you that he too comes from a divided family and had to take medicine to help him cope with the situation. You ask him how he knew about your situation, and he replied that all student medical records were available to every instructor and staff member at Premier College, regardless of whether they are one of your instructors or not. Hearing this, you are highly dejected and feel that your privacy rights have been violated.
You somehow wind up all your discussions with the instructor and rush towards your room. You have a sleepless night and you decide that the first thing you will do in the morning is to fight for your privacy. After researching for half a day, you learn that filing a privacy or security complaint to the OCR had been a tedious process before July 2009. You arrange for a meeting with a professional named Alex, who files such complaints.
The next morning, you visit Alex and before anything else, you ask him to explain the new regulation for filing a privacy or security complaint. Alex narrates that on July 27, 2009, the Secretary of Health and Human Services (HHS) delegated to the Director of OCR the authority to administer and enforce the HIPAA Security Rule. He explains that this action improved HHS’ ability to protect individuals’ health information by combining the authority for administration and enforcement of federal standards for health information privacy and security. Those standards are outlined in the HIPAA legislation. Alex also emphasized the fact that with the new regulation, the process of filing a privacy or security complaint has become simpler and more effective.
After hearing all this, you say goodbye to Alex and decide to file the complaint by yourself. A major reason for this is your limited financial means. You start filling out the form and realize that certain sections need clarity. Ignoring all these facts, you decide to continue filling out the form. As you fill out the form, you start getting interested in the whole process of filing a complaint. To ensure that what you are doing is right, you decide to find someone to validate your work. After pondering for a while, you think of your Uncle Samuel, who is working as a legal advisor with a well-known law firm. You write to Uncle Samuel describing all that has happened and you send him the complaint form. You share with your uncle that you would be interested in understanding the entire process.
Uncle Samuel assigns you the following tasks before he helps you understand the process:
1. Identify the early iterations of the HIPAA act and how the law has been modified to facilitate easier access to consumer complaints and enforcement.
2. Identify specific sections of the form that need critical attention while filing the complaint
3. Analyze the situations that one gets into if the critical sections are not well identified.
4. Draft a brief summary, collating all your findings for your uncle’s review.
Deliverables and format:
Submit your answer in a Microsoft Word document in not more than 300 words.
Font: Arial 10 point size
Exercise 8: Section 404
Learning Objectives and Outcomes
This assignment will enable you to assess the compliance requirements of Section 404 and prepare a checklist to ensure Section 404 compliance.
Assignment Requirements
This assignment builds upon the role-play conducted in the roles section of this lesson. In this assignment, you play the role of an internal auditor. You’ve been given the task of creating a specific checklist to insure compliance with Section 404.
You need to review the requirements of Section 404 and create a list identifying compliance requirements. The checklist should include information about reporting requirements, audits, IT security, and any other topics relevant to Section 404 compliance. The checklist should include information on internal controls over financial reporting (ICFR) controls as well as any known difficulties in complying with Section 404.
Submit your answer in a Microsoft Word document in not more than 500 words.
Font: Arial 10 point size
Line Spacing: Double