1) Identify 2 activities that you will design and implement. (10 points each) Points to consider: Are these activities to be completed by all employees? Or are they position/department specific?

2) Include the recommended time frame and/or frequency for each activity. Is this a new hire activity or annual refresher for each activity? (10 points each)

3) Do not design the entire activity, but do give a one sentence summary, or perhaps a representative question, scenario, etc. or other. (10 points each)

Part II: As HIPAA Privacy Officer you work closely with the HIPAA Security Officer. You have been assigned to revise an existing policy regarding access to protected health information, and to include references to the soon-to-be implemented electronic health record/information management system at Community Hospital. The specific policy concerns the CMS Requirement 482.24(b)(3) which states “…the hospital must ensure that unauthorized individuals cannot gain access to or alter patient records.” (See Chapter 9, see also the CMS Manual under Module 1 Additional Resources). Include specific information/comments/phrasing about:

1) How access to the electronic health record system is provided. (10 points)

2) Who may access the electronic health record system? (10 points)

3) Identify two (2) safeguards that are in place to prevent and/or alert Community Hospital to either an attempted and/or successful inappropriate access to protected health information. (10 points for each correctly identified safeguard)