Prepare a briefing and policy recommendations for your imagined executive team—the “C-Suite” (CEO, CIO, CFO, CMO, and CNO)—that outlines the nature of your breach, key stakeholders to be notified, impacts of the breach, recommendations for remediating the breach and ensuring the security of patient and organizational data going forward, and recommendations for preventing another breach from happening.

Imagine yourself as the health information management (HIM) director of a healthcare organization who has just been alerted to the presence of a data breach. ABC Hospital is a 250-bed acute-care hospital in the Midwest. The HIM department employs 15 people. The seven medical coders all work remotely, scattered throughout the region. Recently, there was a breach of protected health information (PHI). One of the coders logged into a neighbor’s health record. The coder discovered the neighbor recently had an inpatient stay for complications from HIV. The coder then told other neighbors. The patient found out and filed a complaint to the hospital’s legal department. The coder was terminated.

Prepare a briefing and policy recommendations for your imagined executive team—the “C-Suite” (CEO, CIO, CFO, CMO, and CNO)—that outlines the nature of your breach, key stakeholders to be notified, impacts of the breach, recommendations for remediating the breach and ensuring the security of patient and organizational data going forward, and recommendations for preventing another breach from happening.

Specifically, the following critical elements must be addressed:

I. Summary of Problem

A. Describe the nature of the data breach. How did the breach occur?

B. Determine what the breach investigation should look like upon discovery, including a risk assessment and communication plan. Be sure to justify your recommendations with research.

C. Based on your research, what are the short-term and long-term consequences that will result from this breach? Be sure to cite specific examples from your research in supporting your claims.

I. Key Stakeholders

A. Identify the key internal workforce (e.g., organizational staff, board) and external stakeholders (e.g., patients, vendors) who need to be notified about the data breach based on state and federal regulations (such as HIPAA, etc.), and justify your rationale based on your research.

B. Identify the key federal stakeholders (i.e., governmental officials) who need to be notified about the breach, and justify your rationale based on your research. In your discussion, include Medicare Conditions for Coverage, the Joint Commission and state licensing regulations, and how the breach impacts these regulations or standards.

C. Identify the key stakeholders that need to follow the policy to avoid future breaches. Be sure to justify your selection of the key stakeholders with research.

Guidelines for Submission: All citations and references should be formatted using the most current APA guidelines. References should be from at least two evidence-based sources that are relevant and current to the topic and should be written within the last three years.