HCIN 544 Advanced Health Care

Information Management
Table of Contents
Table of Contents
Lead and Section Instructor Contact Information
Course Description & Information
Technological Requirements and Troubleshooting
Course Learning Outcomes
Course Grading and Evaluation
Learner Responsibilities
Participation Requirements
Course Outline
Module 1: Cyber Threat Mitigation and Risk Management
Module 2: Privacy and Security Regulations
Module 3: Data Breach Notification
Module 4: Effective Leadership
Module 5: Change Management
Module 6: Transformational Leadership
Module 7: Reflective Practice in Health Care Leadership

Lead and Section Instructor Contact

Information
Lead instructor and section instructor contact information is located in Blackboard.

Email All email correspondence will occur within the Blackboard environment. All
messages will be answered within 24 hours except on weekends when it will
be 48 hours. It is imperative that you log in to Blackboard regularly to check
Back to Top your correspondence.

Course Description & Information

Course Description This course provides a more in-depth, practical exploration of topics in health
care information management, such as: cyber security threat management,
cyber regulations, federal requirements for cyber auditing, and leadership and
professional development. Ethical issues and emerging technology topics in
Back to Top health care information will also be addressed. Students will conduct a privacy
and security risk assessment and develop mitigation strategies culminating in
a comprehensive cyber security plan for a small health care organization. In
the final module of this course, students will apply reflective practice to derive

1 University of San Diego © 2017. All Rights Reserved.

 learning and meaning from their experience developing the cyber security
plan.

Online Learning To be successful academically, online students must be able to navigate and
Requirements search the web, use email, attach and upload documents, download and save
files, and have access to and use Microsoft Word, Excel and PowerPoint. It is
also expected of all students to be familiar with multi-media and related video-
production software (QuickTime, Flash, LiveSlideShow, etc.) as well as free
downloadable communication systems such a Skype. Please refer to the new
student orientation course if you have questions on any of these items.

Required Textbooks Barr, J. & Dowding, L. (2012). Leadership in health care. (3rd ed.). Thousand
Oaks, CA: Sage Publications.

Herzig, T. (2013). Implementing information security in health care: Building a

Back to Top security program. Chicago, IL: HIMSS Publications.

Technological Requirements and

Troubleshooting
Course access and All course-related information is posted on the Blackboard e-learning platform
navigation and can be accessed through the USD student portal (MySandiego).

http://ole.sandiego.edu

System and A windows environment is required. For students who do not have a
Software windows based laptop, we recommend purchasing one for the program. If you
Requirements are using an OS based laptop, you must purchase software that allows you to
simulate the windows environment called VMWare Fusion
http://www.vmware.com/products/fusion.

High-speed internet connection strongly encouraged (DSL or better).

Computer:
Windows Operating System: 32-bit and 64-bit Versions of Windows Vista,
Windows 7, 8 or 10. CPU Processor: 1.86 GHz Intel Core 2 Duo or greater.
RAM: highest recommended for the operating system or 2GB; Hard Drive:
highest recommended for the operating system or 1GB of available space;
Screen Resolution must be 1024x768 or higher.

OS Operating System: OS X 10.6 (Snow Leopard), OS X 10.7 (Lion), OS X

10.8 (Mountain Lion), 10.9 (Mavericks), and 10.10 (Yosemite). CPU: Intel
processor, RAM: 4GB, Hard Drive: 1GB or higher available space

Microsoft Office is required. If you are using Office 2003 or earlier, download
and install the Microsoft Office Compatibility pack.

Speakers or headset – to listen to multimedia.

2 University of San Diego © 2017. All Rights Reserved.

 Webcam – for recording video.

Email – To contact your faculty.

Recommended Firefox is the recommended browser for use with Blackboard on both the Mac
Browser and PC. The Final Release Channel version of Firefox is listed as certified or
compatible with Blackboard. Chrome (Mac/Windows) is also a supported
browser.

Blackboard lists the most current browser compatibility information on its site,
here. (http://help.blackboard.com)

If you're having browser issues or your browser is locking up, try clearing your
browser's cache. Instructions for clearing your cache on the most common
browsers are found here. (http://www.wikihow.com/Clear-Your-Browser%27s-
Cache)

If components of your course are missing or broken, check to see whether

your system is running the most current version of Java.
(http://www.java.com/en/)

Windows Users: Test your version of Java here:

http://www.java.com/en/download/testjava.jsp
Mac Users: Click: Apple > Software Update

You can download the latest version of Java here (http://www.java.com/en/).

Plugins Windows Media Player (or Flip4Mac if you use a Mac), QuickTime, Flash,
Shockwave, Adobe Reader, and Java.

Technical Support ITS Help Desk

(619) 260-7900
help@sandiego.edu

For basic questions you can contact the Program Coordinator during regular
Back to Top business hours.

Course Learning Outcomes

By the end of this course you will be able to:

• Discuss quality leadership and practice concepts as they relate to management of projects,
programs, and organizations.
• Define organizational cyber threats and risk mitigation techniques.
• Define quality and regulatory standards as they relate to cyber security and risk mitigation.
• Discuss the principles of transformational leadership as applied to interdisciplinary teams.
• Independently apply ethical perspectives/concepts to an ethical problem accurately, while
considering the full implications of the application.
• Apply reflective practice to leading organizations and teams.

Back to Top

3 University of San Diego © 2017. All Rights Reserved.

Course Grading and Evaluation
Grading Criteria The following are the assignments to be used in assessing student performance. The
related grading weight is based on a 1000 point system:

Points Percentage Assignment

230 23% Discussion Forums

630 63% Assignments

140 14% Final Project

1,000 points 100% Total

Grading Letter grade 1000 point score

Breakdown A 940-1000
A- 900-939
B+ 870-899
B 830-869
B- 800-829
C+ 760-799
C 730-759
C- 690-729
D+ 660-689
D 630-659
D- 600-629
F 0-599

Discussion Board Every module includes a forum with at least 1 discussion question. An initial response to
Criteria each thread prompt should be posted as early as possible, but by Day 4 of the week
assigned at the latest. Participants are also expected to actively engage in ongoing
conversation with classmates in the discussion threads by posting at least two additional
substantive contributions to each discussion thread by the end of the module.

Criteria Achievement

Meets or Exceeds Approaching Below Expectations

Expectations Expectations

80 – 100% 70 – 79.9% 69.9% or Less

4 University of San Diego © 2017. All Rights Reserved.

 Initial Response Initial post fully Initial post somewhat Initial response does not
addresses the prompt addresses the prompt. address the prompt or may
and contributes in a Initial response may require significantly more
constructive way to the lack detail or depth. Initial response may
60% discussion. Initial explanation. Examples be inappropriate for
response demonstrates or questions raised professional context.
critical thinking skills may require further
and provides examples exploration. Non-performance
or details relevant
experience to
substantiate response.

Follow-up Responses to Responses to Response posts are

Response classmates clearly and classmates add ideas, minimal or do not elicit a
constructively build on but may not connect to robust response from peers.
the existing existing conversation or Responses may be flat or
conversation. may be inapplicable for rhetorical.
40% Responses elicit robust professional context.
replies from peers and Examples or No responses to peers.
are supported by arguments may require
examples, relevant further exploration or
experience, and further detail to appropriately
questioning. support dialogue.

Requesting ADA The University of San Diego is committed to promoting knowledge and academic
Accommodations excellence for all learners. The University of San Diego's Disability and Learning
Difference Resource Center helps students with verified disabilities obtain meaningful
academic accommodations and support to help improve access to Professional and
Continuing Education programs and courses.

If you are a student who would like to be considered for academic accommodations,
please visit the Disability and Learning Difference Resource Center and follow the
instructions under Requesting Services.

Make-Up & Late Late assignments will NOT be accepted unless there are significant extenuating
Work circumstances, and we discuss this matter in advance of the assignment deadline.

Grade of The grade of Incomplete (“I”) may be recorded to indicate (1) that the requirements of a
Incomplete course have been substantially completed but, for a legitimate reason less than 25% of
the work remains to be completed, and, (2) that the record of the student in the course
justifies the expectation that he or she will complete the work and obtain the passing
grade by the deadline. It is the student’s responsibility to explain to the instructor the
reasons for non-completion of work and to request an incomplete grade prior to the
posting of final grades. Students who receive a grade of incomplete must submit all
missing work no later than the end of the second week of the next semester,
otherwise the “I” grade will become a permanent “F.”

Extra Credit There are no opportunities for extra credit in this course.

Back to Top

5 University of San Diego © 2017. All Rights Reserved.

Learner Responsibilities
Research has shown that online students are self-starters and highly motivated. The fact that you sought
out this learning experience and are enrolled in an online class attests to that fact. You may have taken
an online class prior to this, or this could be your first experience with online education. Taking some time
to plan for your course of study can yield benefits and help ensure success.

Time Commitment Any course of study requires a "time" for class. This online instructional
environment requires you to arrange your schedule to allow time for you to
"attend" class on a regular basis each week. The time you select is not
important, but it is important that you log into your Blackboard course and
complete the activities and assignments on a regular basis. Each credit unit is
equals 12.5 core instruction hours therefore in this 3-unit course you will have
37.5 instructional hours plus 75 hours of other course activities. You can expect
to spend about 15 – 18 hours per week in the class.

Online forum discussions are more valuable when all members of the group
participate. Waiting until the last minute of the final due date for postings to log
into the course does not contribute to the dialog. Planning a space and time for
studying and accessing the course is paramount to your success.

Student Conduct/ Online learning brings together students from diverse locations and populations.
Netiquette This creates potential for a rich learning community and also creates a need for
thoughtful, courteous communications. Use a professional and collegial tone in
course dialogue. Refrain from using inappropriate or offensive language. Humor
can sometimes be a challenge because of the lack of cues such as facial and
body gestures and voice inflection in the online forums. Be sensitive to these
limitations and respectful to all participants.

Building University of San Diego online courses are designed to be community-centered

Community learning environments. This means that the courses are designed to foster
connections among the participants as you explore common learning goals and
interests. Each student is an individual, adult learner, bringing unique
characteristics and experiences to the online classroom. Online learning
experiences can be optimized when students and the instructor get to know
each other. Learn to use all the course tools and begin creating connections
right away. Building a classroom community helps ensure successful learning. It
is the responsibility of all members of class to foster social and information
interactions. Thoughtfully share a bit about yourself, your ideas, experiences and
new knowledge in the class forums to promote a collaborative, rich learning
environment.

Plagiarism & Academic Integrity

Academic Integrity Students are expected to be knowledgeable about the principles of academic
honesty and their application at the University of San Diego. The Course
Overview area of each course provides the Academic Integrity Policy. You will
be required to read the statement and pledge that you will adhere to the
standards prior to beginning the course. Academic dishonesty erodes the quality
of scholarship and learning. As a student at the University of San Diego, it is
your responsibility to report incidents of academic dishonesty to the proper
authorities.

6 University of San Diego © 2017. All Rights Reserved.

 Avoiding Plagiarism
The nature of education and scholarship is the sharing of theories and ideas.
Avoid plagiarizing by providing a citation whenever you use the words or ideas of
others. It is your responsibility to give credit to the sources of information you
consult when developing written work. For this course you are expected to use
APA for both formatting and citing references in your papers.

Withdrawal from If you decide not to take a course that you registered for, you must contact the
Class Program Coordinator on or before the first day of class. If you fail to officially
withdraw, you will be assigned a grade of “F” and charged for the class. Please
refer to the Drop and Withdrawal policies found in the Student Handbook.

Course Evaluations End of Course Evaluations are collected via an on-line system that maintains
student anonymity. We use these evaluations for continuous improvement of
course content and instruction and as a component of its regular performance
review of faculty members, so please take them seriously. Course evaluations
are available to students in Module 6 of every course.

Academic Concern about academic issues should first be raised with your faculty. If
Grievance dissatisfied, you should first contact the Academic Program Coordinator.
Procedures

Back to Top

Participation Requirements
You need to check your course every day and monitor/track deadlines accordingly. Participation and
regular attendance is an integral part of your overall success in the course.

Back to Top

Course Outline
The following outline contains specific information on the learning modules, learning outcomes, and
assignments.

Module 1: Cyber Threat Mitigation and Risk

Management
Overview

In this module, you will be introduced to advanced topics in health care cyber security. You will examine
principles of risk assessment, mitigation, risk management and cyber governance and identify health care
systems that are vulnerable to cyber threats.

Module Learning Outcomes

By the end of this Module, you will be able to:

• Describe the types of cyber threats encountered by health care organizations.

7 University of San Diego © 2017. All Rights Reserved.

 • Define the steps in threat identification.
• Discuss risk reduction strategies to protect health care systems from intrusion.
• Identify health care systems that are vulnerable to threat intrusions.

Readings

• Read Chapters 1-5 of Implementing information security in health care: Building a security
program.
• Read the 2016 CMS Security Risk Analysis Tip Sheet.
• Read Breaking Down the Evolution of Healthcare Cybersecurity.
• Read Deloitte's Issue Brief, Networked Medical Device Cybersecurity and Patient Safety.
• Read Healthcare and Public Health Cybersecurity Primer: Cybersecurity 101.
• Read Client Alert: FDA Issues Cybersecurity Guidelines.

Presentations

• Watch How to Mitigate Threats and Manage Risk Through Human Factors.
• Watch Security Risk Assessment Video, Security 101: Contingency Planning.

Discussion Questions

1. Introduction: Please take a few moments to introduce yourself to the class and share a bit about
your professional background, interest in this course, and any special concerns or interests.
Please review your peers' posts and respond to at least two peers.
2. Cyber Threats and Breaches: Reflect on this module’s assigned resources. Then, post a two-
paragraph response to one of the prompts presented below by Day 4 of this module. In your initial
response, indicate which prompt you are responding to. Be sure to use relevant information from
the course readings to support your response, and include references and citations formatted
according to APA requirements.
• Prompt A: Threats to medical devices are the new hackers’ playground. Based on the
readings, identify two medical devices that have a potential threat risk and describe why and
how intrusions could occur.
• Prompt B: Based upon the Module 1 readings and presentations, identify two common
breaches in the health care environment and what processes should be introduced to
mitigate risk for them.
Then, respond to at least two peers who addressed the prompt you did not respond to by Day 7
of this module.

Assignment

1. Security Governance Team: Based on the assigned readings in your text, Implementing
information security in health care: Building a security program, write a minimum of one to two
paragraphs addressing the following:
 Explain the purpose of a Security Governance team.
 Discuss which departments and staff should be represented on this committee and
provide a rationale for including them.
2. Cyber Threats and Mitigation Strategies: Cyber security risks are growing exponentially in the
health care industry, as many health care organizations are struggling to keep pace with other
industries that use system-wide data management. A lack of staff training and awareness of basic
cyber hygiene techniques as well as a lack of expertise in managing cyber threats contribute to
the increased risk to health care organizations.

8 University of San Diego © 2017. All Rights Reserved.

 In this module, you examined several types of cyber security threats as well as ways in which
those threats can be mitigated. For this module’s assignment, you will demonstrate your
understanding of these concepts by assuming the role of a cyber security expert hired to mitigate
cyber threats to a small, two-office physician practice. Drawing upon the information from the
readings and presentations, you will write a brief report that addresses the following:
 Identify and discuss at least three (3) potential cyber threats to the physician practice.
 Discuss an appropriate threat mitigation strategy to address each of the three (3) cyber
threats.
Your paper should be one to two pages in length and include appropriate citations and references
formatted according to APA requirements.

Back to Top

Module 2: Privacy and Security Regulations

Overview

In this module, you will review relevant regulations that protect health care information and gain an
understanding of the privacy security audit. This module will also review regulations specific to the
protection of DNA data under the Genetic Information Nondiscrimination Act of 2008, or GINA. For this
module’s assignment, you will complete the first of three desk audits that will be part of your final course
project, which is a cyber security plan for a health care organization.

Module Learning Outcomes

By the end of this Module, you will be able to:

• Analyze relevant regulations that protect health care information.

• Describe reporting requirements for breach notification.
• Discuss how the Genetic Information Nondiscrimination Act (GINA) protects patient information.
• Apply basic steps for performing a privacy and security audit.

Readings

• Read Chapters 6-10 of Implementing information security in health care: Building a security
program.
• Read “The Genetic Information Nondiscrimination Act of 2008; Information for Researchers and
Health Care Professionals.”
• Read “HIPAA Basics for Providers: Privacy, Security, and Breach Notification Rules” from the
Department of Health and Human Services Centers for Medicare & Medicaid Services.
• Read Chapters 1-7 of the “Guide to Privacy and Security of Electronic Health Information” from
the Office of the National Coordinator for Health Information Technology.

Presentations

• Watch “The HIPAA Audits Are Coming!”

• Watch “Interview with Dr. Francis Collins on Genetic Information Nondiscrimination Act of 2008.”
• Watch the “Security Risk Assessment Tool Tutorial.”
• Watch the “Security Risk Assessment Video, Security 101: Security Risk Analysis.”

Discussion Questions

1. Genetic Data Usage: Reflect on this module’s assigned resources. Then, post a two-paragraph
response to the following prompt by Day 4 of this module. Be sure to use relevant information

9 University of San Diego © 2017. All Rights Reserved.

 from the course readings and presentations to support your response, and include references
and citations formatted according to APA requirements.
Genetic data is emerging as an important clinical tool.
 Discuss two key features of the Genetic Information Nondiscrimination Act (GINA) that
protect patients.
 Describe how a breach of genetic information could potentially harm patients.
Then, respond to at least two of your classmates' posts by Day 7 of this module.
2. Breach Notification: Reflect on this module’s assigned resources. Then, post a two-paragraph
response to the following prompt by Day 4 of this module. Be sure to use relevant information
from the course readings and presentations to support your response, and include references
and citations formatted according to APA requirements.
Breach notification is now required of all covered entities.
 Define what is considered a "covered entity."
 Discuss the steps you would need to take if your organization sustained a breach
affecting more than 500 patients.
Then, respond to at least two of your classmates' posts by Day 7 of this module, suggesting steps
they may not have identified.

Assignment

1. Definitions: In your own words, define the following terms as they apply to privacy and security
based on this module's resources.
 HIPAA
 Covered entity
 Business associate
 PHI (Protected Health Information)
 Privacy rule
 Breach
 Minimum necessary access
 Administrative safeguards
 Physical safeguards
2. Administrative Safeguards Audit: Under the Meaningful Use program, the federal government
requires a level of cyber security and HIPAA compliance attestation. The Office of Civil Rights,
the entity for HIPAA compliance that assists in managing breach notification, is conducting
ongoing audits to ensure organizations meet privacy and security compliance through desk top
audits.

This week you will begin drafting the first section of your privacy and security plan, which is the
administrative safeguards audit. For this assignment, you will assume the role of a consultant,
hired to assist with conducting audits and creating a security plan for a clinic. You will perform
what is referred to as a desk audit of the clinic’s administrative safeguards focusing on the clinic’s
polices, training, recovery plans, and workforce management. A desk audit entails reviewing
documents and conducting interviews to assess a health care organization’s existing
administrative processes and safeguards; however, it does not require an actual physical audit to
observe the processes (unless the audit reveals significant discrepancies or issues). This audit is
one of three audits you will be completing over the next three modules that will comprise your
security plan. The audits for your security plan include the following:

 Administrative Safeguards
 Technical Safeguards
 Physical Safeguards

The administrative safeguards audit focuses on policies, training, recovery plans, and workforce
management. For the purposes of this assignment, you will use a case study that includes a
transcript of an interview that you would normally conduct in order to obtain the information you
need to complete the administrative safeguards audit. You will conduct your audit using the
Security Risk Assessment (SRA) Tool, which was developed by the federal government to assist

10 University of San Diego © 2017. All Rights Reserved.

 health care organizations in meeting privacy and security regulations. The audit tool you will be
using for this assignment is a paper-based template for conducting a desk audit. There is a web-
based tool; however, given the time constraints of this course, you will only use the paper-based,
document version. All of the audit templates used in this course are based on the Meaningful Use
criteria required by the federal government to ensure privacy and security as part of the
Meaningful Use attestation process. For more information about these tools, review the
HealthIT.gov website’s Security Risk Assessment page.

Follow the steps below to complete this assignment.

 Review the information provided in the “Case Study,” specifically the interview transcript.
 Complete the “Administrative Safeguards Security Risk Assessment (SRA) Tool” based
on the information from the Case Study.

Make sure you address all areas of the Administrative Safeguards SRA Tool accurately based on
the information provided in the case study.

Back to Top

Module 3: Data Breach Notification

Overview

In this module, you will continue to explore advanced topics in health care cyber security, such as
regulations pertaining to HIPAA Breach notification and penalties related to those breaches. You will
review unique risks that mobile devices bring to organizations, especially BYOD (bring your own devices).
For this module’s assignment, you will continue your desk audit activity as you focus on technical
safeguards.

Module Learning Outcomes

By the end of this Module, you will be able to:

• Discuss the steps in carrying out a security audit for technical safeguards
• Describe the types of threats associated with mobile devices.
• Define the steps involved in the breach notification process for reporting a health care data
breach.
• Identify the steps for notifying patients that their protected health information has been breached.

Readings

• Read Chapters 11-13 of Implementing information security in health care: Building a security
program.
• Read the “American Health Information Management Association’s Template: Health Information
Privacy and Security Breach Notification Letter” to learn the prescribed content required for a
breach notification letter to patients or others whose data has been breached by your
organization.
• Read “HIPAA Basics For Providers: Privacy, Security, And Breach Notification Rules” to learn
more about the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security,
and Breach Notification Rules.
• Review the information on the Health and Human Services (HHS) website regarding Breach
Reporting. This webpage provides users with a web-based tool to report breaches. Review the
following sections: Submitting Notice of a Breach to the Secretary, Breaches Affecting 500 or
More Individuals, and Breaches Affecting Fewer Than 500 Individuals.

11 University of San Diego © 2017. All Rights Reserved.

 • Read the article, “Corrective Action Plans may Accompany HIPAA Fines” to learn more about
additional punishments for breaches intended to correct underlying compliance problems.

Presentations

• Watch “10 Steps to Performing a HIPAA Risk Assessment | Healthcare Compliance Training” by
Star Compliance Services. This presentation provides a simplified overview of the risk
assessment process.
• Watch “What If Your Business Associate Has a Breach: 2016 HIPAA Webinar 5.” In this
presentation, Jason Karn of Total HIPAA Compliance discusses how to respond to a security
breach.
• Watch “Penalties for a HIPAA Security Breach: 2016 HIPAA Webinar 4.” In this presentation, Dan
Brown of Taylor English discusses the penalty process for a security breach of a HIPAA violation.
• Watch “EHRs and HIPAA: Steps for Maintaining the Privacy and Security of Patient Information.”

*Unless you are already a Medscape member, you will have to create a free Medscape account
to view this video. There is no cost to sign up, and becoming a Medscape member will enable
you to access breaking medical news and clinical perspectives in several specialties for free.

Discussion Questions

1. Mobile Device Management: Reflect on this module’s assigned resources. Then, post a one-
paragraph response to the following prompt by Day 4 of this module. Be sure to use relevant
information from the course readings and presentations to support your response, and include
references and citations formatted according to APA requirements.
 Describe the types of anticipated threats that are associated with the use of mobile
devices.
Then, respond to at least two of your classmates' posts by Day 7 of this module.
2. Penalties for PHI Breaches: Reflect on this module’s assigned resources. Then, post a one-
paragraph response to the following prompt by Day 4 of this module. Be sure to use relevant
information from the course readings and presentations to support your response, and include
references and citations formatted according to APA requirements.
 Describe the civil and criminal penalties for PHI breaches to an organization or individual.
Then, respond to at least two of your classmates' posts by Day 7 of this module.

Assignment

1. Health Care Data Breach Notification Process: Based on the readings and presentations from this
module, write a two-paragraph description of the steps you would take when conducting a
federally mandated breach notification in the event of a health care data breach. Your description
must include the following:
 Steps for notification involving more than 500 individuals
 Steps for notification involving less than 500 individuals
 The agency you are required to report to
2. Technical Safeguards Audit: This week you will conduct the second desk audit for your security
plan involving technical safeguards. You will conduct your audit using the Security Risk
Assessment (SRA) Tool, which was developed by the federal government to assist health care
organizations in meeting privacy and security regulations. As you recall from Module 2, there are
web-based tools for conducting these audits, which you will find useful in a real world scenario.
However, for this course, we will use the paper-based, document version of the tool.

The technical safeguards audit focuses on access controls, audit controls, integrity, person or
entity authentication, and transmission security. To conduct your technical safeguards desk audit,
you will need to start by reading the case study below that began in Module 2. You may need to
ask your instructor for further clarification or additional information to augment the case study.
Read the directions contained in the Technical Safeguards Audit tool below and be sure to use

12 University of San Diego © 2017. All Rights Reserved.

 the calculated risk score matrix provided. Include a brief narrative (explanation) of how to
remediate any technical safeguard deficiencies where applicable.

Follow the steps below to complete this assignment.

 Review the information provided in the Case Study .
 Complete the Technical Safeguards Security Risk Assessment (SRA) Tool based on the
information from the case study.
Use the optional document, Security Standards: Technical Safeguards from the Centers for
Medicare and Medicaid Services as a resource to help you as you conduct your technical security
audit.

Make sure you address all areas of the Technical Safeguards SRA Tool accurately based on the
information provided in the case study.

Back to Top

Module 4: Effective Leadership

Overview

This module continues to build on the advanced topics in health care cyber security by introducing the
final audit on physical safeguards for your cyber security plan. In addition to cyber security content, you
will examine effective leadership and management principles. You will explore the traits and
characteristics of successful leaders. It will be critical to apply these leadership principles in your cyber
security plan to ensure the success of any operational changes you propose or implement.

Module Learning Outcomes

By the end of this Module, you will be able to:

• Describe the traits of an effective health care leader.

• Define the leadership characteristics that contribute to project group success.
• Discuss the impact of emotional intelligence on group dynamics.
• Conduct a physical security desk audit based on a hypothetical case study.

Readings

• Read Chapters 14-16 of Implementing information security in health care: Building a security
program.
• Read Chapters 1-4 and 10 of Leadership in health care.
• Read “Building the Emotional Intelligence of Groups.”
• Read “Core Principles & Values of Effective Team-Based Health Care.”

Presentations

• Watch “Social Intelligence and the Biology of Leadership,” an interview by Harvard Business
Review with psychologist Daniel Goleman in which he discusses social and emotional intelligence
and how they affect organizations and leaders.
• Watch “What Traits Do Health Care Leaders Need Today?” by the Institute for Healthcare
Improvement.
• Watch “What Qualities Do Health Care Leaders Need Today?” by the Institute for Healthcare
Improvement.

13 University of San Diego © 2017. All Rights Reserved.

Discussion Questions

1. Traits of a Successful Leader: Reflect on this module’s assigned resources. Then, post a one-
paragraph response to the following prompt by Day 4 of this module. Be sure to use relevant
information from the course readings and presentations to support your response, and include
references and citations formatted according to APA requirements.
 Describe three traits of a successful leader and provide an example of each trait.
Then, respond to at least two of your classmates’ posts by Day 7 of this module.
2. Leadership Characteristics for Project Group Success: Reflect on this module’s assigned
resources. Then, post a one-paragraph response to the following prompt by Day 4 of this module.
Be sure to use relevant information from the course readings and presentations to support your
response, and include references and citations formatted according to APA requirements.
 Discuss the leadership characteristics that contribute to project group success.
Then, respond to at least two of your classmates’ posts by Day 7 of this module.

Assignment

1. Group Emotional Intelligence: Based on this module's readings and presentations, write a two-
paragraph discussion of the impact of group emotional intelligence on group dynamics. Your
discussion must include:
 The benefits of emotional intelligence to the group and a given project.
2. Physical Safeguards Audit: This week you will conduct the final desk audit for your cyber security
plan involving physical safeguards.

The physical safeguards audit focuses on physical access controls, workstation use, workstation
security, and device and media controls. To conduct your physical safeguards desk audit, you will
need to start by reading the case study that began in Module 2. You may need to ask your
instructor for further clarification or additional information to augment the case study. Read the
directions contained in the Physical Safeguards Audit Tool below and be sure to use the
calculated risk score matrix provided. Include a brief narrative (explanation) of how to remediate
any physical safeguard deficiencies where applicable.

Follow the steps below to complete this assignment.

 Review the information provided in the “Case Study.”

 Complete the “Physical Safeguards Security Risk Assessment (SRA) Tool” based on the
information from the case study.

Use the optional reference document, “Security Standards: Physical Safeguards from the Centers
for Medicare and Medicaid Services” as a resource to help you as you conduct your physical
safeguards audit. Make sure you address all areas of the “Physical Safeguards SRA Tool”
accurately based on the information provided in the case study.

Back to Top

Module 5: Change Management

Overview

This module continues to build on the advanced topics in health care cyber security by introducing your
final activity related to your cyber risk audit. You will utilize the audits you performed in prior modules to
build your privacy and security risk assessment report. In addition to cyber security content, this module
will focus on leadership principles applied to leading change. Whether change is occurring at the
organization level or at the project level, many of the principles remain the same. Managing change is
critical to the success of technology-based projects, which will be the focus of this module.

14 University of San Diego © 2017. All Rights Reserved.

Module Learning Outcomes

By the end of this Module, you will be able to:

• Identify the steps for preparing individuals or groups to experience change.

• Define the barriers to implementing change.
• Describe the leadership skills required in adaptive change.
• Complete a privacy and security risk assessment report.

Readings

• Reread Chapter 4, "Risk Analysis" of Implementing information security in health care: Building a
security program.
• Read Chapter 13 of Leadership in health care.
• Read “Change Management Strategies for an Effective EMR Implementation.”
• Read the Harvard Business Review article, “Why Change Programs Don't Produce Change.”
• Read sections 1.1, 1.2 and 1.3 in the National Learning Consortium's “Change Management in
EHR Implementation Primer.”

Presentations

• Watch “Leading Adaptive Change in Health Care IT,” a presentation in which Dr. Paul Nagy
discusses the main challenges to adaptive change in health care IT and the adaptive leadership
skills necessary to complement technological changes in a clinical setting.
• Review “Leading Change” presentation.

Discussion Questions

1. Barriers to Enacting Change: Reflect on this module’s assigned resources. Then, post a one-
paragraph response to the following prompt by Day 4 of this module. Be sure to use relevant
information from the course readings and presentations to support your response, and include
references and citations formatted according to APA requirements.
 Describe two (2) common barriers to enacting any type of change in a health care setting.
Then, respond to at least two of your classmates’ posts by Day 7 of this module.
2. Preparing Individuals or Groups for Change: Reflect on this module’s assigned resources. Then,
post a one-paragraph response to the following prompt by Day 4 of this module. Be sure to use
relevant information from the course readings and presentations to support your response, and
include references and citations formatted according to APA requirements.
 Discuss the two (2) most important steps in preparing individuals or groups for change in
health care settings.
Then, respond to at least two of your classmates’ posts by Day 7 of this module.

Assignment

1. EHR Implementation Challenges: Based on this module’s readings and presentations, write a
two-paragraph discussion of the inherent challenges related to changing from a paper-based data
management system to an electronic medium (i.e. migrating to an EHR). Be sure to cite any data
or information used to support your discussion. Your discussion must include:
 The leadership skills required to lead this kind of adaptive change.
2. Privacy and Security Assessment Report: This week you will conclude your cyber security
assessment by completing a privacy and security assessment report. In order to meet federal
regulations for HIPAA and Meaningful Use attestation requirements, all organizations are
required to perform a privacy and security audit. You have completed three audits in the areas of
administrative, technical and physical safeguards in previous modules. In this module, you will

15 University of San Diego © 2017. All Rights Reserved.

 compile some of the information obtained in these audits into a privacy and security assessment
report that will summarize your findings, identify strategies for mitigation, and provide an
executive summary. You may need to ask your instructor for further clarification or additional
information to complete the report. Read the instructions contained in the Privacy and Security
Assessment Report Template provided below.

Follow the steps below to complete this assignment.

 Use the “Privacy and Security Assessment Report Template” to complete your privacy
and security assessment report.

Back to Top

Module 6: Transformational Leadership

Overview

This module continues to build on advanced topics in health care cyber security by introducing your final
activity related to your cyber risk audit, which is carrying out a risk mitigation. Your risk mitigation is the
creation of a comprehensive information security policy for a clinic. In addition to cyber security content,
you will review concepts related to transformational leadership. Transformational leadership is a
leadership approach that focuses on facilitating change in individuals and social systems. You will explore
the traits that constitute quality leadership and how transformational leaders utilize communication.

Module Learning Outcomes

By the end of this Module, you will be able to:

• Define the five traits of transformational leadership.

• Describe how a transformational leader effectively utilizes communication to facilitate change.
• Conduct a mitigation as part of a risk assessment report.
• Draft an information security policy for an organization.

Readings

• Read Chapters 11-12 and review Chapter 13 of Leadership in Health Care.

• Read “Tomorrow's Top Healthcare Leaders: 5 Qualities of the Healthcare Leader of the Future.”
• Read the Harvard Business Review article, “Leadership is a Conversation: How to improve
employee engagement and alignment in today's flatter, more networked organizations.”
• Read “Implementing successful transformational leadership competency development in
healthcare.” This document is a blueprint for implementing transformational leadership
competencies in an organization.

Presentations

• Watch the presentation “What is Transformational Leadership.”

Discussion Questions

1. Transformational Leadership: Reflect on this module’s assigned resources. Then, post a two-
paragraph response to the following prompt by Day 4 of this module. Be sure to use relevant

16 University of San Diego © 2017. All Rights Reserved.

 information from the course readings and presentations to support your response, and include
references and citations formatted according to APA requirements.
 Describe how transformational leaders utilize communication.
 Share a personal experience of a project or activity that was impacted by such
communication. If you do not have personal experience with this, please share what you
believe would be the impact of this type of communication based on the course
resources.
Then, respond substantively to at least two of your classmates’ posts by Day 7 of this module.

Assignment

1. Transformational Leadership Traits: Based on this module’s readings and presentations, write a
two-paragraph description of the five (5) qualities of transformational leadership. Be sure to
include relevant information from the course readings or presentations to support your
description.

Include a brief example of each quality. Imagine you are describing and providing examples of
these traits to team members you are leading on a project.

2. Information Security Policy: For this week’s assignment, you will draft an information security
policy based on the case study and addendum provided in this module. The information security
policy addresses the federal mandates for privacy and security related to e-PHI and HIPAA
activities in a clinic setting, which is part of carrying out a risk mitigation. You may need to ask
your instructor for further clarification or additional information to draft the policy. Read the
instructions on the second page of the Information Security Policy Template provided below.
 Follow the steps below to complete this assignment.
 Use the information from the original case study in Module 2 and the case study
addendum to assist you in completing the information security policy.

Use the Information Security Policy Template to draft your information security policy.

Back to Top

Module 7: Reflective Practice in Health Care

Leadership
Overview

This module provides an overview of reflective practice, or the process of critically analyzing and
evaluating your practices and decision making in order improve them. Transformational leaders often use
this technique to review their personal processes and goals and assist them in meeting their professional
aspirations. You will apply the steps involved in developing a reflective practice as you reflect on the
cyber security and risk assessment plan you conducted in this course.

Module Learning Outcomes

By the end of this Module, you will be able to:

• Discuss the steps involved in conducting a personal reflection.

• Describe one of the models of reflection.
• Discuss the benefits of reflective practice.
• Explain how reflective practice can be applied to a project.

17 University of San Diego © 2017. All Rights Reserved.

Readings

• Read “What is Reflective Practice?”

• Read “Why You Should Make Time for Self-Reflection (Even If You Hate Doing It)” to learn how
self-reflection is crucial to a leader's ongoing growth and development.
• Read “Reflective Project Practice Individual Assignment.”

Presentations

• Watch “What is Reflective Practice” to learn what reflective practice is and how to integrate
reflection into your professional life.
• Watch “Gibb’s Reflective Model” to learn about the essential steps of Gibbs’ Reflective Model.
• Watch “Writing A Reflection” for an explanation of what reflective writing is and how to write a
reflection.
• Watch “The Purpose of Reflective Practice” to learn how reflective practice can make an impact
in the workplace.

Discussion Questions

1. Reflective Practice: Reflect on this module’s assigned resources. Then, post a two-paragraph
response to the following prompt by Day 4 of this module. Be sure to use relevant information
from the course readings and presentations to support your response, and included references
and citations formatted according to APA requirements.
 Explain how you would apply reflective practice to a project.
 Discuss the benefits of using reflective practice to assess your contributions to a project.
Then, respond to at least two of your classmates’ posts by Day 7 of this module.

Assignment

1. Applying Reflective Practice: The best way to learn a skill is to teach a skill to someone else.
Based on this module’s readings and presentations, write a two-paragraph discussion of how you
might coach a new employee in using reflective practice based on the Gibbs’ model. Your
discussion must include:
 The steps involved in reflective practice written in your own words.
2. Final Project: Cyber Security Risk Assessment Report Reflective Practice: Reflective practice
assists you in identifying issues and experiences so that you can learn from them in order to
improve on that activity in the future. For your final assignment for this course, you will utilize
reflective practice to evaluate your activity on the Privacy and Security Audit and Assessment
Report by completing a series of reflections and an action plan. Your final project consists of four
required elements: 1) your revised Privacy and Risk Assessment Report, 2) your revised Access
Policy, 3) your completed Reflective Practice Worksheet, and 4) your reflective practice summary.

Follow the steps below to complete your final project.

 Revise the Privacy and Security Assessment Report that you completed in Module 5 to
reflect instructor feedback.
 Revise the Information Security Policy that you completed in Module 6 to reflect instructor
feedback.
 Use the Reflective Practice Worksheet to complete three (3) reflections using the
Reflection Template and an action plan using the Action Plan Template.
 Write a two-paragraph summary of your Reflective Practice Worksheet. Discuss what you
learned from applying reflective practice to your activity on the Privacy and Security Audit
and Assessment Report, how you could improve your processes and practices, and what
you would do differently in the future.

18 University of San Diego © 2017. All Rights Reserved.

Back to Top

19 University of San Diego © 2017. All Rights Reserved.