Professional Documents
Culture Documents
HCIN544 Syllabus
HCIN544 Syllabus
Information Management
Table of Contents
Table of Contents
Lead and Section Instructor Contact Information
Course Description & Information
Technological Requirements and Troubleshooting
Course Learning Outcomes
Course Grading and Evaluation
Learner Responsibilities
Participation Requirements
Course Outline
Module 1: Cyber Threat Mitigation and Risk Management
Module 2: Privacy and Security Regulations
Module 3: Data Breach Notification
Module 4: Effective Leadership
Module 5: Change Management
Module 6: Transformational Leadership
Module 7: Reflective Practice in Health Care Leadership
Email All email correspondence will occur within the Blackboard environment. All
messages will be answered within 24 hours except on weekends when it will
be 48 hours. It is imperative that you log in to Blackboard regularly to check
Back to Top your correspondence.
Online Learning To be successful academically, online students must be able to navigate and
Requirements search the web, use email, attach and upload documents, download and save
files, and have access to and use Microsoft Word, Excel and PowerPoint. It is
also expected of all students to be familiar with multi-media and related video-
production software (QuickTime, Flash, LiveSlideShow, etc.) as well as free
downloadable communication systems such a Skype. Please refer to the new
student orientation course if you have questions on any of these items.
Required Textbooks Barr, J. & Dowding, L. (2012). Leadership in health care. (3rd ed.). Thousand
Oaks, CA: Sage Publications.
http://ole.sandiego.edu
System and A windows environment is required. For students who do not have a
Software windows based laptop, we recommend purchasing one for the program. If you
Requirements are using an OS based laptop, you must purchase software that allows you to
simulate the windows environment called VMWare Fusion
http://www.vmware.com/products/fusion.
Computer:
Windows Operating System: 32-bit and 64-bit Versions of Windows Vista,
Windows 7, 8 or 10. CPU Processor: 1.86 GHz Intel Core 2 Duo or greater.
RAM: highest recommended for the operating system or 2GB; Hard Drive:
highest recommended for the operating system or 1GB of available space;
Screen Resolution must be 1024x768 or higher.
Microsoft Office is required. If you are using Office 2003 or earlier, download
and install the Microsoft Office Compatibility pack.
Recommended Firefox is the recommended browser for use with Blackboard on both the Mac
Browser and PC. The Final Release Channel version of Firefox is listed as certified or
compatible with Blackboard. Chrome (Mac/Windows) is also a supported
browser.
Blackboard lists the most current browser compatibility information on its site,
here. (http://help.blackboard.com)
If you're having browser issues or your browser is locking up, try clearing your
browser's cache. Instructions for clearing your cache on the most common
browsers are found here. (http://www.wikihow.com/Clear-Your-Browser%27s-
Cache)
Plugins Windows Media Player (or Flip4Mac if you use a Mac), QuickTime, Flash,
Shockwave, Adobe Reader, and Java.
(619) 260-7900
help@sandiego.edu
For basic questions you can contact the Program Coordinator during regular
Back to Top business hours.
• Discuss quality leadership and practice concepts as they relate to management of projects,
programs, and organizations.
• Define organizational cyber threats and risk mitigation techniques.
• Define quality and regulatory standards as they relate to cyber security and risk mitigation.
• Discuss the principles of transformational leadership as applied to interdisciplinary teams.
• Independently apply ethical perspectives/concepts to an ethical problem accurately, while
considering the full implications of the application.
• Apply reflective practice to leading organizations and teams.
Back to Top
Discussion Board Every module includes a forum with at least 1 discussion question. An initial response to
Criteria each thread prompt should be posted as early as possible, but by Day 4 of the week
assigned at the latest. Participants are also expected to actively engage in ongoing
conversation with classmates in the discussion threads by posting at least two additional
substantive contributions to each discussion thread by the end of the module.
Criteria Achievement
Requesting ADA The University of San Diego is committed to promoting knowledge and academic
Accommodations excellence for all learners. The University of San Diego's Disability and Learning
Difference Resource Center helps students with verified disabilities obtain meaningful
academic accommodations and support to help improve access to Professional and
Continuing Education programs and courses.
If you are a student who would like to be considered for academic accommodations,
please visit the Disability and Learning Difference Resource Center and follow the
instructions under Requesting Services.
Make-Up & Late Late assignments will NOT be accepted unless there are significant extenuating
Work circumstances, and we discuss this matter in advance of the assignment deadline.
Grade of The grade of Incomplete (“I”) may be recorded to indicate (1) that the requirements of a
Incomplete course have been substantially completed but, for a legitimate reason less than 25% of
the work remains to be completed, and, (2) that the record of the student in the course
justifies the expectation that he or she will complete the work and obtain the passing
grade by the deadline. It is the student’s responsibility to explain to the instructor the
reasons for non-completion of work and to request an incomplete grade prior to the
posting of final grades. Students who receive a grade of incomplete must submit all
missing work no later than the end of the second week of the next semester,
otherwise the “I” grade will become a permanent “F.”
Extra Credit There are no opportunities for extra credit in this course.
Back to Top
Time Commitment Any course of study requires a "time" for class. This online instructional
environment requires you to arrange your schedule to allow time for you to
"attend" class on a regular basis each week. The time you select is not
important, but it is important that you log into your Blackboard course and
complete the activities and assignments on a regular basis. Each credit unit is
equals 12.5 core instruction hours therefore in this 3-unit course you will have
37.5 instructional hours plus 75 hours of other course activities. You can expect
to spend about 15 – 18 hours per week in the class.
Online forum discussions are more valuable when all members of the group
participate. Waiting until the last minute of the final due date for postings to log
into the course does not contribute to the dialog. Planning a space and time for
studying and accessing the course is paramount to your success.
Student Conduct/ Online learning brings together students from diverse locations and populations.
Netiquette This creates potential for a rich learning community and also creates a need for
thoughtful, courteous communications. Use a professional and collegial tone in
course dialogue. Refrain from using inappropriate or offensive language. Humor
can sometimes be a challenge because of the lack of cues such as facial and
body gestures and voice inflection in the online forums. Be sensitive to these
limitations and respectful to all participants.
Withdrawal from If you decide not to take a course that you registered for, you must contact the
Class Program Coordinator on or before the first day of class. If you fail to officially
withdraw, you will be assigned a grade of “F” and charged for the class. Please
refer to the Drop and Withdrawal policies found in the Student Handbook.
Course Evaluations End of Course Evaluations are collected via an on-line system that maintains
student anonymity. We use these evaluations for continuous improvement of
course content and instruction and as a component of its regular performance
review of faculty members, so please take them seriously. Course evaluations
are available to students in Module 6 of every course.
Academic Concern about academic issues should first be raised with your faculty. If
Grievance dissatisfied, you should first contact the Academic Program Coordinator.
Procedures
Back to Top
Participation Requirements
You need to check your course every day and monitor/track deadlines accordingly. Participation and
regular attendance is an integral part of your overall success in the course.
Back to Top
Course Outline
The following outline contains specific information on the learning modules, learning outcomes, and
assignments.
In this module, you will be introduced to advanced topics in health care cyber security. You will examine
principles of risk assessment, mitigation, risk management and cyber governance and identify health care
systems that are vulnerable to cyber threats.
Readings
• Read Chapters 1-5 of Implementing information security in health care: Building a security
program.
• Read the 2016 CMS Security Risk Analysis Tip Sheet.
• Read Breaking Down the Evolution of Healthcare Cybersecurity.
• Read Deloitte's Issue Brief, Networked Medical Device Cybersecurity and Patient Safety.
• Read Healthcare and Public Health Cybersecurity Primer: Cybersecurity 101.
• Read Client Alert: FDA Issues Cybersecurity Guidelines.
Presentations
• Watch How to Mitigate Threats and Manage Risk Through Human Factors.
• Watch Security Risk Assessment Video, Security 101: Contingency Planning.
Discussion Questions
1. Introduction: Please take a few moments to introduce yourself to the class and share a bit about
your professional background, interest in this course, and any special concerns or interests.
Please review your peers' posts and respond to at least two peers.
2. Cyber Threats and Breaches: Reflect on this module’s assigned resources. Then, post a two-
paragraph response to one of the prompts presented below by Day 4 of this module. In your initial
response, indicate which prompt you are responding to. Be sure to use relevant information from
the course readings to support your response, and include references and citations formatted
according to APA requirements.
• Prompt A: Threats to medical devices are the new hackers’ playground. Based on the
readings, identify two medical devices that have a potential threat risk and describe why and
how intrusions could occur.
• Prompt B: Based upon the Module 1 readings and presentations, identify two common
breaches in the health care environment and what processes should be introduced to
mitigate risk for them.
Then, respond to at least two peers who addressed the prompt you did not respond to by Day 7
of this module.
Assignment
1. Security Governance Team: Based on the assigned readings in your text, Implementing
information security in health care: Building a security program, write a minimum of one to two
paragraphs addressing the following:
Explain the purpose of a Security Governance team.
Discuss which departments and staff should be represented on this committee and
provide a rationale for including them.
2. Cyber Threats and Mitigation Strategies: Cyber security risks are growing exponentially in the
health care industry, as many health care organizations are struggling to keep pace with other
industries that use system-wide data management. A lack of staff training and awareness of basic
cyber hygiene techniques as well as a lack of expertise in managing cyber threats contribute to
the increased risk to health care organizations.
Back to Top
In this module, you will review relevant regulations that protect health care information and gain an
understanding of the privacy security audit. This module will also review regulations specific to the
protection of DNA data under the Genetic Information Nondiscrimination Act of 2008, or GINA. For this
module’s assignment, you will complete the first of three desk audits that will be part of your final course
project, which is a cyber security plan for a health care organization.
Readings
• Read Chapters 6-10 of Implementing information security in health care: Building a security
program.
• Read “The Genetic Information Nondiscrimination Act of 2008; Information for Researchers and
Health Care Professionals.”
• Read “HIPAA Basics for Providers: Privacy, Security, and Breach Notification Rules” from the
Department of Health and Human Services Centers for Medicare & Medicaid Services.
• Read Chapters 1-7 of the “Guide to Privacy and Security of Electronic Health Information” from
the Office of the National Coordinator for Health Information Technology.
Presentations
Discussion Questions
1. Genetic Data Usage: Reflect on this module’s assigned resources. Then, post a two-paragraph
response to the following prompt by Day 4 of this module. Be sure to use relevant information
Assignment
1. Definitions: In your own words, define the following terms as they apply to privacy and security
based on this module's resources.
HIPAA
Covered entity
Business associate
PHI (Protected Health Information)
Privacy rule
Breach
Minimum necessary access
Administrative safeguards
Physical safeguards
2. Administrative Safeguards Audit: Under the Meaningful Use program, the federal government
requires a level of cyber security and HIPAA compliance attestation. The Office of Civil Rights,
the entity for HIPAA compliance that assists in managing breach notification, is conducting
ongoing audits to ensure organizations meet privacy and security compliance through desk top
audits.
This week you will begin drafting the first section of your privacy and security plan, which is the
administrative safeguards audit. For this assignment, you will assume the role of a consultant,
hired to assist with conducting audits and creating a security plan for a clinic. You will perform
what is referred to as a desk audit of the clinic’s administrative safeguards focusing on the clinic’s
polices, training, recovery plans, and workforce management. A desk audit entails reviewing
documents and conducting interviews to assess a health care organization’s existing
administrative processes and safeguards; however, it does not require an actual physical audit to
observe the processes (unless the audit reveals significant discrepancies or issues). This audit is
one of three audits you will be completing over the next three modules that will comprise your
security plan. The audits for your security plan include the following:
Administrative Safeguards
Technical Safeguards
Physical Safeguards
The administrative safeguards audit focuses on policies, training, recovery plans, and workforce
management. For the purposes of this assignment, you will use a case study that includes a
transcript of an interview that you would normally conduct in order to obtain the information you
need to complete the administrative safeguards audit. You will conduct your audit using the
Security Risk Assessment (SRA) Tool, which was developed by the federal government to assist
Review the information provided in the “Case Study,” specifically the interview transcript.
Complete the “Administrative Safeguards Security Risk Assessment (SRA) Tool” based
on the information from the Case Study.
Make sure you address all areas of the Administrative Safeguards SRA Tool accurately based on
the information provided in the case study.
Back to Top
In this module, you will continue to explore advanced topics in health care cyber security, such as
regulations pertaining to HIPAA Breach notification and penalties related to those breaches. You will
review unique risks that mobile devices bring to organizations, especially BYOD (bring your own devices).
For this module’s assignment, you will continue your desk audit activity as you focus on technical
safeguards.
• Discuss the steps in carrying out a security audit for technical safeguards
• Describe the types of threats associated with mobile devices.
• Define the steps involved in the breach notification process for reporting a health care data
breach.
• Identify the steps for notifying patients that their protected health information has been breached.
Readings
• Read Chapters 11-13 of Implementing information security in health care: Building a security
program.
• Read the “American Health Information Management Association’s Template: Health Information
Privacy and Security Breach Notification Letter” to learn the prescribed content required for a
breach notification letter to patients or others whose data has been breached by your
organization.
• Read “HIPAA Basics For Providers: Privacy, Security, And Breach Notification Rules” to learn
more about the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security,
and Breach Notification Rules.
• Review the information on the Health and Human Services (HHS) website regarding Breach
Reporting. This webpage provides users with a web-based tool to report breaches. Review the
following sections: Submitting Notice of a Breach to the Secretary, Breaches Affecting 500 or
More Individuals, and Breaches Affecting Fewer Than 500 Individuals.
Presentations
• Watch “10 Steps to Performing a HIPAA Risk Assessment | Healthcare Compliance Training” by
Star Compliance Services. This presentation provides a simplified overview of the risk
assessment process.
• Watch “What If Your Business Associate Has a Breach: 2016 HIPAA Webinar 5.” In this
presentation, Jason Karn of Total HIPAA Compliance discusses how to respond to a security
breach.
• Watch “Penalties for a HIPAA Security Breach: 2016 HIPAA Webinar 4.” In this presentation, Dan
Brown of Taylor English discusses the penalty process for a security breach of a HIPAA violation.
• Watch “EHRs and HIPAA: Steps for Maintaining the Privacy and Security of Patient Information.”
*Unless you are already a Medscape member, you will have to create a free Medscape account
to view this video. There is no cost to sign up, and becoming a Medscape member will enable
you to access breaking medical news and clinical perspectives in several specialties for free.
Discussion Questions
1. Mobile Device Management: Reflect on this module’s assigned resources. Then, post a one-
paragraph response to the following prompt by Day 4 of this module. Be sure to use relevant
information from the course readings and presentations to support your response, and include
references and citations formatted according to APA requirements.
Describe the types of anticipated threats that are associated with the use of mobile
devices.
Then, respond to at least two of your classmates' posts by Day 7 of this module.
2. Penalties for PHI Breaches: Reflect on this module’s assigned resources. Then, post a one-
paragraph response to the following prompt by Day 4 of this module. Be sure to use relevant
information from the course readings and presentations to support your response, and include
references and citations formatted according to APA requirements.
Describe the civil and criminal penalties for PHI breaches to an organization or individual.
Then, respond to at least two of your classmates' posts by Day 7 of this module.
Assignment
1. Health Care Data Breach Notification Process: Based on the readings and presentations from this
module, write a two-paragraph description of the steps you would take when conducting a
federally mandated breach notification in the event of a health care data breach. Your description
must include the following:
Steps for notification involving more than 500 individuals
Steps for notification involving less than 500 individuals
The agency you are required to report to
2. Technical Safeguards Audit: This week you will conduct the second desk audit for your security
plan involving technical safeguards. You will conduct your audit using the Security Risk
Assessment (SRA) Tool, which was developed by the federal government to assist health care
organizations in meeting privacy and security regulations. As you recall from Module 2, there are
web-based tools for conducting these audits, which you will find useful in a real world scenario.
However, for this course, we will use the paper-based, document version of the tool.
The technical safeguards audit focuses on access controls, audit controls, integrity, person or
entity authentication, and transmission security. To conduct your technical safeguards desk audit,
you will need to start by reading the case study below that began in Module 2. You may need to
ask your instructor for further clarification or additional information to augment the case study.
Read the directions contained in the Technical Safeguards Audit tool below and be sure to use
Make sure you address all areas of the Technical Safeguards SRA Tool accurately based on the
information provided in the case study.
Back to Top
This module continues to build on the advanced topics in health care cyber security by introducing the
final audit on physical safeguards for your cyber security plan. In addition to cyber security content, you
will examine effective leadership and management principles. You will explore the traits and
characteristics of successful leaders. It will be critical to apply these leadership principles in your cyber
security plan to ensure the success of any operational changes you propose or implement.
Readings
• Read Chapters 14-16 of Implementing information security in health care: Building a security
program.
• Read Chapters 1-4 and 10 of Leadership in health care.
• Read “Building the Emotional Intelligence of Groups.”
• Read “Core Principles & Values of Effective Team-Based Health Care.”
Presentations
• Watch “Social Intelligence and the Biology of Leadership,” an interview by Harvard Business
Review with psychologist Daniel Goleman in which he discusses social and emotional intelligence
and how they affect organizations and leaders.
• Watch “What Traits Do Health Care Leaders Need Today?” by the Institute for Healthcare
Improvement.
• Watch “What Qualities Do Health Care Leaders Need Today?” by the Institute for Healthcare
Improvement.
1. Traits of a Successful Leader: Reflect on this module’s assigned resources. Then, post a one-
paragraph response to the following prompt by Day 4 of this module. Be sure to use relevant
information from the course readings and presentations to support your response, and include
references and citations formatted according to APA requirements.
Describe three traits of a successful leader and provide an example of each trait.
Then, respond to at least two of your classmates’ posts by Day 7 of this module.
2. Leadership Characteristics for Project Group Success: Reflect on this module’s assigned
resources. Then, post a one-paragraph response to the following prompt by Day 4 of this module.
Be sure to use relevant information from the course readings and presentations to support your
response, and include references and citations formatted according to APA requirements.
Discuss the leadership characteristics that contribute to project group success.
Then, respond to at least two of your classmates’ posts by Day 7 of this module.
Assignment
1. Group Emotional Intelligence: Based on this module's readings and presentations, write a two-
paragraph discussion of the impact of group emotional intelligence on group dynamics. Your
discussion must include:
The benefits of emotional intelligence to the group and a given project.
2. Physical Safeguards Audit: This week you will conduct the final desk audit for your cyber security
plan involving physical safeguards.
The physical safeguards audit focuses on physical access controls, workstation use, workstation
security, and device and media controls. To conduct your physical safeguards desk audit, you will
need to start by reading the case study that began in Module 2. You may need to ask your
instructor for further clarification or additional information to augment the case study. Read the
directions contained in the Physical Safeguards Audit Tool below and be sure to use the
calculated risk score matrix provided. Include a brief narrative (explanation) of how to remediate
any physical safeguard deficiencies where applicable.
Use the optional reference document, “Security Standards: Physical Safeguards from the Centers
for Medicare and Medicaid Services” as a resource to help you as you conduct your physical
safeguards audit. Make sure you address all areas of the “Physical Safeguards SRA Tool”
accurately based on the information provided in the case study.
Back to Top
This module continues to build on the advanced topics in health care cyber security by introducing your
final activity related to your cyber risk audit. You will utilize the audits you performed in prior modules to
build your privacy and security risk assessment report. In addition to cyber security content, this module
will focus on leadership principles applied to leading change. Whether change is occurring at the
organization level or at the project level, many of the principles remain the same. Managing change is
critical to the success of technology-based projects, which will be the focus of this module.
Readings
• Reread Chapter 4, "Risk Analysis" of Implementing information security in health care: Building a
security program.
• Read Chapter 13 of Leadership in health care.
• Read “Change Management Strategies for an Effective EMR Implementation.”
• Read the Harvard Business Review article, “Why Change Programs Don't Produce Change.”
• Read sections 1.1, 1.2 and 1.3 in the National Learning Consortium's “Change Management in
EHR Implementation Primer.”
Presentations
• Watch “Leading Adaptive Change in Health Care IT,” a presentation in which Dr. Paul Nagy
discusses the main challenges to adaptive change in health care IT and the adaptive leadership
skills necessary to complement technological changes in a clinical setting.
• Review “Leading Change” presentation.
Discussion Questions
1. Barriers to Enacting Change: Reflect on this module’s assigned resources. Then, post a one-
paragraph response to the following prompt by Day 4 of this module. Be sure to use relevant
information from the course readings and presentations to support your response, and include
references and citations formatted according to APA requirements.
Describe two (2) common barriers to enacting any type of change in a health care setting.
Then, respond to at least two of your classmates’ posts by Day 7 of this module.
2. Preparing Individuals or Groups for Change: Reflect on this module’s assigned resources. Then,
post a one-paragraph response to the following prompt by Day 4 of this module. Be sure to use
relevant information from the course readings and presentations to support your response, and
include references and citations formatted according to APA requirements.
Discuss the two (2) most important steps in preparing individuals or groups for change in
health care settings.
Then, respond to at least two of your classmates’ posts by Day 7 of this module.
Assignment
1. EHR Implementation Challenges: Based on this module’s readings and presentations, write a
two-paragraph discussion of the inherent challenges related to changing from a paper-based data
management system to an electronic medium (i.e. migrating to an EHR). Be sure to cite any data
or information used to support your discussion. Your discussion must include:
The leadership skills required to lead this kind of adaptive change.
2. Privacy and Security Assessment Report: This week you will conclude your cyber security
assessment by completing a privacy and security assessment report. In order to meet federal
regulations for HIPAA and Meaningful Use attestation requirements, all organizations are
required to perform a privacy and security audit. You have completed three audits in the areas of
administrative, technical and physical safeguards in previous modules. In this module, you will
Use the “Privacy and Security Assessment Report Template” to complete your privacy
and security assessment report.
Back to Top
This module continues to build on advanced topics in health care cyber security by introducing your final
activity related to your cyber risk audit, which is carrying out a risk mitigation. Your risk mitigation is the
creation of a comprehensive information security policy for a clinic. In addition to cyber security content,
you will review concepts related to transformational leadership. Transformational leadership is a
leadership approach that focuses on facilitating change in individuals and social systems. You will explore
the traits that constitute quality leadership and how transformational leaders utilize communication.
Readings
Presentations
Discussion Questions
1. Transformational Leadership: Reflect on this module’s assigned resources. Then, post a two-
paragraph response to the following prompt by Day 4 of this module. Be sure to use relevant
Assignment
1. Transformational Leadership Traits: Based on this module’s readings and presentations, write a
two-paragraph description of the five (5) qualities of transformational leadership. Be sure to
include relevant information from the course readings or presentations to support your
description.
Include a brief example of each quality. Imagine you are describing and providing examples of
these traits to team members you are leading on a project.
2. Information Security Policy: For this week’s assignment, you will draft an information security
policy based on the case study and addendum provided in this module. The information security
policy addresses the federal mandates for privacy and security related to e-PHI and HIPAA
activities in a clinic setting, which is part of carrying out a risk mitigation. You may need to ask
your instructor for further clarification or additional information to draft the policy. Read the
instructions on the second page of the Information Security Policy Template provided below.
Follow the steps below to complete this assignment.
Use the information from the original case study in Module 2 and the case study
addendum to assist you in completing the information security policy.
Use the Information Security Policy Template to draft your information security policy.
Back to Top
This module provides an overview of reflective practice, or the process of critically analyzing and
evaluating your practices and decision making in order improve them. Transformational leaders often use
this technique to review their personal processes and goals and assist them in meeting their professional
aspirations. You will apply the steps involved in developing a reflective practice as you reflect on the
cyber security and risk assessment plan you conducted in this course.
Presentations
• Watch “What is Reflective Practice” to learn what reflective practice is and how to integrate
reflection into your professional life.
• Watch “Gibb’s Reflective Model” to learn about the essential steps of Gibbs’ Reflective Model.
• Watch “Writing A Reflection” for an explanation of what reflective writing is and how to write a
reflection.
• Watch “The Purpose of Reflective Practice” to learn how reflective practice can make an impact
in the workplace.
Discussion Questions
1. Reflective Practice: Reflect on this module’s assigned resources. Then, post a two-paragraph
response to the following prompt by Day 4 of this module. Be sure to use relevant information
from the course readings and presentations to support your response, and included references
and citations formatted according to APA requirements.
Explain how you would apply reflective practice to a project.
Discuss the benefits of using reflective practice to assess your contributions to a project.
Then, respond to at least two of your classmates’ posts by Day 7 of this module.
Assignment
1. Applying Reflective Practice: The best way to learn a skill is to teach a skill to someone else.
Based on this module’s readings and presentations, write a two-paragraph discussion of how you
might coach a new employee in using reflective practice based on the Gibbs’ model. Your
discussion must include:
The steps involved in reflective practice written in your own words.
2. Final Project: Cyber Security Risk Assessment Report Reflective Practice: Reflective practice
assists you in identifying issues and experiences so that you can learn from them in order to
improve on that activity in the future. For your final assignment for this course, you will utilize
reflective practice to evaluate your activity on the Privacy and Security Audit and Assessment
Report by completing a series of reflections and an action plan. Your final project consists of four
required elements: 1) your revised Privacy and Risk Assessment Report, 2) your revised Access
Policy, 3) your completed Reflective Practice Worksheet, and 4) your reflective practice summary.
Revise the Privacy and Security Assessment Report that you completed in Module 5 to
reflect instructor feedback.
Revise the Information Security Policy that you completed in Module 6 to reflect instructor
feedback.
Use the Reflective Practice Worksheet to complete three (3) reflections using the
Reflection Template and an action plan using the Action Plan Template.
Write a two-paragraph summary of your Reflective Practice Worksheet. Discuss what you
learned from applying reflective practice to your activity on the Privacy and Security Audit
and Assessment Report, how you could improve your processes and practices, and what
you would do differently in the future.