The Course Paper is meant to show evidence of the successful student’sunderstanding of the materials covered throughout the course. Thisteam-based work challenges you to apply the objectives in a way thatdemonstrates your understanding of these legal principles, as well asyour writing abilities. The Course Paper is a team project. The submission shall be either a MicrosoftWord file or an Adobe PDF file.
**INSTRUCTIONS**
Your fictitious healthcare company must create a privacy policy document of five total pages. The document shall include an introductory section, such as an “Executive Summary,” a “Preamble,” or an “Introduction.”
Thedocument shall also include the policy statements. The policies need tofocus on governing your company and its employees. This is where thework comes in. Your team needs to give evidence in the policy section ofyour knowledge gained in this course. In the assignment attachment, Idescribe the Course Paper requirements in a little more detail by usingan acceptable format for your policy document. That attachment is not meant to be your template.Rather, it is designed merely to reflect what a successful policydocument might look like in any given workplace. You will see in thatdocument that I simply tried to explain more about what the Course Papershould include by using a format that may help you understand how toorganize your paper, and understand what features this governancedocument should include.
Fictitious Company:Bright HealthCare Inc. is New Hampshire based third party vendor company that handles the enrollments on behalf of the healthcare providers and retains the patient’s information to provide them health coverage.1. The relationship between patient and care provider is based on trust. Patients must be able to trust that their care provider will protect their private information. Patients have a fundamental right to know that their information is safe with their healthcare provider and must be able to trust their care teams and hospitals with the most sensitive information about themselves and their children.2.When that trust is violated and patients are victimized by the misuse of access to protected health information, they lose control of the most intimate details of their lives. The harm which snooping does is often hard to measure as it can extend from malicious gossip and material losses from identity theft or burglary to financial, physical, emotional, professional and social damage.3.While patients may suffer personal, professional or criminal consequences if their data is stolen, whether as a result of a data breach or fraud, their loss of faith in healthcare providers can also discourage them from seeking help or giving full details of their condition. Therefore, a healthcare provider’s reputation for privacy can impact patient confidence, patients’ lives and care outcomes.Note: Please make sure there is no plagiarism and privacy information should be for a healthcare company and include HIPAA. Please refer to the attached sample paper and please make sure the sample paper is not the exact template.
Privacy Policies of Duncan Law Office, PLLC
Executive Summary
This section of the Course Paper, which may be named whatever you like (e.g., “Executive
Summary,” “Introduction,” “Preamble,” etc.), should only be a handful of sentences; certainly no
more than a page. Here, your team will describe the nature of your business. You should explain
what your firm does, who your customers are, and briefly mention any other key stakeholders in
light of privacy concerns. This is also the place to list your team members. And, finally, in this
section, you should explain to your audience—i.e., your company’s staff—why privacy is
important in your business. Essentially, this is where you “sell” your audience on the fact that
they must abide by your company’s privacy policies.
Policy Statements
Policy 1.1 Policy Statement Section Overview
This is where you organize and list each applicable privacy policy statement. These are the rules
that govern your company’s actions, and those of your staff. You need to determine an
organization schema. Look around online to find examples of a useful style. Or, you may choose
to use your current workplace documentation as a go-by.
Policy 1.2 Policy Statements Contents
The contents of these policies should contain at least the following features:
• The policy, itself, such as “Reasonable Expectation of Privacy for Employees.”
• The laws, regulations, or standards that relate to the policy at issue.
• An example, when applicable, that helps your audience understand the policy.
• Directions on how to effect the policy. For example, if your company processes payments
by credit or debit cards, and your policy is something like “Anyone who processes
payments via payment cards must conform their actions to PCI DSS standards related to
privacy.” then you may want to insert a link to those standards. Or, perhaps, incorporate
examples as mentioned directly above.
This list is not exhaustive. Depending on the set of facts, you may need to include more.
Policy 1.3 Comprehensive Policy Statements
The Policy Statements must be a comprehensive body. Do not omit the discussion of laws that
may apply to your business. This means that you must understand what your business does, and
its privacy implications. Every company has employees, so employees’ privacy must be
addressed. While it is debatable, I have discussed that any HRIS, or a company’s personnel
records kept otherwise, has the propensity to contain medical information that we now know to
refer to as “PHI.” Thus, you should have some policy that governs handling those data vis-à-vis
privacy. Could your company be known as a “financial institution?” If so, you must discuss GLB
Act privacy policies.
The point is that in three to five pages you must tell your employees everything they need to
know about maintaining appropriate privacy while conducting your business.
Policy 2.1 Scoring the Course Paper
The Course Paper is worth 100 points. I will give up to ten points for the submission’s form and
format. That includes its organization, page count and team size, and grammar and spelling. The
form and format is important because if a policy document is disorganized, contains
typographical errors, or is hard to read otherwise, employees will not respect or even use it as the
guidance it is meant to be. Consider a numbering or another outline styled structure to identify
policy clauses.
I will give up to ten additional points for the introductory section, and whether you included all
of the required information.
I will give up to 80 points for the policy statements. Questions I will have in mind when
reviewing your policy statements include: Did the team incorporate what we’ve learned about
privacy? Can the document be read and understood by all levels of an organization? Are the
policies concise, or vague and wordy?
Policy 2.2 Writing Assistance
Writing assistance is available by emailing a copy of your file to the International Academic
Services office (yes, even if you are not an international student) at IAS@ucumberlands.edu. I
highly recommend that you give the IAS Team at least two or three business days to review your
work. Take into consideration the fact that you will likely need to respond to their efforts with
some rewriting of your own, and you can start to calculate how much in advance of April 23 you
should be planning on sending them a draft.
Policy 3.1 Cautionary Tales From Prior Submissions
Here are some of the ways that students have lost points in prior years:
• Teams and pages. Do not submit as an individual; you must be part of a team. Do not
exceed the page count. Only use Microsoft Word (.doc or .docx) or Adobe PDF format.
Each team member must individually submit a copy of the team’s work. You cannot rely
on one member’s submission. And, when two team members submit dissimilar work, it
evinces a non-functioning team.
• This is not a website privacy policy document. While one of your company’s policies,
assuming you have a website, should be that your websites must include the proper
policy statements, this is not an assignment on writing a website policy statement. If you
are submitting a “Terms of Use” or “Privacy Notice,” you are not following the
requirement that your policies must govern your business. Website Privacy Statements
are aimed at users of your website.
• Don’t skip the obvious. If you are an insurance company, and fail to draft a policy that
addresses HIPAA privacy, that’s a big omission. If children may access your website,
you better include some acknowledgement of COPPA and CIPA’s privacy laws. See,
Policy 1.3, above.
• Get going now. While having up to five people working on this can make it very easy to
accomplish, you cannot wait until the end of the course to start.
• Perfect the writing. Spelling errors, syntax and grammar issues, and other poor English
writing artifacts all take away from the credibility of your policies. When your company
does not care enough to write well, your employees will not care enough about privacy to
help you avoid risks.
• This is a policy document. In some prior examples, valuable paper “real estate” was
wasted on describing marketing plans, or a company’s history, or other immaterial data.
The introductory section is important, but it is not the crux of this learning objective.
There are other ways that students have lost points, so please consider the entire body of
instructions and requirements. These, in my opinion, came up often enough, or were easy enough
to avoid, to include for your benefit.