HIM 422 Milestone Three Guidelines and Rubric
Your executive team, the “C-Suite” (CEO, CIO, CFO, CMO, and CNO), was impressed with your report detailing the legal, financial, and non-financial impact the
data breach had on your organization. They were also impressed with your research on federally sponsored initiatives designed to ensure that the institution is
providing high-quality healthcare, patient and staff safety, and data protection. However, in order for the executive team to make the best decision for moving
the organization forward, they need additional information. This time they want to know what ethical and/or legal risks may have contributed to the data
breach, as well as policy recommendations for how the organization can ensure that such a breach does not happen again without compromising quality
healthcare and patient and staff safety.
Specifically, the following critical elements must be addressed:
IV. Ethical and Legal Considerations:
A. Analyze any ethical and legal risks that you feel may have contributed to the data breach. Be sure to cite specific examples from your research in
supporting your claims.
B. Determine how the information compromised during the data breach will be maintained. Be sure to cite specific examples from your research in
supporting your claims.
V. Policy Recommendations
A. Considering the nature of the data breach, provide technology-based recommendations for ensuring data confidentiality and preventing future
breaches of this sort. Consider the potential patient rights issues when making your recommendations. Be sure to justify your recommendations
with research.
B. Provide recommendations for solving organizational challenges that may have contributed to this breach. What policy elements should be
implemented to prevent this from happening in the future? Do staff need additional training surrounding data security? Why should the HIPAA
Security Rule around administrative, technical, and physical safeguards be included in the policy? Be sure to support your recommendations
with specific research.
C. Provide recommendations based on the currently available federally sponsored initiatives that your organization should subscribe to in order to
improve quality and safety within its structure, as well as reducing gaps in securing patient information. Be sure to support your
recommendations with specific research.

Guidelines for Submission: This paper should be 3 to 4 pages in length (not including the cover page or reference page). At least two scholarly resources must be
referenced. Use APA format for the reference list and all internal citations.
Rubric
Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value
Ethical and Legal
Considerations:
Ethical and Legal
Risks
Meets “Proficient” criteria and
demonstrates nuanced insight
into the ethical and legal
implications associated with
healthcare data breaches
Analyzes ethical and legal risks
that may have contributed to
data breach, citing specific
examples from research to
support claims
Analyzes ethical and legal risks
that may have contributed to
data breach but with gaps in
detail, examples cited are not
specific or do not support claims
Does not analyze ethical and
legal risks that may have
contributed to data breach
18
Ethical and Legal
Considerations:
Maintain
Meets “Proficient” criteria and
demonstrates keen insight into
the importance of maintaining
compromised information
Determines how the information
compromised during the data
breach will be maintained, citing
specific examples from research
to support claims
Determines how the information
compromised during the data
breach will be maintained, but
with gaps in detail, or examples
cited are not specific or do not
support claims
Does not determine how
information compromised during
data breach will be maintained
18
Policy
Recommendations:
Technology-Based
Meets “Proficient” criteria and
provides suggestions for optimal
performance
Provides appropriate technology based recommendations for
ensuring data confidentiality and
preventing future breaches and
justifies recommendations with
research
Provides technology-based
recommendations that are not
appropriate considering the
nature of the breach for ensuring
data confidentiality and
preventing future breaches or
provided research does not
justify recommendations
Does not provide technology based recommendations for
ensuring data confidentiality and
preventing future breaches
18
Policy
Recommendations:
Organizational
Challenges
Meets “Proficient” criteria and
provides suggestions for optimal
performance and prevention
moving forward
Provides appropriate
recommendations for solving
organizational challenges that
may have contributed to the
breach and supports
recommendations with specific
research
Provides recommendations that
are not appropriate for solving
organizational challenges that
may have contributed to the
breach, or provided research is
not specific or does not support
recommendations
Does not provide
recommendations for solving
organizational challenges that
may have contributed to the
breach
18
Policy
Recommendations:
Reducing Gaps
Meets “Proficient” criteria and
provides suggestions for optimal
performance
Provides recommendations
based on currently available
federally sponsored initiatives for
improving quality and safety and
reducing gaps in securing patient
information and supports
recommendations with specific
research
Provides recommendations but
with gaps in detail,
recommendations are not based
on currently available federally
sponsored initiatives, or provided
research is not specific or does
not support recommendations
Does not provide
recommendations for improving
quality and safety and reducing
gaps in securing patient
information
18

Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value
Scholarly Research Meets “Proficient” criteria by
including three or more scholarly
research articles that give in depth details supporting
identified issue
Includes two scholarly research
articles that give in-depth details
supporting identified issue
Includes some scholarly research
but does not give in-depth
support to identified issue
Does not include scholarly
research
5
Articulation of
Response
Submission is free of errors
related to citations, grammar,
spelling, and syntax and is
presented in a professional and
easy-to-read format
Submission has no major errors
related to citations, grammar,
spelling, or syntax
Submission has major errors
related to citations, grammar,
spelling, or syntax that negatively
impact readability and
articulation of main ideas
Submission has critical errors
related to citations, grammar,
spelling, or syntax that prevent
understanding of ideas
5
Total 100%

Published by
Medical
View all posts