RUNNING HEAD: WEEK SEVEN- CYBER SECURITY RISK ASSESSMENT 1

HCIN 544 Week Seven Assignment- Part 1 of 2

Cyber Security Risk Assessment Report and Reflective Practice

Submitted to:

Professor Gifford

Prepared by:

Steven Zhang

HCIN 544 Advanced Health Care Information Management

April 20, 2020

HCIN 544 ADVANCE HEALTH CARE INFORMATION MANAGEMENT
2

Reflective Practice Worksheet

Summary: This worksheet is intended to help you reflect on the work you carried out on all
aspects of the privacy and security assessment plan, audits and access policy throughout the
course. You will identify three specific aspects of your activity that could be improved upon using
the Reflection Template tables, and then you will indicate a corresponding goal for each using the
Action Plan Template table.

Overview: Reflective practice is the process of studying one’s experiences in order to improve
how one works. Upon reflecting on one’s experiences, action plans are developed and
implemented to improve the thoughts, perceptions, and actions related to one’s processes.

Reflective practice can be beneficial in:

 Increasing an individual’s ability to be self-aware in given situations, tasks, and
activities.
 Improving the quality of one’s work.
 Assisting individuals in carrying out self-improvement and self-awareness techniques in
order to improve interpersonal interactions.
 Improve work activities requiring individuals to collaborate to accomplish a unified goal.

There are several models for carrying out reflective practice, such as: Gibbs’ reflective cycle,
Johns’ model, and Atkins and Murphy. Johns’ model was developed for nursing practitioners and
is based on five core questions that enable you to break down your experience and reflect on the
process and outcomes. This worksheet uses a modified version of Johns’ model that is more
suited to health care informatics.

Reflection Template
Use the tables provided below to complete three reflections on specific aspects of your activity
during the privacy and security assessment plan, audits and access policy that can be improved
upon. An example reflection has been provided below. Use the blank reflection tables to complete
your reflections.

Below are instructions on how to fill out each section.

1. Description – Write a brief statement that addresses the following:
 Write a description of the specific aspect of your activity that can be improved upon.
 What key issues do you need to pay attention to in relation to this aspect?

2. Reflection – Write a brief statement that addresses the following:

 What were you trying to achieve?
 Why did I act as you did?
 What are the consequences of your actions for the project success or outcome, for
yourself, or for the people you work with?
 How did you feel about this experience when it was happening?

3. Influencing Factors – Write a brief statement that addresses the following:

 What internal factors influenced your decision making and actions?
 What external factors influenced your decision making and actions?

2
HCIN 544 ADVANCE HEALTH CARE INFORMATION MANAGEMENT
3

 What sources of knowledge influenced or should have influenced your decision making
and actions?
 Could you have dealt with the situation better?
 What other choices did you have and what would be the consequences of these other
choices?
 What people, devices, or situations impacted your decision making?

4. Learning Point – Write a brief statement that addresses the following:

 How can you make sense of this experience in light of past experience and future
practice?
 How do you feel about this experience now?
 Have you taken effective action to support others and yourself as a result of this
experience?
 How has this experience changed the way you act or how you perceive or think about
the event?
 How would you change systems, devices or strategies the next time you encounter the
situation?

5. Miscellaneous – This area is for additional information you would like to add that does not
relate to the other sections of the table.

EXAMPLE REFLECTION
Description Reflection Influencing Learning Point Miscellaneous
Factors
Lack of I was trying to Instructor feedback In performing a desk The regulatory
understanding of understand the on access policy audit for HIPAA environment is
HIPAA led me to case study in terms demonstrated my compliance, I gained continually evolving
have difficulty in of small practice lack of knowledge of an understanding of and requires flexibility
successfully requirements basic HIPAA the regulatory and prudence in
completing the desk compliance requirements for reviewing policy and
audits I didn’t understand small practices regulatory changes
the extent and
complexity of
HIPAA regulations

Reflection 1

Description Reflection Influencing Learning Point Miscellaneous

Factors
Lack of experience in My original Upon reviewing the After completing Proper allocation of
term regarding the understanding of the administrative audit the first of three time is required to
administrative audit administrative audit paperwork provided audits of Waverly ensure a through
resulted improper did not match the by the instructor, I Clinic, I gained a job can be done. A
allocation of time. actual audit guide. realized I did not better number of potential
have the knowledge understanding of errors staff can
I did not understand to understand what a what is expected make can be
the level of detail the proper administrative from an audit. The attributed by the
administrative audit is audit looks like. level of detail lack of
requesting. required even from administrative
a small clinic is practices and
high. foresight.
3
HCIN 544 ADVANCE HEALTH CARE INFORMATION MANAGEMENT
4

Reflection 2
Description Reflection Influencing Learning Point Miscellaneous
Factors
Prior experience with I was trying to use my Outside research on Carefully rereading Although it is good
computer and own prior experience proper security the interview to have prior
networking in computers and protocols, networking multiple times experience, it is
technology can both network and apply it data and the level of allowed me to important to not
help and detract from into the technical security needed for a reshape my prior assume that
the accuracy of the audit. However, there healthcare understanding of everything works to
technical audit. are some organization is technology from a same- especially if
assumptions that I different from a business the technology is
have made that traditional private perspective into used in a different
proved to be wrong in sector business. healthcare. industry.
a healthcare setting.

Reflection 3
Description Reflection Influencing Learning Point Miscellaneous
Factors
Heavy reliance on On the physical audit, Careful rereading the With the advent of In an organization,
experience I had a hard time interview addendum, EHR, more and it is important to
prevented from me thinking of other ways critically thinking more information is have backup plans
addressing in which the clinic can about solutions and stored digitally, in case of an
alternative solutions fix a problem. My not immediately reducing the emergency. It may
to problems. experience was so jumping into a amount of physical appear redundant,
entrenched it was solution. paperwork needed but emergency
difficult to allow myself to be kept in a preparedness could
mentally to think of physical location. make or break any
alternative solutions. organization.

Action Plan Template

4
HCIN 544 ADVANCE HEALTH CARE INFORMATION MANAGEMENT
5

Now that you have identified three aspects of your privacy and security activity that can be
improved upon, you need to create an action plan by establishing goals and actions to achieve
them. Your action plan must include a reflection goal for each of the three reflections you
completed in the Reflection Template. An example action plan has been provided below. Use the
table on the last page of this worksheet to complete your action plan.

Below are instructions on how to fill out each section.

1. Reflection Goal – In this section, you will write a goal for each reflection for a total of three
goals. Keep the goal statement brief and simple (i.e. no more than two sentences). Goals
should be actionable and measurable.
2. Actions I will implement – This section describes what actions you would take to address
each issue identified in your reflections.
3. Possible Obstacles – This section describes potential barriers or obstacles to
implementing the actions you identified for achieving your goals.
4. How I will know I’ve achieved my goal – In this section, you will indicate the tangible
evidence, acquired skills, knowledge or behaviours required to achieve your reflection
goals.
5. Target to meet goal/Review date – In this section, you will indicate a target date for
completing your goals. Then, indicate a follow up review date when you will check in to
ensure the goals are continually being met.

EXAMPLE ACTION PLAN

Reflection Goal Actions I will Possible How I will know Target to meet
implement Obstacles I’ve achieved goal/ Review
my goal date
Expand knowledge of Complete a Allotting time to I will have an Establish 1 year
HIPAA regulations government webinar review HIPAA increased level of as the target goal
and compliance as on HIPAA updates updates and comfort and and a review date
they relate to small and regulations, regulations confidence in every 6 months
practice settings review monthly applying HIPAA
government bulletins Financing regulations to small
related to regulatory certification in privacy practice settings
changes, consider and security from I will be able to
obtaining certification AHIMA successfully obtain
in privacy and certification from
security from AHIMA AHIMA
(www.ahima.org)

5
HCIN 544 ADVANCE HEALTH CARE INFORMATION MANAGEMENT
Reflection Goal
Expand my understanding of
the audit process and the
differences they have
between small, medium, and
large practice settings.
Expand my knowledge of
how information technology
is used in a healthcare
setting to avoid confusion of
pervious non healthcare IT
experience
Mental exercise to help break
the overreliance on past
experiences and be open to
creative ideas.
Actions I will
implement
Reach out to the government
entity that creates these
audits and review the
information in detail. Enrol in
classes and certifications if
available
Take healthcare specific IT
training courses to
understand the differences
between healthcare IT vs
traditional IT work.
Attend seminars, clinics, and
read books to learn
brainstorming techniques
and boost creativity.
Action Plan
Possible Obstacles
Time availability and
Financial constraint. Classes
and certifications may be too
expensive to pay as an
individual.
Time availability and
Financial constraint. Classes
and certifications may be too
expensive to pay as an
individual.
Availability of classes,
opportunities to practice new
learned techniques and
models, financial obligation
of these classes.
6
How I will know I’ve Target to meet
achieved my goal goal/Review date
Increased understanding of One year or before the next
the audit process for all three audit assessment
areas. Expertise on the
various levels of audit
requirement for small,
medium, and large health
care organizations. Official
training and certifications if
available.
Before the next
Subject expert on IT systems organizational audit of
for small healthcare Waverly Clinic which is a
organizations. I understand year from now.
the differences between IT
infrastructure in a healthcare
setting compared to a
traditional non healthcare
organization.
Have a working knowledge of 6 months after the start of the
processes and models in first seminar/clinic.
which I can promote
creativity in myself and my
team.
6
HCIN 544 ADVANCE HEALTH CARE INFORMATION MANAGEMENT 7

Reflection response on separate word document.