This document outlines the course project requirements for students to play the role of a Privacy Officer. They must complete an assessment of an organization's privacy and security program, develop two new policies, create two reporting tools, develop communication tools to inform staff of training, and present their findings and overall evaluation in a 15-minute presentation. The project consists of milestones to be completed each week and will be graded based on documentation, policies and procedures, reporting tools, communication tools, and the presentation.

1. Course Project: TITLE
Objective
|
Project Requirements
|
Guidelines
|
Milestones
|
Grading Rubrics
|
Best Practices
Objective
Back to Top
The objective of the course project is to tie together all the
TCOs in a comprehensive manner, while giving students the
chance to take on the role of Privacy Officer.
Project Requirements
Back to Top
For your course project, you will play the role of a Privacy
Officer. You have been asked by management to develop the
content of an organization’s security and privacy training and
awareness program. You will select privacy and security topics
that need to be communicated to all workforce members, and
you will develop a plan. In addition, you will create a
presentation to introduce your proposal.
Hospital Background
Medical Center of DeVry is a leading healthcare organization
specializing in pediatric healthcare and has an expanded
network of physicians and pediatric specialists. It is the
beginning of the fiscal budgetary year, and all assessments,
improvement projects, and proposals are due within the next 30
days. As Privacy Officer, you will have to create a privacy and
security plan. This process will consist of three components: an
assessment of the organization, a training and awareness

2. program, and a communication plan.
The purpose of the assessment is to review the current condition
and the effectiveness of your privacy and security program in
order to move forward with HIPAA’s privacy and security
requirements.
Once the assessment is complete, you will use the results to
make a decision about improvement tools, and you will create a
training and awareness plan. The purpose of the training and
awareness plan is to bring awareness to the organization for a
collaborative effort in improving the privacy and security of the
facility. The plan will, preferably, focus on areas that need
special attention, such as issues related to HIPAA compliance,
including physical safeguards.
Once both the assessment and the training and awareness plan
are complete, you will then need to develop communication
tools to convey to the rest of the organization.
Assessment Findings
You completed your assessment and found that several policies
are out of date or are missing critical elements. You submitted a
plan to management, and management has approved your
proposed actions to implement two new policies, to create two
reporting tools to ensure easy compliance with the new policies,
and to train employees on the new policies and tools. Following
the directions below, create the new policies, reporting tools,
and inform staff of training. Once you have completed these
three elements, compile all the information into a fifteen minute
presentation that you will give to management discussing your
overall findings, policies, tools, and the training conducted.
Required Elements
A. Policies
Based on your review, you determined that specific polices
related to incident reporting and physical safeguards need
revising. Develop two separate policies, using the template
below, to address the following topics.
Incident Reporting
Address what types of incidents should be reported to include:

3. Inappropriate use of a computer
Release of information to patients and outside agencies or
individuals without authorization
Address the expectations for reporting to include:
Time Frame in which employees need to report
How employees will report
Outline the procedures for reporting incidents to include:
Who receives complaints
How complaints are investigated
How notification to affected individuals occurs
Physical Safeguards
Securing workstations to include:
Auto lock feature
Securing equipment, such as laptops
Record disposal to include:
Electronic media such as hard drives and CDs
Paper documents
Use the following template:
Image Description
Policy Name
Last Updated
Purpose: (what the policy is addressing)
Requirements (What are the processes to follow and who do
they apply to?)
Procedures: (What steps does the organization need to follow to
ensure the requirements are met)
Special Circumstnaces: (Is there any issue where the policy may
not apply)
Press the ESC key to close the image description and return to
lecture.
B. Reporting Tools
After completing the policies and procedures, you determine
that it will be useful to develop some new tools to reinforce
compliance of the revised policies and procedures.
Your reporting tools should consist of the following:

4. An incident reporting form that includes the following
elements:
Date of incident;
Type of complaint or incident;
Complaint details; and
Staff questioned or involved.
A checklist for security staff to use for audits and compliance
that includes the following elements:
Document disposal;
Media disposal; and
Unsecured workstations.
C. Communication Tools
Communicate the new policies and tools to employees of the
organization. This will be helpful in training employees in order
to have direction on privacy and security efforts for the year.
Your two communication tools could be in the following
format:
A flyer, brochure, intranet announcement, e-mail, handout,
poster, or other form of communication.
In addition, your communication tools need to address:
Why training is being provided;
Dates of training; and
Location of training.
D. Presentation
You now have to prepare a presentation of your findings and
overall evaluation of the privacy and security program for the
executive leaders. The presentation should be 15 minutes in
length, with approximately 15-20 slides. Your presentation
should include privacy and security plan details such as
the purpose of plan;
what your assessment revealed, that is, problems identified;
the policies created;
the reporting tools developed; and
the communication tools.
Guidelines
Back to Top

5. Projects must follow APA formatting, including 12-point font,
double spaced lines, a cover page, and a works cited.
Use at least six authoritative, outside references (anonymous
authors or web pages are not acceptable); one reference may be
the textbook. These should be listed on the last page titled
"Works Cited."
Appropriate citations are required.
All DeVry University policies are in effect, including the
plagiarism policy.
Projects are due during Week 7 of this course.
Any questions about this project may be discussed in the weekly
Q & A discussion topic.
This paper is worth 230 total points and will be graded on
documentation and formatting, policies and procedures, creation
of reporting tools, communication tools, and presentation.
Milestones
Back to Top
Complete Policies and Procedures by Week 2
Complete Creation of Reporting Tool One by Week 3
Complete Creation of Reporting Tool Two by Week 4
Complete Communication Tool One by Week 5
Complete Communication Tool Two by Week 6
Complete all remaining components, including compilation of
assignment by Week 7
Grading Rubrics
Back to Top
Category
Points
%
Description
Documentation and Formatting
10
5
Use APA formatting, including cover page, 12-point font, 1 inch
margins, and works cited.

6. Policies and Procedures
60
26
Create a policy using the standardized format provided.
Creation of Reporting Tools
60
26
Create two unique tools to enforce the policy created.
Communication Tools
40
17
Create two tools, and discuss the training being provided on the
new policy and tools.
Presentation
60
26
Provide a 15-slide presentation discussing new changes, that is,
policy, tools, and communication efforts.
Total
230
100
A quality paper will meet or exceed all of the above
requirements.
Best Practices
Back to Top
The following are the best practices in preparing for the final
project.
Cover Page -
Include who you prepared the paper for, who prepared the
paper, and the date.
Policies and Procedures -
Use the standard format provided in assignment 2 (Week 3) to
ensure that all elements are addressed.
Creation of Reporting Tools -
Use the format provided in assignment four (Week 5) to ensure

7. that the appropriate information is provided for the checklist
tool.
Communication Tools -
Creation of these tools can be done through a variety of media;
most students use Word or Publisher to create flyers, brochures,
posters, and e-mails.
Presentation -
The presentation should be created using PowerPoint; ensure
that background information is supplied as well as all three
elements, including policies and procedures, tools, and
communication tools.
Work Cited -
Use the citation format specified in the Syllabus.
Back to Top