Disclaimer: This essay has been written by a student and not our expert nursing writers. View professional sample essays here.

Any opinions, findings, conclusions, or recommendations expressed in this essay are those of the author and do not necessarily reflect the views of NursingAnswers.net. This essay should not be treated as an authoritative source of information when forming medical opinions as information may be inaccurate or out-of-date.

Risk Management in Health Services Industry

2088 words (8 pages) Nursing Essay

8th Oct 2020 Nursing Essay Reference this


Professionals in the risk management should not just take it lightly the complexities that are related to providing services in the healthcare industry. While the regulations and the requirement of the third party, accreditation standards might have an impact on the complexity the development of formalized policies might have a huge impact to the firm. The most important aspect that the policies might have an impact on include promoting workplace safety, regulatory compliance, high quality patience care, and delivery of care. Besides, having policies that are up-to-date polices procedures might help to reduce the risk in the organization and result to poor delivery of healthcare services.

Get Help With Your Nursing Essay

If you need assistance with writing your nursing essay, our professional nursing essay writing service is here to help!

Find out more

 The firm offer

Cardinal health is one of the largest distributors of pharmaceutical medical supplies and surgical supplies. The company does supplies in chain drug stores, alternate care centers, hospital, drug stores, supermarkets and mass merchandiser pharmacies. The firm also plays an important role in the pharmaceutical industry; many supply chain participants focus on it services for streamlining product distribution and procurement. The focus of the firm is to provide cheaper generic products to its suppliers and has now partnered with other firms such as the CVS to supply it products. The joint effort has enhanced quality services and collaboration between the customers and the business.  

For the firm, the aspect of privacy focuses on for distinct aspects, dimensions, physical privacy, and proprietary privacy, informational and decisional privacy. Since the firm deal with the distribution of healthcare pharmaceutical products, one of the major clients is the hospitals. Besides the major stakeholders are the patients and the hospitals, including the government. The government is a major stakeholder since it regulates the product that the firm should make and that they should meet the quality standards. The hospitals have a major role since they are the major clients in the distribution of the products.  

The privacy policy contains the policies procedures, proceedings and practices that should be followed by the employees and any of the present and even the future subsidiaries. The focus of the policy would be on the collection, use and disclosure of personal information of an individual that is currently working or might work with the company.

The company is aware of the confidential nature of person information in its care and is responsible for the compliance of itself and its management, directors, officer, represent and the genders include independent contractors. In all these situations, the firm endeavors, that the data of the individual I always protected.

In regard to privacy policy the term personal information encompasses any information or a collection of information in any forms, whether physical electronic or in written form that pertains an individual excluding information that is in the public domain.

The company seeks to implement policies and procedures that make sure that the information about an individual are kept private.

Policy Statements

The company and the staff will at all times respect the confidentiality of personal information that is placed under its care. The company will at all times strive to ensure that the policies that affect the collection, disclosure and storage of personal information reflect the condimental nature of the information.

The healthcare facility will also comply with the privacy legislation and regulations that are provides for by the HIPAA.

HIPAA medical privacy


The new federal privacy regulation of the health insurance portability and accountability act of 1996 HIPAA have passed laws that require healthcare plans to comply with rules that regulate the sharing and disclosure of Protected Health information (PHI). The regulations also provides individual with rights that include the access of their information and even amend the information in the PHI.

The regulations gives room for the sponsors to provide PHI to the treating healthcare providers and the plans contract claim, players and other business associate that may be important for health care operation purposes.

As the HIPAA requires () is required to comply with the privacy requirement that include amending Plan document with privacy language, creating and distributing the HIPAA privacy policy. The requirement further states that the designate privacy officer training of employee who is responsible with handling receiving and ensuring that the PHI procedures are followed.  

The HIPA regulations present the following requirements

The information that the company has would often contain the past resent and even future medical condition of the individual.

The company has the role to complying with requirements of the HIPAA. Therefore all the members of the firm that access the information are required to comply with the policies. The company workforces would thus include the volunteers, employees, trainees and other persons whose work has a direct contact with the institution. Therefore, employees of the firm would include any individual that works for the institution.

Besides, the policy does not include any third party rights. The institution has the right and responsibility to make amendment to these regulations at any given point. In case of making the amendment they would have to be written and signed on behalf of the institution. The document would state reason for making the amendment to the policy. The policy thus provides regulation and obligation that go beyond and above the HIPAA. It is important to mention that policy does not reflect on the federal and the state laws.

Purpose of collecting personal information

The personal information would be collected and used for reasons that are related to the employment of the individuals to the firm. This would include aspect of hiring, administration, performance reviews and processing of employees claims. However, the use is not only limited to these issues since the information might be used for other purposes that are within the HIPAA (Mathews, 2016).

In the process of collecting this information that firms would be documented. Besides, the use of the information would only be based on the reasons that were originally stated during the collection. The reason for the data collection would be made clear to the individual either verbally or orally at the time of collection.

The only time that the company might use the information for other purposes that were not stated at the time of collection is if the new requirements are within the law. Besides, the new use might only be legal if the individual has given consent to the use.


Privacy officer and contact person

The person that is in charge of the Privacy is the Assistant Vice President for Human resource. His responsibility would include the development and the implantation of the procedures and policies that are related to privacy. Such policies would include the privacy policy. Besides, the individual would have the responsibility of engaging with individual that might have queries on the privacy of the PHI. The decisions that the officer makes within the office would remain final and binding to all the parties involved. The officer also has absolute discretion to carry out all the responsibilities that are related to the policy (Almgren, 2017).

However, in some cases, that are under the approval of the institution the officer might delegate the duties to one or more agent. He may also be required to rely on the counsel of the institution in making some decisions.

2. Workforce training

  It is the policy of the healthcare facility to train its workforce on the privacy procedures and polices. The privacy officers has the mandate to develop the training programs and schedules that seeks to ensure that the employee get the necessary awareness that might ensure that carry out their responsibilities effectively.

3. Technical and physical safeguards and firewalls

The institution has the responsibility of establishing the required safeguards that prevent the PHI from being use in a manner that might violate the requirements of the HIPAA. These safeguards would focus on both the intentional and unintentional use. On the technical part the institution is tasked with the responsibility of creating the necessary firewalls on the computers. In addition, the physical aspect would include securing the doors and the filing cabinets with the necessary security features that would ensure that access is limited to only the permitted individuals.

The role of the firewalls is to ensured that the authorized individual access the PHI within the minimum amount time and levels. Besides, the access would not eventually lead to the violation of the HIPAA’s rules.

Privacy notice

The private officer has the task of developing and also mentioning the notices that describes the following issues,

 The use and disclosure of the information in the PHI

 The right of the individuals

 The legal duties of the institutions in regards to the PHI 

The notice would also inform participants and clients of the firm that they can access the PHI within the administrative functions. The notice would also mentions the procedures that individual can follow in the cases where they have complaints, names, and the contestants of the individual. 

Sanction for violation of privacy

In the event that there is a violation of the PHI in relation to the HIPAA privacy rule then sanctions would be applied as the policy states. The sanctions might include the termination of the access.

5. Mitigation of in advent disclosures

The institution has the role of mitigating any harmful effect that might become known to the use and disclosure of PHI in violation of the policies and procedures. In the event of that an employee’s discovers a disclosure of PHI by the employee or an individual outside they need to immediately have to constant the privacy officer (Wager & Glaser, 2017). 

6 No intimidation or retaliatory Acts

The patients or other individual have the right to make complaint or participate in investigations or even oppose any practice that is against the HIPAA. Therefore, there is no employee may intimidate coerce, threaten, or discriminate against any individuals that excessive their rights (Perley, 2016).

7. Plan documents

The plan document takes into account the provision that give a description of the permitted uses of the disclosures of the PHI by the administration. The institution is required to:

  Not use PHI other than one that are allowed through the plan document

 Ensure that all the agents that seek to use the PHI adhere to the regulations of the institutions.

 Report to the privacy officer any use or disclosures that are not within the policy requirements

 The institution also needs to make the PHI accessible to the clients, take account of the participants and on request make the PHI available based on the regulations (Sen & DeLeire, 2018). 


  • Almgren, G. (2017). Health care politics, policy, and services: a social justice analysis. Springer publishing company.
  • Mathews, R. (2016). On protecting & preserving personal privacy in interoperable global healthcare venues. Health and Technology6(1), 53-73.
  • Perley, R. (Ed.). (2016). Managing the Long-Term Care Facility: Practical Approaches to Providing Quality Care. John Wiley & Sons.
  • Sen, A. P., & DeLeire, T. (2018). How does expansion of public health insurance affect risk pools and premiums in the market for private health insurance? Evidence from Medicaid and the Affordable Care Act Marketplaces. Health economics27(12), 1877-1903.
  • Wager, K. A., Lee, F. W., & Glaser, J. P. (2017). Health care information systems: a practical approach for health care management. John Wiley & Sons.


Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on the UKDiss.com website then please: