A policy should specify the kind of employees covered, the kind of health organization (clinic, hospital, etc.) it is for, and the Do’s and Don’ts when handling electronic healthcare information.
Create a 2- to 3-page policy for the employees of a health organization which protects the privacy and security of patients when handling electronic healthcare information. In addition the policy should discuss how legislation on the privacy of electronic health information has evolved and what the future of Health IT holds.
Create an accompanying 2-page Frequently Asked Questions (FAQ) document to anticipate some of the questions from readers of the policy and the answers to these questions. Be sure to include questions around how this new policy might bring up new security and privacy issues and how those could be resolved.”