A. Evaluate the two policies in the attached “Health Record Policies” by doing the following: 1. Discuss what information should be included in an addendum pertaining to a shadow chart. The addendum requested by the supervisor should include a requirement to seek authentication of the shadow chart by the original healthcare provider. The HIM department can’t be responsible to determine if the information located in the shadow copy is relevant or not. That task should be placed with the provider. 2. Discuss how information technology staff can help decrease incidents of security breaches. IT staff in the facility can help decrease security incidents by simple group security policies across their IT platform. These policies could include password protected screen savers, shorter screensaver activation timers, and standard password complexity requirements. With the screensaver changes, if personnel left their workstation without logging off, the saver would kick in and lock the station for them. Password complexity forces the staff to not recycle old passwords, and to use complex passwords that are more difficult to guess. B. Discuss one situation from Montana Code 41-1-402 (2a through 2d) that may result in criminal liability to the organization if not followed. 1. Summarize how HIPAA defines criminal liability. 2. Explain which part of 2a through 2d of Montana Code 41-1-402 would directly impact actions of clinical staff. The situation listed in part (b) struck me as interesting due to the nature of the definition. The key word in the beginning of the statement was professes. No burden of proof is needed by the minor. Therefore, if a medical provider denies care to a minor that has professed one of the key stipulations of adulthood, that provider would be criminally liable. Criminal liability in regards to HIPAA is judged by knowledge of the individual. Knowing of an