MHA FPX 5014 Assessment 2 Risk Financing
Student name
Capella University
MHA-FPX5014 Healthcare Quality, Risk, and Regulatory Compliance
Professor Name
Submission Date
Risk Financing
To: Leadership at Mercy Medical Center
From: Risk Manager
Date: September 2025
To outline the financial risks incurred since 2015 as a result of Anthem Blue Cross Blue Shield’s breach of its HIPAA obligations, we are including the memo in question. Anthem Blue Cross Blue Shield suffered a breach that resulted in the exposure of the health and employment records of 79 million people (Rodrigues et al., 2024). The breach resulted from a combination of insufficient risk assessment and inadequate cybersecurity. The Civil Rights Office settlement amounts to $ 16 million (Moro et al., 2022). This memo outlines the impact of breaches of regulations, ethics, and finances. It identifies risks, remedies, and the restoration of trust to the affected parties.
The Anthem Blue Cross Blue Shield group is the largest provider of private health insurance in the United States (Brennan, 2022). With more than 40 million members in the United States, its headquarters is based in Indianapolis, Indiana, and offers Commercial, Medicaid, and Medicare insurance programs. The primary stakeholders are customers, the supply chain, the Office for Civil Rights (OCR), and the general public. As a result of the 2015 attack, Anthem suffered a breach of 78.8 million people (Duggan et al., 2024) and the loss of a majority of private data. Anthem did not conduct a systematic assessment of risk at the enterprise level. Data protection that complies with HIPAA was also absent. As a result, Anthem suffered significant long-term reputational damage, sustained a loss that diminished its resources, a federal settlement of $16 million, and other financial losses (Velez, 2021).
As a participant in the Accountable Care Organization, Anthem Blue Cross Blue Shield (Anthem) recognizes the needs of patients and clients first. Blue Cross needs to implement measures that adhere to the requirements of HIPAA and HITECH to ensure and safeguard patients’ information. They also need to ensure that they report on any violations that may occur. In 2015, the Office of Civil Rights (OCR) had to step in and oversee and monitor the activities of Anthem, and they also had to make them take corrective action. Patient privacy and patient trust are the pillars of ethical and accountable practices, and they should be the foundation on which all the activities and operations of Anthem are based. There is a growing concern for the organization regarding the increasing number of cyber-attacks, the passing of new privacy laws, such as the California Consumer Privacy Act (CCPA), and the growing number of demands for greater transparency from the organization by the public, as well as regulatory bodies.
The Anthem Data breach is one of the most notable examples of a breach of cybersecurity, which left 78.8 million records compromised due to insufficient safeguards and a contravention of the HIPAA Security Rule. The breach has had adverse effects, including damage to the once spotless reputation of Anthem and a multi-million dollar settlement to be paid by Anthem. The breach resulted from an unmitigated failure of the company to conduct a thorough enterprise risk assessment, identify on-the-spot threats, design an adequate cyber protection framework, coupled with an unacceptable lack of accountability by the ringmasters of the company for the executive failures with respect to the company’s cyber protection.
To progress towards effective threat detection, Anthem must adopt the use of AI in topological applications, provide HIPAA training to all employees, appoint a Chief Information Security Officer (CISO), and strengthen the access control mechanisms (Conduah et al, 2023). Desired effects will occur from more penetration testing, more than once-a-quarter audits, and control assessments. The constraints on all that are the cost of the tools, the anxiety and resistance of employees to new methods, and the balance between risk and processing (Djenna et al, 2023). Nevertheless, it is prudent to adopt them and incur a loss in effect and reputation from the breach.
The first recommendation is the introduction of AI building blocks to provide the first control and to give focus and direction to governance in the concept of the ‘Cao’ (Djenna et al, 2023). The second recommendation is the appointment of a Chief Information Security Officer (CISO), who will provide a ‘hands-on’ control for a longer period. The AI tools potentially provide quick identification and focus on the types of control that governance uses to protect patients’ information. The appointment of a CISO provides long-term control and focus for the types of concerns that governance requires. The recommendations will address the concerns of the 2015 breach and will also be in compliance with the legal and ethical requirements to protect patients’ information (Shaikh & Siponen, 2023). These recommendations will span the technical and leadership gaps for the industry in the long term.
The main objective of the given 12-month timeframe is to accomplish a 60% reduction in reportable data breaches. To achieve this goal, AI tools with real-time monitoring and data breach detection capabilities will be utilized. These tools will be employed to identify potential risks and obstacles to ensure that breaches of the HIPAA Security Rule do not occur. For tracking progress, audit dashboards will be reviewed on a quarterly basis. Research, including that of Shaikh and Siponen (2022), suggests that the use of AI is likely to significantly enhance the detection of data breaches, thereby improving the efficiency of breach response.
Anthem mandates completion of HIPAA and cybersecurity training courses by all its employees. This employee training engagement prerequisite will be enforced through the Learning Management System (LMS), which monitors employee training. The first training module will be launched in six months and will be updated every six months. As training will be designed with interactive elements such as case examples, Kuan et al. (2021) cite that training tailored to the specifics of the position rather than the goal of the organization showed a 40% reduction in violations compared to training that was not as targeted.
The goal is to improve Anthem’s HIPAA compliance audit score by 25% in a year. This improvement will be benchmarked with Anthem’s internal audit tools and OCR reports. The target of this KPI is to increase the effectiveness of the Anthem Risk Management Policy within this timeframe by first synchronizing auditing to the most recent OCR standards and industry standards. Bunting and Klerk (2022) find this situation quite promising and hope that this goal will be reachable since, in the past year, one of the plans to improve auditing has resulted in an increase of 27% in compliance scores.
Anthem has experienced HIPAA violations that have shown some of the worst regulatory compliance and operational control breakdowns, and have significantly affected the company’s financial, legal, and reputational standing. The recommendations that follow, including the appointment of a Chief Information Security Officer (CISO) and the adoption of an AI-based security system, are essential to reduce the impact of these situations. These will enable Anthem to meet its legal and ethical obligations while providing the assurance and confidence needed to further establish the organization as a leader in healthcare risk management.
Step-by-Step Instructions to write
MHA FPX 5014 Assessment 2
Contact us to receive step-by-step instructions.
Instructions File For
MHA FPX 5014 Assessment 2
Contact us to get the instruction file.
Scoring Guide For
MHA FPX 5014 Assessment 2
Contact us to get the scoring guide.
References For
MHA FPX 5014 Assessment 2
Brennan, T. (2022). The settlement of the Blue Cross Blue Shield antitrust litigation: Creating a new potential catalyst for health insurance industry restructuring. Journal of the American Medical Association Health Forum, 3(12). https://doi.org/10.1001/jamahealthforum.2022.4737
Bunting, J., & Klerk, M. (2022). Strategies to improve compliance with clinical nursing documentation guidelines in the acute hospital setting: A systematic review and analysis. SAGE Open Nursing, 8(1), 1–34. https://doi.org/10.1177/23779608221075165
Conduah, A. K., Ofoe, S., & Siaw-Marfo, D. (2025). Data privacy in healthcare: Global challenges and solutions. Digital Health, 11(1), 59. https://doi.org/10.1177/20552076251343959
Djenna, A., Harous, S., & Saidouni, D. E. (2021). Internet of Things meets Internet of threats: new concern cyber security issues of critical cyber infrastructure. Applied Sciences, 11(10), 4580. https://www.mdpi.com/2076-3417/11/10/4580
Duggan, C., Beckman, A. L., Ganguli, I., Soto, M., Orav, E. J., Tsai, T. C., Frakt, A., & Figueroa, J. F. (2024). Evaluation of low-value services across major medicare advantage insurers and traditional Medicare. Journal of the American Medical Association Network Open, 7(11). https://doi.org/10.1001/jamanetworkopen.2024.42633
Kuo, K.-M., Talley, P. C., & Lin, D.-Y. M. (2021). Hospital staff’s adherence to information security policy: A quest for the antecedents of deterrence variables. INQUIRY: The Journal of Health Care Organization, Provision, and Financing, 58(1). https://doi.org/10.1177/00469580211029599
Morel, H., & Dorpalen, B. D. (2023). Adaptive thinking in cities: Urban continuity within built environments. Climate, 11(3), 54. https://doi.org/10.3390/cli11030054
Moro, M. F., Carta, M. G., Gyimah, L., Orrell, M., Amissah, C., Baingana, F., Kofie, H., Taylor, D., Chimbar, N., Coffie, M., Cole, C., Ansong, J., Ohene, S., Tawiah, P. E., Atzeni, M., D’Oca, S., Gureje, O., Funk, M., Drew, N., & Osei, A. (2022). A nationwide evaluation study of the quality of care and respect of human rights in mental health facilities in Ghana: Results from the World Health Organization Quality Rights initiative. BioMed Central Public Health, 22(1), 639. https://doi.org/10.1186/s12889-022-13102-2
Mueller, L. (2021). Do Americans really support black athletes who kneel during the national anthem? Estimating the true prevalence and strength of sensitive racial attitudes in the context of sport. Communication & Sport, 10(6). https://doi.org/10.1177/21674795211019670
Rodrigues, G. A. P., Serrano, A. L. M., Vergara, G. F., Albuquerque, R. de O., & Nze, G. D. A. (2024). Impact, compliance, and countermeasures in relation to data breaches in publicly traded U.S. companies. Future Internet, 16(6), 201. https://www.mdpi.com/1999-5903/16/6/201
Shaikh, F. A., & Siponen, M. (2022). Information security risk assessments following cybersecurity breaches: the mediating role of top management attention to cybersecurity. Computers & Security, 124(1), 102974. https://doi.org/10.1016/j.cose.2022.102974
Velez, S. B. (2021). Idiosyncratic viral loss theory: Systemic operational losses in banks. Journal of Risk and Financial Management, 14(2), 82. https://doi.org/10.3390/jrfm14020082
Viswanathan, V. S., Harri, P., Volin, J., Kadakia, J., Safdar, N., & Kikano, E. (2025). Safeguarding radiology: Best practices in cybersecurity governance. Journal of the American College of Radiology, 0(0), 01. https://doi.org/10.1016/j.jacr.2025.06.001
Capella professors to choose from for MHA-FPX5014
- Bradly E. Roh.
- Buddy Wiltcher.
(FAQs) related to
MHA FPX 5014 Assessment 2
Question 1: What is MHA FPX 5014 Assessment 2 Risk Financing?
Answer 1: Evaluating financial risks and funding strategies after healthcare breaches.
Do you need a tutor to help with this paper for you within 24 hours
- 0% Plagiarised
- 0% AI
- Distinguish grades guarantee
- 24 hour delivery
← Previous Assessment: MHA FPX 5014 Assessment 1 | Next Assessment: MHA FPX 5014 Assessment 3 →