Reflective Practice Worksheet

Summary: This worksheet is intended to help you reflect on the work you carried out on all
aspects of the privacy and security assessment plan, audits and access policy throughout the
course. You will identify three specific aspects of your activity that could be improved upon using
the Reflection Template tables, and then you will indicate a corresponding goal for each using the
Action Plan Template table.

Overview: Reflective practice is the process of studying one’s experiences in order to improve
how one works. Upon reflecting on one’s experiences, action plans are developed and
implemented to improve the thoughts, perceptions, and actions related to one’s processes.

Reflective practice can be beneficial in:

 Increasing an individual’s ability to be self-aware in given situations, tasks, and
activities.
 Improving the quality of one’s work.
 Assisting individuals in carrying out self-improvement and self-awareness techniques in
order to improve interpersonal interactions.
 Improve work activities requiring individuals to collaborate to accomplish a unified goal.

There are several models for carrying out reflective practice, such as: Gibbs’ reflective cycle,
Johns’ model, and Atkins and Murphy. Johns’ model was developed for nursing practitioners and
is based on five core questions that enable you to break down your experience and reflect on the
process and outcomes. This worksheet uses a modified version of Johns’ model that is more
suited to health care informatics.

Reflection Template
Use the tables provided below to complete three reflections on specific aspects of your activity
during the privacy and security assessment plan, audits and access policy that can be improved
upon. An example reflection has been provided below. Use the blank reflection tables to complete
your reflections.

Below are instructions on how to fill out each section.

1. Description – Write a brief statement that addresses the following:
 Write a description of the specific aspect of your activity that can be improved upon.
 What key issues do you need to pay attention to in relation to this aspect?

2. Reflection – Write a brief statement that addresses the following:

 What were you trying to achieve?
 Why did I act as you did?
 What are the consequences of your actions for the project success or outcome, for
yourself, or for the people you work with?
 How did you feel about this experience when it was happening?

3. Influencing Factors – Write a brief statement that addresses the following:

 What internal factors influenced your decision making and actions?
 What external factors influenced your decision making and actions?
 What sources of knowledge influenced or should have influenced your decision making
and actions?
 Could you have dealt with the situation better?
1
  What other choices did you have and what would be the consequences of these other
choices?
 What people, devices, or situations impacted your decision making?

4. Learning Point – Write a brief statement that addresses the following:

 How can you make sense of this experience in light of past experience and future
practice?
 How do you feel about this experience now?
 Have you taken effective action to support others and yourself as a result of this
experience?
 How has this experience changed the way you act or how you perceive or think about
the event?
 How would you change systems, devices or strategies the next time you encounter the
situation?

5. Miscellaneous – This area is for additional information you would like to add that does not
relate to the other sections of the table.

EXAMPLE REFLECTION
Description Reflection Influencing Learning Point Miscellaneous
Factors
Lack of I was trying to Instructor feedback In performing a desk The regulatory
understanding of understand the on access policy audit for HIPAA environment is
HIPAA led me to case study in terms demonstrated my compliance, I gained continually evolving
have difficulty in of small practice lack of knowledge of an understanding of and requires flexibility
successfully requirements basic HIPAA the regulatory and prudence in
completing the desk compliance requirements for reviewing policy and
audits I didn’t understand small practices regulatory changes
the extent and
complexity of
HIPAA regulations

Reflection 1

Description Reflection Influencing Learning Point Miscellaneous

Factors

Underestimating the I did not anticipate the While reviewing the In completing the The audit process is
amount of time each complexity and detail administrative three desk audits, I extremely detailed
audit was going to of the audit questions. safeguards audit gained more to make sure the
take to complete. questions, I realized knowledge on the organization is well
the lack of detail in necessary policies equipped to handle
the policies. and procedures any privacy and
required for an security situation
organization to that may happen.
have.

2
Reflection 2
Description Reflection Influencing Learning Point Miscellaneous
Factors

Lack of I was trying to gain The use case In completing the Clinical and non-
understanding of more knowledge highlighted my lack desk audits, privacy clinical healthcare
user rights and around the roles and of knowledge on and security organizations have
access to PHI responsibilities for clinical assessment and different roles and
caused difficulty in user rights and level responsibilities. information security responsibilities but
completing the of access in a clinical policy I gained both must follow
summary of access setting. more knowledge on HIPAA regulations.
authorization on the I do not have a clinical user rights and
privacy and security background and don’t access
assessment. understand the level authorization.
of access required for
each individual.

Reflection 3
Description Reflection Influencing Learning Point Miscellaneous
Factors
Lack of I didn’t realize the The technical While completing Healthcare
understanding the complexity of the safeguard audit the technical technology is
HIPAA Security Rule technical safeguards made me realize my safeguard audit I constantly growing
for technical and how many there lack of fully gained more and developing
safeguards. are. understanding the knowledge on the which requires the
HIPAA Security HIPAA Security technical
Rule. Rule that is safeguards to be
necessary for detailed and
compliance. thorough.

3
Action Plan Template
Now that you have identified three aspects of your privacy and security activity that can be
improved upon, you need to create an action plan by establishing goals and actions to achieve
them. Your action plan must include a reflection goal for each of the three reflections you
completed in the Reflection Template. An example action plan has been provided below. Use the
table on the last page of this worksheet to complete your action plan.

Below are instructions on how to fill out each section.

1. Reflection Goal – In this section, you will write a goal for each reflection for a total of three
goals. Keep the goal statement brief and simple (i.e. no more than two sentences). Goals
should be actionable and measurable.
2. Actions I will implement – This section describes what actions you would take to address
each issue identified in your reflections.
3. Possible Obstacles – This section describes potential barriers or obstacles to
implementing the actions you identified for achieving your goals.
4. How I will know I’ve achieved my goal – In this section, you will indicate the tangible
evidence, acquired skills, knowledge or behaviours required to achieve your reflection
goals.
5. Target to meet goal/Review date – In this section, you will indicate a target date for
completing your goals. Then, indicate a follow up review date when you will check in to
ensure the goals are continually being met.

EXAMPLE ACTION PLAN

Reflection Goal Actions I will Possible How I will know Target to meet
implement Obstacles I’ve achieved goal/ Review
my goal date
Expand knowledge of Complete a Allotting time to I will have an Establish 1 year
HIPAA regulations government webinar review HIPAA increased level of as the target goal
and compliance as on HIPAA updates updates and comfort and and a review date
they relate to small and regulations, regulations confidence in every 6 months
practice settings review monthly applying HIPAA
government bulletins Financing regulations to small
related to regulatory certification in privacy practice settings
changes, consider and security from I will be able to
obtaining certification AHIMA successfully obtain
in privacy and certification from
security from AHIMA AHIMA
(www.ahima.org)

4
 Action Plan

Reflection Goal Actions I will Possible Obstacles How I will know I’ve Target to meet
implement achieved my goal goal/Review date
Better prepare for the desk Review the HIPAA updates There are potential time I will have a higher level of Set a one year target goal to
audits by reviewing each on a quarterly basis to be constraints to conduct detail understanding of the audits, implement all actions.
audit before applying and better prepared for the reviews of the HIPAA user rights and access
completing the document. audits. security rule and HIPAA authorization to PHI and Set a quarterly target date to
updates with my other day to technical safeguards. This review all updates and
Increase knowledge of user Interview mentors and day responsibilities. will allow me to complete assessments.
rights and access research roles and audits, privacy and security
authorization to PHI. responsibilities for user rights Finding availability with my assessment and information
and level of access in clinical mentors to interview them to security policy more
Increase knowledge of settings. have a better understanding efficiently.
HIPAA Security Rule through of roles and responsibilities
technical safeguards. Conduct a more detailed for user rights and level of
review of the HIPAA security access in clinical settings.
rule for technical safeguards.