Healthcare Information Technology Alfred State

¡Supera tus tareas y exámenes ahora con Quizwiz!

Respondeat superior

"let the master answer" means that an employer is responsible for the legal consequences of an employee's actions.

Burden of proof

"the responsibility for proving harm" is on the individual who initiated the civil suit; called the plaintiff; no plaintiff in criminal law

Sources of law

Administrative law, Case law or common law, and Statutory law

Health care operations

Administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment

HIPAA security rule

Adopts standards and safeguards to protect health information that is collected, maintained, used, or transmitted electronically. CMS is responsible for overseeing compliance with and complaints about security rules and covered entities. Protects the confidentiality, integrity, and availability of electronic protected health information (EPHI).

Penalties for covered entities misuse of personal health information

Civil monetary penalties: up to $100 per violation, up to $25,000 per person, per year for each requirements or prohibition violated. Federal criminal penalties: up to $50,000 and one year in prison for obtaining or disclosing protected health information , up to $100,000 and up to 5 years in prison for obtaining protected health information under "false pretenses" and up to $250,000 and up to 10 years in prison for obtaining or disclosing protected health information with the intent to sell, transfer, or use it for commercial advantage, personal gain, or malicious harm.

Health Care Quality Improvement Act of 1986

Federal law that established the National Practitioner's Data Base.

Prohibition on redisclosure

when copies of PHI are released to a provider they are usually filed in the patient's current medical record. That provider is prohibited from redisclosing another entity's copies unless authorized to do so.

Health Insurance Portability and Accountability Act of 1996

Federal legislation that mandated administrative simplification regulations to govern privacy, security, and electronic transaction standards for health care information

HR 663

Patient Safety and Quality Improvment Act; allows providers to report health care errors on a voluntary and confidential basis.

HIPAA Final Privacy Rule

Patient authorization to disclose PHI contain a general statement that: PHI may no longer be protected by the Privacy Rule once it is disclosed by the covered entity. This means the provider IS allowed to redisclose PHI created by another IF disclosure is for the purpose permitted by the privacy rule (e.g. treatment).

Medical Examiner

Physician officially authorized by a governmental agency to determine causes of deaths, especially those due to other than natural causes.

Coroner

Public officer who investigates deaths due to other than natural causes; might not be a physician

TPO

Treatment, payment, health care (operations),

Security rule

defines administrative, physical, and technical safeguards to protect the availability, confidentiality and integrity of electronic protected health information. Protection from unauthorized access, alteration, deletion, and transmission.

Public law

deals with relationships between individuals and governments

Civil law

deals with the legal rights and relationships of private individuals

Electronic signature

digital; applies a mathematical function to the electronic document which results in a unique bit string called a message digest that is encrypted and appended to the electronic document.

release of information log

documents patient information released to authorized requestors, and data was entered manually (e.g. three-ring binder) or using tracking software. Can be obtained for six years prior to the date of their request, retroactive to april 16, 2003. Must include date of disclosure, name and address of entity or person who received the PHI, description of the PHI disclosed, statement of reason for disclosure (or a copy of the written request for disclosure). Individual is entitled to one free accounting report during any 12-month period. Subsequent reports generated during the 12 month period can be accessed for a reasonable fee. The entity must inform an individual of any required fee and allow the individual an opportunity to amen his or her request to avoid or reduce the fee.

Encrypt

encode a computer file, making it safe for electronic transmission so that unauthorized parties cannot read it. The recipient of the transmitted electronic document decrypts the message digest and compares the decoded digest with the transmitted version. If identical the message is unaltered and the identity of the signer is proven.

Privacy rule

establishes standards for how PHI should be controlled; it also establishes what uses and disclosures are authorized as well as what rights patients have with respect to their health information.

Negligence

failure to excercise the degree of care considered reasonable under the circumstances, resulting in an unintended injury to another party. Eg: misdiagnosis, error in performing a surgical procedure, failure to recognize and treat complications, failure to obtain informed consent from a patient for treatment performed, etc.

Interrogatory

form of discovery that includes a list of written questions that must be answered by the party served (either defendant or plaintiff. Under oath, may be used for impeachment if interrogatory statement and trial statements do not match. Formal written document.

Authorization to disclose PHI not required in the following cases:

health oversight activities, public health activities, law enforcement purposes, judicial and administrative proceedings, identification and location purposes, decdents, research, FDA, military, and workman's comp.

Defendant

individual against whom the complaint is brought.

protected health information

information that is identifiable to an individual or individual identifiers such as: name, address, telephone number, date of birth, Medicaid ID number and other medical record numbers, SSN, and name of employers

call-back method

involves obtaining the requesting provider's main number from the phonebook or directory assistance. Call the main number and ask to be connected to the requesting provider to ensure that you are speaking with an individual authorized to obtain PHI. As a follow-up require the requesting provider to obtain the patient's authorization to release PHI and mail it to your attention.

Medical record

legal business record that must be maintained according to accreditation standards (eg. TJC), legal principles (state and federal laws), professional practice standards (AHIMA practice briefs) and regulations (eg Medical Conditions of Participation). Applies to both paper and electronic records

Discovery

legal process lawyers use to obtain information about all aspects of the case, and its goal is to find information that will help prepare a case for settlement or trial.

emancipated minors

married, living away from home, and self-supporting, delcared legally emancipated by a court of the law, pregnant and unmarried, on active duty with the Untied States Armed Forces, at least 16 years of age and living independently from parents or guardians.

HR 5

medical liability reform act passed by US congress

HEALTH act

medical liability reform bill that includes a hard cap of $250,000 on non-economic damages.

HIPAA Title II Aspects

medical liability, privacy, and security

root cause analysis

must be performed on any event assigned ICD-9-CM codes 900-963, which is a process intended to find out what happened, why it happened, and what the facility can do to prevent it from happening again.

Information that may be included for a PHI request to law enforcement officials

name and address SSN Blood type and Rho factor Type of injury Date and time of treatment Date and time of death Distinguishing physical characteristics.

Special protection for:

psychotherapy notes, HIV/AIDs, and mental health records; when stronger state laws exist they preempt the HIPAA laws.

Regulations

publishes rules that interpret laws

Administrative law

regulations created by administrative agencies of government; regulations interpret how a law is to be enforced, and they are generally more detailed than the law on which they are based. Federal regualtions issued as the Code of Federal Regulations. Eg: CMS is the federal administrative agency responsible for creating regulations to implement HIPAA legislation.

Tracking Disclosures of PHI

release of information log

Drug Abuse and Treatment Act of 1972

requires that drug and alcohol abuse patient records be kept confidential and are not subject to disclosure except as provided by law.

Exceptions to confidentiality

subpoena duces tecum,

Res judicata

"the thing is decided" means that the final judgement of a competent court is conclusive; it prevents a plaintiff from suing on a claim that has already been decided and it prevents a defendant from raising any new defense to defeat enforcement of an earlier judgement

Res ipsa loquitur

"the thing speaks for itself" means that something is self-evident. E.g. surgical instrument left in patient's abdominal cavity

Res gestae

"things done" hearsay statements made during an incident are inadmissible as evidence

Stare decisis

"to stand by things decided" which means it is a doctrine of precedent and courts adhere to the previous ruling.

CASE LAW PRINCIPLES:

...

Legislation that Impacts Health Information Management

...

The health care provider owns the medical record, but the patient owns the information in the medical record.

...

HIPAA time limit mandates for covered entities to respond to requests for amendments and release of information request

60 Days; Deceased PHI: 2 years.

Comprehensive Guide to Electronic Health Records

1. Type of computer used is accepted as standard and efficient equipement. 2. Method of operation to create electronic medical record is recorded. 3. Methad and circumstances of preparing the record include sources of information on which the record is based, procedures for entering information into and retrieving information from the computer, controls and checks used, and tests performed to ensure the accuracy and reliability of the record. 4. Information documented in the EMR has not been altered in any way.

Subpoena ad testificandum

A court order that requires an individual to appear in court to testify. A court order is a written command or direction ordered by a court or judge. Failure to obey a subpoena constitutes contempt of court

Deposition

A form of discovery used to learn answers to certain questions, obtain a sworn statement from the deponent, observe a witnesse's behavior and ability to testify and discover weaknesses and strengths in each party's case.

subpoena duces tecum

A written command or direction signed by the court of the clerk, ordering an individual to appear in court with documents (e.g. medical records).

Authorization to disclose PHI IS required:

Attorney requests, employers except for workman's comp cases, Government agencies like SS, health care providers that did not render care to the patient, HIV related info, law enforcement, marketing communications, patient or patient representative, third party payers.

Contracts

Binding agreements between two parties

Decedents

Coroners and medical examiners, funeral directors, cadaver organ, eye, or tissue donation purposes

Release of protected health information

DO NOT INCLUDE: info about care related to another patient, peer review or quality management documents, correspondence or notes from attorneys and or aberrant or deviant statements.

Decrypts

Decodes

Omnibus Budget Reconciliation Act of 1987

Established the Nursing Home Reform Act to ensure that residents of nursing facilities receive quality care and established a Residents' Bill of Rights

privacy rule

HIPAA standards for privacy of individually identifiable health information. Includes provisions that protect the security and confidentiality of health information. Provides new rights for individuals with respect to protected health information and mandates compliance by covered entitites.

Law/statute

a rule of conduct passed by a legislative body (e.g. federal congress that is enforced by the government and results in penalties when violated.

May NOT DISCLOSE

any PHI related to DNA or DNA analysis, dental records or typing, samples or analysis of body fluids or tissues.

privileged communication

any information communicated by a patient to a health care provider

Includes: Torts

any wrongful acts for which a civil suit can be brought

Covered entity may disclose PHI to health oversight agencies for activities authorized by law:

audits, (civil, administrative, or criminal investigations, inspections, licensure or disciplinary actions, civil, administrative, or criminal proceedings or actions, Medicare or Medicaid. If covered entity is also a health oversight committee the covered entity may use PHI for health oversight activities.

Research purposes

authorization is only required when the research includes the actual treatment of the individual.

Case law

based on judicial decisions and precedent rather than statutes. Case law usually only applies in situations where the facts of a new case exactly match the facts of the case that was previously decided.

de-identification of protected health information

contains no identification information about an individual; can be disclosed for research purposes if nothing can individually identify the patient

Healthcare Integrity and Protection Data Bank

created a data bank to combat fraud and abuse in the health care industry, alerting users to conduct a comprehensive review of health care providers past actions.

Includes: Criminal law

crimes and their punishments

Statutory law

passed by a legislative body (e.g Congress) and it can be amended by the legislative body.

patient consent to TPO vs. patient authorization to disclose PHI

patient consent: provide written permission to providers so that health information related to treatment, payment or operations can be used or disclosed.

Medical liability or malpractice insurance

pays a lawsuits covered damages and defense costs

covered entitites

private and public sector organizations that must follow HIPAA provisions

Qualified protective order

prohibits the use or disclosure of PHI for any purpose beyond the litigation at hand and requires that the PHI and all copies be returned to the covered entity or destroyed when the litigation is over.

accountability of HIPAA

protects data integrity, availability, and confidentiality and has the greatest impact on health care organizations.

portability of HIPAA

protects health insurance coverage for workers and their families when they change or lose their jobs

Medical Record documentation

the exception to the hearsay rule. to be permissible as evidence the records must be: created by a person within the business who has knowledge of the acts, conditions or diagnoses, events or opinions documented. Documented during the normal course of business. Generated at or near the time of patient care. Maintained in the regular course of business.

Treatment

the provision, coordination, or management of health care and related services among health care provders or by a health care provider with a third party

Payment

the various activities of health care providers to obtain payment or be reimbursed for their services and of a health plan to obtain premiums, to fulfill their coverage responsibilities and provide benefits

Statute of limitations

time period after which a lawsuit cannot be filed. Vary from state to state. Medical malpractice is one to three years.


Conjuntos de estudio relacionados

AP Statistics Semester One Review

View Set

Social Psychology Final Study Set

View Set

Medical Math, Bloodborne Pathogens, and Safety Precautions

View Set

Missouri Statutes, Rules and Regulations Pertinent to Life Only

View Set

Econ Final Exam Quiz and Test Answers

View Set

Econ 520 - Jin Wang - Homeworks 1-7 multiple choice questions

View Set