Legal and Ethical Aspects of Health Information Management: Chapter 8 Pt Record Requirements Chapter 9 Confidentiality & Informed Consent AND Chapter 10 Access to Health Information, Chapter 11 Specialized Pt Records
CONSENT
A concurrence of wills. An agreement by a person in the progression and exercise of sufficient mental capacity to make an intelligent choice to do something proposed by another.
HEALTH RECORD
A document that contains a complete and accurate description of a patient's history, condition, diagnostic and therapeutic treatment, and the results of treatment.
RECORD RETENTION SCHEDULE
A document that details what data will be retained, the retention period, and the manner in which the data will be stored.
CERTIFICATE OF DESTRUCTION
A document that shows what data and records were destroyed, who destroyed those data and records, and the method used for that destruction.
BELMONT REPORT
A document which identifies the ethical principles to be used to prevent unethical use of human subjects in research.
LIVING WILL
A document, executed while a pt is competent, that provides direction as to medical care in the event the pt in incapacitated or unable to make personal decisions. A form of advance directive, each state must determine the legal rights of the pt to use a living will.
STATUTE OF LIMITATIONS
A federal and state laws prescribing the maximum time period during which various types of civil actions and criminal prosecutions can be brought after the occurrence of the injury or offense.
HYBRID RECORD
A health record that includes both paper and electronic elements
CORRECTIONS TO THE RECORD
A method by which a mistake contained in a pt's health record is altered or modified according to standard practices.
PROFESSIONAL DISCLOSURE STANDARD
A standard used in the negligence context to determine liability. It is measured according to the level of information a reasonable health-care provider would disclose under the same or similar circumstances.
REASONABLE PT STANDARD
A standard used in the negligence context to determine liability. It is measured as the level of care that would be exercised by a reasonably prudent person under the same or similar circumstances
RETENTION REQUIREMENTS-OTHER EXTERNAL FORCES
AHIMA recommends a 10 yr retention perod on adult pt records, measured from the date of the pt's last encounter. AHIMA recommends retaining records of minors until thept reaches the age of majority plus the statute of limitations period governing medical malpractice lawsuits. For example, in Tx, the age of majority is 18 yrs old and the statute of limitations is 2 yrs. The record of a newborn would be reatined for 20yrs (18+2) to meet this requirement. The American Hospital Association (AHA) suggests a 10m yr retention perod for clinical records., measured form the date of the pt's last encounter. Storage of inactive (paper) records is permitted in the hospital or off site, if permitted by law or the appropriate licensing body. For electronic records, storage of inactive pt records is not as difficult. One condiseration is being able to retrieve the information from the " older" technology that it is stored in. Whether paper-based or electronic, retention policies should govern what information should be retained & for how long. Enterprise content & record manangement (ECRM) addressed both electronic records mamagement principles( all of the digital & analog records) & enterprise content management principles( the technology, tools, & methods to capture, store, deliver, & preserve content across an enterprise). Encompasses both traditional health record managment plus managment of newer clinical content(email, voice, test, & speech files) & nonclinical content(financial & administrative data). By viewing all datat & records from an enterprise perspective, retention of data records is managed systematically, & the potential increases for a more streamlined process of responding to e discovery requests.
EXPLAIN THE PURPOSE OF REDISCLOSURE STATEMENT
An additional safeguard is the inclusion of a redisclosure notice with the information sent. The redisclosure notice should direct the recipient that the information received may be used only for the stated purpose the recipient is barred from redisclosing the information to third parties without the patient's authorization the information should be destroyed after the stated purpose is fulfilled See Figure 10.8, page 205, Notice to Accompany Disclosure of Information The inclusion of a redisclosure notice is mandated by the federal government when information relating to alcohol or drug abuse patients is released. I
COMPOUND AUTHORIZATION
An authorization for use or disclosure of patient-specific health information that has been combined with another document.
SITUATIONS REQUIRING INFORMED CONSENT
Any treatment rendered by a healthcare provider (except in an emergency situation) involves consent of the patient, either implied or express. Implied consent exists in situations in which a patient voluntarily submits to a procedure with apparent knowledge of that procedure and the procedure presents slight or no apparent risk (taking the patient's pulse or temperature). The law presumes the patient has given consent. Express consent of the patient, in the form of verbal or written informed consent, is necessary in cases where diagnostic or therapeutic procedures will be performed. Risk of harm may or may not be readily apparent to the patient but is generally considered to be more than slight. In Texas, the Texas Medical Disclosure Panel has created a list of procedures and treatments that require informed consent and a list of procedures and treatments that do not require informed consent.
ACCREDITING BODIES- COLLEGE OF AMERICAN PATHOLOGISTS
BODIES ACCREDITED- Clinical laboratories
ACCREDITING BODIES- NATIONAL COMMISSION ON CORRECTINAL HEALTH CARE (NCCHC)
BODIES ACCREDITED---Correctional Institutions
ACCREDITING BODIES-AMERICAN CORRECTIONAL ASSOCIATION
BODIES ACCREDITED--Correctional Institutions
ACCREDITING BODIES-COMMUNITY HEALTH ACCREDITATION PROGRAM (CHAP)
BODIES ACCREDITED--HMO
ACCREDITING BODIES---DNV
BODIES ACCREDITED--Hospitals
ACCREDITING BODIES- TJC
BODIES ACCREDITED--Hospitals, behavioral health facilities, critical access hospitals, long term care facilities, transplant centers, ambulatory care centers, clinical laboratories, & dx specific care programs
ACCREDITING BODIES- AOA, HCFAP
BODIES ACCREDITED--Hospitals, behavioral health facilities, critical access hospitals, primary stroke centers,, substance abuse centers, rehabilitation facilities, & ambulatory care centers
ACCREDITING BODIES----NATIONAL COMMITTEE FOR QUALITY ASSURANCE(NCQA)
BODIES ACCREDITED--Managed Care Organizations
ACCREDITING BODIES--COMMISSION ON ACCREDITATION OF REHABILITATION FACILITIES(CARF)
BODIES ACCREDITED--Programs & services in medical rehabilitation, assisted living, behavioral health, adult day care, & employment & community services.
ACCREDITING BODIES-ACCREDITATION ASSOCIATION FOR AMBULATORY HEALTHCARE(AAAHC)
BODIES ACCREDITED-Ambulatory Care Centers, Community Helath Centers, Health Plans, QHPs, Office bases surgery centers
Uses of Health Records
CLINICAL USES- Direct Pt Care Chronological Document of Clinical Care Method of Cross-Discipline Education Research Activities Public Health Monitoring Quality Improvement Activities NONCLINICAL USES- Billing & Reimbursement Verify Disabilities Legal Document of Care
IDENTIFY & DISCUSS THE 3 SOURCES OF LAW ON WHICH THE RIGHT OF PRIVACY IS BASED
CONSTITUTIONAL BASIS---Right to privacy is not explicitly listed in the U.S Constitution, the U.S Supreme Court has held that a fundamental right to privacy exists. Supreme Court recognized in it ( Whalen decision) a right to informational privacy. This right to privacy has also been recognized @ the state level, w/ some states providing more explicit constitutional privacy protection than that of the federal governmen. Statutory Basis STATUTORY BASIS---The right to privacy has been recognized at both the federal and state levels. Statutes focus on the type of records involved, the limits placed on the use of the protected records, and whether the government or the private sector is involved. FEDERAL LEVEL---Freedom of Information Act (FOIA) and Privacy Act of 1974 - both laws apply to governmental record-keeping activities and do not focus on the activities of the private sector. FOIA encourages access to government records and mandates disclosure upon requests, absent an exception listed in the statute. Privacy Act presumes that certain information is confidential and may not be disclosed unless there is written consent of the individual. Example of federal healthcare facilities: Veterans Administration (VA) Hospitals. These provisions include data held by the Social Security Administration (SSA) and the Department of Health and Human Service (DHHS).Both executive branch agencies release information held by them for purposes of research and statistical studies.When releasing data, the agencies remove patient-identifying data.Federal statutory confidentiality protections include the limited disclosure provisions governing drug and alcohol abuse treatment and participation the Medicaid program.These protections apply to healthcare providers in the private sector who accept federal funds. STATE LEVEL----Confidentiality protections at the state level fall into three categories: open record statutes, privacy statutes, and physician-patient privilege statutes. COMMON LAW BASIS------Common law protections of health information recognize the individual's right to bring a lawsuit for damages or injunctive relief against one who inappropriately obtains, discloses, or uses patient-specific health information.
CONFIDENTIAL
Clinical or medical data
EXPLAIN THE INTERRELATIONSHIP BETWEEN CONFIDENTIALITY & PRIVACY
Confidentiality refers to the obligation of the healthcare provider to maintain pt information in a manner that will not permit dissemination beyond the healthcare provider. As a general matter, the inderpinning to legal protections for pt specific health information in the pt's right to privacy. This right to privacy is sometimes referred to as the right to be let alone & other times as the right to control personal information, depending on the source of law on which the rights is based. It is helpful to distinguish between these terms by referring to privacy as a right belonging to the pt & confidentiality as duty belonging to the health care provider.
AUTHENTICATION
Confirms the content and accuracy of an entry into the medical record by written signature, initials, or computer-generated signature code.
COMPARE AND CONTRAST THE TERMS CONSENT & AUTHORIZATION WITH REGARD TO A NOTICE OF INFORMATION PRACTICES
Consent is referred to as "Consent to the Use and Disclosure of Health Information For Treatment, Payment, or Health Care Operations." Recognizes that the patient may wish to restrict the uses and disclosures of their protected health information and allows them to do so at the time of receipt of the consent document. he Rule requires that the healthcare provider obtain written authorization for specific disclosures not otherwise authorized by law. Patient's consent or authorization is not required for the disclosures listed in Figure 10.5, page 201, Exceptions to Prior Consent. The healthcare provider, and any business associate of the healthcare provider, must provide on the patient's request an accounting of the disclosures made.
TRACE THE HISTORICAL DEVELOPMEMT OF THE INFORMED CONSENT DOCTRINE
Cour ts in the early 1900s applied the theory of battery to lawsuits brught against healthcare providers. As the century progressed, the focus of lawsuits addressing the consent issue changed. The question became whether the pt truly understood the nature & effects of the treatment for which she consented. Did the pt have sufficient information from which to make an informed decision? This questioning derives from the ethical concept of autonomy. The concept requires healthcare providers to disclose to patients adequeate information in a manner the pt can understand. Focus changed, it became evident that the traditional battery theory would not suffice as a basis for these lawsuits. By grounding the informed consent doctrine in negligence, courst necessarily placed the focus on the health care provider's duty of due care. Developed by the courts, the informed consent doctrine places a duty on the healthcare provider to not only obtain consent to treatment but also to disclose to the pt, in an adequeate manner, the nature of the treatment or procedure, the risks involved, any available alternatives, & the benefits that could reaonably be expected as a result of the treatment or procedure.
COMPARE & CONTRAST RECORD DESTRUCTION DONE IN THE ORDINARY COURSE W/ THAT DONE DUE TO CLOSURE
DESTRUCTION IN ORDINARY COURSE- Acceptable methods of destruction include: shredding, burning or recycling. Some laws may require a hospital to crae an abstract of patient data before destroying the pt record. Stat laws may require the facility to notify the pt or licensing authority before destroying the pt's record. HIPAA Security Rule establishes a requirement for effective information security policies, including the issue of destruction of protected health information. Destruction of paper based records include: dissolving the records in acid, burning, pulverizing, or shredding. Destruction of data stored in electronic media include: magnetic degaussing, overwriting of data, & destruction of backup tapes or other back up media. No matter how the records are destroyed, confidentially of pt information must be maintained ( as required by HIPAA Privacy Rule). If a commercial contractor is employed ti destroy the records/data, the written contract should specify: The method of destruction The safeguards to be employed The indemnification provided in the event of an unauthorized disclosure. The certification procedure indicating that the records received were prperly destroyed Whether destroyed internally or externally, the institution should retain permanent evidence of the record's destruction in the ordinary cours of business. Certification of destruction- document that shows what data & records were destroyed, who destroyed those data & records. & the method used for that destruction. Failure to reatin a certificate of destruction of health records opens the healthcare provider to a charge that an individual record was destroyed for suspicious reason, such as to gain advantage in a lawsuit. Destruction of records in other than the ordinary course of busines smay result incivil liability. Criminal liability may also apply if the destruction is for the purpose of concealing responsibility for a pt's illness, injury, or death. Healthcare providers should NEVER destroy records currently in litigation,, audits, or investigations, even if the retention period would othewise have ended. DESTRUCTION DUE TO CLOSURE- State laws & regulations vary Some states recommend that the healthcare provider transfer health records to another healthcare provider. Some states recommend the healthcare provider to notify the appropriate licensing authority before taking action.
NON CONFIDENTIAL
Demographic Data( Common knowledge data)
COMPARE & CONTRAST THE PROFESSIONAL DISCLOSURE STANDARD & THE REASONABLE PT STANDARD
Disclosure is measured from two different perspectives: The healthcare provider's perspective, referred to as the professional disclosure standard - measures what a reasonable healthcare provider under the same or similar circumstances would disclose. The patient's perspective, referred to as the reasonable patient standard - measures what material information is necessary for an average, reasonable patient to reach a decision to consent to or forgo treatment.
DISCLOSURE OF INFORMATION
Disclosure of health information is governed by 2 principle : (1) medical records remain w/i the provider's control and safe keeping and may be removed only in accordance w/ a court order or subpoena(2) the healthcare provider may not disclose or withhold health information at will.
EXPLAIN THE PRINCIPLE OF THE MINIMUM NECESSARY STANDARD
Federal law, HIPAA Privacy Rule and American Recovery and Reinvestment Act of 2009 (ARRA), controls what may be released through the principle of the minimum necessary standard. Minimum necessary standard requires the healthcare provider to make reasonable efforts to limit the patient-specific health information to a limited data set. The healthcare provider must identify those who need access to the information to carry out their duties, what category of access is needed, and what conditions, if any, are appropriate to such access. The provider is expected to develop and implement reasonable policies and procedures that limit the information released on a routine and recurring basis to the amount reasonably necessary to achieve the purpose of the disclosure. The development of these criteria is aided by the ARRA regulations that procide guidance on what constitutes " minimum necessary " as it relates to HIPAA.
EXPLAIN THE CONCEPT OF THE NOTICE OF INFORMATION PRACTICES.
Federal standards for the privacy of patient-specific health information, also known as the HIPAA Privacy Rule, dictate that the patient be notified of these uses and be given the opportunity to consent, reject, or request restriction of this information for any or all of the many uses the health record serves. This notice requirement is known as a Notice of Information Practices. The Rule details both the content of the notice and the methods by which the patient is notified of the healthcare provider's information practices. The Rule requires the healthcare provider to obtain a general consent from the patient to use or disclose patient specific health information to carry out treatment, payment, and healthcare operations.Consent is referred to as "Consent to the Use and Disclosure of Health Information For Treatment, Payment, or Health Care Operations."Recognizes that the patient may wish to restrict the uses and disclosures of their protected health information and allows them to do so at the time of receipt of the consent document.If the healthcare provider cannot obtain consent, the reason(s) that it was obtained should be documented.
DESCRIBE THE TYPES OF RESTRICTIONS THAT CONFIDENTIALITY STATUTES & ETHICAL GUIDELINES PLACE ON HIV/AIDS INFORMATION
HIV/AIDS confidentiality statutes place restrictions on identifying both the patient tested and the test result. Disclosure of the patient's identity or the test result may be made only to the subject of the test or his/her legally authorized representative a person designated in a legally effective release of information the healthcare provider's staff directly involved in the patient's care the appropriate public health authority For mandatory testing by statute or court order, the relevant statute or court order will specify additional individuals who may receive the test results and/or the subject's identity. It is illegal to pass along or re-disclose information regarding an individual's HIV status to other parties, unless authorized by law. If improper or unauthorized disclosure of test results or the subject's identity occurs, the injured person may bring a civil suit for damages.Where the healthcare provider is the HIV-infected individual, the protections afforded by the legal restrictions on access to HIV information are not clear.As a patient, the HIV-infected healthcare provider should be able to have all of the confidentiality protections the law provides.As a healthcare provider, the HIV-infected provider may pose serious risks to any patient upon whom he/she performs invasive procedures.For this reason, the patient is entitled to know the healthcare provider's HIV status.The strict limits on disclosure of an individual' HIV status imposed by law may be enforced through lawsuits.Where the affected individual is the patient, the courts generally enforce the laws to benefit the patient's privacy interests.Where the affected individual is a healthcare provider, exceptions to these strict limits exist that may warrant disclosure despite the healthcare provider's opposition. Confidentiality protections may also be provided by ethical guidelines (standards of conduct issued by professional organizations to guide their members' future course of action).They are sometimes used to establish the standard of care in a negligence action.Confidentiality of an individual's HIV status does not cease upon the death of the individual.AMA (American Medical Association) has promulgated ethical guidelines for use in determining when it is appropriate for a physician to include AIDS/HIV-related information in the autopsy report. (The identification of a patient's cause of death as involving HIV or AIDS may result in adverse effects upon the character of the deceased patient or upon family members and friends.)
DE IDENTIFIED DATA
Health information that is stripped of all identifiers.
DE-IDENTIFIED HEALTH INFORMATION
Health information that is stripped of all identifiers.
AUTHORSHIP
Identifies the health-care provider who has made an entry in the patient record, in writing or by dictation, keyboard, or keyless data entry.
Summarize the multiple functions of a health record
Includes detailed personal, medical, financial, and social data about the patient. Serves both clinical & nonclinical uses. Format includes, paper, electronic, hybrid. Serves as a legal document. The record of a particular episode of a patient's care. Health records are used to prove what did or did not happen in a particular case & to establish whether the applicable standard of care was met. Legal Health Record- the business record generated @ or by the health-care provider or organization that addressed the patient's episode of care that was delivered by the provider or organization.
PRIVACY STATUTES
Laws that generally correspond with the principles found in the federal Privacy Act: a presumption of confidentiality that may be rebutted with evidence of patient authorization to disclose information.
Patient Data Categories
Least Sensitive----Personal & Financial Date More Sensitive---- Social Data Most Sensitive----Medical Data
DISTINGUISH BETWEEN LIVING WILLS & DURABLE POWER OF ATTORNEY FOR HEALTHCARE
Living will - a document, exercised while a patient is competent, that provides direction as to medical care in the even the patient becomes incapacitated or unable to make personal decisions. Durable power of attorney for health care - a document that allows a competent patient to name someone else to make healthcare decisions in the event the patient becomes incapacitated or unable to make personal decisions.
Electronic Helath record makes the concept of authorship
More complicated . The ability to cut, copy, & paste portions of the health record exists unless the system has geen desinged to prevent such an occurence. Problems that results from these functions include---misidentifying who is making an entry, placing portions of one person's health record in another person's health record, mistakenly adding services on dates when services were not rendered, and inadvertently repeating entries that are no longer accurate.
EXPLAIN THE ROLE THAT INSTITUTIONAL REVIEW BOARDS PLAY IN THE ACCESS BY RESEARCHERS TO HEALTH INFORMATION INVOLVING HUMAN SUBJECTS.
National Research Act was passed in 1970 and authorized implementing regulations and the forming of a commission to identify basic ethical principles that underlie human research studies.The National Commission for the Protection of Human Subjects in Biomedical and Behavioral Research, known as the National Commission, published the Belmont Report.The Belmont Report asserted that three main principles form the ethical basis for all research involving human subjects:Respect for personsTreating individuals as autonomous agentsObtaining informed consentRespecting the privacy of research subjectsBeneficenceRequirements for studies to seek a balance between benefits and risks to the patientStrong research design that maximizes benefits and reduces harmsJusticeSelect subjects equitablyAvoid exploitation of vulnerable populations These three principles carry equal force and weight and are used to evaluate the ethical nature of any research study involving human subjects. The Belmont Report also provides the ethical basis for the federal regulations that govern research involving human subjects. 1) Review of all research involving human subjects by an institutional review board (IRB) 2) Informed consent obtained from human research subjects 3) An assurance by the institution that it will comply with these federal regulations. The Office for Human Research Protections (OHRP), an agency within the U.S. Department of Health and Human Services (DHHS), administers these regulations.
Health records are relied on by
Nursing , medical, scientific communities as a primary source of information for research.
BUSINESS ASSOCIATE
One who performs or assists in performing a function or activity involving the use or disclosure of individually identifiable health information on behalf of a healthcare provider.
COMPARE & CONTRAST OPEN RECORD STATUTES & PRIVACY STATUTES
Open record statutes - apply to records held by a state agency and correspond with the principles of FOIA: a presumption of disclosure absent a statutory exemption. Privacy statutes - correspond with the principles of the Privacy Act: a presumption of confidentiality, which may be rebutted with evidence of patient authorization to disclose information. May impose fines upon healthcare facilities that breach confidentiality and allow for fines to be assessed for each unauthorized access to confidential patient information.
LIST THE OBLIGATIONS PLACED ON THE HEALTHCARE PROVIDERS BY THE PT SELF DETERMINATION ACT
Patient Self-Determination ActThe goal of the PSDA is to ensure that a patient's rights to self-determination in healthcare decisions be communicated and protected.Requires those healthcare providers who are Medicare or Medicaid certified to:inform their patients of the status of state law governing a patient's right to make advance directives for accepting or refusing healthcare services andthe healthcare provider's written policies concerning implementation of the patient's rights. Requires the healthcare provider ensure that the patient's health record reflects whether the patient has an advanced directive, and if so what type. Requires the healthcare provider to avoid discrimination against patients on the basis of whether the patient has executed an advance directive. Places obligations on healthcare providers to educate and communicate with patients, staff, and the community.B
AUTHORIZATION
Permission given to the healthcare provider by the pt allowing the provider to disclose pt specific health information.
EXPLAIN THE USE & APPLICATION OF THE PHYSICIAN-PATIENT PRIVILEGE
Physician-patient privilege - applies to the introduction of evidence at trial and is used to prevent the forced disclosure or testimony about information obtained by the healthcare provider during the course of treatment. The privilege is the patient's because the information is about the patient. It may be asserted on the patient's behalf by the healthcare provider to prevent forced disclosure. The privilege applies to both the governmental and private sectors. It exists to encourage the patient's disclosure of relevant information to the healthcare provider for proper care and treatment purposes.
CONTINUUM OF OWNERSHIP
Questions of ownership of health information range from the traditional view of the health-care provider having sole ownership of the medical record, to a joint patient-health-care provider ownership of the medical record, toward a trend placing health information in a trust capacity.
EXPLAIN THE CONCEPT OF REASONABLE FEES AND THE CHALLENGES MAD TO THIS CONCEPT
Reasonable fee - a fee charged by the healthcare provider for the reproduction of the health record. State law generally permits the provider to charge a reasonable fee for reproduction of patient health records. On the federal level, HIPAA states that providers may impose a reasonable cost-based fee for reproducing the record. Charging for the reproduction of patient health information is not mandatory; a provider does not have to charge for providing health information. They can provide the reproductions for free, but most charge to recoup some of the expense they incur from providing this reproductions. Charging for this service is generally limited to attorneys and insurance companies. If the reproductions are for continuing health care, the charge is waived. Patients wanting copies of their own health records may be charged if they are not using them for continued health care purposes.Fee schedule includes charges for the reproduction of paper records, health information stored on microfilm, and health information stored in digital or electronic medium. Where the patient's information is contained within an electronic health record, the American Recovery and Reinvestment Act of 2009 (ARRA) specifies the fees to be charged by the healthcare entity for delivery of patient health information in electronic format.
ADOPTION RECORDS
Records of the individual placed for adoption. Access to adoption records is controversial. The competing issues involved in access are the interests of the biological parent(s) in placing the child up for adoption, often with the promise of confidentiality, and the interests of the adoptee for genetic information and information about his or her natural identity.
FORCES INFLUENCING RETENTION OF HEALTH INFORMATION
STATUTORY & REGULATORY REQUIREMENTS Health-Care Provider's ability to : Render continuing pt care Conduct education & research Defend a professional liability action Storage Constraints New Technology Fiscal Concers
Identify & Explain how the sources of law influences the content of the health record
STATUTORY PROVISIONS Can be federal or state laws or municipal codes. Statutes- law written by fedral & state legislatures that become effective upon signature of the president(federal) or governor(state). States that have passed statutes refering to health records generally limit the statute to the requirements that the healthcare provider merely create a health record. If the content of the health record is defined by statute, the definition is oftne provided in the context of hospital licensing. REGULATIONS Regulations are promulgated by executive agencies(agencies crated by the Executive branch of government). Statutory provisions delegate certain powers to the executive agency responsible for licensing a healthcare facility. EXAMPLE---DHHS is one of the departments in the Executive branch. Within the DHHS is the CMS. CMS is an agency within DHHS. CMS regulates MC & MK. ACCREDITING STANDARDS Frequently used to establish standards of care Frequently used in negligence actions against health care providers. 2 WIDELY RECOGNIZED VOLUNTARY ACCREDITING BODIES IN HEALTHCARE ARE TJC & the AOA (American Osteopathic Association's(AOA) Healthcare Facilities Accreditation Program(HFAP). DEEMING AUTHORITY- Compliance w/ the requirements & standards of both acrediting organizations may substitute for compliance w/ the federal government's Medicare Conditions of Participation for Hospitals published by CMS. While accreditation through either JC or HFAP is optional, many hospitals choose to follow the accredited by one of these agencies, they do not have to undergo a separate MC survey to become MC certified. ( If a facility is not MC certified, they will not be reimbursed for services rendered to MC and MK patients. The accrediting agencies have standards requiring hospitals to maintain health records for each patient and describe in detail the contents of the medical record. INSTITUTIONAL STANDARDS----Do not carry the force of law, however, they are useful for establishin the standard of care in a negligence action. Health care institutions may create their own standards or adopt the standards issued by an accrediting agency where no specific statute or regulation specifically addresses the existence or content of a health record. If institutional standars are higher than the minimally acceptable standard found in statutes or acreditation standards, it is the higher standard against which the institution will be measured. PROFESSIONAL GUIDELINES--Allied health organizations published guidelines that address the existence & content of health records. Example__-AHIMA publishes position statements & practice briefs regarding health record content. These healthcare associations do NOT provide legal advice. They do address sensitive legal issues related to health records.
ETHICAL GUIDELINES
Standards of conduct issued by professional organizations to guide their members' future course of action.
DISCUSS THE LEGAL PROTECTIONS AFFORDED TO HEALTHCARE PROVIDERS WHEN TREATING PT'S IN AN EMERGENCY SITUATION
State legislatures and courts have recognized that healthcare providers confronted with these situations risk potential liability and so have created legal protections for them. Good Samaritan laws serve to protect healthcare providers from liability for unauthorized treatment, as opposed to protection from rendering negligent treatment or intentional misconduct.
EXPLAIN WHAT ROLE A STATUTE O LIMITATIONS PLAYS IN A RECORD RETENTION POLICY
Statutes of limitation in contract & tort actions also influence retention decisions because the ability ot defend a lawsuit successfully depends in part on the availity of the health record.
OPE RECORD STATUTES
Statutory provisions that address confidentiality requirements using a presumption of disclosure of information upon request, absent statutory exemption.
DISCUSS THE CONCEPT OF SUBSTITUTED CONSENT & ITS APPLICATION TO MINOR PATIENTS
Substtuted consent -The process allows a health care provider to provide treatment to the pt when the pt cannot provide consent to treatment. Substituted consent given by the parent or legal guardian will apply until the minor reaches the age of majority or becomes emancipated in the eys of the law. Examples of EMACIPATION---Marriage, childbirth, or entry into the armed forces. When certain medical conditions are present, state law may provide for the minor's consent even if majority or emancipation requirements are not met. EXAMPLES OF MEDICAL CONDITIONS include pregnancy, sexually transmitted diseases, and substance abuse.
COMPARE & CONTRAST THE PROCEDURES USED TO COMPLY W/ OR REFUSE A PATIENT'S REQUEST TO CORRECT THE RECORD
Such correction by the patient is a matter governed by federal & state law. The Privacy Rule grants rights to patients to amend thier health record. According to HIPAA, a pt has the right to have the healthcare facility "amend' their health record if they discover an inaccuracy. If the health care facility agrees to the amendment request in whole or in part, it must insert or provide a link to the amendment, inform the requestor it has accepted the amendment, & make reasonalbe efforts to inform other perosns indentified by the requestor as having previosley received pt specific health information. If the healthcare provider denies the request for amendment, it must give written notice to the requestor & inform the pt of thir right to add a statement of disagreement. Upon receipt of a concise statement of the correctionor amendment requested & the reasons, the healthcare provider must file the statement as part of the pt's health record, mark the callendged entry as inaccurate or incomplete according to the pt, & note whre in the rcord the corrected information is located. If a healthcare provider fails to comply w/ these requiredments, they may be subjected to liability. HIPAA permits the pt to bring a lawsuit against the healthcare provider or facility for noncompliance & receive actual damages along w/ attorney's fees & costs.
Health records other secondary purposes
Support the billing of insurance & benefits claims of individual patinets to whom they have provided care.
DESCRIBE THE CONTINUUM THROUGH WHICH QUESTIONS OF HEALTH INFORMATION OWNERSHIP HAVE PASSED
TRADITIONAL VIEW---Healthcare provider owns medical record, pt has no right to content of record. MODERN VIEW---While healhcare provider owns the medium in which pt's health information is created & stored, pt possesses right to access. HIPPA REQUIREMENT--The pt's right to access to his own information enshrined in law. FUTURE VIEW---Health information is held in trust by the healthcare provider for the benefit of the pt.
IDENTIFY THE SPECIAL PROCEDURES INVOLVED W/ THE DESTRUCTION OF ALCOHOL& DRUG ABUSE RECORDS UPON A PROGRAM'S CLOSURE.
The HIM should examine fedral regulations governing these areas to determine how to proceed. These requlations rquire health care providers to obtain the pt's written authorization before trasferring reocrds to an acquiring program or any other program named in the authorization. If transfer4 has not been authorized & recordss must be retained for a period specified by law, the records msut be placed in a sealed envelope or other container & labeled . These sealed records must be held confidential under the procedures outlined in the regulations until the end of the retention period. At the time, the records may be detroyed.
INFLUENCES HOW LONG THE HEALTH RECORD WILL BE RETAINED
The ability of ah healthcare provider to meet the needs of continuing pt care, education, research, & defense of professional liability actions.
BREACH
The acquisiton, access, use or disclosure of protected health information in a manne that compromises the security or privacy of protected health information
HEALTH RECORD CONTENT
The characteristics essential to constitute an adequate health record.
RECORD DESTRUCTION POLICY
The general principles determining the length of time medical records must be maintained before being destroyed. The length of time is determined by state statutes and state and federal regulations.
ACCOUNTING OF DISCLOSURES
The healthcare provider, and any business associate of the healthcare provider, must provide on the patient's request an accounting of the disclosures made.
LIST THE CORE ELEMENTS OF A VALID ROI
The individual's name and identifying information. A specific and meaningful description of the information to be used or disclosed. The name or other specific identification of the person or class of persons authorized to make the requested use or disclosure. The name or other specific identification of the person or class of persons to whom the disclosure is to be made. An expiration date or expiration event that relates to the individual or purpose of the use or disclosure. A statement of the individual's right to revoke the authorization, the exceptions to the right to revoke, and a description of the individual may revoke the authorization. A statement that the information used or disclosed is subject to redisclosure and may lose its protected status. The signature and date of the individual. If the authorization is signed by the individual's personal representative, a description of the representative's authority to act for the individual.
EMANCIPATION
The legal ability of a minor to act as an adult when he or she has moved away from home and receives no support from his or her parents.
LEGAL HEALTH RECORD
The legal business record generated at or for a health-care organization that is produced upon request.
SUBSTITUTED CONSENT
The legal doctrine that allows an authorized person to consent to or forgo treatment on the patient's behalf when the patient is not legally competent to provide consent.
PHYSICIAN -PT PRIVILEGE
The legal doctrine that prevents forced disclosure of, or testimony about, information obtained by the healthcare provider during the course of treatment.
INFORMED CONSENT
The legal doctrine that requires the healthcare provider to disclose information to the pt about treatment options and risks so that tlhe pt may knowledgeably consent to treatment.
MEDICAL ADVICE
The provision of a professional's opinion about what action an individual should or should not take with regard to their health.
IMPLIED CONSENT
The pt's consent to receive daignosti or therapeutic treatment or procedures w/o expressing verbal or written action by the pt, often existing in situations in which a pt voluntarily submits to a procefure w/ apparent knowledge of that procedure & the procedure present slight or no apparent risk, such as taking the pt's pulse or temperature.
PRIVACY
The right to be left alone or the right to control personal information. The pt's right to privacy is the uderpinning to legal protections for pt specific health information .
DEEMING AUTHORITY
The substitution of complying with the requirements and standards of an accrediting organization in lieu of complying with the Medicare Conditions of Participation issued by the Centers for Medicare and Medicaid Services.
EXPRESS CONSENT
The verbal or written consent of a pt to receive diagnostic or therapeutic treament or procedures
COMPARE & CONTRAST THE RIGHTS OF ACCESS OF PT'S & 3RD PARTIES TO PT SPECIFIC HEALTH INFORMATION
Third parties may have legal access to a patient's health information either with the patient's authorization or without the patient's authorization, depending on who the third party is and the reason for access.Patient's authorization is required for release to:AttorneysInsurance companiesPatient's employer, unless workers' compensation claim is involved (state law may provide the employer with a right of access to the information without the patient's authorization).Family member, unless the parent or legal guardian of a minor child Patient's authorization is not required for release to: Healthcare provider providing care and treatment Surveyors with accrediting and licensing agencies to perform their duties Attorney representing the healthcare provider in case of a lawsuit
IDENTIFY THE IMPORTANCE OF KEEPING PERMANENT EVIDENCE OF A RECOR'S DESTRUCTION IN THE ORDINARY COURSE
This permanent evidence would most likely be a certificate of destruction ( COD), a document that shows what data & recordss wre destroyed, who destroyed those data & records, & the method used for that destruction. These certificates also serve the purpose of defending a healthcare provider in an investigation before a governmental agency or in a medical malpractice lawsuit in which the absence of a health record is an issue.
ENTERPRISE CONTENT AND RECORD MANAGEMENT
Those electronic records management principles (all of the digital and analog records) and enterprise content management principles (the technology, tools, and methods) to capture, store, deliver, and preserve content across an enterprise.
RETENTION REQUIREMENTS-STATUTES & REGULATIONS
Time frame for retention may differ if the pt is an adultor minor or has a mental disability. On the federal level, Medicare Conditions of Participation require hospitals to maintain health records for the period of the state's applicable statute of limitations, or if no applicable statute, for 5 yrs after discharge. Retention requirements for business records are base on statutes & regulations @ both the federal and state levels . Business records include : books of accounts, vouchers, cancelled checks, personnel & payroll documents, sales records, compliance documents, and correspondence. According to HIPAA, coveredd entities are required to retain these business records for 6 yrs.
IDENTIFY WHO IS GRANTED AUTHORITY TO RELEASE HEALTH INFORMATION
Who may grant authority to release health information is a matter governed by state law and regulation. Generally, the authority rests with the patient, if the patient is a competent adult or emancipated minor a legal guardian or parent on behalf of a minor child, or the executor or administrator of an estate if the patient is deceased
DESCRIBE THE METHODS EMPLOYED TO DISCLOSED HEALTH INFORMATION
Who may grant authority to release health information is a matter governed by state law and regulation. Generally, the authority rests with the patient, if the patient is a competent adult or emancipated minor a legal guardian or parent on behalf of a minor child, or the executor or administrator of an estate if the patient is deceased The method of disclosure of health information is frequently handled by mail, but may also be accomplished through electronic transmittal, facsimile machine, or telephone where the mail method will not meet the need for urgent patient care.Additional safeguards should be instituted for release of information by electronic transmittal, facsimile machine, or telephone.Encrypting data if public channels are used for electronic transmittalCreating documentation requirements for telephone disclosuresFollowing guidelines of professional associations for faxing health information
DEFINE THE TERM ADVANCE DIRECTIVE
Written instructions recognized under state law, such as a living wills, or durable power of attorney for healthcare that relate to the kind of healthcare the pt wishes to have or not have when incapacitated.
Differentiate between proper & improper methods for a health care provider to correct the health record
`Paper based health record is to draw a single line through the entry & write "error" next to it , along w/ the date, time, & initials of the person making the correction. Line should be drawn so that what is written can still be read. Improper would be where the original entry wa obliterated or covered w/ correction fluid. Reason for the correction should be noted, where appropriate. Only the person who made the mistaken entry should correct the entry. Electronic Health Record---the correction is made by the way of an addendum to the electronic record. The error is left in an unaltered state. A new document showing the correction is created & added to the electronic record, w/ a computer code attribute used to reference the original document to the addendum. An electronic signature is required to authenticate the adendum. Tracking mechanisms such as a flag or notation may be employed as another way to indicate a correction. Improper---Deleting or obliterating data should never occure. Deleting data compromised the integrity of the record & impacts the trustworthiness of the reocrd for evidentiary purposes. Only in rare circumstances should deletion of data be permitted, & when permitted, a means to recover the deleted datat should be available in the event recovery is necessary.
If rubber stamp signatures by the medical staff are
acceptable for authentication purposes, the licensing authority may require the helathcare institution to maintain in its administrative offices a signed statement that the medical staff member whose signature stamp is involved is the only one who has the stamp & is the only one authorized to use it.
DURABLE POWER OF ATTORNEY
allows competent individuals to appoint someone to make decisions on their behalf in the event that they become incompetent
Policies need to be in place to address the use of
cut , copy, & paste functions can identify issues of compliance w/ these policies & whether modifcaiton or additonal training is warranted.
Authentication Principles
dictate that only the author of the entry may authenticate the entry .Only the preson with first hand knowledge of the act, event, condition, opinion, or diagnosis can author the entry. Timeliness of authentication is = important. For paper based records, the time & date of the authetication is manually entered. For electronic records, time & date are automatically entered. This is requirement of both licensing& accreditation.
CMS accepts
physician signatures that are handwritten, electronic, or facsimiles of original written or electronic signatures.
Health records assist in
quality improvement activities because they provide a source from which to evaluate the adequacy & appropriateness of patient care.
CONFIDENTIALITY
the act of holding information in confidence, not to be released to unauthorized individuals
CMS no longer accepts the
use of signature stamps in health record documentation.