health organization week 1

professionalism

the skill, good judgement and polite behavior expected from a person who is to do a job well.

Standards of Ethical Coding

1.Apply accurate, complete, and consistent coding practices for the production of high-quality healthcare data. 2.Report all healthcare data elements (e.g. diagnosis and procedure codes, present on admission indicator, discharge status) required for external reporting purposes (e.g. reimbursement and other administrative uses, population health, quality and patient safety measurement, and research) completely and accurately, in accordance with regulatory and documentation standards and requirements and applicable official coding conventions, rules, and guidelines. 3.Assign and report only the codes and data that are clearly and consistently supported by health record documentation in accordance with applicable code set and abstraction conventions, rules, and guidelines. 4.Query provider (physician or other qualified healthcare practitioner) for clarification and additional documentation prior to code assignment when there is conflicting, incomplete, or ambiguous information in the health record regarding a significant reportable condition or procedure or other reportable data element dependent on health record documentation (e.g. present on admission indicator). 5.Refuse to change reported codes or the narratives of codes so that meanings are misrepresented. 6.Refuse to participate in or support coding or documentation practices intended to inappropriately increase payment, qualify for insurance policy coverage, or skew data by means that do not comply with federal and state statutes, regulations and official rules and guidelines. 7.Facilitate interdisciplinary collaboration in situations supporting proper coding practices. 8.Advance coding knowledge and practice through continuing education. 9.Refuse to participate in or conceal unethical coding or abstraction practices or procedures. 10.Protect the confidentiality of the health record at all times and refuse to access protected health information not required for coding-related activities ( examples of coding-related activities include completion of code assignment, other health record data abstraction, coding audits, and educational purposes). 11.Demonstrate behavior that reflects integrity, shows a commitment to ethical and legal coding practices, and fosters trust in professional activities.

Health care professionals are expected to act ethically when seeing patients. What exactly does that mean?

Beneficence- the professional should be helping and benefiting other people -always try to perform his best to make the patient whole again - should be gentle, hold human life sacred, never make the patient feel small and insignificant, tolerance., honor another person's belief and perspective, integrity, honest, admit any mistakes because it could impact a patient's life, must be fair, Empathy is understanding how another feels without experiencing their pain like (how would you feel if you were in their shoes), sympathy and compassion. Sympathy means that you can feel pity for another person, while compassion means that you exhibit a gentle caring manner toward people, especially people who are upset by a situation.

Confidentiality

Confidentiality is your right to keep things about you from being disclosed to other people. So you vest confidentiality in a physician and a healthcare system and by doing that expect them to not disclose information about yourself to others, to keep it confidential

Health Insurance Portability and Accountability Act of 1996 (HIPAA) - Background

HIPAA, a federal law passed in 1996 included administrative simplification requirements to 1) standardize electronic submission of administrative and financial transactions and 2) to protect the security and privacy of transmitted information. HIPAA required that congress pass legislation relating to privacy of health information within a certain specified time period. If congress failed to pass legislation, than the DHHS (Department of Health and Human Services) was required to develop rules and regulations pertaining to the privacy of health information. Congress did fail to pass legislation and the responsibility for developing rules and regulations passed to DHHS which recently published the final rules.

Hospital Policy

Hospital policies and procedures must be written in accordance with the requirements of federal and state laws and regulations. Generally to ensure compliance, the release of health information is performed by staff that has been appropriately trained - in most instances there is specially trained staff in the HIM Department who coordinate the release/disclosure of all patient information in accordance with federal and state requirements as well as the facilities polcies and procedures. The facility has a responsibility to respond to legitimate demands for information while protecting the confidentiality interests of the patient.

Professional Ethics

Medical ethics is using reason and logic to deal with situations concerning life, death, and the continuum between the two. It also deals with regulating the behavior of the health care professionals as well as the patient, relatives and the community. Health care professionals are held to a higher standard because their business deals with people.

What information is confidential?

Medicare delineates confidential information as "any information that derives from a clinical relationship between patients and the healthcare professionals. Confidential information includes, but is not limited to all clinical data and the patient's address on discharge".

Need to Know Basis

Patient information should be available to hospital staff on a need to know basis. Just because a physician or nurse works at the hospital does not mean that they are entitled to view any medical record. Instead, it is based upon "need to know" - if the physician or nurse is not involved in the patient's evaluation or treatment or in an administrative function such as quality improvement involving the medical record, then he/she is not entitled to see the record. The "need to know" rule applies to everyone working at the facility. Intentional breach of confidentiality is considered a serious offense and usually results in termination of employment.

health information management

Practice of aquiring, analyzing, protecting digital and traditional medical info. vital to providing quality patient care. Ex., Health information management professionals are the RHIAs, RHITs, CCSs, CCS-Ps, CCAs and other trained individuals working in health information related careers

Privacy

Privacy is your right to keep things to yourself, your ability not to have to disclose private things about yourself

Registered Health Information Technician (RHIT)

Responsibilities ◦organizing, analyzing & evaluating health records against standards ◦coding diagnoses and procedures ◦maintaining indexes, storage & retrieval of records and information ◦abstracting health data; compiling statistics ◦controlling the use and release of information ◦supervising day-to-day operations of him departments in a variety of facilities •Education - Associate's degree in Health Information with course work in sciences, health information science, medico-legal aspects, quality management, computers, healthcare delivery, supervision, and coding •Credentialing - The RHIT credential is awarded after success completion of an examination. Exam applicants must be graduates of an accredited Associates Degree Program. The credentials awarded demonstrate possession of entry-level competencies and credentialed professionals usually earn a higher salary than non-credentialed workers. Since the RHIT is a national credential rather than a license, the credential is recognized throughout the country. •Continuing Education Requirement - 20 CE every 2 years with 80% in core areas: technology, management, clinical data management, performance improvement, external forces and clinical foundation

Registered Health Information Administrator (RHIA)

Responsibilities ◦planning & developing health record systems ◦inservice education ◦developing & implementing budgets ◦ensuring compliance with policies, procedures, regulations, standards ◦designing health information systems ◦directing & managing human resources ◦committee participation and leadership ◦basic and applied research •Education - A bachelor's degree in HIM or post-graduate course work in HIM is required. Course work includes sciences, record and health information management, management fundamentals, management technology, human resources, medico-legal, advanced levels of computers in health care, healthcare delivery, research methods and statistics, utilization and evaluation of healthcare services. RHIT progression to RHIA is available somewhat locally from the following colleges in NJ/NY metro region: University of Medicine & Dentistry NJ and Temple University(Philadelphia). Your options are significantly expanded if you choose a college or university that provides distance education, including SUNY-Utica, and numerous others throughout the country. For a current list of accredited RHIA programs visit CAHIIM You can also search this site for accredited Master's programs in Health Information Management. •Credentialing - Graduates of accredited four year HIM programs or post-graduate certificates in HIM may take the national RHIA certification exam, given once a year in October. Individuals passing the exam may use the RHIA credentials. •Continuing Education - 30 CE credits every two years with 80% in core areas

Security

Security is the activity of protecting your personal information. Typically in electronic information systems but there is a whole series of issues related to paper-based information security although we don't think about it as much and we'll talk about that topic.

State Laws

State privacy and confidentiality laws and regulations related to health information will vary. These laws and regulations are usually found in privacy statutes, open record statues (similar to the federal FOIA), in physician-patient privilege statutes or may be grounded in case law or common law. . Additional requirements are often found in state licensing regulations for facilities and/or healthcare professionals. In New Jersey for example, the Department of Health's licensing regulations require every licensed healthcare facility to maintain the confidentiality of patient information and state-funded mental health programs are mandated to maintain confidentiality of patient information. Patient Bills of Rights required by NJ law for hospital patients and nursing home residents

Informatics

The Professional - Informatics professionals "work in health informatics and information management, building connections between information technology and the people who utilize healthcare data. They make sure information is complete, accurate, relevant, readily available, and ensure the healthcare organization's information is secure and patient privacy is protected."

•HITECH

The American Recovery and Reinvestment Act (ARRA) (Public Law 111-5; 2009) provides many different stimulus opportunities, one of which is $19.2 billion on health IT. Title XIII of ARRA was given a subtitle: Health Information Technology for Economic and Clinical Health Act (HITECH). It is this section that deals with many of the health information communication and technology provisions including Subpart D - Privacy. One provision in HITECH modifies the HIPAA Privacy standards by increasing the penalties breaches of privacy and requiring notification procedures when breaches occur.

•HIPAA Privacy Standards

The HIPAA privacy standards (also known as the Standards for Privacy of Individually Identifiable Health Information ) were developed as a result of the administrative simplication requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) The Privacy standards became effective April 14, 2003 The final rule protects all medical records and other individually identifiable health information in any form or medium. The standards apply to all health plans, healthcare clearinghouses and providers

•The Privacy Act of 1974

The Privacy Act of 1974, 5 U.S.C. 552a, prohibits disclosures of records maintained by a federal agency (or its contractors) without the written request or consent of the individual to whom the record pertains. The Act applies to all federal agencies and certain federal contractors who operate Privacy Act systems of records on behalf of federal agencies

Certified Documentation Improvement Practitioner (CDIP)

The Professional - The CDIP professional is one who has demonstrated "extensive expertise in CDI guidance, knowledge of documentation requirements relative to compliant coding and billing, in addition to EHR functionality to support documentation capture." The CDI professional is knowledgeable with respect ot RAC audits, ARRA/HITECH, and other initiatives focused on improving the quality of healthcare. http://www.ahima.org/certification/cdip.aspx. •Exam Eligibility- Applicants for the credentialing exam must meet one of the following requirements ◦An RHIA, RHIT, CCS, CCS-P, RN, MD or DO and two (2) years experience in clinical documentation improvement ◦An Associate's degree or higher and three (3) years of experience in clinical documentation improvement (candidates must also have completed coursework in Medical Terminology and Anatomy and Physiology) •Credentials - ◦CDIP - Certified Documentation Improvement Professional. Certified Healthcare Technology Specialist (CHTS) •The Professional - CHTS professionals "demonstrate proficiency in certain health IT workforce roles integral to the implementation and management of electronic health information". •Exam Eligibility - Recommended (not required): ◦Individuals trained through short-duration (typically six months) non-degree health IT workforce development programs, OR ◦Members of the workforce with relevant experience or other types of training. •Credentials The Clinician/Practitioner Consultant Examination (CHTS-CP) Implementation Manager Examination (CHTS-IM) Implementation Support Specialist Examination (CHTS-IS) Practice Workflow & Information Management Redesign Specialist (CHTS-PW) Technical/Software Support Staff Examination (CHTS-TS) Trainer Examination (CHTS-TR)

Certified Health Data Analyst (CHDA)

The Professional - The CHDA professional is one who has "with the knowledge to acquire, manage, analyze, interpret, and transform data into accurate, consistent, and timely information, while balancing the "big picture" strategic vision with day-to-day details. CHDA-credentialed professionals exhibit broad organizational knowledge and the ability to communicate with individuals and groups at multiple levels, both internal and external."(AHIMA http://www.ahima.org/certification/chda.aspx. •Exam Eligibility- Applicants for the credentialing exam must meet one of the following requirements must meet one of the following eligibility requirements for the Certified Health Data Analyst examination: ◦Associate's degree and minimum of five (5) years of healthcare data experience ◦Healthcare information management credential (RHIT) and minimum of three (3) years of healthcare data experience ◦Baccalaureate degree and a minimum of three (3) years of healthcare data experience ◦Healthcare information management credential (RHIA) and minimum of one (1) year of healthcare data experience ◦Master's or related degree (JD, MD, or PhD) and one (1) year of healthcare data experience •Credentials - ◦CHDA - Certified Health Data Analyst

Certifications in Privacy and Security (CHPS)

The Professional - The CHPS professional is one who has demonstrated "advanced competency in designing, implementing, and administering comprehensive privacy and security protection programs in all types of healthcare organizations" http://www.ahima.org/certification/chps.aspx. •Responsibilitiesprivacy and/or security areas of health information management •Education- Applicants for the credentialing exam must meet one of the following requirements ◦Associate's degree and six (6) years experience in healthcare privacy or security management ◦Healthcare information management credential (RHIT) and minimum of four (4) years of experience in healthcare privacy or security management. ◦Baccalaureate degree and a minimum of four (4 ) years experience in healthcare privacy or security management ◦Healthcare information management credential (RHIA) and minimum of two (2) years of experience in healthcare privacy or security management ◦Master's or related degree (JD, MD, or PhD) and two (2) years of experience in healthcare privacy or security management •Credentials - ◦CHPS - Certified in Healthcare Privacy and Security

Certified Coding Associate.(CCA)

The Professional- The CCA is an entry-level coding professional who has demonstrated competency in the field, but may not have much job experience. •Responsibilities: include coding, data quality and reimbursement. •Education- A high school diploma is required. Per AHIMA "Although not required, it is strongly recommended that candidates have at least six months experience in a healthcare organization applying ICD-10-CM/PCS and CPT coding conventions and guidelines, or have completed either an AHIMA-approved coding certificate program, or other formal coding training program. The CCA exam is not linked to any formal education or training in coding." •Credentials - CCA •Career Path - see next page •Continuing Education - The credentialed CCA must complete 20 CE clock hours/credits every two years. The CCA must complete an annual self-assessment. Each self-assessment is worth 5 CE credits

Federal Substance Abuse Confidentiality Requirements

The federal confidentiality of substance abuse patient records statute, section 543 of the Public Health Service Act, 42 U.S.C. 290dd-2, and its implementing regulation, 42 CFR Part 2, establish confidentiality requirements for patient records that are maintained in connection with the performance of any federally-assisted specialized alcohol or drug abuse program. Substance abuse programs are generally programs or personnel that provide alcohol or drug abuse treatment, diagnosis, or referral for treatment. The term "federally-assisted" is broadly defined and includes federally conducted or funded programs, federally licensed or certified programs, and programs that are tax exempt. The substance abuse regulation requires notice to patients of the substance abuse confidentiality requirements and provides for written consent for disclosure. We'll be looking at the Federal Substance Abuse Confidentiality requirements more thoroughly later in this course

Final Privacy Rule

The final rule pertaining to the HIPAA privacy standards (also known as the Standards for Privacy of Individually Identifiable Health Information ) was published in the Federal Register on December 28, 2000. The federal rule preempts (or takes precedence over) any state regulations except when •the state law is more stringent •the state law related to the reporting of disease/injury, child abuse, birth, or death or when it relates to public health surveillance, investigation or intervention •the state law requires a health plan to report or provide access to information for the purpose of audits, program monitoring evaluation or licensing or certification of facilities or individuals •the state has received approval from DHHS for an exception

Who is responsible for maintaining and ensuring confidentiality?

The provider (the healthcare facility, physician practice, etc) owns the physical record itself. However, the information it contains belongs to the patient and release of that information in most cases must be authorized by the patient. It is the provider's responsibility to protect against unauthorized disclosure regardless of the source of the information - computer, paper records, conversations, etc. As employees and as healthcare professionals we are bound ethically and legally to maintain the confidentiality of patient information.

Who Do the Standards Apply To?

The standards apply to covered entities which are defined as •health plans •healthcare clearinghouses •providers who transmit "any information in electronic form in connection with a transaction covered under" HIPAA whether they do so directly or through "business associates".

•The Freedom of Information Act (FOIA)

When a FOIA request asks for documents that include protected health information the federal agency, in most cases, must apply Exemption 6 to preclude the release of medical files or otherwise redact identifying details before disclosing the remaining information

The HIPAA Privacy Rule applies to

all covered entities, as well as health care providers. Covered entitiesinclude health insurance plans and carriers, pharmacies, clearinghouses and other organizations that transmit health care transactions. Be aware also that some states have stricter confidentiality and privacy regulations than HIPAA and must also be complied with.

•Medicare Conditions of Participation

information from or copies of records may be released only to authorized individuals, and the hospital must ensure that unauthorized individuals cannot gain access to or alter patient records. Original medical records must be released by the hospital only in accordance with federal or state laws, court orders or subpoenas

Health Insurance Portability and Accountability Act (HIPAA

provided federal protection of health information

•Clinical Laboratory Improvement Amendments (CLIA)

require clinical laboratories to comply with standards regarding the testing of human specimens. This law requires clinical laboratories to disclose test results or reports only to authorized persons, as defined by state law. If a state does not define the term, the federal law defines it as the person who orders the test.

What's Protected

•all medical records and other individually identifiable health information in any form or medium Health information is defined as any information, whether oral or recorded in any form or medium, that: ◦ Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and ◦ Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

HITECH (Health information Technology for Economic and Clinical Health Act, ARRA (American Recovery and Reinvestment Act

◦ARRA has several provisions that extend HIPAA privacy, security, and administrative requirements to business associates (BAs). In addition there are new provisions for HIPAA-covered entities and BAs, as well as provisions for those not considered HIPAA-covered. ◦Breach requirements (identification and notification) are established both for HIPAA-covered entities and non-HIPAA-covered entities, essentially any organization holding personal health information. ◦Restrictions are further established on the sales of health information. ◦A new accounting requirement is established for disclosure related to treatment, payment, and operations. New access requirements are established for individuals related to healthcare information in electronic format. ◦New conditions are instituted for marketing and fund raising functions. ◦Personal health record information with non-HIPAA entities is now protected. ◦Use of de-identified data and minimum necessary data will be addressed. ◦Enforcement is improved and penalties are increased.

Certified Coding Specialists.(CCS & CCS-P)

◦The Professionals: 1.CCS- The professional whose coding expertise is focused towards a hospital environment. This individual demonstrates significant expertise with ICD-10-CM/PCS coding system and the surgery section within the CPT coding system. The CCS is also an expert in health information documentation, data integrity and quality, anatomy, physiology, and pharmacology. 2.CCS-P (Physician-based) is a professional whose multi-specialty coding expertise is focused towards a physician-based environment (e.g., managed care, physician's office, multi-specialty clinic). This individual demonstrates significant expertise with the CPT coding system, and is familiar with the ICD-10-CM/PCS and HCPCS Level II coding systems. The CCS-P is also an expert in health information documentation, data integrity and quality. ◦Responsibilities: include coding, data quality and reimbursement. ◦Exam Eligibility- Effective January 1, 2013, CCS and CCS-P candidates must now meet one of the following eligibility requirements: ◾Credential—RHIA, RHIT, or CCS/CCS-P OR ◾Education—Completion of a coding training program that includes anatomy and physiology, pathophysiology, pharmacology, medical terminology, reimbursement methodology, intermediate/advanced ICD diagnostic/procedural and CPT coding OR ◾Experience—Minimum two years of related coding experience directly applying codes OR ◾Credential with experience—CCA plus one year of coding experience directly applying codes OR ◾Other—Coding credential from other certifying organization plus one year coding experience directly applying codes. ◦Credentials - CCS or CCS-P ◦Continuing Education - Credentialed individuals complete 10 CE credits if they have one credential or 20 CE credits if they have both a CCS and a CCS-P credential. Fifty percent of these CE credits must be in core content areas. In addition they must complete an annual self-assessment test and pay the annual maintenance of certification fee to retain the credential.