480 likes | 786 Vues
Health Information Management Technology — Second Edition —. An Applied Approach Chapter 15 Legal Issues in Health Information Technology. HIM Legal Issues. Compilation and maintenance of health records Ownership and control of health records, including use and disclosure
E N D
Health Information Management Technology— Second Edition — An Applied Approach Chapter 15 Legal Issues in Health Information Technology ©2006 All rights reserved.
HIM Legal Issues • Compilation and maintenance of health records • Ownership and control of health records, including use and disclosure • Use of health records and health information in judicial proceedings ©2006 All rights reserved.
U. S. Legal System • How are laws classified? • Public law • Private law • How are laws made? • Constitutions • Statutes • Administrative law • Judicial decisions ©2006 All rights reserved.
U.S. Legal System (continued) • How are legal disputes handled? • U.S. court system • District courts • Courts of appeals • Supreme Court • State court systems • Trial courts • Appellate courts • State supreme court ©2006 All rights reserved.
U.S. Legal System: How are legal disputes handled? (Continued) • Dispute resolution • Administrative agencies • Arbitration • Mediation ©2006 All rights reserved.
U.S. Legal Process • Bringing a lawsuit • Plaintiff(s) • Defendant(s) • Counterclaim • Joinder • Crossclaim • Complaint • Summons ©2006 All rights reserved.
U.S. Legal Process (continued) • Discovery period • Deposition • Subpoena • Subpoena ad testificandum • Subpoena duces tecum • Trial • Post-Trial: appeal and collection of the judgment ©2006 All rights reserved.
Medical Malpractice • What is professional liability? • Medical malpractice • Physician-patient relationship • Contract • Express • Implied • Tort • Intentional tort • Negligence ©2006 All rights reserved.
Medical Malpractice • Types of negligence • Nonfeasance • Malfeasance • Misfeasance • Elements of negligence • Duty • Breach • Causation • Injury/Harm ©2006 All rights reserved.
Form and Content of the Health Record • What legal requirements affect the form and content of the health record? • Statutory laws such as state and federal statutes • Regulatory laws such as Medicare, HIPAA, and public health reporting requirements • Standards by accrediting bodies such as the JCAHO • Failure to comply results in some type of penalty ©2006 All rights reserved.
Form and Content of the Health Record (continued) • Guidelines for complying with statutory and regulatory laws and accreditation standards: • Policies and procedures should comply with all laws and standards • Health records should be systematically organized • Only authorized persons should document in the health record • Policies should specify who can receive and transcribe verbal orders ©2006 All rights reserved.
Form and Content of the Health Record (continued) • Guidelines for complying with statutory and regulatory laws, and accreditation standards (continued) • Health record entries should be documented at the time service is provided • Authors of all entries should be clearly identified • Only approved abbreviations and symbols should be used in the health record • All entries should be permanent ©2006 All rights reserved.
Form and Content of the Health Record (continued) • Guidelines for complying with statutory and regulatory laws, and accreditation standards (continued) • Policies and procedures for error correction should be in place • Policies and procedures for addenda to the record should be in place • Quantitative and qualitative analyses of health records should be conducted • All laws and other requirements should be reviewed and understood ©2006 All rights reserved.
Retention of Health Records • When developing retention policies, consider: • Federal, state, and local statutes and regulations for your institution type • Statutes of limitation for malpractice and other claims • Retention standards of pertinent accreditation body • Use of records within the organization ©2006 All rights reserved.
AHIMA Retention Guidelines • Ensure that patient information is available to meet patient care needs, legal requirements, research, education, and other legitimate uses • Develop a retention schedule that meets needs of patients, physicians, researchers, and other legitimate users and complies with all regulations and laws • Develop guidelines that specify what information should be retained, the retention period, and the storage medium • Maintain compliance documentation and develop policies and procedures for compliance documentation ©2006 All rights reserved.
HIPAA Definition • Health Insurance Portability and Accountability Act (HIPAA) of 1996 • Focus of Title II (1 of 5 titles) • Medical liability reform • Health care fraud and abuse prevention • Administrative simplification • Privacy standards • Security standards • Transactions, identifiers and code set standards ©2006 All rights reserved.
HIPAA Terminology • Protected Health Information (PHI) • Designated Record Set (DRS) • Use • Disclosure • Requests • Minimum Necessary • Treatment, Payment, and Operations (TPO) • Preemption ©2006 All rights reserved.
Entities Covered by HIPAA • Covered entities • Healthcare providers, such as hospitals, pharmacies, physician office practices, long-term care facilities, and clinics • Health plans, such as insurance plans • Healthcare clearinghouses, such as billing companies ©2006 All rights reserved.
HIPAA Applicability • The HIPAA privacy rule applies to covered entities who engage in transmitting or performing any electronic transaction specified in HIPAA • Health claims and encounter information • Health plan enrollment and disenrollment • Eligibility for a health plan • Healthcare payment and remittance advice • Health plan premium payments • Health claim status • Referral certification • Coordination of benefits ©2006 All rights reserved.
HIPAA Applicability (continued) • Business Associates (BAs) • What is a business associate? • Disclosures of PHI to BAs • Business associate agreement (BAA) • Content of BAA ©2006 All rights reserved.
HIPAA Applicability (continued) • Workforce Members • Who is considered a workforce member of a covered entity? • Are contractors working in a covered entity considered workforce members or business associates? ©2006 All rights reserved.
HIPAA Applicability (continued) • De-identified information • Does not identify the individual • Not subject to the HIPAA privacy rule • What elements must be removed to de-identify an individual? • Reidentification ©2006 All rights reserved.
HIPAA: Individual Rights • The HIPAA privacy rule provides individuals with rights to provide some control over their health information • Right of access • Right to request amendment • Right to accounting of disclosures • Right to request restrictions • Right to request confidential communications • Right to complain of privacy rule violations ©2006 All rights reserved.
HIPAA: Individual Rights - Access • Right of access • Own PHI contained in a designated record set • Exceptions to access • Psychotherapy notes • Information compiled for civil or criminal actions • Denial of access • Not subject to review • Subject to review ©2006 All rights reserved.
HIPAA: Individual Rights - Access (continued) • Access request • Provide request in writing (if previously informed of this) • Timely response is required by the covered entity • 30 days from receipt of request • Extension of time period • 30-day extension • Must provide individual with written statement within original 30-day time period • Written statement must include reason for delay and date covered entity will complete its action • Time period for records not maintained on site ©2006 All rights reserved.
HIPAA: Individual Rights - Access (continued) • Charges • Reasonable fee may be imposed • Copying, including supplies and labor • Postage, when individual has requested information to be mailed • Preparation of an explanation summary, if agreed to by the individual in advance • Stricter state laws apply to fees ©2006 All rights reserved.
HIPAA: Individual Rights – Request Amendment • Right to request amendment • May require the amendment request to be in writing • Allowed reasons for denial of amendment request • Timely response to the request by the covered entity • Process for denial of requests for amendment ©2006 All rights reserved.
HIPAA: Individual Rights – Accounting of Disclosures • Right to accounting of disclosures • Disclosures that do not require an accounting • Disclosures for TPO purposes • Individuals provided their own PHI • Incidental or otherwise permitted or required • Pursuant to an authorization • Use in a facility directory • To meet national security or intelligence requirements ©2006 All rights reserved.
HIPAA: Individual Rights – Accounting of Disclosures (continued) • Disclosures that do not require an accounting (continued) • To correctional institutions or law enforcement officials • Disclosures that occurred before the HIPAA privacy compliance date ©2006 All rights reserved.
HIPAA: Individual Rights – Accounting of Disclosures (continued) • Information included in an accounting • Date of disclosure • Name and address of entity or person who received the information • Brief statement of the purpose of the disclosure or copy of individual’s written authorization or request • Timely response to request for accounting • Fees for accounting of disclosures • Required documentation ©2006 All rights reserved.
HIPAA: Individual Rights – Request Restrictions • Right to request restrictions on uses and disclosures of PHI to carry out TPO • Covered entity must permit such a request, but does not have to agree to the requested restriction • Termination of requested restrictions • Covered entity’s responsibilities ©2006 All rights reserved.
HIPAA: Individual Rights – Confidential Communications • Right to request confidential communications • Alternative routing/destination or by alternative method • Requests may be refused if information is not provided as to how payment will be handled ©2006 All rights reserved.
HIPAA: Individual Rights – Complain of Violations • Right to complain of privacy rule violations • Must inform individuals of right to complain at covered entity level and to the U.S. Department of Health and Human Services ©2006 All rights reserved.
HIPAA Privacy Rule Documents: Notice of Privacy Practices • Notice of Privacy Practices • Purpose • Availability of the notice • Required content • Acknowledgement by individual ©2006 All rights reserved.
HIPAA Privacy Rule Documents: Consent • Consent • To use or disclose PHI for treatment, payment and operations (TPO) • Optional document • Required content • Revocation ©2006 All rights reserved.
HIPAA Privacy Rule Documents: Authorization • Authorization • Definition • Purpose • Content • Situations requiring an authorization ©2006 All rights reserved.
Authorization Not Required • Required uses and disclosures without authorization • Access or accounting of disclosures requested by individual or personal representative • U.S. Department of Health and Human Services investigation, review, or enforcement action ©2006 All rights reserved.
Authorization Not Required (continued) • Permitted uses and disclosures without authorization (patient HAS opportunity to informally agree or object) • Directory of patients • Notification of family or friends ©2006 All rights reserved.
Authorization Not Required (continued) • Permitted uses and disclosures without authorization (patient does NOT HAVE opportunity to agree or object). These uses and disclosures are permissive only and must not violate a stricter or more protective state law. • Treatment, payment, and operations • To the individual • Incidental disclosures • Limited data set • Twelve public interest and benefit purposes ©2006 All rights reserved.
Authorization Not Required (continued) Twelve public interest and benefit purposes • As required by law (e.g. reporting specified wounds) • Public health activities • Victims of abuse, neglect, or domestic violence • Healthcare oversight activities • Judicial and administrative proceedings • Law enforcement purposes • Decedents • Cadaveric organ, eye or tissue donation • Research • Threat to health or safety • Specialized government functions • Workers’ Compensation ©2006 All rights reserved.
HIPAA: Marketing • Definition • General rule: use or disclosure of PHI for marketing requires authorization • Marketing activities that do not require an authorization • Occurs face-to-face with the individual • Concerns products or services of nominal value ©2006 All rights reserved.
HIPAA: Marketing • Activities not defined as marketing per HIPAA (authorization not required) • Communications by covered entity about health-related products and services provided by or covered as a benefit by the covered entity or a third party (must meet requirements) • Communications for treatment of individual • Communications for case management/care coordination or alternative treatments • Remuneration to the covered entity must be disclosed • Opt-out instructions ©2006 All rights reserved.
HIPAA: Fundraising • Must inform individuals in Notice of Privacy Practices that PHI may be used for fundraising • Instructions on opting out in future are required • Prior authorization required if fundraiser targets individuals based on diagnosis, for instance, kidney patients targeted to raise funds for new kidney dialysis center ©2006 All rights reserved.
HIPAA Privacy Standards: Administrative Requirements • Designation of privacy officer • Workforce training • Process for establishing privacy safeguards • Process for handling privacy complaints • Standards for policies and procedures ©2006 All rights reserved.
Medical Staff Appointments and Privileges • Facility is responsible for establishing policies and procedures to ensure reasonable care in medical staff appointments • Credentialing for appointment and reappointment • National Practitioner Data Bank formed by the Health Care Quality Improvement Act of 1986 • HIT role in medical staff privileges ©2006 All rights reserved.
Labor Laws and Unionized Personnel • Collective bargaining defined • National Labor Relations Act and other federal labor laws • Fair Labor Standards Act • Equal Pay Act • Equal Employment Opportunity Act • Age Discrimination in Employment Act • Occupational Safety and Health Act • Rehabilitation Act ©2006 All rights reserved.
Labor Laws and Unionized Personnel (continued) • State Labor Laws • Right-to-work laws • Workers’ Compensation • Child labor laws • Minimum wage laws ©2006 All rights reserved.
Americans With Disabilities Act • Federal law • Scope of the law • “Reasonable accommodations”: When is a requested accommodation not reasonable? • Practical application of the law ©2006 All rights reserved.