discussion post

profilerhode07
1HealthcareInformationPPTProblemsinHCLaw.ppt

Problems in Health Care Law, John E Steiner, Esq.

Chapter 2

*

Chapter 8

Health Care Information

*

Key Learning Objectives

  • Understand some of the legal issues related to the collection, use and disclosure of healthcare information
  • Identify some of the underlying issues concerning healthcare information, ownership of the information, privacy and security requirements, and uses and disclosure of healthcare information

Key Learning Objectives (continued)

  • Appreciate a wide range of federal and state laws governing the use and disclosure of health care information and the security of such information
  • Understand some of the threats to the security of health care information in the context of digital media and the internet.

Chapter Outline

  • What are the underlying issues addressed through the laws concerning healthcare information?
  • Who owns medical records?
  • What records must be created, and how must they be maintained?
  • What are the laws concerning privacy of healthcare information?
  • What are the laws concerning use of healthcare information?

Chapter Outline continued

  • What are the laws concerning disclosure of healthcare information?
  • What legal issues flow from the use of audio and video transmissions and recordings?
  • What legal issues flow from the use of computers and the internet?

Underlying Issues

  • Confidentiality vs. need for access and cost
  • Accountability vs. cost
  • Government and business need for information
  • Sharing of information across provider networks
  • Aggregating information to facilitate research and improve health outcomes

Underlying Issues

  • Electronic health records are increasingly prevalent in response to demand for instant access to information about patients’ past and present health conditions and treatment.
  • Incentives are provided under federal law –ARRA provides billions of dollars for health information technology investments.

Uses of Health Care Information

  • Documenting individual conditions
  • Performance improvement
  • Law enforcement
  • Clinical research
  • Public health and safety
  • Billing and collections
  • Provider planning

Uses of Health Care Information

  • Government planning
  • Media reporting
  • The primary purpose of medical records is to facilitate diagnosis, treatment and patient care.
  • Records provide a communication link among team members caring for the patient.

Medical Records

  • Requirements of TJC, CMS, other payers, and state laws
  • Failure to maintain medical records - may result in loss of individual license
  • A physician has a duty to protect the confidential health information of patients.
  • The purpose of the duty of confidentiality is to encourage patients to make full and frank disclosures of information to the physician.

Medical Record Ownership

  • Hospital owns hospital records
  • Separate physician records owned by physician
  • Patients and others have right of access but not ownership of original record
  • Courts ruled patient has no right to own x-rays or slides

Medical Record Ownership

  • The institution owns the paper or other material on which the information is recorded, but it has responsibilities concerning access to and use and disclosure of the information.

Medical Record Elements

  • Three types of data
  • Personal
  • Financial(sometimes called “Administrative”)
  • Medical
  • TJC guidelines to assure
  • Patient identification
  • Support for diagnosis
  • Treatment justification
  • Accurate documentation of results/outcomes

Medical Record Elements

  • Service coding for payment
  • Incomplete hospital record keeping sometimes can be used to infer negligence in treatment. One court found a hospital negligent for permitting its nurses to chart by exception in postoperative monitoring.

Record Accuracy, Timeliness and Legibility

  • Entries should be timely
  • Delays (even a few days) make records less credible
  • Conditions of Participation: completion of record within 30 days
  • Legible to another healthcare professional

Problems in Health Care Law, John E Steiner, Esq.

Chapter 8

*

Record Accuracy, Timeliness and Legibility

  • An inaccurate record can increase the hospital’s exposure to liability by destroying the entire record’s credibility.
  • In 2003, an Alabama physician lost his license because, in part, others were unable to read his prescriptions.

Problems in Health Care Law, John E Steiner, Esq.

Chapter 8

*

Medical Record Corrections

  • Persons authorized to make entries may correct minor errors
  • Single line through is incorrect entry
  • Initialing and dating is correct entry
  • Patient requests for changes should follow approved internal procedures; but, generally should be avoided
  • After a legal action has started, changes should not be made without first consulting defense counsel.

Record Retention and Destruction

  • Retention
  • Most state laws address
  • Medicare-5 years
  • Destruction
  • Method prescribed in some states
  • Some states require certificate of destruction and/or permanent abstract
  • Some patients request premature destruction. Some states forbid destruction on an individual basis.

Privacy

  • Federal privacy regulations under HIPAA
  • Supersedes state laws with less protection
  • Effective 2003
  • Courts rejected challenges
  • HIPAA’s Privacy Rule provides that a “Covered Entity” may not use or disclose an individual’s “Protected Health Information” unless the use or disclosure is permitted under the Privacy Rule or the covered entity has obtained the individual’s authorization.

Privacy- Covered Entities

  • Healthcare providers
  • Physicians, Dentists, Nurses, Clinics, Chiropractors, Nursing homes, Pharmacies
  • Healthcare clearinghouses
  • Process health information and claims from other entities; typically using industry standard transaction codes

Privacy- Covered Entities

Protected Health Information(PHI)

PHI includes virtually all individually identifiable information, which is defined to include any health information including demographic information collected from an individual that:

Is created or received by a healthcare provider, health plan or healthcare clearinghouse; and

(2) Relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual

HIPAA – Privacy continued

  • Notice of Privacy Practices
  • Safeguards – train staff
  • “Minimum necessary” rule
  • Alternative method of contacting patients
  • PHI generally prohibited for fundraising and marketing; need patient ‘Authorization’
  • Sanctions (HITECH structure)

HIPAA – Privacy continued

  • Privacy rule compliance issues investigated most are

Impermissible uses and disclosures of PHI,

Lack of safeguards of PHI,

Lack of patient access to their PHI,

Uses or disclosures of more than Minimum Necessary PHI; and

Complaints to the covered entity.

State Privacy Laws Remain in Effect

  • Some states allow private, civil lawsuits
  • Mental health & HIV/AIDS
  • Common law
  • Disclosure to prevent spread of disease, or harm to others by a patient in serious mental state
  • Courts generally refuse to impose liability for testimonial disclosures.
  • Physicians and hospitals usually are not obligated to risk contempt of court to protect confidences (except for substance abuse records), although they might choose to do so.

Other Federal Privacy Laws Still in Effect

  • Specialized substance abuse programs receiving federal funds (preempt state law)
  • Others include: FERPA, The Privacy Act and the Fair and Accurate Credit Transactions Act (credit reports)
  • A court order does not permit release of information unless requirements of the regulations have been met. The regulations require a court hearing and a court finding that the purpose for which the order is sought is more important than the purpose for which Congress mandated confidentiality.

Disclosure – Authorization by Patient

  • Competent patients generally can authorize access
  • Psych information may be subject to state imposed restrictions
  • Exceptions
  • Medically contraindicated

Disclosure – Authorization by Patient

  • The Maryland high court ruled that a hospital could be assessed punitive damages for failing to provide requested medical records within a reasonable time.
  • A New York court ruled that records could be protected from disclosure only if the release would harm (1) the patient, (2) involved third parties, or (3) an important hospital program.

Disclosure – Authorization by Patient’s Representative

  • Personal representative has same rights as patient
  • Mentally-incapacitated
  • Based on state law
  • Minors
  • Usually custodial parent
  • Older minors may control access, particularly for STD and substance abuse

Disclosure – Authorization by Patient’s Representative

  • A New York court ruled that under the HIPAA Privacy Rule, a patient’s agent was entitled to access, when there was an activated healthcare proxy.

Disclosure – Compelled in Legal Proceedings

  • HIPAA permits disclosure with subpoenas and other court-ordered releases
  • Courts generally do not permit discovery of PHI of persons who are not parties – even names of individuals
  • States generally protect QI & peer review committee activities to encourage self-regulation

Disclosure – Compelled in Legal Proceedings

  • The Georgia Supreme Court held that to the extent there was information in a physician’s credentialing file that did not involve a peer review committee’s evaluation of his performance of medical procedures, that information was discoverable.

Disclosure – Patient Safety Organization

  • Patient Safety and Quality Improvement Act, 2005
  • Creates PSOs to collect, aggregate, and analyze confidential information from providers
  • Provides federal legal privilege and confidentiality
  • Information pertaining to medical errors may also be protected from discovery in litigation if the information is reported to an authorized Patient Safety Organization.

Required Reporting of PHI to Legal Authorities

  • Required in all states: births/deaths, child abuse
  • Required in many states: infectious diseases, wounds, certain medical conditions
  • Permissive reporting (adult abuse/domestic violence)
  • Most child abuse reporting laws extend some degree of immunity from liability for reports made through proper channels. A mandatory reporter who fails to report child abuse is subject to both criminal penalties and civil liability.

Permission to Report PHI to Legal Authorities

  • Confirm patient presence in a facility
  • Police reports
  • Collection and testing samples
  • Removal of bullets/other foreign objects
  • The HIPAA Privacy Rule authorizes disclosures of PHI without patient authorization for some public health activities, health oversight activities, administrative proceedings, law enforcement purposes, cadaveric organ, eye or tissue donations, research purposes, to avert a serious threat, etc.

Audio and Video Transmissions & Recordings

  • With patient consent, physicians may take photographs for
  • Medical record
  • Education purposes
  • Public or commercial transmission can lead to liability
  • The Maine Supreme Court ruled that when a patient expressly objected to being photographed, there could be liability for photographing the patient, even if the photograph was solely for the medical record.

Electronic Uses - Federal Policy

  • Federal Consolidated Health Informatics Initiative
  • Federal Office of Health Information Technology
  • American Relief and Recovery Act (ARRA)
  • Financial incentives for physicians and hospitals for “meaningful use” of electronic records
  • In 2004, the federal government launched an initiative to encourage adoption of electronic health records by 2014.

Electronic Record Issues

  • Inappropriate access to records
  • Training, standards and monitoring
  • Electronic signatures
  • Computerized records generally accepted as official records
  • Computerized records have been stolen through the Internet. It is important for those responsible for computers to monitor and implement security precautions.

E-mail and Social Media Issues

  • E-mail communications with patients
  • HIPAA security rules
  • Encryption
  • Discoverable
  • Social media
  • Patient communities, providers and evolving legal issues for abuses

E-mail and Social Media Issues

  • Wisconsin appellate court recognized the validity of e-mail prescriptions.
  • Federal courts have generally determined that e-mails are not subject to the same degree of protection as telephone calls, so it may not be a violation of federal wiretap laws to intercept e-mail.

Discussion Questions

What are some of the underlying issues that must be balanced when developing laws and policies concerning healthcare information?

Who owns the medical record?

What information must be collected in a medical record?

How should a provider determine how long to keep medical records?

What are the basic HIPAA requirements concerning privacy of protected healthcare information?

Discussion Questions

Which state privacy laws are still effect? What other federal privacy laws remain in effect?

When may patients and their representatives authorize disclosure?

When may the law compel disclosure of PHI?

When are reports to legal authorities required?

When may providers release information in response to requests from others?

Discussion Questions

Has HIPAA struck the proper balance between privacy and uses of healthcare information?

What restrictions are there on audio and visual recordings in healthcare settings?

What are a few of the legal issues related to computer use and the Internet in health care?

What are some of the advantages and disadvantages of computerized medical records?