Annotated Bibliography Week 1_Updated/Corrected

Heathersimf

AB241816_Ch01.pptx

Home >Science homework help >Annotated Bibliography Week 1_Updated/Corrected

Chapter 1: Introduction to the Fundamentals of Law

Fundamentals of Law for Health Informatics and Information Management, Third Edition

Defining Law

Law

Represents a set of governing rules designed to protect citizens living in a civilized society

Establishes order, provides parameters for conduct, and defines rights and obligations of government and its citizens

Controls behavior that threatens public safety and sets penalties for disobedience

Two Types of Law

Public law

Involves federal, state, and local governments

Defines, regulates, and enforces rights and duties among individuals and businesses as related to government.

Private law

Involves rules and principles that defines rights and duties among individuals and private businesses

Law and Healthcare

US healthcare is a trillion-dollar business regulated by federal and state laws, accrediting bodies, practice standards, and codes of ethics

Serves to protect consumers and providers by requiring accountability for services and privacy, confidentiality, and security of health information

Law and Health Information

Health information

Data generated and collected as a result of delivering care to a patient

Uses of health information

Primary use—clinical care

Secondary uses—public health reporting, population health management, third-party reimbursement, quality improvement, and patient safety

Used as evidence in legal cases in which conflict arises and resolutions is sought through the court system

Health Information

Protected under federal law—HIPAA, defines health information as:

“It is any information, whether oral or recorded in any form or medium, that: (1) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (2) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual” (45 CFR 160.103).

Health Information Technology

Push to decrease healthcare costs and improve quality and safety of healthcare through use of health information technology (HIT)

Movement from paper to electronic health records (EHRs) and health information exchanges (HIE) that enable the sharing of information with multiple parties and across multiple boundaries

Law and HIT

Public and private collaborations are working together to eliminate legal barriers for sharing electronically stored health information

Example: National Governors Association— roadmap to help states improve health information flow

Health Records

Health information comprises a health record which is defined as:

“Individually identifiable data, in any medium, that are collected, processed, stored, displayed, and used by healthcare professionals” (AHIMA 2010)

Types of Health Records

Hybrid health record

Electronic health record

Electronic medical record

Personal health record

Hybrid Health Record

Record that consists of both paper and electronic records and media (for example, film, video, or imaging system) and uses both manual and electronic processes

Data in the record may be handwritten, direct voice entry captured in a word-processing system, or from provider wireless devices such as handheld personal computers

Electronic Health Record

“An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff across more than one healthcare organization.” The National Alliance for Health Information Technology (NAHIT) definition

Electronic Medical Record

“An electronic record of health-related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within one healthcare organization” The National Alliance for Health Information Technology definition

Personal Health Record

“An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared, and controlled by the individual” The National Alliance for Health Information Technology definition

Protection of Health Information and Health Records

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Privacy Rule in effect 2002

Security Rule in effect 2003

Health Information Technology for Economic and Clinical Health Act (HITECH) of the American Reinvestment and Recovery Act of 2009 (ARRA)

Privacy and Confidentiality of Health Information

Historically key components of the patient-provider relationship.

Inherent trust that patient information will be kept private and protected from unauthorized access.

It is important to understand differences between privacy, confidentiality, and security and how the concepts relate to law

Privacy

Privacy is an important social value; it means “a right to be left alone.”

Definitions

“Privacy is a right of individuals to be let [sic] alone and to be protected against physical or psychological invasion or the misuse of their property. It includes freedom from intrusion or observation into one's private affairs, the right to maintain control over certain personal information, and the freedom to act without outside interference” (ASTM 2010)

“Right to limit the disclosure of personal information” (Joint Commission 2016)

Confidentiality

Results from sharing private thoughts with someone else in confidence

Definitions

“Status accorded to data or information indicating that it is sensitive for some reason, and therefore it needs to be protected against theft, disclosure, or improper use, or both, and must be disseminated only to authorized individuals or organizations with a need to know” (ASTM 2010)

“Protection of data or information from being made available or disclosed to an unauthorized person(s) or process(es)” (The Joint Commission 2016)

Confidentiality (continued)

Privileged communication

Confidentiality, as recognized by law, stems from a relationship where information is shared between two parties such as attorney and client, clergy and parishioner, husband and wife, or physician and patient. The information or communication shared in these relationships is considered “privileged.”

Confidentiality obligates healthcare providers (individuals and organizations) to protect patient information

Security

Relates to privacy and confidentiality

Pertains to the physical and electronic protection of information that preserves these concepts

Definition

“Prevent unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system” (Joint Commission 2016)

Security (continued)

ASTM E 31 offers two perspectives

Data security

Systems security

ASTM E 31—Data Security

Data security is defined as

“The result of effective data protection measures; the sum of measures that safeguard data and computer programs from undesired occurrences and exposure to accidental or intentional access or disclosure to unauthorized persons, or a combination thereof; accidental or malicious alteration; unauthorized copying; or loss by theft or destruction by hardware failures, software deficiencies, operating mistakes; physical damage by fire, water, smoke, excessive temperature, electrical failure or sabotage; or a combination thereof. Data security exists when data are protected from accidental or intentional disclosure to unauthorized persons and from unauthorized or accidental alteration” (ASTM 2010).

ASTM E 31—System Security

System security is defined as

The totality of safeguards including hardware, software, personnel policies, information practice policies, disaster preparedness, and oversight of these components. Security protects both the system and the information contained within from unauthorized access from without and from misuse from within. Security enables the entity or system to protect the confidential information it stores from unauthorized access, disclosure, or misuse, thereby protecting the privacy of the individuals who are the subjects of the stored information” (ASTM 2010).

US Code on Information Security

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide

Integrity, which means guarding against improper information modifications or destruction, and includes ensuring information non-repudiation and authenticity

Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and propriety information

Availability, which means ensuring timely and reliable access to and use of information

Ownership of Health Record

Ownership of the health record

Traditionally granted to healthcare provider who generates the record. However, state and federal laws have long upheld the right of the patient to control the information within the record

The HIPAA Privacy Rule (45 CFR 164.524–526) grants a patient the right to access, view, copy, or amend the record.

Ownership does not permit providers to share or sell patient-identifiable medical information as they wish.

Custodian of Health Records

“Individual who has been designated as having responsibility for the care, custody, control, and proper safekeeping and disclosure of health records for such persons or institutions that prepare and maintain records of healthcare” (AHIMA 2010)

Role of custodian = gatekeeper

Stewardship

Similar to role of custodianship

Goes beyond physical record to include

“Responsibilities for ensuring integrity (accuracy, completeness, timeliness) and security (protection of privacy as well as from tampering, loss or destruction) within the context of electronic information and records management” (Davidson 2010)

Information Governance

Stewardship as a component of information governance which is the “strategic management of enterprise electronic information including the standards, policies, and procedures for access, use, and control of that information” (Johns 2015)

Stewardship and Governance

Role of steward requires leadership, responsibility and governance to ensure consistent application of, and compliance with policies across organization-wide distributed information systems.