G_line
Journal of Health Care Compliance — March – April 2013 41
Julie A. Dooling, RHIT, is director, HIM Practice Excellence, at the American
Health Information Management Association. She can be reached at
HEALTH INFORMATION MANAGEMENT JULIE A. DOOLING
Health Care Professionals May Want to Change the Way They Think About Release of Information
Ensuring Patients Are Provided Meaningful Choice Will Require Education and Awareness
Health information exchange (HIE) is bringing new challenges and new ways of thinking in the workplace. With the focus on broad exchange and the sharing of health information on a national stage, a pattern shift is occurring within our workplaces.
Where we once felt a solid knowledge of processes, policy, and procedure surrounding the release of infor- mation (ROI), we are now embarking on a new environ- ment where components of our legal health record are being shared and exchanged widely outside of our fa- cilities. This is causing many health care professionals to change the way they think about ROI, only increas- ing the need for expert involvement and organizational- wide education in this area.
The following is an excerpt from the practice brief titled, “Understanding the HIE Landscape,” which was recently updated by an AHIMA Workgroup and published in the Jan- uary issue of the Journal of AHIMA. This passage discuss- es the complexity and changing role of ROI and the signifi - cance of educating patients on “meaningful choice” in HIE.
EXCERPT: Release of Information Challenges: Many laws and regu- lations currently govern how, when, what, and to whom protected health information is released. The Health In- surance Portability and Accountability Act (HIPAA) pri- vacy rule and Health Information Technology for Eco- nomic and Clinical Health (HITECH) Act contain specifi c requirements for the management of personally identi- fi able health information that balance confi dentiality of
Journal of Health Care Compliance — March – April 201342
Health Information Management
the individual with the need for complete and timely exchange of health information. These regulations create a new paradigm where we must adapt the traditional release of information functions.
Complete and timely information is criti- cal to providing the best care possible, and excluding certain information from an ex- change in certain cases could negatively impact patient care. The challenge of the current complex medical and legal environ- ment is that clear and concise guidelines for release of information are not always pro- vided, and standards may be put into place before the functionality exists to execute them. For example, in a free text discharge summary, the use of metadata tags to iden- tify protected information is diffi cult.
Consideration of other federal regula- tions, such as 42 CFR 2 for drug and alcohol patient records, further complicates the HIE environment. The consent requirement for these records is often perceived as a barrier, but it is important for HIM professionals to understand the details of the regulation and assist in the development of business pro- cesses and application requirements.
Varying state regulations require HIEs to assume the burden of understanding and navigating many different and poten- tially confl icting requirements — especial- ly if the HIE provides services to multiple states. State laws can also vary in focus and strictness of patient privacy.
HIM professionals can assist HIEs in overall management of the release of in- formation (ROI) process in order to ensure confi dentiality, security, and compliance in releasing protected health information. It is crucial for policies and procedures to in- clude guidance on those practices that sup- port oversight of disclosures of information.
HIM professionals can bring a variety of much-needed skills to HIEs. HIE leadership can look to HIM principles to provide sup- port and guidance in the following areas:
drafting data governance and steward- ship policies, including data ownership, data integrity, and data quality;
managing Master Patient Index (MPI) and Enterprise Master Patient Index (EMPI) data conversions, development, and maintenance; developing and implementing HIPAA privacy and security rule requirements; developing and implementing HITECH privacy and security rule requirements; creating release of information policies, procedures, and practices; addressing state and federal require- ments for patient confi dentiality; meeting breach notifi cation requirements; integrating data elements from multiple systems, organizations, and providers; and identifying best practices in information management and records retention. Meaningful Choice and HIE. The pro-
gram information notice (PIN), introduced on March 22, 2012 by ONC, outlines priva- cy and security framework requirements and guidance for establishing robust priva- cy and security policies and practices for exchanging health information.1 This pro- vides the common set of privacy and secu- rity rules of the road and assures provid- er and public trust in enabling progress in health information exchange to support pa- tient care.
The individual choice section within the PIN outlines that an individual should be able to designate a family member, care- giver, domestic partner, or legal guardian to make decisions on their behalf. If the HIE stores, assembles, or aggregates informa- tion beyond a directed exchange (i.e., pro- vider-to-provider via encrypted e-mail), it should ensure individuals have “meaningful choice” regarding the exchange of informa- tion through the HIE. Patient choice is not required if the HIE uses directed exchange and does not access or use the information.
Meaningful choice signifi es: choice is made with advance knowl- edge/time; not used for discriminatory purposes or as a condition for receiving medical treatment;
CONTINUED ON PAGE 57
Journal of Health Care Compliance — March – April 2013 57
Settlements
hospice, he or she waives all rights to Medicare payments for medical treatment of the terminal illness and related conditions.
2. Id. § 418.22(b). 3. Id. § 418.22(b)(1). 4. Id. § 418.22(b)(3). 5. Id. § 418.22(b)(2). 6. Medicare Benefi t Policy Manual, Chapter 9 -
Coverage of Hospice Services Under Hospital Insurance; 20.1 - Timing and Content of Certifi cation.
7. The offi cial settlement release can be found at www. justice.gov/opa/pr/2012/November/12-civ-1401. html.
8. The CEO is individually liable for $200,000 of the settlement amount.
9. The offi cial settlement release can be found at www. justice.gov/opa/pr/2012/June/12-civ- 768.html.
10. The offi cial settlement release can be found at www. justice.gov/usao/gan/press/2012/07-17-12.html.
their obligations under the Medicaid Act. Providers should be prepared for that out- come by looking to use the tools available to them to compel their states to comply with the Medicaid Act. In light of the multiple lev- els of compliance providers must adhere to, they should have no reservations about ex- pecting the same commitment from their state and federal governments.
POTH CONTINUED FROM 8
health care compliance community has more than amply been placed on notice to begin its efforts at creating compliance programs or en- sure its existing ones are up to speed with the new horizon of compliance program planning. Notwithstanding these fi nal rules, it would be beyond shocking to presume that the core ele- ments relied upon by the OIG and CMS with- in prior and current subregulatory guidance efforts (including recent amendments to exist- ing compliance program regulatory guidance applicable to Medicare program sponsors), which mirror the sentencing guidelines, will not continue on into the fi nal PPACA compli- ance program rule we should anticipate.
If we go one step further and assume some, if not all, of those core elements will be present with at least some jazzed up par- ticular and focused requirements, at least we will be ready to incorporate such into our compliance programs. Either way, the end goal for all organizations awaiting these
FINKELSTEIN CONTINUED FROM 24
fi nal rules should be one and the same… avoid the “or else” as we look to the new ho- rizon of health care compliance.
HOSPITAL COMPLIANCE CONTINUED FROM 36
gressively prosecute these cases. By en- suring that certain element of an effective compliance plan are in place within your organization, you can help in reducing the possibility that your organization will be faced with defending itself against a whis- tleblower suit.
PHARMACEUTICAL CONTINUED FROM 40
PrescriptionDrugCovContra/Downloads/ CY2012PartDReportingRequirementsFinal122011. pdf.
7. White Paper: Potential Confl ict of Interest in the Production of Drug Compendia (CPME 1207), prepared by for the Agency of Healthcare Research and Quality (Apr. 27, 2009).
8. OIG Study, Medicare Supplier Acquisition Costs for L0631 Back Orthoses (Dec. 2012), available at oig.hhs. gov/oei/reports/oei-03-11-00600.pdf.
HEALTH INFORMATION MANAGEMENT
CONTINUED FROM 42
choice is made with full transparency and education; commensurate with circumstances for why individually identifi able health in- formation (IIHI) is exchanged; consistent with patient expectations; and revocable at any time.
Copyright of Journal of Health Care Compliance is the property of Aspen Publishers Inc. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.