Accounting assignments
Chapter 13
Information Management &
Patient Records
Learning Objectives (1 of 2)
Describe the contents of medical records.
Explain the importance of maintaining complete and accurate records.
Explain the ownership of and who can access a patient’s medical record.
Describe the advantages and disadvantages of electronic medical records.
Learning Objectives (2 of 2)
Describe why the medical record is important in legal proceedings.
Describe a variety of ways in which medical records have been falsified.
Explain what is meant by the medical record battleground.
Information Management (1 of 3)
Determine customer needs
Set goals and establish priorities
Improve accuracy of data collection
Provide uniformity in data collection definitions
Limit duplication of entries
Information Management (2 of 3)
Deliver timely and accurate information
Provide easy access to information
Maintain security and confidentiality of information
Enhance patient care activities
Improve collaboration through information sharing
Information Management (3 of 3)
Establish disaster plans for information recovery
Provide orientation and staff training
Annual review of information management plan
Scope
Organization
Objectives
Effectiveness
Medical Record: Means of Communication (1 of 2)
Documentation of patient’s:
Illness
Symptoms
Diagnosis
Treatment
Medical Record: Means of Communication (2 of 2)
Communication tool (e.g., progress notes)
Protect legal interests of patient and provider
Provide database for use in statistical reporting
Continuing education
Research
Provide information for billing
Medical Record Contents (1 of 5)
Admission record
Age
Address
Reason for admission
Social security number
Marital status
Religion
Health insurance
Medical Record Contents (2 of 5)
Consent authorization for treatment
Advance directives
History and physical exam
Diagnosis
Information that supports the diagnosis
Patient screenings and assessments
Medical Record Contents (3 of 5)
Treatment plan
Physicians’ orders
Progress notes
Nursing notes
Integrated record includes physician progress and nursing notes along with the notes of other disciplines
Medical Record Contents (4 of 5)
Diagnostic reports
For example, EKG, EEG, laboratory, and imaging
Consultation reports
Vital signs
Fluid intake and output
Pain management records
Anesthesia assessment
Medical Record Contents (5 of 5)
Operative reports
Medication administration records
Discharge planning
Patient education
Discharge summaries
Documentation of Care
Record accurate entries
Nurse’s charting
Documentation and reimbursement
Charting by exception
Failure to maintain records
Medical record battleground
Privacy Act of 1974 5 U.S.C. 552
Enacted to safeguard individual privacy from misuse of federal records, to give individuals access to records concerning themselves that are maintained by federal agencies, and to establish a Privacy Protection Safety Commission.
Health Insurance Portability and Accountability Act (HIPAA)
Designed to protect the privacy, confidentiality, and security of patient information
Standards apply to all health information in all formats.
HIPAA: Privacy Provision (1 of 2)
Patients are able to access their records and request correction of errors.
Patients must be informed of how personal information will be used.
Patient consent for release of information for marketing purposes required.
Patients can ask insurers and providers to take reasonable steps to ensure their communications are confidential.
Patients can file privacy-related complaints.
HIPAA: Privacy Provision (2 of 2)
Health insurers or providers document their privacy procedures.
Health insurers or providers designate a privacy officer and train their employees.
Providers may use patient information without patient consent for:
Purposes of providing treatment
Obtaining payment for services
Performing non-treatment operational tasks of the provider’s business
HIPAA: Security Provision (1 of 3)
Policies and procedures are designed to show how the entity will comply with the act.
Entities must adopt a written set of privacy policies and procedures.
The privacy officer develops and implements policies and procedures.
Policies and procedures must reference management oversight & organization buy-in to comply with documented security controls.
Procedures identify employees who will have access to protected health information.
Access to protected health information (PHI) in all forms is restricted to employees who have a need for it to complete job function.
HIPAA: Security Provision (2 of 3)
Procedures address access authorization, establishment, modification, and termination.
There is an ongoing training program.
Entities that outsource business processes to a third party ensure vendors have framework to comply with HIPAA.
Care is taken to determine if the vendor further outsources any data handling functions to other vendors, while monitoring whether appropriate contracts and controls are in place.
There is a contingency plan for responding to emergencies.
Covered entities are responsible for backing up their data and having disaster recovery procedures in place.
HIPAA: Security Provision (3 of 3)
Recovery plan should document data priority and failure analysis, testing activities, and change control procedures.
Internal audits review operations with goal of identifying potential security violations.
Policies and procedures document scope, frequency, and procedures of audits.
Audits are routine and event based.
Procedures document instructions for addressing and responding to security breaches.
HIPAA: Physical Safeguards (1 of 2)
Responsibility for security must be assigned to a specific person or department.
Controls must govern the introduction and removal of hardware and software from the network.
When equipment is retired, it must be disposed of properly to ensure that PHI is not compromised.
Access to equipment containing health information should be carefully controlled and monitored.
Access to hardware and software must be limited to properly authorized individuals.
HIPAA: Physical Safeguards (2 of 2)
Required access controls consist of facility security plans, maintenance records, and visitor sign-in and escorts.
Policies are required to address proper workstation use.
Workstations should be removed from high-traffic areas and monitor screens should not be in direct view of the public.
If the covered entities utilize contractors or agents, they too must be fully trained on their physical access responsibilities.
HIPAA: Technical Safeguards (1 of 3)
Information systems housing PHI must be protected from intrusion.
When information flows over open networks, some form of encryption must be utilized.
If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.
Each covered entity is responsible for ensuring data within its systems has not been changed or erased in an unauthorized manner.
HIPAA: Technical Safeguards (2 of 3)
Data corroboration, including use of check sum, double-keying, message authentication, and digital signature, may be used to ensure data integrity.
Covered entities must also authenticate entities with which they communicate.
Authentication consists of corroborating that an entity is who it claims to be.
Covered entities must make documentation of their HIPAA practices available to the government to determine compliance.
HIPAA: Technical Safeguards (3 of 3)
Information technology documentation should also include a written record of all configuration settings on components of the network because these components are complex, configurable, and always changing.
Documented risk analysis and risk management programs are required.
HITECH Act
Provides that the Secretary of HHS must post a listing of breaches of unsecured protected health information affecting 500 or more individuals
Medical Records: Ownership and Release (1 of 2)
News: Hospital Workers Punished for Peeking at Clooney File
Ownership resides with the organization or professional rendering treatment.
Right to privacy
Medical Records: Ownership and Release (2 of 2)
Request by patients
Failure to release records
Legal action
Requests by third parties
Insurance carriers processing claims
Medical researchers
Educators
Government agencies
Privacy exceptions
Criminal investigations
Medicaid fraud
Substance abuse records
Use Of Patient Data Gathered
Provider mistakes often occur because of unwieldy, unorganized, and voluminous amounts of information gathered on patients.
Caregivers who fail to use information collected when assessing patient needs may find themselves in a lawsuit.
Todd v. Sauls
Physician breached his duty of care for Failure to Read Nursing Notes
Retention of Records
Varies state to state
Failure to Preserve X-rays
Illinois Supreme Court held hospitals must retain X-rays and other such photographs or films as part of their regularly maintained records for a period of 5 years.
Rodgers v. St. Mary's Hosp. of Decatur
Electronic Medical Records: Advantages (1 of 2)
Retrieves patient information
Improves productivity and quality
Reduces costs
Supports clinical research
Education
Computer-assisted diagnosis and treatment
Electronic Medical Records: Advantages (2 of 2)
Allows for computer-generated prescriptions
Generates reminders for follow-up testing
Assists in decision-making process
Aids in standardizing treatment protocols
Assists in identification of drug–drug and food–drug interactions
Telecommunications
Electronic Medical Records: Disadvantages
Increased risk of lost confidentiality and unauthorized disclosure of information
Technology crime and related illegal activities
Increase in cyber crime
Costs to protect networks and critical infrastructures from cyber-based threats
One checkmark on a computer form can populate many fields and multiple pages, giving the impression that a thorough patient assessment was conducted.
Legal Proceedings and the Medical Record
Complete, accurate, and timely records
Reconstructs events surrounding alleged negligence
Aid police in investigations
Provides information as to the cause of death
Aids in information recall for witnesses
Falsification of Medical Records (1 of 2)
Falsifying Medical Records
Alteration and Destruction of Medical Records
Tampering with Medical Records
Falsifying Business Records
Nurse Changes Record Entries
Falsification of Medical Records (2 of 2)
Alteration of Records
News: Falsified Patient Records Are Untold Story Of California Nursing Home Care
Failure to Record Patient’s Condition
Illegible Handwriting
Poor penmanship can lead to patient injury.
The American Medical Association encourages physicians to print, type, or computerize their orders.
A Harvard study found that penmanship was among the causes of 220 prescription errors out of 30,000 cases.
Timely Completion: Medical Records
Caregivers must promptly complete records.
Failure to timely record patient information can lead to forgetfulness and documenting the wrong information on the wrong record.
Failure to complete records as required by policy can be the basis for suspension of privileges.
Confidential and Privileged: Communications (1 of 3)
Attorney–client privilege
Physician–patient confidentiality
HIV confidentiality
Disclosure of physician’s HIV status
HIV status “improperly” disclosed to employer
Confidential and Privileged: Communications (2 of 3)
HIV status “properly” disclosed to employer
News media
Reports of the joint commission privileged from discovery
Privileged information: statements protected
Credentialing files privileged
Ordinary business documents
Confidential and Privileged: Communications (3 of 3)
Committee minutes discoverable
Peer review documents privileged
Peer review documents not privileged
Staff privileging documents discoverable
Case: Illinois
Staff credentialing documents not discoverable
Case: South Carolina
Charting: Helpful Advice (1 of 4)
Complete and pertinent entries
Timely entries
Legible entries
Clear and meaningful entries
Complete
Charting: Helpful Advice (2 of 4)
Avoid
Defensive and derogatory notes
Erasures and correction fluids
Criticism
Complaints
Tampering with the chart
Secure records pending legal action
Charting: Helpful Advice (3 of 4)
Obtain legal advice
Entries made by others must not be ignored
Patient care is a collaborative interdisciplinary team effort
Entries made by healthcare professionals provide valuable information in treating the patient
Charting: Helpful Advice (4 of 4)
Reasoning for not following the advice of a consultant should be noted in the medical record, not so as to discredit the consultant, but to show the reasoning why a consultant’s advice was not followed.
Review Questions (1 of 3)
Describe the importance of information management planning.
Describe the importance and contents of medical records.
Explain the importance of maintaining complete and accurate records.
Review Questions (2 of 3)
Discuss how the Privacy Act of 1974 & the HIPAA of 1996 safeguard a patient’s privacy.
Explain the ownership of and who can access a patient’s medical record.
Describe the advantages and disadvantages of electronic medical records.
Review Questions (3 of 3)
Describe why the medical record is important in legal proceedings.
Describe a variety of ways in which medical records have been falsified.
Explain what is meant by the medical record battleground.