Accounting assignments

profilebeegirlie61
powerpointlesson5.pptx

Chapter 13

Information Management &

Patient Records

Learning Objectives (1 of 2)

Describe the contents of medical records.

Explain the importance of maintaining complete and accurate records.

Explain the ownership of and who can access a patient’s medical record.

Describe the advantages and disadvantages of electronic medical records.

Learning Objectives (2 of 2)

Describe why the medical record is important in legal proceedings.

Describe a variety of ways in which medical records have been falsified.

Explain what is meant by the medical record battleground.

Information Management (1 of 3)

Determine customer needs

Set goals and establish priorities

Improve accuracy of data collection

Provide uniformity in data collection definitions

Limit duplication of entries

Information Management (2 of 3)

Deliver timely and accurate information

Provide easy access to information

Maintain security and confidentiality of information

Enhance patient care activities

Improve collaboration through information sharing

Information Management (3 of 3)

Establish disaster plans for information recovery

Provide orientation and staff training

Annual review of information management plan

Scope

Organization

Objectives

Effectiveness

Medical Record: Means of Communication (1 of 2)

Documentation of patient’s:

Illness

Symptoms

Diagnosis

Treatment

Medical Record: Means of Communication (2 of 2)

Communication tool (e.g., progress notes)

Protect legal interests of patient and provider

Provide database for use in statistical reporting

Continuing education

Research

Provide information for billing

Medical Record Contents (1 of 5)

Admission record

Age

Address

Reason for admission

Social security number

Marital status

Religion

Health insurance

Medical Record Contents (2 of 5)

Consent authorization for treatment

Advance directives

History and physical exam

Diagnosis

Information that supports the diagnosis

Patient screenings and assessments

Medical Record Contents (3 of 5)

Treatment plan

Physicians’ orders

Progress notes

Nursing notes

Integrated record includes physician progress and nursing notes along with the notes of other disciplines

Medical Record Contents (4 of 5)

Diagnostic reports

For example, EKG, EEG, laboratory, and imaging

Consultation reports

Vital signs

Fluid intake and output

Pain management records

Anesthesia assessment

Medical Record Contents (5 of 5)

Operative reports

Medication administration records

Discharge planning

Patient education

Discharge summaries

Documentation of Care

Record accurate entries

Nurse’s charting

Documentation and reimbursement

Charting by exception

Failure to maintain records

Medical record battleground

Privacy Act of 1974 5 U.S.C. 552

Enacted to safeguard individual privacy from misuse of federal records, to give individuals access to records concerning themselves that are maintained by federal agencies, and to establish a Privacy Protection Safety Commission.

Health Insurance Portability and Accountability Act (HIPAA)

Designed to protect the privacy, confidentiality, and security of patient information

Standards apply to all health information in all formats.

HIPAA: Privacy Provision (1 of 2)

Patients are able to access their records and request correction of errors.

Patients must be informed of how personal information will be used.

Patient consent for release of information for marketing purposes required.

Patients can ask insurers and providers to take reasonable steps to ensure their communications are confidential.

Patients can file privacy-related complaints.

HIPAA: Privacy Provision (2 of 2)

Health insurers or providers document their privacy procedures.

Health insurers or providers designate a privacy officer and train their employees.

Providers may use patient information without patient consent for:

Purposes of providing treatment

Obtaining payment for services

Performing non-treatment operational tasks of the provider’s business

HIPAA: Security Provision (1 of 3)

Policies and procedures are designed to show how the entity will comply with the act.

Entities must adopt a written set of privacy policies and procedures.

The privacy officer develops and implements policies and procedures.

Policies and procedures must reference management oversight & organization buy-in to comply with documented security controls.

Procedures identify employees who will have access to protected health information.

Access to protected health information (PHI) in all forms is restricted to employees who have a need for it to complete job function.

HIPAA: Security Provision (2 of 3)

Procedures address access authorization, establishment, modification, and termination.

There is an ongoing training program.

Entities that outsource business processes to a third party ensure vendors have framework to comply with HIPAA.

Care is taken to determine if the vendor further outsources any data handling functions to other vendors, while monitoring whether appropriate contracts and controls are in place.

There is a contingency plan for responding to emergencies.

Covered entities are responsible for backing up their data and having disaster recovery procedures in place.

HIPAA: Security Provision (3 of 3)

Recovery plan should document data priority and failure analysis, testing activities, and change control procedures.

Internal audits review operations with goal of identifying potential security violations.

Policies and procedures document scope, frequency, and procedures of audits.

Audits are routine and event based.

Procedures document instructions for addressing and responding to security breaches.

HIPAA: Physical Safeguards (1 of 2)

Responsibility for security must be assigned to a specific person or department.

Controls must govern the introduction and removal of hardware and software from the network.

When equipment is retired, it must be disposed of properly to ensure that PHI is not compromised.

Access to equipment containing health information should be carefully controlled and monitored.

Access to hardware and software must be limited to properly authorized individuals.

HIPAA: Physical Safeguards (2 of 2)

Required access controls consist of facility security plans, maintenance records, and visitor sign-in and escorts.

Policies are required to address proper workstation use.

Workstations should be removed from high-traffic areas and monitor screens should not be in direct view of the public.

If the covered entities utilize contractors or agents, they too must be fully trained on their physical access responsibilities.

HIPAA: Technical Safeguards (1 of 3)

Information systems housing PHI must be protected from intrusion.

When information flows over open networks, some form of encryption must be utilized.

If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.

Each covered entity is responsible for ensuring data within its systems has not been changed or erased in an unauthorized manner.

HIPAA: Technical Safeguards (2 of 3)

Data corroboration, including use of check sum, double-keying, message authentication, and digital signature, may be used to ensure data integrity.

Covered entities must also authenticate entities with which they communicate.

Authentication consists of corroborating that an entity is who it claims to be.

Covered entities must make documentation of their HIPAA practices available to the government to determine compliance.

HIPAA: Technical Safeguards (3 of 3)

Information technology documentation should also include a written record of all configuration settings on components of the network because these components are complex, configurable, and always changing.

Documented risk analysis and risk management programs are required.

HITECH Act

Provides that the Secretary of HHS must post a listing of breaches of unsecured protected health information affecting 500 or more individuals

Medical Records: Ownership and Release (1 of 2)

News: Hospital Workers Punished for Peeking at Clooney File

Ownership resides with the organization or professional rendering treatment.

Right to privacy

Medical Records: Ownership and Release (2 of 2)

Request by patients

Failure to release records

Legal action

Requests by third parties

Insurance carriers processing claims

Medical researchers

Educators

Government agencies

Privacy exceptions

Criminal investigations

Medicaid fraud

Substance abuse records

Use Of Patient Data Gathered

Provider mistakes often occur because of unwieldy, unorganized, and voluminous amounts of information gathered on patients.

Caregivers who fail to use information collected when assessing patient needs may find themselves in a lawsuit.

Todd v. Sauls

Physician breached his duty of care for Failure to Read Nursing Notes

Retention of Records

Varies state to state

Failure to Preserve X-rays

Illinois Supreme Court held hospitals must retain X-rays and other such photographs or films as part of their regularly maintained records for a period of 5 years.

Rodgers v. St. Mary's Hosp. of Decatur

Electronic Medical Records: Advantages (1 of 2)

Retrieves patient information

Improves productivity and quality

Reduces costs

Supports clinical research

Education

Computer-assisted diagnosis and treatment

Electronic Medical Records: Advantages (2 of 2)

Allows for computer-generated prescriptions

Generates reminders for follow-up testing

Assists in decision-making process

Aids in standardizing treatment protocols

Assists in identification of drug–drug and food–drug interactions

Telecommunications

Electronic Medical Records: Disadvantages

Increased risk of lost confidentiality and unauthorized disclosure of information

Technology crime and related illegal activities

Increase in cyber crime

Costs to protect networks and critical infrastructures from cyber-based threats

One checkmark on a computer form can populate many fields and multiple pages, giving the impression that a thorough patient assessment was conducted.

Legal Proceedings and the Medical Record

Complete, accurate, and timely records

Reconstructs events surrounding alleged negligence

Aid police in investigations

Provides information as to the cause of death

Aids in information recall for witnesses

Falsification of Medical Records (1 of 2)

Falsifying Medical Records

Alteration and Destruction of Medical Records

Tampering with Medical Records

Falsifying Business Records

Nurse Changes Record Entries

Falsification of Medical Records (2 of 2)

Alteration of Records

News: Falsified Patient Records Are Untold Story Of California Nursing Home Care

Failure to Record Patient’s Condition

Illegible Handwriting

Poor penmanship can lead to patient injury.

The American Medical Association encourages physicians to print, type, or computerize their orders.

A Harvard study found that penmanship was among the causes of 220 prescription errors out of 30,000 cases.

Timely Completion: Medical Records

Caregivers must promptly complete records.

Failure to timely record patient information can lead to forgetfulness and documenting the wrong information on the wrong record.

Failure to complete records as required by policy can be the basis for suspension of privileges.

Confidential and Privileged: Communications (1 of 3)

Attorney–client privilege

Physician–patient confidentiality

HIV confidentiality

Disclosure of physician’s HIV status

HIV status “improperly” disclosed to employer

Confidential and Privileged: Communications (2 of 3)

HIV status “properly” disclosed to employer

News media

Reports of the joint commission privileged from discovery

Privileged information: statements protected

Credentialing files privileged

Ordinary business documents

Confidential and Privileged: Communications (3 of 3)

Committee minutes discoverable

Peer review documents privileged

Peer review documents not privileged

Staff privileging documents discoverable

Case: Illinois

Staff credentialing documents not discoverable

Case: South Carolina

Charting: Helpful Advice (1 of 4)

Complete and pertinent entries

Timely entries

Legible entries

Clear and meaningful entries

Complete

Charting: Helpful Advice (2 of 4)

Avoid

Defensive and derogatory notes

Erasures and correction fluids

Criticism

Complaints

Tampering with the chart

Secure records pending legal action

Charting: Helpful Advice (3 of 4)

Obtain legal advice

Entries made by others must not be ignored

Patient care is a collaborative interdisciplinary team effort

Entries made by healthcare professionals provide valuable information in treating the patient

Charting: Helpful Advice (4 of 4)

Reasoning for not following the advice of a consultant should be noted in the medical record, not so as to discredit the consultant, but to show the reasoning why a consultant’s advice was not followed.

Review Questions (1 of 3)

Describe the importance of information management planning.

Describe the importance and contents of medical records.

Explain the importance of maintaining complete and accurate records.

Review Questions (2 of 3)

Discuss how the Privacy Act of 1974 & the HIPAA of 1996 safeguard a patient’s privacy.

Explain the ownership of and who can access a patient’s medical record.

Describe the advantages and disadvantages of electronic medical records.

Review Questions (3 of 3)

Describe why the medical record is important in legal proceedings.

Describe a variety of ways in which medical records have been falsified.

Explain what is meant by the medical record battleground.