Health Information: how it's used
often used as evidence in legal cases in which conflict arises and is sought through the court system
Health information primary use
Its primary use is for clinical care; however, secondary uses are numerous: public health reporting, population health studies, third-party reimbursement, and patient safety and quality improvement initiatives
American Health Information management association (AHIMA)
States that a health record "comprises individually identifiable data, in any medium, that are collected, processed, stored, displayed, and used by healthcare professionals
Core to the profession's Code of Ethics are
Tenets I, III and IV that specifically address the privacy and confidentiality of health information and records
Consumer health information bill of rights
Complements the Code of ethics for tenets I, III and IV
Created the bill for the purpose of educating healthcare consumers about the protections and safeguards related to their personal health info
The consumer health information bill of rights validates:
Every person's right to lawful access of their personal health information
Prevent unauthorized access
Ensure accuracy
Expect appropriate remedy when these privileges those responsible for managing health info additional knowledge for ethical decision mak
AHIMA code of ethics
Contains 11 key principles providing guidance for examining ethical issues related to complex work situations such as pressure to upcode, underreporting delinquent records, and denying professional development
American Medial Associates (AMA)
Has upheld the preservation of patient confidentiality through its 'Code of Medical Ethics'
Principle IV of the AMA medical code of ethics states:
A physician shall respect the rights of patients, colleagues, and other health professionals, and shall safeguard patient confidences and privacy within the constraints of the law
AMA Code of Medical Ethics also offers Opinion 5.07 on the confidentiality of computerized medical records, the opinion provides guidelines to:
Assist physicians and computer service organizations in maintaining the confidentiality of information in medical records when that info is stored in computerized data bases
American Medical Informatics Association (AMIA)
Supports the transformation of healthcare through science, education, research and practice in biomedical and health informatics
Members of AMIA are asked to uphold
Code of professional ethical conduct which specifically addresses the use of patient info in its first ethical guideline
The Code also offers ethical guidance as related to patients, employers, colleagues, society, research and general performance
AMIA related task force was appointed to provided recommendations related to:
Contract language, education and ethics, user groups, best practices, marketing and regulation and oversight of the industry
AMIA has recently tackled ethical issues surrounding:
Vendor-user contracts as related to the proliferation of EHRs systems, associated devices, and health-related software applications
American Recovery and Reinvestment Act of 2009 (ARRA)
commonly referred to as The Stimulus or The Recovery Act, was a stimulus package enacted by the 111th United States Congress in February 2009 and signed into law on February 17, 2009, by President Barack Obama.
To respond to the Great Recession, the prima
American Society for Testing and Materials (ASTM)
An international standards organization that develops and publishes voluntary consensus technical standards for a wide range of materials, products, systems, and services. Some 12,575 ASTM voluntary consensus standards operate globally.
Four ethical principals that provide healthcare professionals with a framework for decision making that at times may involve conflicting principles
Autonomy
Beneficence
Nonmaleficence
Justice
How the four ethical principles can be applied if a HIM professional must decide whether to release patient information:
1. Autonomy would require the HIM prof to ensure that the patient, and not a spouse or third party, makes the decision regarding access to his or her health info
2. Beneficence would require the HIM ensure info is released only to ppl who need it to do so
Ethical ideal of 4 principles
To uphold laws while demonstrating the moral values and ethical principles defined by one's prof code of ethics
Autonomy
Recognizing the right of a person to make one's own decision
Beneficence
Doing good, promoting the health and welfare of others, demonstrating kindness, showing compassion, and helping others
Business record
Whether a health record is paper, hybrid, an EMR or EHR, it is the legal business record of an org or healthcare provider
Used for business, legal, and compliance purposes
Serves as evidence in lawsuits or other legal actions
Code of ethics (or code of ethical practice)
Reflects the values and principles defined by a profession as acceptable behavior within a practice setting
Represents the guiding principles by which a profession governs the conduct of its members
Code of ethics are used as a benchmark for:
What constitutes acceptable practice in malpractice, negligence, or other litigious situations
Code of ethics are dynamic in that they:
Change as societal and practice expectations change
Confidentiality
Results from sharing private thoughts with someone else in confidence
ASTM defines as "status accorded to data or information indicating that it is sensitive for some reason, and therefore it needs to be protected against theft, disclosure, or improper us
Custodian of health records
Associated with the ownership of health records
The custodian is the individual who has been designated as having responsibility for the operational functions related to the development and maintenance of records
Includes the care, custody, control, and p
Data security
Result of effective data protection measures
Sum of measures that safeguard data and computer programs from undesired occurrences and exposure to accidental or intentional access or disclosure to unauthorized persons, alteration, unauthorized copying, los
The location from which requesters of health information receive information
In most healthcare orgs, the health information management (HIM) dept
Traditionally the legal custodian of health records
Director of the HIM department or designee
Must be able to explain the procedures for compiling and maintaining patient information and records
Must be able to validate the integrity of the information requested
An official custodian of health records is authorized to:
Certiify through affidavit or testimony, the normal business practices used to create and maintain the record
Supervises the inspection and copying or duplication of records and can be called to testify as to the authenticity of the record
Designated record set
A group of records maintained by or for a covered entity encompassing medical records and billing records about individuals and enrollment, payment, claims adjudication, and case or medical managment record systems maintainted by or for a health plan use,
Electronic health record
If the health record is completely electronic, it is called an EHR - electronic health record (can be used interchangeably with electronic medical record)
Electronic medical record
Term used interchangeably with Electronic health record
Ethics
Standards of behavior that develop as result of one's concept of right or wrong
Functions with a set of rules of conduct that stem from moral values formed through the influence of family, culture, religion, and society
Professional ethics are applied eth
Law and ethics taken together
Enable the healthcare professional to offer compassionate, competent practice while avoiding legal issues surrounding the delivery, financing, and reimbursement of healthcare
Four ethical principles exist to assist healthcare professionals in addressing healthcare-related dilemmas:
Autonomy
Beneficence
Nonmaleficence
Justice
Ethical principles
Set of 4 principles to assist healthcare professionals in addressing healthcare related dilemas
Health Information exchange, to help alleviate legal barriers and facilitate adoption of EHRs and HIEs
The National alliance for health info tech (NAHIT) sponsored by the Office of the National Coordinator for HIT (ONC) developed consensus-based definitions related to key HIT terms
NAHIT and ONC developed:
Consensus-based definitions related to key HIT terms
NAHIT's definitions for an EHR:
Electronic health record - a record of health-related info on an individual that conforms to nationally recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff across more than one healthcar
NAHIT's definitions for an EMR:
Electronic medical record - and electronic record of health-related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within one healthcare organization
Key difference in definitions of EMR vs. EHR:
EMR is considered an electronic record housed within an org whereas an EHR is thought to contain data or info across more than one org
Health information management (HIM) or informatics professionals
Individuals responsible for protecting the privacy and security of health information within a healthcare org
The discipline of HIM focuses on:
The process and systems for managing health information and records required to deliver quality healthcare to the public
HIIM professionals have responsibility for upholding federal and state laws regarding practices related to:
Documentation, reimbursement, quality of care, employee and overall privacy, confidentiality, and security of health information
Health information refers to
The data generated and collected as a result of delivering care to a patient
It is collected from multiple sources and used for a variety of purposes
Any info, whether oral or recorded in any form or medium that: 1. Is created or received by a health care
Factors dependent on what health information is documented:
State or jurisdiction of healthcare provider, accrediting or licensing body requirements, type of healthcare provider (hospital, clinic, etc.), and services rendered for the episode of care
Episode of care information generated comprises a patient's:
Health record or record of care
Health information technology is used to:
Decrease healthcare costs and improve the quality and safety of healthcare
A health record may also be known as:
Medical record, patient record, client record, inpatient record, outpatient record or clinic record
Main focus of HIT:
Moving from paper to electronic health records and health information exchanges that enable sharing of information with multiple parties and across multiple boundaries to address healthcare cost, quality, access, and safety issues
Agency for Healthcare Research and Quality (AHRQ)
Funded the Health information privacy and security collaboration, which brought together 34 states to provide guidance in organization-level business practices, policies, and state laws that affect electronic exchange of health information
Reports resulting in the collaboration of Health information privacy and security collaboration:
Health information security and privacy collaboration toolkit (AHRQ 2011)
Health information technology for economic and clinical health act (HITECH)
2009: HITECH of the American Recovery and Reinvestment Act of 2009 (ARRA) was passed to further promote the creation of a national healthcare infrastructure through adoption and meaningful use of EHR systems among healthcare providers and the sharing of h
What does HITECH do for HIT?
Widens the scope of privacy and security protections under HIPAA to include companies previously untouched by HIPAA
Provides for more enforcement of the rule
Increases potential legal liability for noncompliance
Department of health and human services (HHS) is charged with:
The promulgation of regulations to implement the HITECH legislation
HIPAA and HITECH are two of more than 50:
Federal laws and regulations addressing privacy, confidentiality, and security protections
Health insurance portability and accountability act of 1996 (HIPAA)
originally enacted protect patient info as a result of increasing use of information technology in healthcare
Specific HIPAA privacy rules went into effect in 2002, followed by security rules in 2003
Health record
Individually identifiable data, in any medium, that are collected, processed, stored, and displayed, and used by health care professionals; documents the care rendered to the patient and that patient's healthcare status
Hybrid health record
Refers to a record that consists of both paper and electronic records and media (film, video, or imaging) and uses both manual and electronic processes
The hybrid health record is usually composed of:
Electronically stored info from numerous administrative systems, along with paper documents
It may be handwritten, direct voice entry captured in a word processing system, from a provider wireless devices such as handheld personal computers, or any combin
Information governance
Part of stewardship
Refers to the strategic management of enterprise electronic information including the standards, policies, and procedures for access, use, and control of that information
The joint commission
Predominant accrediting body and standards-setting organization in healthcare
An independent, non-profit org that administers accreditation programs for hospitals and related health orgs
Defines privacy as "right to limit the disclosure of personal inform
Integrity of data
assurance that the data has not been modified without authorization or corrupted, either maliciously or accidentally (the Joint Commission 2010)
Justice
Obligation to be fair in the distribution of benefits and risk
Law represents:
A set of governing rules designed to protect citizens living in a civilized society
Law establishes:
Order, provides parameters for conduct, defines the rights and obligations of the govt and its citizens
Law types:
Law is divided into two types: Public and private
Types of law do what?
Collectively define, regulate, and enforce rights and duties among people and businesses
Laws regarding health care:
Regulate how healthcare is delivered, financed, and reimbursed
Nonmaleficence
Doing no harm
Ownership of the health record has:
Traditionally been granted to the healthcare provider who generates the record
State and fed laws have long upheld the right of the patient to control the information within the records
Ownership and HIPAA privacy rule
Grants a patient the right to access, view, copy, or amend his or her record
Providers own the physical record - such ownership does not permit providers to share or sell patient-identifiable medial information as they wish
Personal health record
(PHR) NAHIT defines as an electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared, and controlled by the ind
Privileged communication
Delineated by state law
Information shared between two parties such as attorney and client
Can be traced back to fourth century BC Hippocrates (considered the father of medicine), required Greek physicians to take the Hippocratic Oath
Privacy
Means the right to be let alone
Definition by the American society for testing and materials (ASTM) states: the right of the person to be let alone and protected against physical or psychological invasion or misuse of their property
The definition of privacy includes the freedom from:
Intrusion or observation into one's private affairs, the right to maintain control over certain personal information, and the freedom to act without outside interference
Privacy and the US constitution:
Does not expressly grant the right of privacy, it does provide safe-guards against govt intrusion
Courts have interpreted the constitution to give privacy rights with respect to religious beliefs, unreasonable searches, marriage, and child-rearing
Security
Related to privacy and confidentiality in that it pertains to the physical and electronic protection of information that preserves these concepts
The joint commission's defn of security reflects all administrative, physical, and technical safeguards to pr
ASTM E Health Informatics subcommittee defines security from two perspectives:
Security related to data and security related to systems
Steward
The role of health record steward requires leadership, responsibility, and governance to ensure the consistent application of and compliance with organizational record-keeping policies across the distributed information systems that compromise the health
Stewardship
Similar to the role of custodian
Goes beyond physical record to include "responsibilities for ensuring integrity (accuracy, completeness, timeliness) and security (protection of privacy as well as from tampering, loss or destruction) within the context of
System Security
Totality of safeguards including hardware, software, personnel policies, information practice policies, disaster preparedness, and oversight of these components
Security protects both the system and the information contained within from unauthorized acces
US Code on Information Security defines information security as:
Protection info and info systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide: Integrity, Confidentiality and Availability