Objectives:
Analyze the court's role in healthcare (HC) information and litigation
Examine patient's (px) medical record requirements and common issues
Summarize the common-law basis for confidentiality
Apply privacy rules (PR) to px information
Describe OSHA's safety rules
Identify special types of health information
Recognize special rules and social-policy issues of HIV px's
Evaluate risk management's effect on quality and electronic medical records
Diapositiva 2
Health Information and the Courts
Medical Record - document that includes a px's history, condition, diagnostic, and therapeutic treatment and the result of the treatment
as patient's history - contains medical history, report and medication, and details for overall care
as legal evidence
documentary evidence - paper or documents such as medical record
testimonial evidence - witness statements
real evidence - tangible things e.g scalpel
demonstrative evidence - help illustrate a testimony e.g charts, x-ray, recording, or model
Admissibility of Evidence
Relevance evidence - if it tends to prove/disprove an issue significant to the case
Competent evidence - the evidence the court should accept as proof
Hearsay - secondhand evidence in w/c witnesses aren't telling what they know personally rather what others have said to them
Exception Requirements:
there were evidence that records were made during business hours at/near the time and by a person w/knowledge of the info
record must be accurate and trustworthy -- may require additional testimony
Diapositiva 3
Doctor-Patient Privilege - a relationship in w/c px's medical history, conditions, and related information cannot be made known without the px's permission; obligation of physicians not to testify about statements made to them by their px
Court order - used when releasing the information; w/o this order, statutes or regulations would be violated; valid court orders identifies:
court issuing the order
parties to the case
case number
limitations on disclosure
signed by judge
Subpoena - a command issued by the court
subpoena ad testificandum - witness is ordered to appear and give testimony
subpoena duces tecum - witness is ordered to produce documents or things
Precautions in answering a subpoena:
if it requires written consent from the px
if the info requested involves treatment for substance abuse, mental health, AIDS, or other special types of info having additional confidentiality requirement
refer to counsel for advice on how to respond to questionable requests
Diapositiva 4
Health Information Manager should:
Justify the refusal to release
File a motion to quash the subpoena (an objection to disclosure of information
Diapositiva 5
Creating and Maintaining Medical Records
Clinical Uses:
repository use in diagnosing and treating medical problems
way to exchange info about px's
to monitor performance and quality
Nonclinical Uses:
info for 3rd parties who have financial interests in px's medical condition: insurance companies, employers deciding if px is disabled
scientific studies
potential commercial use of info (pharmaceuticals)
evidence for legal disputes
Author of the medical record = the medical provider who has created the data that appear in the record
Authentication - confirmation of the content of an entry in a medical record; performed by the person who created the data
Requirement - essential to establish the business records hearsay exception (record is created by the person w/firsthand knowledge of the record
Diapositiva 6
HC providers who make entries in a medical record must do so at the time that the events occur
late entries raise questions about reliability and accuracy
Incomplete records pose danger to the px
The person who made an error should also make the correction
single line through the error (must still readable), write "error" next to it, and initials of the person making the correction (the one who inputted the error)
in electronic data, "addendum" are generally inserted
Medicare regulations require that providers retain record for a period equal to the applicable statute of limitations
5 yrs for state without relevant statute (Medicare)
should be kept indefinitely or at least for 7-10 yrs after date of last treatment
minors need to reach age of majority (when person becomes an adult)
Patients have the rights to have errors corrected in their medical record
If HC worker disagrees with the correction:
px entitled to written notice of the doctor's decision
px also have the right to have included in the record a note on the px's disagreement with what appears there
HC provider's failure to comply = px can sue and recover damages, atty fees, and costs
Abstract - summary of essential points
Certificate of destruction - document that records were properly destroyed in the ordinary course of business
Freeing Storage Space:
Notify licensing authorities of intent to destroy
Compile abstract
Create dated certificate of destruction
Destroy/shred/burn
Diapositiva 7
Confidentiality and Govt. Medical Records
Hippocratic Oath - ethical practice of medicine, is an oath traditionally taken by physician
Duty to maintain confidentiality - physicians may not disclose any medical information revealed by px or discovered in connection with the treatment of the px
AMA's Code of Medical Ethics - info disclosed to a physician during the course of doctor-patient relationship is confidential to the utmost degree allowing the px to feel free to make a full and frank disclosure of the info to the physician knowing that he/she will protect the confidential nature of the info disclosed
Legal basis of confidentiality = right of privacy derived from Constitution, statutes, and common law
All 50 states have some form of doctor-patient privilege
Informed Consent - process of communication b/w a doctor explaining the factors involved in a recommended medical process resulting to patient's authorization/agreement to undergo the process
Substituted Consent - an authorized person makes the decision for the person who is unable to do so
Diapositiva 8
Freedom of Information Act (FOIA) - a fed law intended to provide access to govt. records and also creating exceptions to safeguard medical info
Open Record Statutes - create exception for medical info thereby protect the privacy of health info in the hands of state agencies
Privacy Act of 1974 - fed law prohibiting disclosure of certain medical information by govt. agencies without consent; requires govt. to keep records of disclosure of info
Diapositiva 9
Disclosure of Health Information
Health Insurance Portability and Accountability Act (HIPAA) of 1996 - streamline the processing of HC claims, increase productivity, cut administrative costs, and reduce paperwork by submitting claims electronically
Healthcare providers own medical record because they made it
HIPAA regulations apply to individuals and covered entities - org that handles protected health info in any capacity:
Healthcare providers
Health plans - provide or pay the cost of medical care
Healthcare Clearinghouse - process or facilitates the processing of health information
HIPAA PR requires the px's be given a notice of use and disclosure of patient-specific information
Patient Information Privacy - info concerning a px's health, provision of care, and payment for HC is protected under privacy rule
Protected Health Information (PHI) - includes any identifiable health information
Identifiable Information - data about a specific person
De-identifiable Information -information stripped of data that may identify an individual (not covered by PR)
Limited Data Set - middle ground b/w identifiable and de-identifiable information;
Diapositiva 10
Treatment - the provision, coordination, or management of HC and related services by one or more HC providers including the coordination or management of HC by a HC provider w/a 3rd party
Payment - activities of HC providers to obtain payment or be reimbursed for their services and the activities of a health plan to obtain premiums, to fulfill, their coverage responsibilities and provide benefits, under the plan, and to obtain or provide reimbursement for the provision of HC
Healthcare Operations - certain administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment
Privacy Rule provides special notes regarding psychotherapy notes that limit use or disclosure without consent
To meet the requirement of other laws, regulations, and court orders, including but not limited to worker's compensation laws, disclosure of PHI is permitted
The minimum necessary standard , a key protection of the HIPAA PR, is derived from confidentiality codes and practices in common use today
When there are issues with minors and parent representative, the subject matter falls on the hand of the physician if the state is silent
Public Health Authorities - agency of the US govt. ; covered entities are:
state
territory
political subdivision
Native American tribe
Entity acting under authority
Diapositiva 11
OSHA Safety Rules
Occupational Safety and Health Administration (OSHA) - created by Congress, it is the entity responsible for enforcing safety rules in the workplace; under the Occupational Safety and Health Act of 1970
NOT COVERED: self-employed, farmer working under immediate family member, hazard in workplace covered by other federal agencies
Whistleblower - employee who informs OSHA of illegal activity (statutes may be 30, 60, 180 days)
Diapositiva 12
Adoption
HIV
Substance abuse
Mental Health
Genetic Information
Non-identifying information - descriptive details about an adopted person and about the adopted person's relatives; provided to adoptive parents at the time of adoption
All 50 states and American Samoa have provisions that allow access to non-identifying info by an adoptive parent/guardian of adopted person who is still a minor
Nearly every state allows adoptive person to have access to non-identifying information about birth relatives, generally upon written request (must be at least 18 yo)
Mutual Consent Registry - system whereby individuals directly involved in adoptions can indicate their willingness/unwillingness to have their identifying info disclosed
Affidavit - written document in w/c the signer swears under oath before an authorized person that the statement in the document are true
Special Types of Health Information
Diapositiva 13
Search-and-consent procedures authorize a public/private agency to assist a party in locating birth family members to determine if they consent to the release of information
Confidential Intermediary System - search-and-consent procedure wherein a person is certified by the court as a confidential intermediary, w/c allows him/her to have access to sealed adoption records to search for the birth family to obtain consent for contact
Substance abuse - refer to excessive use of alcohol/drugs
Federal Law Important for Substance Abuse Information
Drug Abuse Prevention, Treatment, and Rehabilitation Act
Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment, and Rehabilitation Act of 1970
Patients with substance abuse problems must be given notice of federal confidentiality requirement upon shortly after, being admitted
Treatment Program - can include general medical care facilities if it includes an identified unit of diagnosis, treatment, or referral or if it employs medical staff whose primary duty is to provide such services
Notice of prohibiting redisclosure must accompany any release of substance abuse information
There may be both official record (with legal requirements) and personal record (with therapist's notes, etc.)
Each patient must receive a psychiatric evaluation that must be completed within 60hrs of admission
Diapositiva 14
Genetic Information Nondiscrimination Act (GINA) 2008 - prohibits health insurance and employment discrimination based on genetic infomation
Exceptions when info is required to:
compliance with medical and family leave laws
monitoring biological effects of toxic substances in the workplace
genetic analysisis for law enforcement
Protection does not apply to disability or life insurance
Human immunodeficiency Virus (HIV) - suppresses indivudual's immune systems making them more vulnerable to other diseases
Center for Disease Control and Prevention (CDC) - seves as the national focus for developing and applying disease prevention and control, environmental health and education activities designed to improve the health of the people of US
HIV Transmission
High-risk sexual contact
Intravenous drug use
Mother to child around the time of birth
Blood transfusion and other unknown causes
Blood tests are the most common method of testing for HIV
Enzyme Immunoassay - most common screening test used to look for HIV antibodies
Rapid HIV tests can give result in about 20 mins
Diapositiva 15
Consumer-controlled test kits - home test kits licensed in 1997; collecting fluid samples (blood)
Generally, state or federal law may require:
written consent
pretest counseling
disclosure of the results and disclosure for additional testing, etc.
reporting of positive test results to appropriate public health authorities
CDC has recommended routine HIV testing for all Americans between the age 13-64 as a regular part of their healthcare
Statutes or court orders may order mandatory testing for certain classes of people e.g prisoners, individuals convicted of sex crimes
In certain defined situations mandatory HIV testing can be applied to workers such as it will affect the working environment of the positive individual; employers need to have to show bona fide job related reason for testing
In some states HIV and AIDS are classified as disabilities; under Americans with Disabilities Act or similar state law, employers may be requited to provide reasonable accommodations for employees with HIV/AIDS
Privacy protections do not prohibit healthcare providers from reporting positive HIV results to public health authorities
Diapositiva 16
Risk management - identifies areas of risk to medical service providers for reducing liability exposure
Joint Commission on Accreditation of Healthcare Organization (JCAHO) - requires hospitals to implement risk management programs
Loss Prevention - identify those activities, problems, and situations that may result in potential liability for the hospital, its employees, physicians, and even other healthcare providers
Identifying situations of potential risks before its manifestation is more important because costs of preventing problem is usually less than the cost of damage from the problem
Loss reduction - steps taken after an event or incident occurs; effective when it attempts to minimize the impact of incidents by identifying and responding to the problem quicky
Risk Management Concerns:
Confidentiality must not be compromised
Easy access for treatment is necessary
Records secured from alteration or destruction
Records must be retained for a period no less than the statute of limitation or otherwise required by the law
Privacy official - responsible for developing and implementing privacy policies and procedures
Risk, Quality, and E-Record Management
Diapositiva 17
Administrative safeguards - example: specifying only certain persons may pull medical files or medical files not in use must be filed immediately
Technical Safeguards - example: use of password to access medical info stored electronically
Physical Safeguards - example: locking the room in which the medical records are stored
HIPAA also required that healthcare facilities keep ff. information for 6 years:
records of privacy policy practices and procedures
facility's privacy practices notices
disposition of complaint records about compliance with the final privacy rule
other similar types of info
Incident Report - a form of proper documentation that risk managers must do to document adverse incidents that occur during the treatment of a patient
Incident - anything that happens outside the norm that harms or could harm a person/property
Purpose of Incident Report:
Risk management
Quality control
Diapositiva 18
Typically, information that should be included are:
description of the incident (with time and location)
identification of the parties involved
observations
steps taken in response to the incident
Method to be taken as response to discovery by a plaintiff:
Attorney-Client Privilege - most likely to be protected by this privilege if it's given only to the attorney representing the healthcare provider
Work Product Doctrine - documents created for the purpose of pending litigation are protected from discovery
Policy to ensure that the Attorney-Client privilege applies may include:
specifying the content of the report
labeling the report "confidential"
addressing the report to the hospital's attorney
limiting disclosure of the report to persons other than the attorney
not including incident report as part of any medical record
Quality Management - controlled by peer review committees (HC professionals monitoring quality of HC services); auditing and reviewing
Diapositiva 19
National Practioner Data Bank (NPDB) - contains medical malpractice payment and adverse action reports on health care professionals
Adverse actions - suspension or removal of licensure, clinical privileges, professional society membership, and exclusion from Medicare and Medicaid
Entities that make medical malpractice payment for the benefit of the healthcare practitioner must report certain payment information to NPDB
Anyone paying medical malpractice who fails to report in accordance to the Health Care Quality Improvement Act (1986) is subject to civil money penalty of $11,000.00
Query - a request for information submitted to the NPDB by an eligible entity or authorized agent
National Standards for Electronic Healthcare Transactions - created by HIPAA; makes electronic data interchange (EDI) the preferred alternative to paper processing
Biometric - technology that identifies people through bodily characteristics such as fingerprints, retinal patterns, voice patterns
Biometric identification - can be used to identify a patient and simply secure access to records
Business record exception - when the record was made during ordinary course of business, at or near the time the event occurred, made by a medical record custodian or person with knowledge of the information I nteh record
Diapositiva 20
Medical Records Custodian needs to know:
Hardware and software of the system
features that make data secure and reliable
method of data entry and authentication
process to verify trustworthiness of the paper version of the data
Ways to reduce security breaches:
using good password and changing it frequently
using biometrics instead of password
creating different levels of access based on the need to know
training employees in safe practices
installing appropriate software against hacking, spyware, viruses, etc.
backing up files
stopping data in accordance to HIPAA rules
Medical Licensure Issues (Electronic Medical Care)
Physicians need license in the state where the patient lives or where the physical care is being given
physicians need to obtain full medical license or both telemedicine license and teleradiology license