Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Published byGwenda Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part."— Presentation transcript:

1 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 1

2 2 Chapter 13: Information Systems

3 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 3 Introduction Interrelationship between HIM and information technology (IT) Complex new technologies house protected health information (PHI) Legal issues related to IT and electronic health records (EHR) –Accreditation –Licensure –Liability

4 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 4 Electronic Health Records (EHR) Transformation from paper-based patient records to EHR –Improve availability and accessibility of data –Space saving –Increasing demands from external forces Regulatory agencies Accrediting organizations Insurance companies –Government efforts in health care reform –Avoid mistakes, reduce costs, improve care

5 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 5 Legal Health Record The legal business record generated at or for a health care organization Patient’s paper file contains more than health record: –Correspondence –Requests for release of information EHR may be similarly complex –Master patient indexes –Practice guidelines and prompts –Not part of patient health record Only legal health record is to be produced

6 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 6 Legal Health Record Focus of EHR should be –Documentation of delivery of health services Health care providers must define what will be included in EHR: –Subsets included vary with practice setting –Contain patient-specific data and documentation generated by provider –Memorialize patient care delivered Administrative data not part of legal EHR –Audit trails –Statistical reports

7 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 7 Legal EHR: Accreditation and Licensure Issues Currently govern how transition to EHR will take place –Licensing authorities authorize provider practice in a state –Accreditation agencies set standards for provider compliance Federal government has not completed efforts to regulate transition process –Has established a definition of EHR in the ARRA

8 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 8 Legal EHR: Accreditation and Licensure Issue ARRA definition: –EHR is created, gathered, managed, and consulted by authorized health care clinicians and staff –Includes demographic and clinical information –May provide clinical support, physician order entry, and capture/query relevant to quality –Used to exchange and integrate electronic health information with other sources

9 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 9 Legal EHR: Accreditation and Licensure Issue Core functions of EHR described by IOM –Health information and data –Results management –Effective communications –Clinical decision support –Order entry and management –Patient support –Reporting and population health management –Administrative processes

10 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 10 Legal EHR Issues: Creation and Storage Issue: does state law allow the storage of health information in electronic medium? –Some states expressly authorize Permission to keep records in electronic form may be established in statute or administrative law –Other states are silent on the issue of EHR Permit “usable” or “acceptable” form –State laws may seemingly prohibit EHR Expressly require certain media: original file or microfilm HIM must check with licensing authority to understand interpretation of state law

11 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 11 Legal EHR Issues: Authentication All entries in patient record must be authored and authenticated Technology present in EHR helpful –Electronic signatures or computer-generated signature codes for authentication Impact of statutes/regulations on acceptability of electronic signatures: –If expressly authorized, electronic signatures are clearly permitted –If require physician signature: must look to licensing agency’s current interpretation to determine effect

12 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 12 Legal EHR Issues: Authentication Electronic Signatures in Global and National Commerce Act of 2001 (E-SIGN) –Federal law dealing with interstate and foreign commerce –Electronic signatures may not act as legal bar to contracts of other records Accrediting organizations –Medicare Conditions of Participation and Joint Commission –Expressly recognize authentication by computer methods –Must use software that creates signature unique to author

13 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 13 Legal EHR Issues: Liability Issues Two categories of concern 1.Admissibility issues Where EHR serves as proof in lawsuit involving quality of care Focus rests on whether EHR may be admitted into evidence 2.Safety and security of EHR Where unauthorized access to or careless handling of patient information creates liability Focus on related legal requirements

14 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 14 Liability Issues: Admissible Evidence Issue of admissibility: whenever EHR will be used in lawsuit to prove or disprove a fact Court determines whether use as evidence is proper –Hearsay Rule may exclude: Out of court statement offered to prove truth of matter –Business Record Exception may enable use Record was kept in ordinary course of business At or near the time event was recorded By person with first-hand knowledge Custodian of records testifies about record keeping

15 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 15 Liability Issues: Admissible Evidence Health information manager may testify –Under the business records exception To the foundation, trustworthiness, and accuracy of the record –Explain paper-based and electronic system How is data recorded and who makes entries Describe hardware, software, and quality control Access to system and making corrections –Explain computer printout of EHR Reliability of software and process for creation

16 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 16 Liability Issues: Security Regulate access and ensure preservation of data Health information concerns –Interruption or discontinuation of telemedicine session –Unauthorized access to patient record –Destruction of patient information –Privacy violations, breach of confidentiality

17 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 17 Liability Issues: Security IT security measures –Authentication: ensuring people are who they say they are –Permission: level of access given –Encryption: mechanism to prevent third parties from eavesdropping –Damage prevention: preventing malicious attempts to damage or destroy data –Disaster recovery: plans to resume operations in the event of a problem

18 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 18 Liability Issues: Security Duty of health care providers to safeguard patient information –JC, CMS, state law, and HIPAA require –Codes of ethics address –Breach of duty may result in liability claims: Breach of confidentiality Invasion of privacy Defamation Negligence

19 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 19 Liability Issues: Security Physical security: protections from the environment Temperature and humidity Power surges and failure protection Fire alarms and fireproof location Rules limiting access to terminals and storage Locked cabinets to prevent theft Maintenance requirements and logs maintained

20 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 20 Liability Issues: Security Personnel security: human aspects –Reference checks associated with hiring –Criminal background checks –History of security problems or computer hacking –Education on confidentiality policies –Expectations for proper computer access –Limited access to information –Signed acknowledgement of receipt of education –Disciplinary action for violation of policy

21 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 21 Liability Issues: Security Risk prevention techniques –Protect integrity and confidentiality of data –Restrict access –Determine who has access and what purpose –Computer passwords, keycards, IDs –Restrict copying functions –Security mechanisms in contracts with vendors –Confidentiality agreements within networks –Address potential for computer sabotage –Safeguard use of laptops and PDAs

22 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 22 Liability Issues: Security Obligation of third parties to safeguard PHI –HIPAA and ARRA address –Any contract with business associates includes Confidential nature of data Mechanisms to be used to safeguard data Indemnification if improper disclosure Safeguard portable computers Establish confidentiality agreements with network participants Prevent computer sabotage

23 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 23 Liability Issues: HIPAA Security Rule Establishes safeguards that –Protect confidentiality of data: only authorized persons may see –Ensure data integrity: protect from unauthorized creation, modification, deletion –Allow data to be available when needed 18 security standards –Specify use of integrity controls –Encryption technology for transmission of PHI –Information access techniques –Permission levels –Access controls

24 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 24 Liability Issues: HIPAA Security Rule Administrative safeguards –Manage the development, implementation, and maintenance of security measures to protect PHI Through actions, policies, and procedures Focus on prevention, detection, containment, and correction Risk analysis of security practices must be done Identify how PHI is accessed and vulnerabilities Monitor users, protect PHI from viruses, change passwords, create contingency plans

25 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 25 Liability Issues: HIPAA Security Rule Physical safeguards –Protect electronic information systems and related buildings and equipment –Focus on systems, facilities, and equipment –Restrict individual access to facilities housing information systems –Establish access levels to physical space based on person's role or function –Establish disposal policies and procedures for tapes, storage devices, and other equipment

26 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 26 Liability Issues: HIPAA Security Rule Technical safeguards –Employ technological solutions to secure electronic PHI –Focus on technology to limit unauthorized access and ensure data integrity –Employ encryption technology with email –Examine activities on computer network –Assign unique identifiers to end users to track their system use

27 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 27 Liability Issues: HIPAA Security Rule Training requirements –Educational program on computer security basics for all staff Managers, employees Agents, contractors, and maintenance personnel –Covered entity must maintain documentation That training provided Of periodic review, validation, updates to program Requires information security policies –Define framework for program –Who, what, where, when, and how of info security

28 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 28 Liability Issues: HIPAA Security Rule Relationship with HIPAA Privacy Rule –Different approaches to serve same goal: protect PHI –Privacy rule provides patients more control over PHI –Security rule focuses on technical requirements –Both assign responsibility for compliance to an individual within the covered entity Security officer Privacy officer

29 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 29 Electronic Health Issues: Internet Research/learning regarding health care –Health care providers use Internet to information related to improvement of care E-health organizations –Collect and display identifiable information –Patients participate as e-consumers –Safeguards to protect PHI must be in place –Statutes, rules, and regulations apply

30 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 30 Electronic Health Issues: Electronic Mail Popularity of email continues to grow Health care field has incorporated its use into many business practices Never a private form of communication –May be collected, stored, and reviewed Laws and regulations on privacy of health information apply (HIPAA, Medicare, JC) Plan for security measures –Address patient confidentiality –Instructions on permissible content and sensitivity –Encryption algorithms

31 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 31 Electronic Health Issues: Digital Imaging Scanning paper documents to electronic storage Multiple advantages for health care Image becomes available to multiple users Becomes viewable through server or browser State laws may address storage, confidentiality, retention, and/or security of PHI

32 © 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 32 Electronic Health Issues: Telemedicine Using electronic communication and IT to provide care from a distance Remote areas with limited access to care –Connect patients with providers –Allow diagnosis, treatment, monitoring of patients Many unsolved legal issues arise regarding –Licensure of provider when patient in another state –Creation of physician and patient relationship –Liability for technical failures –Which state’s law applies

Download ppt "© 2010 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part."

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Privacy, Confidentiality, and Security M8120 Fall 2001.

Privacy, Confidentiality, and Security M8120 Fall 2001.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Similar presentations

Ads by Google