54 terms

FOL HIIM 1-10 case discussions & 1-5 quiz

STUDY
PLAY

Terms in this set (...)

Chapter 1 & 2
1. What is meant by law?
It's a set of rules made up by a governing body. They are needed to protect the citizens and sets down parameters that both citizens and government must abide to.
2. What is health information and why is it important to protect?
Health information is the data that is collected on a patient by a physician. It is important to protect their information because the patient has legal rights in regards to their information and how it is used.
3. How are health records maintained and what term is used to define when a record is half paper and half electronic?
Health records can be maintained either electronically or one paper or even a combination of both. Hybrid health records is the term used for records that are maintained both electronically and on paper.
4. What is the difference between an electronic medical record and electronic health record?
An EMR is a patient's health record that is kept within one healthcare organization where an EHR can be shared among many healthcare organizations. Also EHR conforms to nationally recognized standards that makes it readily sharable.
5. What recent federal laws offer protection related to patient information? HIPPA
HIPPA
6. Why are privacy and confidentiality of patient information so important?
It is important because there are laws that protect this information and hefty fines for health organizations that do not follow the laws. Also a patient may not be honest with a physician if he feels his information will not be kept both private and confidential.
7. What is the difference between privacy and confidentiality?
In Healthcare, confidentiality is sharing private thoughts with their Doctor and expecting it to protected and not shared without their consent. It is covered under the ASTM E 31 subcommittee on Health Informatics. Privacy is a legal right to expect privacy and is covered under The Joint Commission standards for health information.
8. How is security related to privacy and confidentiality?
8. How is security related to privacy and confidentiality?
It is related by requiring the protection health information both electronically and physically.
9. Who owns the patient health record and who controls the use of the information within the record?
The healthcare organization owns and is responsible for the information within the health record. A patient also has the right to control his or her own record and has a say in how can access the information and can view and add to their record if they want.
10. Describe the role of the custodian of health records and who serves in this role? How does this role differ from the role of data or information steward?
The custodian of the health records would be someone designated as being responsible for the operational functions of maintaining and developing the records. They also would be the person who would certify or testify in regards to theirs organization health records.
11. What is the relationship between law and ethics?
They are closely related and can influence the treatment of a patient while avoiding any legal issues that may arise.
12. What four ethical principles provide healthcare professionals with a framework for making ethical decision making? Can you give an example of how these principles might come into play?
Autonomy, Beneficence, Nonmaleficence and Justice.

Nonmalefience (do no harm) would require a physician to not help a terminally ill patient end their life even if they personally felt it wasn't moral to watch their patient suffer.
13. How does the concept of professional codes of ethics relate to healthcare professionals performance? They act as a benchmark for how a physician should treat their patients and how a health organization manages their records.

APPLICATION EXERCISES
Case Discussion
Privacy/Confidentiality

Mary, a 20-year veteran of the HIM department began her career as a nightshift file clerk when an innovative tertiary care center built a sister facility in her community. She has long been a strong supporter of the facility where she works, sharing her enthusiasm with friends and family by telling remarkable stories about her experiences, promotions within the department, and even about some notable patients. Recently promoted to supervisor over the EMR coordinators, she is clearly proud of this latest accomplishment in her career at the facility. During a lunch break, she has a chance encounter with a longtime benefactor who happens to be a well-known entertainer. This celebrity benefactor has also been a patient at the facility. Mary is so excited about meeting this media icon that she takes his photograph with her cell phone. She then shares the photos with her coworkers, and the next day posts them on her Facebook page. When the CEO of the facility learns of this, she contacts Mary's director.
Is there an ethical violation, dilemma, or concern?
...
1. What was the intent of the AHIMA member's actions that resulted in an ethics violation being brought forward?
Her intent was to impress people with the celebrity she saw at her workplace.
2. What is the potential harm to the organization as a result of the act?
They could face legal issues and fines for her posting the photo. They also could lose the benefactors monetary support.
3. What is the status of the AHIMA member's training, education, and awareness of the AHIMA Code of Ethics?
At this point in her career, with 20 years experience working in HIM, she would have to have know of the AHIMA code of ethics.
4. What is the history of the AHIMA member's performance within the Association?
She had been telling friends and family for years confidential information regarding patients at her job.
5. What AHIMA Ethical Code has been violated?
1.2
Chapter 3 Discussion Questions
1. Discuss the differences between a subpoena and a court order.
They both require documents, tangible items or an appearance. A court order, which is issued by a judge, has more "command" than a subpoena and failure to comply can result in contempt of court. A subpoena is issued by attorneys and requires the patients consent to release information where a court order does not need consent.
2. Explain the types of questions that a custodian of a health record can answer at deposition or trial. Give examples of types of questions that should not be responded to.
They can answer as to authenticity of the record, their position or title, who is the "custodian" of the health record, how long the "custodian" has been employed, if they have possession of the record, how and when the record was prepared, whether the information was obtained in the "normal course of business".
Questions that should not be asked are ones that ask the custodians opinion, information about the treatment or a further explanation of the information. They also cannot attest to the record that came from another practice that was included with their records.
3. What steps should a health information professional take when preparing a health record in response to a subpoena duces tecum?
The following answer is taking directly from my text book:
Examine the health record for completeness & legibility.
Ensure the patients name is on each page.
Examine the record to determine if there is a basis for possible negligence action against the provider (and review with legal counsel, if necessary).
Remove material that is not reqested in the subpoena (for example, correspondence).
Number the pages.
Prepare an index of the contents
Photocopy the record and attempt to submit it in lieu of the original by authenticating the record and certifying the copy as an exact replica of the original record.
Personally deliver (never Mail) original records and obtain a receipt if originals are delivered and left with the court.
Never leave original records with anyone other than a representative of the court (that is, opposing legal counsel is not entitled to original records).
4. What is the purpose of the Federal Rules of Civil Procedure?
It specifies the duties required for responding to subpoenas. It also guides all aspects of the litigation process.
5. What may attorneys consider about potential jurors when determining who will stay on the jury and who will be excused?
They can take into consideration a potential juror views and dismiss them "for cause". With "cause" they do not have to give a reason for the dismissal. They may not dismiss them due to their race, gender, religion or ethnicity.
Chapter 4 Discussion Questions
1. Explain various types of legal cases in which health records can provide evidence.
Health records can be used to prove or disapprove malpractice.
It can be used in court to prove victims have been injured, assaulted, abused or murdered. Workers Comp, disability and custodial cases can also use health records,
2. Describe the differences between discoverability and admissibility. Why does the law distinguish between the two?
In a medical malpractice negligence case, what types of information might be discoverable but not admissible?
Discoverability covers the limitations on information that can be obtained by the attorneys that the opposing side has access to prior to a trial.
Admissibility would refer to what a judge will allow to produces as evidence at the trial. Just because an attorney has a piece of evidence doesn't mean it pertains to the trial. A judge decides whether the evidence is admissible or not. Evidences need to be relevant to be admissible but it still may not be admissible if it it misleading, confusing, redundant or unfairly prejudicial. Un authenticated health records and hearsay may be discoverable but not admissible.
3. Why was the business records exception created to allow hearsay evidence to be admitted? Do you think this legal exception is a good one? Why or why not?
It was created because parts of medical records include hearsay when the medical record was created. I personally think it is a good idea because much of a health record is observations and may include a nurse writing down what a doctor told her too.
4. Discuss six ways in which electronic records differ from paper records. How do these differences affect the evidentiary value of health records?
1.. Volume and Duplicability: it is much easier to copy, store, back up and send electronic health records. It is especially easier to protect data accidental loss.
2. Persistence: Paper records can be destroyed more easily than EHR's. they records can also be recovered electronically until a record has been written over.
3. Dynamic Changeable Content: Electronic information can be changed or added too much more easily. Corrections can be tracted.
4. Metadata: EHR's contain metadata, which included file destinations, create/edit dates, authorship, edit history and user information
5. Environment-Dependence and Obsolescence: Electronic data may become unreadable once transferred from its original environment. Software and systems need to be compatible to prevent this.
6. Dispersion and Searchability: Storing and accessing EHR's on different types of electronic equipment and even places is easy with EHR's. The search capability that the computers have can save hours on manual labor.
Chapter 7 & 8
Discussion Questions
1. Explain the differences between express and implied consent. Which type is more legally sound? Are express consents given by patients? If so, give examples.
Implied consent is consent to medical treatment that is express though something else other than words.
Written or spoken words would be considered express consent. Express consent would be better than Implied, but Informed consent would be the best since it is in writing and doesn't have to depend on remembering what exact words were agreed on.
Express consent would not be given by a patient today. A healthcare facility would require a written consent unless someone was coming into the emergency room and was not able to sign one.
APPLICATION EXERCISES
Case Discussion
Linda is the HIM director at Mercy Hospital. She is served with a subpoena duces tecum, directing her to appear at the law offices of John Jansen, Attorney at Law, for a deposition that will take place in two weeks. Mr. Jansen's office is 100 miles from Mercy Hospital.
Linda appears at Mr. Jansen's office at the appointed date and time. She was recently relieved to learn that Mercy Hospital is not a party to the lawsuit. The parents of a 15-year-old boy are suing the local school district because their son fell out of an apple tree while involved in a school-sponsored activity, and he was subsequently treated at Mercy Hospital.

A subpoena is request for information or appearance issued by a attorney or a court clerk. If you have been served with a subpoena you MUST respond. There would be legal consequences for failing to respond could be a contempt of court citation or a court order compelling her to attend a hearing. You are allowed to respond to it in writing with an 'objection". If a formal written objection was sent and the subpoena was "quashed" (dismissed) by a Judge, then no, you would not have to attend. If it wasn't "quashed" then you would have to attend.

When testifying as to the medical record they may ask how long you have been employed, who is the custodian, their position and title, that they have possession of the record and how and when it was prepared and that it was prepared in the normal course of business. If asked to read from the documentation and you are familiar with the doctor's handwriting then you may read it. But if you are not sure of the writing then you are allowed to say that you do not know what it says and clearly state that you cannot read it and decline to attempt to read it. No matter what you should also ask for guidance from your attorney before answering a question you are not sure about.
When asked a question that is outside of the ones that you know you cannot attest to, the appropriate response should be: "I don't know". It would be inappropriate of the attorney to even ask this question
...
Chapter 5 Discussion Questions
1. What are the different types of torts? Can you give an example of the types?
Intentional torts are Intentional torts that consist of battery, assault, false imprisonment, and intention infliction of emotional distress.
Negligence are unintentional torts and would be the tort use for medical malpractice, which is a wrongful act committed against a patient by a healthcare provider. Negligence also includes criminal negligence
Strict liability is a third type of tort is where a person is responsible for loss and damage because of their actions regardless of fault.
2. What is the difference between the intentional torts of battery and assault and give an example of each as related to healthcare?
Battery can be as simple as touching or flipping someone's hat off. Assault involves conduct that can be harmful or offensive to the plaintive.
If a healthcare worker touched a woman's breast while examining her in a caressing manner, it would be considered battery. While, a healthcare worker threatening to restrain a patient is considered assault'
3. What are the causes of action for improper disclosure of health information? Of these, which seem the most likely to succeed? The least likely to succeed?
They would be defamation (libel & slander), invasion of privacy, breach of confidentiality and infliction of emotional distress. I think infliction of emotion distress would be the hardest to prove. They would also have to prove that the defendant while making the disclosure, "intentionally or recklessly engaged in extreme and outrageous conduct"
4. A cause of action for the improper disclosure of health information may result from either a negligent or an intentional act. Using the elements of negligence, give an example of a negligent disclosure of health information. Using the element of intent, give an example of an intentional disclosure of health information.
Intentional disclosure of health information would be if a healthcare worker told a family member of a patient about illegal drugs found on a blood test to try to get the patients family more involved in his care.
5. What is an immunity defense in regard to tort liability and who may rely on this type of defense?
Immunity defense is extended to particular groups or a limited group of people. In the past, charities, government, states, public officers, suits between parents, spouses and children would fall under the immunity.
6. What is a statute of limitations defense? Describe the different times at which a statute of limitations may begin to run. Do you think the concept of a statute of limitations should exist?
A Statute of limitation defense would be where the time limit in order to file a claim has passed. Different torte's can have different time limitations and vary from state to state. The reasoning behind having a time limit is first to allow an injured party a reasonable amount of time to bring the claim and to have the claim settle while witnesses and evidence are "fresh".
Some of the time constrictions start from the moment the act or omission of the complaint happened. Others start when a child becomes of age or when the "act or omission" was discovered, such as finding a sponge left in after a surgery years after the statue of limitations expired. . The time limitation can be in certain cases "tolled" and the time limit changed if for instance someone dies and the estate of the decedent is the one filing a claim.

I agree with having a statue of limitations manly because everyone has the right to a speedy trial and if a claim is filed decades after the 'act or omission" then witness could have died and evidence destroyed or no longer accessible. Having the tolled exception in certain circumstances is a fair compromise on not having any time limitations.
7. How do tort and contract law differ?
Contract law is a civil law just like tor law is. They differ in that contract law covers agreements that are verbal or written and usually in the "context of business or commercial relationships", whereas tort would be negligence and intentional infliction of wrong doing.
8. What factors are thought to contribute to rising costs in health care and malpractice insurance rates and what specific tort reform measures exist to address them?
The rising cost of malpractice insurance is thought to be based on the physician's physical location along with their area of specialty. Another contributing factor would be the cost of lawsuits and the payout associated with losing a case. Additionally, the insurance companies have not made as much money in the stock markets on their investments.
Some of the ways that tort reform has addressed these increasing rates were to put caps on the amount of payouts for certain noneconomic and punitive damages. California put a limit of $250,000.00 on attorney fees and awards for pain and suffering. Some states are also changing the statue of limitations, allowing structured payments, establishing no fault systems and limiting attorney fees.
2. If you were undergoing an invasive medical procedure, what information would you want to know prior to giving (or not giving) your consent?
I would want to know as much as I could. Especially, my diagnosis, the "nature and purpose of a proposed treatment or procedure, the risks and benefits, alternatives and their risks and benefits, costs and the risks and benefits of not doing anything.
Chapter 6 Discussion Questions

1. If a CEO of a not-for-profit hospital is doing an excellent job, should she be rewarded by the governing board with a substantial pay increase? If she is, what are some of the potential legal ramifications? What if the CEO's pay has traditionally been very low, and this increase now puts her compensation in line with other similar not-for-profit hospitals?
A not-for-profit corporation is allowed to pay reasonable salaries to its members, directors and employees. They would be allowed to give her an increase, but a substantial pay increases could have legal ramifications and their status as a not-for-profit could be revoked. If this compensation was going to bring her up to the level that other CEO's in similar not-for-profit hospitals make it may be allowed if the corporate by-laws allow for a substantial increase all at once as apposed to it spread out over time.
2. A new hospital is in the process of developing bylaws. Included in the document will be a description of the composition of its governing board. Who should be on the governing board? What types of factors should be considered?
The governing board should be made up of hospital staff, physicians and other "insiders", along with members of the community leaders.
3. Sunshine Hospital is in need of major renovation of its electrical system. One of the Sunshine's governing board members, Willy Watt, is an electrical contractor who is a partial owner of an electrical restoration company. He would like to bid on the project. May he? If he does, what must he do? What must the governing board do? Is there a problem with Mr. Watt's fiduciary duty? Is there a problem with the governing board's fiduciary duty? What would you recommend?
Mr. Watt would have to inform the board that his company was going to bid on the project. The conflict-of-interest policy would need to be checked to see if he was allowed to offer the services of the company he was part owner of. He would have to take care that he was not privileged to any insider information and possibly excuse himself from the final vote on who wins the contract. The board would need to make sure that a commutative bidding process was used for the process.
4. Dr. Walters agreed to have his office painted by a local painter. They did not sign a formal contract; instead, they formalized the project with a handshake. Is this a contract? What type of contract is this? Was it a good idea to formalize it this way? Why or why not? What problems might arise?
A verbal agreement is considered a legal Oral Contract. It is not a good idea to have this type of contract because the exact criteria could be hard to prove.
5. Dr. Wilson is a gastroenterologist. As part of his informed consent, he includes an exculpatory contract that excuses him from liability in the event he commits an act of negligence. He will not operate on a patient unless they sign the contract. Dr. Wilson is the only gastroenterologist in a 50-mile radius. Are there any problems with Dr. Wilson's contract? What do you expect a court to conclude if a patient does sue him for negligence after the patient has knowingly signed his contract?
His contract is very restrictive. A court would most likely void or severely restrict it if the patient were to sue because it does not "serve the public good". Also since he is the only specialist of his kind within a 50 mile radius he has "unequal barging power" over the patient.
APPLICATION EXERCISES
Case Discussion
Shelly is a new HIM graduate. She has been offered a position as an EHR trainer with a reputable EHR vendor, AutoDoc, that provides an EHR product to physician-office practices. As a condition of her employment with AutoDoc, Shelly is being asked to sign a non-compete agreement. She is concerned that she will be limiting a considerable number of future career opportunities if she signs the agreement and later leaves her employment with AutoDoc.

1. What types of limits are likely being placed on Shelly if she signs the non-compete agreement?

2. Is AutoDoc violating the law by imposing a non-compete agreement?

3. If AutoDoc's non-compete agreement was legally challenged, what would a court consider in determining whether it is enforceable or not?

A non-compete agreement is common in the business community. They are agreements between a company and an employee, where the individual employee agrees to not work either within a certain field, a certain radius of miles or with a competitor for a certain amount of time after leaving their employment. Shelly will be limited not only who she can work with after leaving Auto doc, but where she can work and when she can work again. She should carefully consider signing the agreement and possible even seek legal advice beforehand.

Companies like AutoDoc are within their rights to require a non-compete agreement to be signed by their employees. They want to protect their investment of time and training for an employee as well as preventing the loss of customers when an employee leaves and goes to work somewhere local. As long as it is a reasonable agreement then she will have to abide by the terms. If after she leaves their employment and she feels that it is too restrictive she can bring a anti-trust suit against the company. A court may find the agreement "too restrictive" and it would be considered an "unreasonable restraint of trade.
...
3. Explain different types of advance directives and the pros and cons of each.
Power of Attorney: giving authority to someone else to handle certain legal and financial decisions for you.
Pros are that if you can't be somewhere you can still have legal transactions completed for you. Cons are that they are limited and do not include healthcare and are void if you become incapacitated.
Durable Power of Attorney: giving authority to someone else to handle certain legal and financial decisions in case you become incapacitated. Pros are that it is in effect if you become incapacitated. The con is that it does not cover medical situations.
Power of Attorney for Healthcare Decisions: This gives authority to someone else to make medical decisions for you if you become incapacitated. Pros are that it can cover you for medical if you become incapacitated. The con is that it could only become effective once you become incapacitated and a judge or a physician would have to declare you incapacitated. The wording would need to comply with the individuals State laws to assure it is worded correctly for your choices.
Living wills: It is written instruction regarding your specific medical treatment if you were to become terminally ill. Some states require two doctors to verify that you are terminal. The pros are that you family will know your wishes and not have to make them for you. The cons are that you may not be considered terminal if you are diagnosed with Alzheimer's or become permanently unconscious or confused by an accident.
Do Not Resuscitate Orders: This is an advanced directive saying that you do not want any CPR performed if you were to stop breathing. Pros for this are that if you are terminally ill or very elderly that you are not kept alive with no quality of life. The con to this is that if you were just having surgery and your heart stopped, they may not resuscitate you. This would not be a good idea if you were young and would make a full recovery if CPR was performed.
Uniformed Anatomical Gift Act: Can be included in an advanced directive for organ donation. This can prevent confusion with family member as to what your wishes are in regards donating your organs. Pros- saving other people's lives and letting family know your wishes. Cons - some family member may be upset.
4. Discuss situations in which minors may be legally permitted to consent to their own medical treatment. Should they be permitted to make their own treatment decisions in these cases?
A minor can consent to their own medical treatment for STD's and drug or alcohol addiction and prenatal care. Yes, I would want my child to be able to treated for these conditions if they were not able to communicate freely with me or my husband. I had a friend when I was in high school go over into Philadelphia to have an illegal abortion. She was terrified that her parents were going to find out.
APPLICATION EXERCISES
Case Discussion
Mary has recently learned about advance directives in her health information legal class. The information she has obtained, along with her knowledge of the Terri Schiavo case (2005), have convinced her of the benefits of executing an advance directive if she were to become incompetent. Mary is aware that her grandparents feel advance directives are wrong. However, she thinks they might be misinformed about the purpose and function of advance directives.
Mary should start by searching Google for her state and durable medical power of attorney or advanced directives. I easily found a site for New Jersey, http://www.nj.gov/health/advancedirective/forms_faqs.shtml. There are frequently asked question answered regarding advanced directives that would be able to give her additional information.

The above site also offered a living will and a durable power of attorney for healthcare to download and use. Hospitals also offer living wills and Durable Power of Attorney for Healthcare for the Appointment of a Health Care Representative. Virtua.org web site offers both of these forms. If her state or local hospital does not have a website for them, then she can ask an attorney for help with the forms she wants.

Mary can lean more on her own and print out brochures showing the information. The office of the Ombudsman website has many types of brochures for the elderly. They have one specifically for advanced directives. She could also make an appointment with a attorney that specializes in Elder Law for them to speak with.

Mary should share what she has learned about advanced directives with her friends and family and then let them decide what is best for them. Many people do not realize that there are different forms out there and how important being prepared can be.

I did not realize that there was such a difference in Power of Attorneys before reading this chapter. I took care of my mother for years and I am pretty sure I only had a durable power of attorney that had one additional paragraph that mentioned medical decisions. I have already downloaded copies of the Durable healthcare POA for myself and my husband to fill out and sign. I also plan to share what I have learned about advanced directives with my friends and family. Personally, I feel that it is important to appoint one person to represent you and to have has many of your wished in writing as possible. It can make it easier on family if something were to happen to you.
Chapter 8 Discussion Questions
1. Discuss at least three purposes of the health record. How would you rank each of the purposes in terms of importance? How did you arrive at your decision?
The most important reason to have a health record is so that the patient has better care and treatment.
The next one would be for clinical support and decision making regarding care.
Next is to support documentation for reimbursement.
These three purposes directly affect the patients care and the cost of the service to them. I don't think the rest of the reasons listed in the book are as important as these as they do not directly benefit the patient.
2. Why is the identification of patients and patient records so important to release of patient information and patient care?
There are laws in place to protect the patient's privacy. If this privacy is breached by not following proper procedures to release information, then the consequences can be both fines and imprisonment.
3. What are some examples of poor documentation practices in patient records? Why are these practices problematic?
Some examples of poor documentation are observations that are vague, gaps in the time frame and orders not being signed. These can be problematic if the record is needed for a court case or reviewed and found incomplete.
4. Explain the problems of revisions to the patient record and the importance of controlling versions of the legal health record.
If the revision on paper is not done correctly, it can be referred to as tampering and considered criminal. If the record is need for court and there are missing, deleted or altered entries, then a jury would not have the correct information as to what really happen in the patients care. The healthcare institute could lose a malpractice case because of inaccurately or omitted information. Any revisions should be made while keeping the original record intact. Additions on paper records should lined through and marked as recorded in error while being left legible. The corrections should be made and then signed by the person making the change along with the time and date of the entry.
5. Describe the purpose of the Uniform Photographic Copies of Business and Public Records as Evidence Act (UPA) and the Uniform Electronic Transaction Act (UETA). How are they similar to one another? How do they differ from one another?
UPA allows the reproductions of electronically kept documents that can accurately reproduce the original to be admitted as evidence in a trail. While the UETA is a statue that removed barriers associated with the enforcement of e-commerce (digitally enabled commercial transactions between and among organizations and individuals) The both deal with using electronic technology in the course of doing business and gives legality to the transactions.
Chapter 9 Discussion Questions
1. Who would you include on a steering committee that is responsible for ongoing HIPAA privacy compliance? Who should lead this committee?

The steering committee should be composed of the privacy officer, a HIPPA officer, HIM department, compliance, legal, IT department, supervisors from most other different departments. Also possibly someone from the BOD

I believe the Privacy officer should lead the committee as they should be the person most up to date on the HIPPA rules.

2. What type of ongoing educational activities would you provide for the workforce of your organization to facilitate compliance with the HIPAA privacy rule? Who would be included in these educational activities?

All pertinent aspects of the HIPPA rules should be covered with all employees. Training classes should be formed for any new employee. Existing employees should be retained periodically to assure they still understand the HIPPA rules and any new information covered.
I would have a power point presentation that covered each department requirements with a quiz at the end to make sure the employee understood what they learned. These would be a mandatory job requirement. Prove of the education in the form of a signature from the employee would be best to have to prove compliance.

3. How would you ensure that you have identified all of your organization's current business associates and developed business associate agreements with them?

I would have the IT department make up a software program that compiled a list of each and every current business associate. It would also include a copy of the signed agreement covering HIPPA rules. Any missing documentation would then be obtained immediately before any further business was transacted. Safeguards would need to be put into place to avoid and new businesses from not having an agreement in place prior to doing business with us.

4. As the privacy officer for a covered entity, you are aware that protected health information has been accessed by an unauthorized individual. What type of analysis will you conduct to determine whether it constitutes a "breach" under HIPAA?

I would need to find out if the information was disclosed to an unauthorized person that would not reasonably be able to retain the disclosed information. Or if the information was unintentionally acquired or accessed in good faith, in their area of authority and not re-disclosed or used improperly. And that it wasn't inadvertently disclosed from a CE or BA to someone else authorized at the CE or BA.
The breach would have fit into the following HIPPA's rule: "an impermissible use or disclosure of PHI is presumed to be a breach unless the covered entity or business associate demonstrates that there is a low probability the PHI has been compromised."

5. Do you believe that the twelve "public interest and benefit" exceptions to the authorization requirement are warranted? Do you believe that any of these exceptions should require the patient's authorization under the HIPAA Privacy Rule?

Most of the exceptions have merit and are even necessary. They are not unreasonable and some are there to assure the safety of people who cannot take care of themselves.
I do though, object to number 11. The wording is too broad and specific instances should be addressed. What exactly is: "protection of others" and "public benefits"? I would not want any government official someday having the power to pick out a certain group of people for any reason. I think if something like this was needed, the public should be informed and somehow authorization should have to be given. Maybe I have watched too many Syfi movies.


Chapter 10 Discussion Questions
1. Why is knowledge of the HIPAA Security Rule important for HIM professionals?

HIM professionals should have a though understanding of the HIPPA rules and regulations. They should be well educated in the field of Health Information Management. They must be able to effectively plan and implement an plan to keep the organization in compliance to avoid monetary, regulatory and criminal penalties.

2. List examples of how an organization can be in compliance with the addressable security standards.

Under the workforce security section, an organization can implement authorization and supervision procedures, along with clearance and termination procedures. Security Awareness training is another example of ways to in compliance. They can have security updates, malicious software protection, monitoring of log-in attempts, and password safeguards in place.

3. What are the essential parts of a successful HIPAA Security Compliance Program?

It is essential to keep it as an ongoing project and use risk analysis of the business. First assess any current security, risk or gaps. Then develop a plan, find, implement and document solutions and reassess the plan regularly. This is to assure that they are in compliance with the constantly changing rules.

4. What policies and procedures are necessary for compliance with the HIPAA Security Rule?

The policies and procedures for compliance are outlined in: "Information Security: A checklist for Healthcare Professionals" that the AHIMA has published. It's a tool that can be used when developing a security compliance program. I read through the checklist and it really does cover any situations I could think of along with ones that I never would have thought could be a security issue. I never realized that all works, even volunteer, should sign confidentiality agreements.

5. Outline the general requirements of the security rule.
The security rule has 5 key components:
1) General Requirements, four actions that must be taken: "ensure confidentiality, integrity and availability of all ephi created, received, maintained or transmitted", "protect the security or integrity of ePHI from anticipated threats and hazards", "Protect against any anticipated use or disclosures not permitted or required., and to ensure compliance by ALL the workforce.
2) Flexibility of Approach: four factors for security protection, measures for their organization size, complexity, infrastructure, security capabilities for hardware/software, costs, and probability and criticality of potential risks.
3) Standards: standards that all organizations, regardless of size must comply with. Divided into five categories: Administrative; Physical; and technical safeguards, organizational requirements; policies, procedures and documentations.
4) Implementation Simplifications, instructions for how standards should be implemented: "implements the addressable specification as written, implements and alternative, documents risk for which addressable implementation specification was provided either does not exist in the organization or exist with a negligible probability of occurrence"
5) Maintenance: Is the required review of the security measures. The reasonableness and appropriateness of the security measures needs to be reviewed, modified and updated




APPLICATION EXERCISES chapter 10
Case Discussion

Catholic Healthcare has hired Ron to review the security policies and procedures related to employee selection and termination. Ron has been instructed to meet with the HIM director and determine where the HIM department may have additional requirements for its remote coding staff.

1. For which of the administrative safeguards should Ron expect to see policies or procedures relating to the HIM Department? He would find policies and procedures in workforce security, information access management, security awareness training, security incident reporting, contingency plan and business associate contracts.

2. Which of the physical safeguards apply to the remote coders?
The Facility security plan requires protection from unauthorized access tampering and theft. He needs to make sure the proper procedures and policies are in place to protect the equipment.
Access control and validation procedures needs to be addressed so that only the coder would have access to the information.

3. Which of the technical safeguards may apply to the remote coders? Access control, unique user identification, automatic log off, encryption and decryption of the information being sent remotely apply. Audit controls, Integrity and person or entry authentication along with transmission security also apply to the remote coders.

4. What other risks should the HIM director address?
The three main risks are access, storage and transmission. A risk analysis should be performed to find out areas that are not in compliance and need to be addressed. A two factor identification should be implemented so it is not simply a password that gains access. Session termination can be set up for inactive devices. Firewalls and virus-protection software should be required. Protection and tracking for lost devices needs to in place.
Back-up of information should be automatic and download of information should be prevented unless justified. All remote codes need to be thoroughly trained.
Transmitted data needs to be protected from interception and modification. Secure networks and encryption along with virus protection should be used.
...
1. A jury does not: ....B....
a. decide a verdict
b. make a determinations of law
c. decide on the extent of damages
d. make determination alerts

2. Mr. Green won a 500,000.00 lawsuit against Dr. Blue. Dr. Blue has appealed. Upon appeal Mr. Green is referred to as the: ....A.....
a. Respondent
b. Petitioner
c. Plaintiff
d. Defendant

3. Which of the following terms demotes a civil wrong for which a law will provide a remedy? ....D...
a. common law
b. Damages
c. Strict liability
d. Tort

4. What term best denotes health information on an individual that conforms to nationally recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff across more than one healthcare organization? ....A...
a. Electronic health record
b. Paper medical record
c. Hybrid health record
d. Personal health record

5. When a patient discovers that a hemostat has been left in his abdomen by a surgeon, the patient has a cause of action to bring a lawsuit. To bring suit, the patient must document and serve his allegations to the surgeon. The surgeon must respond via a legal document called ....A....
a. Answer
b. Denial
c. Subpoena
d. Complaint

6. What statement best describes the ethical principle of non-maleficence .B...
a. Doing good, promoting the health and welfare of others
b. Doing no harm
c. Obligation to be fair in the distribution of benefits and risks
d. Recognizing the right of someone to make their own decisions

7. A legislative act passed by congress is an example of
.....C....
a. Common law
b. Criminal law
c. Statutory law
d. Administrative law

8. A tortfeasor refers to which individual in a legal court case? .A....
a. Defendant
b. Judge
c. Plaintiff
d. Prosecutor

9. A defendant does not pay the damages awarded against her in a lawsuit. The court may order the sezure of a portion of her monthly wages to satisfy the judgment in an action called .D....
a. Judgment lien
b. Punitive damages
c. Writ of execution
d. Garnishment

10. In this negligent case, Dr. Smith was found to 50 percent responsible for the patients health problem, but the jury also found that the patient was 50 percent responcible for his problem. What defense doctrine is applied in this situation ....B....
a. Assumption of risk
b. Comparative negligence
c. Contributory negligence
d. Rescue doctrine

11. Josie has taken a position as the director of HIM at Acme healthcare. The orginazation consists of a main center and multiple physician offices. Many of the physician offices possess photocopies of patients records from the main medical center. These records are: ..D...
a. Duplicate
b. Hybrid
c. Electronis
d. Shadow

12. In general, if north Carolina law and a south caralina law conflict: ...C....
a. South Carolina law is followed
b. north Carolina law is followed
c. Each state follows its own law
d. The laws of each state must be reviewed by federal court

13. The collection of federal statues is found in a ...B...
a. Compendium
b. Code
c. Atlas
d. Collection

14. What term best describes the process of protecting citizens living in a civilized society that establishes order, provides parameters for conduct and defines the rights and obligations of the government and its citizens ....B...
a. Guidelines
b. Law
c. Rule
d. Standard

15. Mary jones stopped to help an individual who was in a car crash. The individual later brought a civil case against me. Jones alleging she contributed to injuries the person received at the site of the accident although ms. Jones had nothing to do with the accident. What defense from liability may mrs jones rely on ....B....
a. Collateral immunity
b. Good Samaritan immunity
c. Government immunity
d. Sovereign immunity

16. Appellate courts draft: ......B.....
a. Statutes
b. Opinions
c. Appellate briefs
d. Regulations

17. What term refers to standard of behavior that develop as a result of one's concept of right or wrong ......A......
a. Ethics
b. Standards
c. Laws
d. Moral values

18. Evidence is ...B...
a. The use of pictures and objects to present a case
b. The means by which facts of a case are proved or disproved
c. The sharing of pretrial information among parties to a case
d. The admission of information to be considered by a judge or jury

19. Which of the following is the intermediate court in the tiered structure of the state court system in nearly every state? ....B....
a. Trial court
b. appellate court
c. supreme court
d. none of the above

20. a defendant fails to respond to a plaintiffs complaint. This may result in: .....C....
a. joinder
b. a counterclaim
c. Default judgment
d. A cross claim

21. What legal concept maybe applied when dr. smith failed to prescribe the appropriate treatment for a patient that would have been prescribed by any other physician in a similar situation treating with a similar condition ....C....
a. Affirmative defence
b. Criminal tort
c. Standard of care
d. Strict liability

22. What best describes the ethical principal of justice?
.....C....
a. Doing good, promoting the health and welfare of others
b. Doing no harm
c. Obligation to be fair in the distribution of benefits and risks
d. Recognizing the right of a person to make one's own decision

23. Mr. green won a 500,000.00 lawsuit against dr. blue. Dr. blue has appealed. Upon appeal, dr. blue is reffered to as the: ....B.....
a. Respondent
b. Petitioner
c. Plantiff
d. Defendant

24. When a legal is issued by the court, what action must an organization take? .....B.....
a. Destroy all records that have been inactive for at least five years
b. Suspend the processing or destruction of records
c. Consult with legal counsel
d. Disclose all requested records to the opposing counsel

25. Health records may be admitted into evidence in which of the following cases: ...D....
a. Physician negligence
b. Competency hearings
c. Criminal misconduct
d. All of the above
...