FOL HIIM 1-10 case discussions & 1-5 quiz

Terms in this set (54)

Case Discussion
Linda is the HIM director at Mercy Hospital. She is served with a subpoena duces tecum, directing her to appear at the law offices of John Jansen, Attorney at Law, for a deposition that will take place in two weeks. Mr. Jansen's office is 100 miles from Mercy Hospital.
Linda appears at Mr. Jansen's office at the appointed date and time. She was recently relieved to learn that Mercy Hospital is not a party to the lawsuit. The parents of a 15-year-old boy are suing the local school district because their son fell out of an apple tree while involved in a school-sponsored activity, and he was subsequently treated at Mercy Hospital.

A subpoena is request for information or appearance issued by a attorney or a court clerk. If you have been served with a subpoena you MUST respond. There would be legal consequences for failing to respond could be a contempt of court citation or a court order compelling her to attend a hearing. You are allowed to respond to it in writing with an 'objection". If a formal written objection was sent and the subpoena was "quashed" (dismissed) by a Judge, then no, you would not have to attend. If it wasn't "quashed" then you would have to attend.

When testifying as to the medical record they may ask how long you have been employed, who is the custodian, their position and title, that they have possession of the record and how and when it was prepared and that it was prepared in the normal course of business. If asked to read from the documentation and you are familiar with the doctor's handwriting then you may read it. But if you are not sure of the writing then you are allowed to say that you do not know what it says and clearly state that you cannot read it and decline to attempt to read it. No matter what you should also ask for guidance from your attorney before answering a question you are not sure about.
When asked a question that is outside of the ones that you know you cannot attest to, the appropriate response should be: "I don't know". It would be inappropriate of the attorney to even ask this question
Case Discussion
Shelly is a new HIM graduate. She has been offered a position as an EHR trainer with a reputable EHR vendor, AutoDoc, that provides an EHR product to physician-office practices. As a condition of her employment with AutoDoc, Shelly is being asked to sign a non-compete agreement. She is concerned that she will be limiting a considerable number of future career opportunities if she signs the agreement and later leaves her employment with AutoDoc.

1. What types of limits are likely being placed on Shelly if she signs the non-compete agreement?

2. Is AutoDoc violating the law by imposing a non-compete agreement?

3. If AutoDoc's non-compete agreement was legally challenged, what would a court consider in determining whether it is enforceable or not?

A non-compete agreement is common in the business community. They are agreements between a company and an employee, where the individual employee agrees to not work either within a certain field, a certain radius of miles or with a competitor for a certain amount of time after leaving their employment. Shelly will be limited not only who she can work with after leaving Auto doc, but where she can work and when she can work again. She should carefully consider signing the agreement and possible even seek legal advice beforehand.

Companies like AutoDoc are within their rights to require a non-compete agreement to be signed by their employees. They want to protect their investment of time and training for an employee as well as preventing the loss of customers when an employee leaves and goes to work somewhere local. As long as it is a reasonable agreement then she will have to abide by the terms. If after she leaves their employment and she feels that it is too restrictive she can bring a anti-trust suit against the company. A court may find the agreement "too restrictive" and it would be considered an "unreasonable restraint of trade.
Power of Attorney: giving authority to someone else to handle certain legal and financial decisions for you.
Pros are that if you can't be somewhere you can still have legal transactions completed for you. Cons are that they are limited and do not include healthcare and are void if you become incapacitated.
Durable Power of Attorney: giving authority to someone else to handle certain legal and financial decisions in case you become incapacitated. Pros are that it is in effect if you become incapacitated. The con is that it does not cover medical situations.
Power of Attorney for Healthcare Decisions: This gives authority to someone else to make medical decisions for you if you become incapacitated. Pros are that it can cover you for medical if you become incapacitated. The con is that it could only become effective once you become incapacitated and a judge or a physician would have to declare you incapacitated. The wording would need to comply with the individuals State laws to assure it is worded correctly for your choices.
Living wills: It is written instruction regarding your specific medical treatment if you were to become terminally ill. Some states require two doctors to verify that you are terminal. The pros are that you family will know your wishes and not have to make them for you. The cons are that you may not be considered terminal if you are diagnosed with Alzheimer's or become permanently unconscious or confused by an accident.
Do Not Resuscitate Orders: This is an advanced directive saying that you do not want any CPR performed if you were to stop breathing. Pros for this are that if you are terminally ill or very elderly that you are not kept alive with no quality of life. The con to this is that if you were just having surgery and your heart stopped, they may not resuscitate you. This would not be a good idea if you were young and would make a full recovery if CPR was performed.
Uniformed Anatomical Gift Act: Can be included in an advanced directive for organ donation. This can prevent confusion with family member as to what your wishes are in regards donating your organs. Pros- saving other people's lives and letting family know your wishes. Cons - some family member may be upset.
Mary should start by searching Google for her state and durable medical power of attorney or advanced directives. I easily found a site for New Jersey, There are frequently asked question answered regarding advanced directives that would be able to give her additional information.

The above site also offered a living will and a durable power of attorney for healthcare to download and use. Hospitals also offer living wills and Durable Power of Attorney for Healthcare for the Appointment of a Health Care Representative. web site offers both of these forms. If her state or local hospital does not have a website for them, then she can ask an attorney for help with the forms she wants.

Mary can lean more on her own and print out brochures showing the information. The office of the Ombudsman website has many types of brochures for the elderly. They have one specifically for advanced directives. She could also make an appointment with a attorney that specializes in Elder Law for them to speak with.

Mary should share what she has learned about advanced directives with her friends and family and then let them decide what is best for them. Many people do not realize that there are different forms out there and how important being prepared can be.

I did not realize that there was such a difference in Power of Attorneys before reading this chapter. I took care of my mother for years and I am pretty sure I only had a durable power of attorney that had one additional paragraph that mentioned medical decisions. I have already downloaded copies of the Durable healthcare POA for myself and my husband to fill out and sign. I also plan to share what I have learned about advanced directives with my friends and family. Personally, I feel that it is important to appoint one person to represent you and to have has many of your wished in writing as possible. It can make it easier on family if something were to happen to you.
Chapter 9 Discussion Questions
1. Who would you include on a steering committee that is responsible for ongoing HIPAA privacy compliance? Who should lead this committee?

The steering committee should be composed of the privacy officer, a HIPPA officer, HIM department, compliance, legal, IT department, supervisors from most other different departments. Also possibly someone from the BOD

I believe the Privacy officer should lead the committee as they should be the person most up to date on the HIPPA rules.

2. What type of ongoing educational activities would you provide for the workforce of your organization to facilitate compliance with the HIPAA privacy rule? Who would be included in these educational activities?

All pertinent aspects of the HIPPA rules should be covered with all employees. Training classes should be formed for any new employee. Existing employees should be retained periodically to assure they still understand the HIPPA rules and any new information covered.
I would have a power point presentation that covered each department requirements with a quiz at the end to make sure the employee understood what they learned. These would be a mandatory job requirement. Prove of the education in the form of a signature from the employee would be best to have to prove compliance.

3. How would you ensure that you have identified all of your organization's current business associates and developed business associate agreements with them?

I would have the IT department make up a software program that compiled a list of each and every current business associate. It would also include a copy of the signed agreement covering HIPPA rules. Any missing documentation would then be obtained immediately before any further business was transacted. Safeguards would need to be put into place to avoid and new businesses from not having an agreement in place prior to doing business with us.

4. As the privacy officer for a covered entity, you are aware that protected health information has been accessed by an unauthorized individual. What type of analysis will you conduct to determine whether it constitutes a "breach" under HIPAA?

I would need to find out if the information was disclosed to an unauthorized person that would not reasonably be able to retain the disclosed information. Or if the information was unintentionally acquired or accessed in good faith, in their area of authority and not re-disclosed or used improperly. And that it wasn't inadvertently disclosed from a CE or BA to someone else authorized at the CE or BA.
The breach would have fit into the following HIPPA's rule: "an impermissible use or disclosure of PHI is presumed to be a breach unless the covered entity or business associate demonstrates that there is a low probability the PHI has been compromised."

5. Do you believe that the twelve "public interest and benefit" exceptions to the authorization requirement are warranted? Do you believe that any of these exceptions should require the patient's authorization under the HIPAA Privacy Rule?

Most of the exceptions have merit and are even necessary. They are not unreasonable and some are there to assure the safety of people who cannot take care of themselves.
I do though, object to number 11. The wording is too broad and specific instances should be addressed. What exactly is: "protection of others" and "public benefits"? I would not want any government official someday having the power to pick out a certain group of people for any reason. I think if something like this was needed, the public should be informed and somehow authorization should have to be given. Maybe I have watched too many Syfi movies.

Chapter 10 Discussion Questions
1. Why is knowledge of the HIPAA Security Rule important for HIM professionals?

HIM professionals should have a though understanding of the HIPPA rules and regulations. They should be well educated in the field of Health Information Management. They must be able to effectively plan and implement an plan to keep the organization in compliance to avoid monetary, regulatory and criminal penalties.

2. List examples of how an organization can be in compliance with the addressable security standards.

Under the workforce security section, an organization can implement authorization and supervision procedures, along with clearance and termination procedures. Security Awareness training is another example of ways to in compliance. They can have security updates, malicious software protection, monitoring of log-in attempts, and password safeguards in place.

3. What are the essential parts of a successful HIPAA Security Compliance Program?

It is essential to keep it as an ongoing project and use risk analysis of the business. First assess any current security, risk or gaps. Then develop a plan, find, implement and document solutions and reassess the plan regularly. This is to assure that they are in compliance with the constantly changing rules.

4. What policies and procedures are necessary for compliance with the HIPAA Security Rule?

The policies and procedures for compliance are outlined in: "Information Security: A checklist for Healthcare Professionals" that the AHIMA has published. It's a tool that can be used when developing a security compliance program. I read through the checklist and it really does cover any situations I could think of along with ones that I never would have thought could be a security issue. I never realized that all works, even volunteer, should sign confidentiality agreements.

5. Outline the general requirements of the security rule.
The security rule has 5 key components:
1) General Requirements, four actions that must be taken: "ensure confidentiality, integrity and availability of all ephi created, received, maintained or transmitted", "protect the security or integrity of ePHI from anticipated threats and hazards", "Protect against any anticipated use or disclosures not permitted or required., and to ensure compliance by ALL the workforce.
2) Flexibility of Approach: four factors for security protection, measures for their organization size, complexity, infrastructure, security capabilities for hardware/software, costs, and probability and criticality of potential risks.
3) Standards: standards that all organizations, regardless of size must comply with. Divided into five categories: Administrative; Physical; and technical safeguards, organizational requirements; policies, procedures and documentations.
4) Implementation Simplifications, instructions for how standards should be implemented: "implements the addressable specification as written, implements and alternative, documents risk for which addressable implementation specification was provided either does not exist in the organization or exist with a negligible probability of occurrence"
5) Maintenance: Is the required review of the security measures. The reasonableness and appropriateness of the security measures needs to be reviewed, modified and updated

Case Discussion

Catholic Healthcare has hired Ron to review the security policies and procedures related to employee selection and termination. Ron has been instructed to meet with the HIM director and determine where the HIM department may have additional requirements for its remote coding staff.

1. For which of the administrative safeguards should Ron expect to see policies or procedures relating to the HIM Department? He would find policies and procedures in workforce security, information access management, security awareness training, security incident reporting, contingency plan and business associate contracts.

2. Which of the physical safeguards apply to the remote coders?
The Facility security plan requires protection from unauthorized access tampering and theft. He needs to make sure the proper procedures and policies are in place to protect the equipment.
Access control and validation procedures needs to be addressed so that only the coder would have access to the information.

3. Which of the technical safeguards may apply to the remote coders? Access control, unique user identification, automatic log off, encryption and decryption of the information being sent remotely apply. Audit controls, Integrity and person or entry authentication along with transmission security also apply to the remote coders.

4. What other risks should the HIM director address?
The three main risks are access, storage and transmission. A risk analysis should be performed to find out areas that are not in compliance and need to be addressed. A two factor identification should be implemented so it is not simply a password that gains access. Session termination can be set up for inactive devices. Firewalls and virus-protection software should be required. Protection and tracking for lost devices needs to in place.
Back-up of information should be automatic and download of information should be prevented unless justified. All remote codes need to be thoroughly trained.
Transmitted data needs to be protected from interception and modification. Secure networks and encryption along with virus protection should be used.
1. A jury does not: ....B....
a. decide a verdict
b. make a determinations of law
c. decide on the extent of damages
d. make determination alerts

2. Mr. Green won a 500,000.00 lawsuit against Dr. Blue. Dr. Blue has appealed. Upon appeal Mr. Green is referred to as the: ....A.....
a. Respondent
b. Petitioner
c. Plaintiff
d. Defendant

3. Which of the following terms demotes a civil wrong for which a law will provide a remedy? ....D...
a. common law
b. Damages
c. Strict liability
d. Tort

4. What term best denotes health information on an individual that conforms to nationally recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff across more than one healthcare organization? ....A...
a. Electronic health record
b. Paper medical record
c. Hybrid health record
d. Personal health record

5. When a patient discovers that a hemostat has been left in his abdomen by a surgeon, the patient has a cause of action to bring a lawsuit. To bring suit, the patient must document and serve his allegations to the surgeon. The surgeon must respond via a legal document called ....A....
a. Answer
b. Denial
c. Subpoena
d. Complaint

6. What statement best describes the ethical principle of non-maleficence .B...
a. Doing good, promoting the health and welfare of others
b. Doing no harm
c. Obligation to be fair in the distribution of benefits and risks
d. Recognizing the right of someone to make their own decisions

7. A legislative act passed by congress is an example of
a. Common law
b. Criminal law
c. Statutory law
d. Administrative law

8. A tortfeasor refers to which individual in a legal court case? .A....
a. Defendant
b. Judge
c. Plaintiff
d. Prosecutor

9. A defendant does not pay the damages awarded against her in a lawsuit. The court may order the sezure of a portion of her monthly wages to satisfy the judgment in an action called .D....
a. Judgment lien
b. Punitive damages
c. Writ of execution
d. Garnishment

10. In this negligent case, Dr. Smith was found to 50 percent responsible for the patients health problem, but the jury also found that the patient was 50 percent responcible for his problem. What defense doctrine is applied in this situation ....B....
a. Assumption of risk
b. Comparative negligence
c. Contributory negligence
d. Rescue doctrine

11. Josie has taken a position as the director of HIM at Acme healthcare. The orginazation consists of a main center and multiple physician offices. Many of the physician offices possess photocopies of patients records from the main medical center. These records are: ..D...
a. Duplicate
b. Hybrid
c. Electronis
d. Shadow

12. In general, if north Carolina law and a south caralina law conflict: ...C....
a. South Carolina law is followed
b. north Carolina law is followed
c. Each state follows its own law
d. The laws of each state must be reviewed by federal court

13. The collection of federal statues is found in a ...B...
a. Compendium
b. Code
c. Atlas
d. Collection

14. What term best describes the process of protecting citizens living in a civilized society that establishes order, provides parameters for conduct and defines the rights and obligations of the government and its citizens ....B...
a. Guidelines
b. Law
c. Rule
d. Standard

15. Mary jones stopped to help an individual who was in a car crash. The individual later brought a civil case against me. Jones alleging she contributed to injuries the person received at the site of the accident although ms. Jones had nothing to do with the accident. What defense from liability may mrs jones rely on ....B....
a. Collateral immunity
b. Good Samaritan immunity
c. Government immunity
d. Sovereign immunity

16. Appellate courts draft: ......B.....
a. Statutes
b. Opinions
c. Appellate briefs
d. Regulations

17. What term refers to standard of behavior that develop as a result of one's concept of right or wrong ......A......
a. Ethics
b. Standards
c. Laws
d. Moral values

18. Evidence is ...B...
a. The use of pictures and objects to present a case
b. The means by which facts of a case are proved or disproved
c. The sharing of pretrial information among parties to a case
d. The admission of information to be considered by a judge or jury

19. Which of the following is the intermediate court in the tiered structure of the state court system in nearly every state? ....B....
a. Trial court
b. appellate court
c. supreme court
d. none of the above

20. a defendant fails to respond to a plaintiffs complaint. This may result in: .....C....
a. joinder
b. a counterclaim
c. Default judgment
d. A cross claim

21. What legal concept maybe applied when dr. smith failed to prescribe the appropriate treatment for a patient that would have been prescribed by any other physician in a similar situation treating with a similar condition ....C....
a. Affirmative defence
b. Criminal tort
c. Standard of care
d. Strict liability

22. What best describes the ethical principal of justice?
a. Doing good, promoting the health and welfare of others
b. Doing no harm
c. Obligation to be fair in the distribution of benefits and risks
d. Recognizing the right of a person to make one's own decision

23. Mr. green won a 500,000.00 lawsuit against dr. blue. Dr. blue has appealed. Upon appeal, dr. blue is reffered to as the: ....B.....
a. Respondent
b. Petitioner
c. Plantiff
d. Defendant

24. When a legal is issued by the court, what action must an organization take? .....B.....
a. Destroy all records that have been inactive for at least five years
b. Suspend the processing or destruction of records
c. Consult with legal counsel
d. Disclose all requested records to the opposing counsel

25. Health records may be admitted into evidence in which of the following cases: ...D....
a. Physician negligence
b. Competency hearings
c. Criminal misconduct
d. All of the above