Electronic Health Records Danielle P. Berthelot, RHIA Director, Health Information Management and...
-
Upload
claribel-mccarthy -
Category
Documents
-
view
218 -
download
0
Transcript of Electronic Health Records Danielle P. Berthelot, RHIA Director, Health Information Management and...
Electronic Health Records
Danielle P. Berthelot, RHIA
Director, Health Information Management
and Cancer Registry
Privacy Officer
Woman’s Hospital
Overview of Woman’s Hospital
Not-for-profit
225 bed Women and Infants Specialty Facility
82 bed Level III NICU
Statistics FY 2007• 8,200 births• 7,400 surgeries
• 12,000 adult admissions
Online Record Completion
Increased Physician FlexibilityIncreased Physician SatisfactionDecreased Delinquency Rates
Looking Back
What’s different about our organization today?What did we do to help staff accept the change?What did we do to help physicians accept the change?What challenged us as leaders?What was the best part of the experience?
Law passed by Congress in 1996– Major rules affecting hospitals
• Transactions, Code Sets, and Identifiers• Privacy Rule – Sets standards for the protection of patient
information (oral, written, electronic)• Security Rule – Sets standards for protected health
information in an electronic format
Health Insurance Portability and Accountability Act
HIPAA Compliance Enforcement
Privacy Rule – Office for Civil Rights (OCR)Security Rule – Centers for Medicare/Medicaid Services (CMS)Criminal Matters – Department of Justice (DOJ)
What is Protected Health Information (PHI)?
NameAddress/DatesTelephone/fax #sSocial Security #sMedical Record #sPatient Account #sInsurance Plan #sVehicle Info.
Certificate/License #sMedical Equipment #sPhotographsFingerprintsEmail/Internet addressWeb URLsAny other unique code, or identifier
Most Frequent Privacy Complaints
Impermissible use and disclosure of PHILack of adequate safe guards to protect PHIRefusal or failure to provide an individual with access to his/her health recordsDisclosure of more information than is necessary to satisfy a request for informationFailure to provide the Notice of Privacy Practices
Most Frequent Security Complaints
Information access managementSecurity awareness and trainingAccess controlWorkstation useDevice and media control
Hot Topics
Permitted Uses and DisclosuresAuthorization FormsMinimum NecessaryFacility Directory
E-mailAccessEPHIDisposal of PHIAudits
Breaches/Violations
Inadvertent: accidental, often due to lack of education or awarenessIntentional: accessing PHI with not legitimate business purpose for doing soIntentional with malice: accessing PHI with the intent to use for personal gain or to harm someone.
Compliance Tips
Update policies and procedures regularly.Conduct ongoing training for staff.Discuss patient information in private areas.Keep voices down.Place computers, printers, fax machines in secure areas.Direct monitors away from view of visitors.Access only the information you need to perform your job.
Retrieve documents from printers and fax machines immediately.Dispose of PHI properly.Assist visitors promptly to ensure they do not access staff areas.Report and address issues immediately.Audit compliance with polices and procedures.Enforce compliance with polices and procedures.
Questions and Answers
Danielle P. Berthelot, RHIADirector, Health Information Management and
Cancer Registry Privacy OfficerWoman’s Hospital
Email: [email protected]