Information Management and Patient Records
1
Health Insurance Portability and
Accountability Act (HIPAA)
Kassebaum-Kennedy bill, August 1996
New privacy and security standards
New fraud provisions
New definitions
– Health information
• Sensitive patient info
– Protected health information (PHI)
– Covered entity
Copyright 2014 Health Administration Press
General Considerations
Form, content of records
Records retention
Ownership and control
– Who owns the record?
– Who can have access to the information
in the record?
Copyright 2014 Health Administration Press
HIPAA Privacy and Security
Because of electronic
transactions/medical records
Covers all patient-identifiable
data if ever in electronic form
Requires full-time security program
– Privacy/security officer, training, monitoring
Huge civil and criminal penalties
Copyright 2014 Health Administration Press
HIPAA Patient Rights
Access to/copy of record
Request correction or to amend
Limit use and disclosure
Accounting of disclosures
(other than treatment, payment,
and healthcare operations)
Notice of privacy practices
File complaint
Copyright 2014 Health Administration Press
HIPAA Risk Areas
Shared passwords
Inappropriate access
Internet security
Physical security
Lax information habits
Breach of confidentiality
Copyright 2014 Health Administration Press
Medical Records
Primary purpose = documentation of care
Other purposes
– Defense of litigation
– Billing
– Accreditation
Quality of documentation is important
Improper changes = presumption of guilt
What is a “signature”?
Copyright 2014 Health Administration Press
Medical Records (continued)
Timeliness
– At time of treatment, observation, etc.
– Completed within 30 days of discharge
Who can make entries?
How to make changes?
“Superconfidentiality” statutes: mental health,
HIV/AIDS, substance abuse
Copyright 2014 Health Administration Press