1
Running Head: SN essay
SN ESSAY
Student’s Name
Institution
2
SN essay
Assignment Part One: System Edits and Restrictions for Integrity
The following table is for patients vital signs (Absher RK (June 2009) :
VITALS/ NON
VITALS AND
ATTRIBUTES
Medical record
number
Date of birth
DATA TYPE
EXAMPLE/INPUT CUT-OFF
MASK
POINT
ALERT
Discrete
xx-xxx
N/A
-
Discrete
DD/MM/YYYY
N/A
-
Temperature,
oral (in 0F)
Discrete
xx.x
90
Blood pressure
Discrete
Xxx/xx
120/80
Weight in
pounds
Discrete
xxx.xx
126.00-136.00
Height in inches
Discrete
xxx.x
60-72 Inches
Below: Too low
Above: Too
High
Below: Too low
Above: Too
High
Below: Too
light
Above: Too
Heavy
Below: short
Above: Tall
Part Two: Security Measures and Responses
Concerns exist of electronic health records as with any other digital database. Attackers
may pose a digital power that scares people looking to conceal their personal data. In the recent
times, unauthorized users have accessed patients’ medical information. The incidences may not
be frequent but they create cynicism in the patient’s mind.
Consequences of confidential information landing on unauthorized hands are
overwhelming. Medical information breach can lead to theft, destruction of other peoples’
3
SN essay
financial status and reputation. However, these crimes can be identified and mitigated if
appropriate policies and stakeholders exercise their duties (Gartee, R., 2007).
The following table summarizes four examples of security threats in the electron system
discussed. It also provides a response plan and a reducing method to each threat in case they
occur.
Type of standard or
threat
Method to reduce threat
Response plan if threat is encountered
Workforce security
breach: this
security concern
addresses
supervision or
authorization of
users, workforce
clearance
procedures and
procedures for
termination.
The management team must
ensure that all authorized
members with EPHI access are
recorded properly to enable them
receive proper clearances.
Employees who bypassed the security
prompt and accessed EPH without
permission should be dealt with
according to law and be charged of
cyber crimes.
Isolating
Healthcare
Clearinghouse
Functions:
This is a unique
identity covered by
HIPAA that
translates non
standard
Users should also be given
usernames and passwords to
authenticate them when
performing certain medical
activities. Termination
procedures should be
implemented when an employee
leaves voluntarily or
involuntarily from the medical
station. This is to protect and
monitor the privileges of those
who access the information of the
patients.
Clearinghouse Computers should
be separated from other
computers and workstations in
the organization.
Employee operating the non standard
transactions should be identified and the
transaction nullified. S/he should be
punished according to the law, including
possible termination of their jobs.
4
SN essay
transactions into
HIPAA standards.
Threat against
Creating awareness through;
Security Awareness
- login monitoring,
and training:
- security reminders,
All members are
- protection against
trained on various
malicious software,
activities relating to
- Password management.
security of the data
and computers in
relation to
safeguarding EPHI.
Access
Establishment and
modification: The
facility considers
how access to
EPHI is established
and modified.
Suspicious victims sending malicious
software should be investigated by
forensic auditing and thereafter be
punished if guilty.
Victims with suspicious login sessions
should be barred from accessing PHI
and permission denied.
Each system user has a unique ID Employee shared their ID and password
and password assigned by the
with fellow employee who forgot theirs:
institution. Passwords are not
shared and must be changed
1. The relevant user's ID and
every 90 days to prevent
password are immediately
unauthorized access.
disabled upon issue discovery. A
new user ID will be established
Employees are trained in
for that user.
appropriate access and password
usage.
2. The staff member is disciplined
and given official warning to
never share passwords.
3. System use and audit logs for
that user are reviewed by IT and
HIM manager.
4. Repeated breach will result in
employee dismissal.
Assignment 2
Date
JWARD
01
05
-
Log In
08:0
0
Pt #
122
3
Pt Type
Log out
Surg
08:1
7
Patient
Name
Olson
5
SN essay
11
SWILLIAM
S
LWORLEY
01
05
11
01
05
11
09:2
0
09:2
6
08:0
5
577
6
398
7
346
3
Surg
08:3
5
09:0
3
08:0
5
577
6
123
4
577
6
Surg
08:3
2
09:1
5
987
4
122
3
Medical
Surg
Radiolog
y
Radiolog
y
Surg
Surg
09:2
4
09:4
5
08:0
8
William
s
Johnson
09:0
2
09:0
7
08:1
5
William
s
Jones
08:5
5
09:2
4
Smith
Finch
William
s
Olson
Several organizations develop security audits to ensure accountability of workers for their
activities when using the EPHI and EHR. Trails of the above audit should be taken to offer the
back-end view of how the system was used. This information on logs is helpful in various ways.
According to the above audit report, enough details have been provided to establish the
duration of active session for each staff member. This is helpful in establishing the culture
responsibility and accountability. It also gives room to evaluate the overall effectiveness of the
access policy and user education and how the user altered/used the patient information. It can
therefore be established that the EHR are accessed in the morning hours where the active session
lasts less than one hour. However, most of the active sessions are less than 15 minutes. This
creates a suspicion about the activities done by SWILLIAMs when accessing WILLIAMS’s
6
SN essay
details that lasted for 27 minutes. According to the report, SWILLIAMS access the patients’
information for 3 to 4 minutes. The case with pt # 5776 raises eyebrows.
LWORLEY also has unexpectedly long active session with pt# 9874 which lasted for 23
minutes. According to the report, L Worley is a Health Information clerk who processes requests
for records from other healthcare providers and facilities. Additionally, the session for
LWORLEY averagely lasts for 10 minutes as seen with other patients.
With JWARD, the user session seems to be appropriate as the active sessions seems to be
consistent. It is also clear that JWARD is a nurse who works with general surgery department.
Therefore it is expected that the duration for active sessions should be longer than the clerks as it
is because of the many details needed by nurses before a surgery is undertaken. Taking JWARD
as a reference, it can also be established that SWILLIAMs had inappropriate activities with the
details for pt# 5776. Logic being the, a clerk cannot take longer time to collect the few details
s/he requires as compared to a nurse taking more details of the same patient (Safavi-Naini, R.,
2010).
Assignment 3
Records are
available for
review for
patient care
within 12
hours
HIM
employees
are
professional
in the
completion
ALWA
YS
15%
OFTE
N
35%
SOMETIM
ES
25%
SELDO
M
25%
NEVE
R
0%
10%
20%
50%
20%
0%
7
SN essay
of their
work (e.g.,
are
dependable,
maintain
confidentiali
ty, are
accurate in
the
completion
of their
work
HIM
Department
communicat
es well any
changes in
policies,
procedures,
or services
to the
medical
staff.
25%
10%
45%
10%
10%
Health Information Management (HIM) professionals are expected to have a unique skill set
that is required in a professional healthcare environment. They are required to collect timely
medical data, make it available to the authorized users and ensure various policies are
implemented in relation to access of that data. HIM professionals are also expected to do their
work to their best of completion and satisfaction of the patients.
a. What do the survey results show?
The survey results are based on three areas of concern that are rated on a scale of 1-100%
each depending on how often they occur. The three areas are selected based on availability of
records, employee professionalism and their ability to communicate change.
8
SN essay
The results on the first concern about availability of records show that there is higher
possibility of records being available for review for patient care within 12 hours. In fact, there is
a 75% possibility that they are available. However, it is rare that the records are available always
for the review.
There is also 80% possibility of receiving professional treatment and healthcare from the
HIM employees at most times. Despite of the high possibility of receiving the professional
healthcare, some little percentage (20%) of the employees practice professionalism in their work
rarely and therefore they are not reliable.
In communicating change in policies and procedures to other departments, HIM employees
cannot be completely relied on. However, some percentage communicates change always while
10% never communicate change. Generally, the results on this concern are poor as some of the
changes are not communicated at all.
b. Brainstorm. What reasons could explain these results?
-
There are relatively low full-time equivalents in the department that could be making it
harder to communicate change to the other medical staff.
-
Low percentage of the employees completes their work professionally because of their
limited number in comparison to the 1,500 patients to be attended to.
-
High turnover in the department could be leading to unavailability of records for review
at most of the time. This may also contribute to more changes in policies not to be
communicated to the medical staff as most staff members may not be familiar with the
initial policies that had to be changed.
9
SN essay
-
Records may not be available always for review maybe because of the limit imposed by
the budget. Some records need to be printed, scanned and filed so that they can be
availed. This can be finance demanding as not planned within the budget.
c. Which area of concern should be addressed first? Why?
According to the survey in this case, of critical urgency is the ability of the staff to complete
their activities professionally. This is so because all the patients and other staff need to be
confident with the HIM department employees as they are responsible for critical tasks. Even
before the medical staff receives 100% of the change from the HIM department, they ought to
trust in them and have confidence as it is portrayed in their ability to complete various tasks
professionally.
The other two concerns are also tied to the availability of finance and budgeting of the
institution. Budget constraint may make the availability of documents be low as they need fiancé
to scan and print other document with health records. To gather all the staff in the organization
may be demanding and due to budget constraints, some of the change will not be passed across.
d. Using critical thinking and problem solving skills identify steps the director should take
to investigate concerns and improve department services.
-
First step in the improvement process is to identify all concerns and problems that need to
be addressed. This involves asking other stakeholders about the concerns and creating a
list of all the concerns. Also, indicate the possible causes and consequences of the
concern.
10
SN essay
-
To improve the department performance, it is important for the director to prioritize the
above concerns with regard to urgency and resource availability. Logically, the second
concern is cheap to implement and urgent.
-
Generate solutions for the listed concerns.
-
Then gathering of relevant resources, people and procedures for implementing the
solutions for the concerns.
-
Implementing the solution.
Assign 4
Topic of Survey: Rate the response of your routine healthcare provider during the last 24 months.
Questions of the Survey:
1. How many times have you visited a healthcare over the last 24 months?
2. How often did you a medical appointment after you phoned your healthcare provider to
get an immediate attention?
3. Do you recall a situation where you phoned your healthcare and you never received an
appointment?
4. In the last 24 months, have you called your healthcare provider during regular office
hours? How did he react?
5. During your last visit to your healthcare provider, did s/he explain thing in a way that was
easy for you to understand?
11
SN essay
Experience with 123Contactform online tool is a complete amazement. The tool allows you
to email the survey questions to the targeted audience and receive their feedback. For the five
questions above, the tool is free and reliable. After creating the survey template, the tool allows
you to have a link to the survey template which one can impede in a website or post on social
media for friends to partake.
After the experience with this tool, my survey should take the same format and platform as it
comes with numerous benefits. It is also cheap and reliable. Comments can be accommodated
within the tool and make it livelier. Verbal survey can be more tiresome but with online survey
tools, the tasks are accomplished and objectives of the survey met without much travelling.
Most interesting comment was:
“How many times have you visited a healthcare over the last 24 months?”
“I can’t recall”
Assign 5
Based on the PPS System you've chosen in Module 06, create a flow chart of the
Revenue Cycle and discuss how the selected PPS impacts revenue cycle
PROSPECTIVE PAYMENT SYSTEM (DRGs)
12
SN essay
When building a health bottom line, it is important to ensure that the health care payment
system is structured in a proper way. This is done by understanding the complexities of medical
insurance and the billing process. The following are the ways that the inpatient Prospective
Payment System (IPPS) impact on the revenue cycle;
Workflow of activities within the IPPS impact greatly on the revenue cycle: Activities like
diagnosis and procedure codes, collection of co-pay, documentation and activities related to
submission are all related in chain. A small kink in the workflow will therefore wreak havoc
within the revenue cycle.
IPPS embraces technology which may impact on the financial performance of the revenue
cycle (Healthcare Financial Management Association., 2003). Technologies like electronic
medical records and practice management system can be used in the following sections to impact
positively on the revenue cycle:
13
SN essay
1. Patient visits: electronic medical records can be used to document patients’ details at the
counter. It can also be used by the biller to capture other useful information that is
required in reimbursement.
2. Billing functions: tracking of claim status can be made and scrubbed before being
submitted to the payers to ensure they meet local and national requirements to comply
with medical stipulations.
14
SN essay
References
Farrington E, Absher RK (June 2009). "Evaluation of the accuracy of different methods used to
estimate weights in the pediatric population". Pediatrics 123 (6)
Healthcare Financial Management Association. (2003). Issues in outpatient PPS: keys to
successful revenue cycle management. Healthcare financial management: journal of the
Healthcare Financial Management Association, 57(7), suppl-1.
Gartee, R. (2007). Electronic health records: understanding and using computerized medical
records. Pearson Prentice Hall.
Narayan, S., Gagné, M., & Safavi-Naini, R. (2010, October). Privacy preserving EHR system
using attribute-based infrastructure. In Proceedings of the 2010 ACM workshop on Cloud
computing security workshop (pp. 47-52). ACM.