Alliyah EvangelistaHIM 1 - Chp. 15, The Legal Aspects of Health Information Management
-
Define legislative, common, and judge made law.
Legislative - made by the government or parliament.
Common and judge made law - created by the public and judges (judiciary).
-
The Canada Health Act (1984) created the criteria and conditions that must be met for accreditation. True or false?
True
-
Provincial laws supersede health laws created by the government. True or false?
True; each province has their own standards and plans on delivering health to the patient.
-
How many health care plans are there in Canada?
13; there are 13 provinces and territories.
-
Health care is primarily a provincial responsibility, except for groups that fall under federal care. List some examples.
- indigenous populations
- military personnel
-
PIPEDA is MB exclusive. True or false?
False; PHIA is MB exclusive.
-
Besides providing care to the patient, what other uses might the HR provide?
A legal and business record-used in legal proceedings, accreditation, funding and assessing professional practices among others.
-
The requirements of record maintenance are set out by statutes. Give some possible examples.
- HRs need to be kept for a certain amount of time, because they can be subject to audits.
- Health insurance plans need the providers to maintain records to establish that particular insurance was provided to the patient.
-
What responsibility does a practitioner have to the public?
The responsibility to provide appropriate care.
-
In regards to the regulation of health information, what might the law govern over?
- Documentation process
- Confidentiality requirements
- Rules to access
- Disclosure and storage
-
Responsibility of health records rests with the BOD, such as the ___ of HRs.
destruction/disposal
-
Define privacy, security, and confidentiality.
Privacy - "the right to be left alone." The ability of an individual to control their personal information.
Security - safeguards put in place to protect data (security measure for floods).
Confidentiality - the responsibility of someone to not disclose PI (HIM's are responsible to not give out patient information to unauthorized persons').
-
Where does confidentiality arise from?
The special relationship between client and provider - fiduciary.
-
If a client's PI were to be disclosed or breached, who can they send a complaint to?
The OMBUDSMAN
-
Who is the owner of the HR?
The facility because they made it.
-
When requesting access for the patient information, describe the lengths it might take.
- 24hrs after the report, if the patient is in-patient and the information is required for their care.
- 72hrs, the person is not in a healthcare facility.
- no longer than 30 days in any other instance.
-
What does the Personal Health Information Act (PHIA) provide?
- the right of an individual to access their HI, get a copy or request a correction.
-
There is no definitive definition of what a HR is. Therefore an organization's definition is based on the purpose that the HI is collected, used and disclosed. True or false.
True
-
To protect theft and loss of PI, what might PIPEDA require from an organization/facility?
That they adequate measures against unauthorized access, copying, disclosure.
-
What are some examples of a physical, organizational and technological measures?
Physical - Locked cabinets, restricted areas
Organizational - policies and procedures
Technological - passwords and encryptions
-
What is the purpose of documenting the patient's care?
To ensure they are receiving quality care, and facilitates communication between providers.
-
How should a HR be completed?
HRs should be completed at the time of the diagnosis (contemporaneously) and chronologically for accuracy.
-
What is "charting by exception"?
Where only the deviations from the norm are recorded.
-
List some best practices for recording HRs.
- the recorder should be identified
- document needs the date and time it was made and be completed contemporaneously with the event
- facilities need to comply with any requirements regarding the authentication of the info. in an HR
-
Late entries and addendums should be used for what?
Corrections and to add important information.
-
Who is the owner of the health information?
The patient.
-
What are some instances in which HI can be disclosed without the patient's consent?
- Protection of children (suspected abuse)
- Research
- Court orders
- Gun shot wounds
- Certain deaths
- Health conditions that impede driving
-
What information needs to be released in a court order?
Only the ones specified.
-
If a provider believes on reasonable grounds, that disclosing info. is necessary to eliminate or reduce a "significant risk or serious body harm to a person of group of persons", they are able to disclose information. True or false?
True.
-
What factors give a provider the reasonable expectation to warn?
Identifiable - is there a clear risk to people?
Seriousness - is there a risk to bodily harm or death?
Imminence - is the danger imminent?
-
Can patients request who to grant access to their HR?
Yes; my spouse can't see my records, etc.
-
What are the steps to releasing information?
- identify the party, the substitute decision maker must provide a legal document
- verify the authority of the request, all legal documents must be met
- all the supporting documents are filled
- the request has been directed to the appropriate person (HR department)
-
What needs to in a consent form?
The date of consent, the info that was provided, the date of disclosure.
-
What does PHIA do?
1. Provides individual's the right to access their PHI, request a copy and make corrections.
2. Protects individuals' privacy rights.
3. Establishes rules on the collection of PHI, its usage, and destruction.
