The following EHRGo Assignment covers the following CAHIIM competencies:
Domain II. Information Protection: Access, Disclosure, Archival, Privacy & Security
1. Create policies and procedures to manage access and disclosure of personal health information
2. Protect electronic health information through confidentiality and security measures, policies and procedures
These assignment will be completed using the EHRGo program.
ROI and Accounting of Disclosures
Reference the attached document for instructions. You will also record your work within this same document. Please ensure all answers are highlighted, or marked in red.
Knowledge Activity: ROI and Accounting of Disclosures (Baccalaureate)
Apply healthcare legal terminology (3)
Apply legal concepts and principles to the practice of HIM (3)
Apply policies and procedures surrounding issues of access and disclosure of protected health information (3)
Apply retention and destruction policies for health information (3)
Protect electronic health information through confidentiality and security measures, policies and procedures (3)
Create policies and procedures to manage access and disclosure of personal health information (6)
If you have questions about this activity, please contact your instructor for assistance.
You will review the chart of Emily Carey to complete this activity. Your instructor has provided you with a link to the ROI and Accounting of Disclosures (BS) Click on 2: Launch EHR to review the patient chart and begin this activity.
Refer to the patient chart and any suggested resources to complete this activity.
Document your answers directly on this activity document as you complete the activity. When you are finished, you will save this activity document to your device and upload this activity document with your answers to your Learning Management System (LMS).
Release of protected health information (PHI)
Release of information (ROI) refers to the divulgence of an individual’s health information by an entity, such as a hospital or doctor’s office, to a person or organization outside of that entity. Release of information is covered by the Health Insurance Portability and Accountability Act (HIPAA). (“HIPAA for Professionals”, n.d.).
The HIPAA Security Rule outlines the safeguards organizations must put in place to secure consumers’ protected health information (PHI). The Rule aims to be flexible to allow organizations to adapt to new technologies regardless of their size and structure while still protecting the privacy of consumers’ health information. (“Summary of the HIPAA Security Rule”, n.d.).
When the Rule refers to “covered entities”, it’s referring to health plans, health care providers who conduct transactions electronically and health care clearinghouses. (“HIPAA for Professionals”, n.d.).
Covered entities must create safeguards to protect patient PHI and ensure they do not improperly disclose. They must also place reasonable limits on the use and disclosure of PHI so that only the minimum necessary information to accomplish their purpose is disclosed. In addition, covered entities must create policies and procedures that limit who can access patient PHI, as well as provide training to their employees on safeguarding PHI. (“Summary of the HIPAA Security Rule”, n.d.).
Authorized Uses and Disclosures of PHI
Authorization: A covered entity may require the patient’s written authorization to release the patient’s PHI. The authorization must be in plain language and include specific information about the information to be disclosed, the person(s) or entity receiving and disclosing the information, and an expiration date. (“Individuals’ Right under HIPAA”, n.d.).
Verification: A covered entity must take reasonable steps to verify the identity of an individual requesting access to PHI under the Privacy Rule. The Rule does not require any specific form of verification (e.g. a copy of a driver’s license or state identification card). Rather, the Rule leaves the type and manner of verification to the covered entity’s discretion and judgment. However, the verification must not “create barriers to or unreasonably delay the individual from obtaining access to his or her PHI”. (“Individuals’ Right under HIPAA”, n.d.).
The right to an accounting of disclosures
The HIPAA Privacy Rule provides that an individual has a right to receive an accounting of disclosures of that individual’s protected health information made by a covered entity, or its business associate, in the six years prior to the date on which the accounting is requested, with some exceptions, as outlined below. (“Right to an Accounting of Disclosures”, n.d.).
What PHI disclosures must be included in the accounting?
All PHI disclosures must be included in the accounting, with these exceptions:
Disclosures made prior to April 14, 2003 or prior to the entity’s date of compliance with the privacy standards.
Disclosures to law enforcement or correctional institutions as provided in state law.
Disclosures for facility directories.
Disclosures to the individual patient.
Disclosures for national security or intelligence purposes.
Disclosures to people involved in the patient’s care.
Disclosures for notification purposes including identifying and locating a family member.
Disclosures for treatment, payment, and healthcare operations.
Disclosures pursuant to the individual’s authorization
(World Privacy Forum, n.d.).
What must an accounting of disclosures include?
An accounting of disclosure must contain the following information:
Date of disclosure
Name of person or entity who received the PHI and the person or entity’s address, if known
Brief description of the PHI that was disclosed
One of the following:
Brief statement of the purpose of the disclosure or
A copy of a written request for disclosure by US DHHS or a person or entity authored to receive PHI for national priority uses
(“Right to an Accounting of Disclosures”, n.d.).
Costs associated with accounting of disclosures
The covered entity must provide the first accounting to an individual in any 12-month period free of charge. Any subsequent request by the same individual within the 12-month period, the covered entity may assess a “reasonable, cost-based fee”, as long as the individual was informed of the fee ahead of time and the covered entity provides the individual with an opportunity to change their request to avoid or reduce any charges. (World Privacy Forum, n.d.).
Application in EHR Go
You are a Health Information Technician in a HIM department at General Hospital. One of your primary responsibilities is to process release of information and accounting of disclosures requests made by patients and other parties. Ms. Gabby Green from Green & Green Law Office called and requested portions of the medical record of her client, Emily Carey, for upcoming litigation. Per General Hospital policy, you ask for the authorization from the patient to release her PHI (protected health information). Ms. Green states that the patient already has one on file with the facility.
Is Ms. Green correct that a release of information authorization is already on file with the General Hospital for Emily Carey? If so, where is it located?
What other patient identifier(s) would you request to ensure you are referencing the correct EHR prior to releasing any information?
According to the ROI authorization, the patient is authorizing the following items to be released: “X-Ray Reports, Progress Notes, History/Physical Exam.”
How many of the notes under the Notes tab in Emily’s EHR would you release?
Which notes in Emily’s EHR would you release? List the Note Title and Author. If the same author documented a note with the same title more than once, indicate how many of each note for that author would be released.
If Ms. Green requested that all of Emily Carey’s orders, including medications, be released to her, would you release that information?
If Ms. Green requested the release of all Progress Notes from a previous hospitalization for COPD five years ago, would you release that information?
What is an “accounting of disclosures” as it pertains to the release of protected patient health information?
Is the patient requesting an accounting of disclosures in her authorization form?
What is the difference between a release of information authorization and an accounting of disclosures?
If the patient requested an accounting of disclosures, would the General Hospital be required to include the disclosure to Green & Green Law Firm in the accounting? Why or why not?
If Emily Carey requested an accounting of disclosures from General Hospital for the first time, what charge could the General Hospital assess her for this accounting?
What measures would you suggest General Hospital take to ensure the confidentiality and security of protected health information for release of information requests?
What policy(ies) or procedure(s) would you suggest General Hospital have in place to manage accounting of disclosures requests?
Submit your work
Document your answers directly on this activity document as you complete the activity. When you are finished, save this activity document to your device and upload this activity document with your answers to your Learning Management System (LMS). If you have any questions about submitting your work to your LMS, please contact your instructor.
U.S. Department of Health & Human Services. (n.d.). HIPAA for Professionals. Retrieved from: https://www.hhs.gov/hipaa/for-professionals/index.html
U.S. Department of Health & Human Services (n.d.) Individuals’ Right under HIPAA to Access their Health Information 45 CFR § 164.524. Retrieved from: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
U.S. Department of Health & Human Services. (n.d.). Right to an Accounting of Disclosures. Retrieved from: https://www.hhs.gov/hipaa/for-professionals/faq/right-to-an-accounting-of-disclosures/index.html
U.S. Department of Health & Human Services. (n.d.). Summary of the HIPAA Privacy Rule. Retrieved from: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
U.S. Department of Health & Human Services (n.d.). Summary of the HIPAA Security Rule. Retrieved from: https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
World Privacy Forum. (n.d.). Patient’s Guide to HIPPA: Part 2: Basic Patient Rights: E. Right to Receive an Accounting of Disclosures (FAQ 37-45). Retrieved from: https://www.worldprivacyforum.org/2013/09/hipaaguide-right-to-receive-an-accounting-of-disclosures-37-45/
The post Assignment Instructions The following EHRGo Assignment covers the following CAHIIM competencies: appeared first on Homework Aider.
What Students Are Saying About Us.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐
"Honestly, I was afraid to send my paper to you, but you proved you are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 11***| Rating: ⭐⭐⭐⭐⭐
"This company is the best there is. They saved me so many times, I cannot even keep count. Now I recommend it to all my friends, and none of them have complained about it. The writers here are excellent."