Assignment Instructions
The following EHRGo Assignment covers the following CAHIIM competencies: (Assignment instructions are below this CAHIIM Domain section)
CAHIIM Domains/Subdomains
Domain II. Information Protection: Access, Disclosure, Archival, Privacy & Security
Subdomain II.A. Health Law
1. Identify laws and regulations applicable to health care
2. Analyze legal concepts and principles to the practice of HIM
Subdomain II.B. Data Privacy, Confidentiality & Security
1. Analyze privacy, security and confidentiality policies and procedures for internal and external use and exchange of health information
Assignment Instructions: Complete the following activities using the EHRGo software program.
Description (This activity meets Baccalaureate-Level CAHIIM competencies.)
The activity explores the privacy and security safeguards afforded by HIPAA and how its protection relates to release of patient health information. The student will review a patient’s medical record and apply the legal background provided within the activity to analyze and apply established principles of release of information. Please access the link below to complete the assignment.
Release of Information https://web21.ehrgo.com/rd/?courseActivityId=11578
Details for each activity can be found in the attached documents below. Please download, open, and comply with the instructions.
Knowledge Activity: Release of Information (Baccalaureate)
Learning objectives
Apply healthcare legal terminology (3)
Identify the use of legal documents (3)
Apply legal concepts and principles to the practice of HIM (3)
Apply policies and procedures surrounding issues of access and disclosure of protected health information (3)
Apply confidentiality, privacy and security measures and policies and procedures for internal and external use and exchange to protect electronic health information (3)
Analyze policies and procedures to ensure organizational compliance with regulations and standards (4)
Adhere to the legal and regulatory requirements related to health information management (3)
Identify laws and regulations applicable to health care (3)
Analyze legal concepts and principles to the practice of HIM (4)
Create policies and procedures to manage access and disclosure of personal health information (6)
Protect electronic health information through confidentiality and security measures, policies and procedures (3)
Analyze privacy, security and confidentiality policies and procedures for internal and external use and exchange of health information (4)
Student instructions
If you have questions about this activity, please contact your instructor for assistance.
You will review the chart of Melissa Baker to complete this activity. Your instructor has provided you with a link to the Release of Information (BS) Click on 2: Launch EHR to review the patient chart and begin this activity.
Refer to the patient chart and any suggested resources to complete this activity.
Document your answers directly on this activity document as you complete the activity. When you are finished, you will save this activity document to your device and upload this activity document with your answers to your Learning Management System (LMS).
The activity
Release of Information (ROI)
Release of information is the divulgence of an individual’s health information by an entity, such as a hospital or doctor’s office, to a person or organization outside of that entity. Release of information is covered by the Health Insurance Portability and Accountability Act. (“HIPAA for Professionals”, n.d.).
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to improve the efficiency and integrity of health care. With the realization that privacy of health information could be affected by advancements in technology, Congress added provisions to HIPAA mandating the adoption of federal protection of privacy for protected health information (PHI), defined as all “individually identifiable health information”. These provisions include the HIPAA Privacy Rule and the HIPAA Security Rule. These rules apply to all covered entities, defined as health plans, health care providers who conduct transactions electronically and health care clearinghouses. (“HIPAA for Professionals”, n.d.).
HIPAA Privacy Rule
The Privacy Rule establishes national standards to strike the balance of ensuring consumers’ health information receives proper protection while still allowing the flow of health-related information necessary for high quality health care. Recognizing that the marketplace for healthcare is large and diverse, the Privacy Rule is marked by its flexibility.
In a nutshell, the Privacy Rule protects all individually identifiable health information, in any form – verbal, paper or electronic. Such information includes data that could be used to identify an individual and includes such data as demographics, information on the individual’s past, present or future physical or mental health, provision of health care or payment for health care. (“Summary of the HIPAA Privacy Rule”, n.d.).
HIPAA Security Rule
The Security Rule takes the protections set forth in the Privacy Rule and outlines the safeguards organizations must put in place to secure consumers’ electronic protected health information (e-PHI). The Security Rule specifically addresses health information in electronic form. The Security Rule aims to be flexible to allow organizations to adapt to new technologies regardless of their size and structure while still protecting the privacy of consumers’ health information. (“Summary of the HIPAA Security Rule”, n.d.).
Authorized Uses and Disclosures
Authorization: A covered entity may require the patient’s written authorization to release the patient’s PHI. The authorization must be in plain language and include specific information about the information to be disclosed, the person(s) or entity receiving and disclosing the information, and an expiration date. (“Individuals’ Right under HIPAA”, n.d.).
Verification: A covered entity must take reasonable steps to verify the identity of an individual requesting access to PHI under the Privacy Rule. The Rule does not require any specific form of verification (e.g. a copy of a driver’s license or state identification card). Rather, the Rule leaves the type and manner of verification to the covered entity’s discretion and judgment. However, the verification must not “create barriers to or unreasonably delay the individual from obtaining access to his or her PHI”. (“Individuals’ Right under HIPAA”, n.d.).
Examples of Unreasonable Measures
Requiring a patient to physically come to the covered entity’s facility to provide proof of her identity and request access in person
Using only a web portal for requesting access, when not all individuals have access to a computer or device with Internet access
Using only mail to receive and deliver access requests, as this would cause an unreasonable delay
While a covered entity may not require individuals to request access in these manners, a covered entity may permit an individual to do so. The Rule encourages covered entities to offer patients multiple options for requesting access to PHI. (“Individuals’ Right under HIPAA”, n.d.).
Legal Considerations
The Privacy Rule allows for the disclosure of PHI to law enforcement officials without the patient’s written authorization under certain circumstances. Disclosures for law enforcement purposes may be permitted when done in compliance with a court order, subpoena or summons.
Court order: A covered entity can divulge PHI if it receives a court order but must only disclose the information specifically provided in the court order.
Subpoena: A covered entity may divulge PHI to a party that issues a subpoena, but only if the individual whose information to be released has been notified about the request and given the chance to object to the disclosure.
(“Court Orders and Subpoenas”, n.d.).
Application to EHR Go
Melissa Baker was sexually assaulted several months ago and the case against her alleged assaulters will be heard in court soon. However, the copies of her medical record that were originally sent to her attorney have been misplaced. Melissa has contacted General Hospital’s medical records office by mail to request copies of her medical record for treatment of the assault to be sent to her attorney. An excerpt of General Hospital’s policy on releasing patient information is provided below, along with a copy of Melissa’s letter, which was also scanned in to her medical record. Using these documents, along with the information in Melissa’s EHR, answer the questions below.
Melissa’s request to the hospital was received via fax today. The request was scanned in to her EHR under the Notes tab upon receipt today.
Below is an excerpt from General Hospital’s policy on disclosing patient information.
Questions
Carefully examine the information in Melissa’s EHR and, specifically, the form she sent requesting release of information. Using these resources and the information above, answer the following questions.
Locate the discrepancy between the personal identification information contained in the request received from Melissa today found under the Notes tab in her chart and the registration information documented in the Account/Registration section of her chart.
What are some steps that could be taken to sort out the discrepancy identified in Question 1?
After reviewing the ROI authorization form that was scanned in to Melissa’s chart, are the following identified on the form, per hospital policy? Indicate yes or no:
The authorization is in writing, dated, and signed?
The authorization specifies the information to be disclosed?
The authorization specifies the entity or location to disclose the information?
The authorization specifies the person or persons to receive the information?
Melissa’s mother, Rita Baker, shows up shortly after the hospital receives Melissa’s letter requesting release of her information to her attorney again. Rita states that the attorney needs the copies as soon as possible due to a court deadline, refers to it as “an emergency” and asks to be given the copies of Melissa’s medical record to take to the attorney’s office. What action should the record clerk take and why?
If Melissa did not request her medical record be sent to her attorney or complete a release of information form, but a subpoena was issued for her medical records relating to the alleged assault, what steps should the General Hospital take before releasing them?
According to the General Hospital’s policy, could the hospital release Melissa’s records to a clinic where Melissa was receiving mental health counseling without a signed authorization from her?
What edits would you make to the General Hospital’s disclosure policy, if any, to improve the clarity of the requirements to both the patient and hospital staff?
If General Hospital implemented a new online patient portal that allowed patients to request disclosure of their medical information online, what changes would need to be made to their release of information policy?
In the scenario in question 8 above, could General Hospital mandate all release of information requests be submitted through the online patient portal to help streamline the process internally and mitigate access and disclosure risks? Why or why not?
Submit your work
Document your answers directly on this activity document as you complete the activity. When you are finished, save this activity document to your device and upload this activity document with your answers to your Learning Management System (LMS). If you have any questions about submitting your work to your LMS, please contact your instructor.
References
U.S. Department of Health & Human Services. (n.d.). Court Orders and Subpoenas. Retrieved from: https://www.hhs.gov/hipaa/for-individuals/court-orders-subpoenas/index.html
U.S. Department of Health & Human Services. (n.d.). HIPAA for Professionals. Retrieved from: https://www.hhs.gov/hipaa/for-professionals/index.html
U.S. Department of Health & Human Services (n.d.) Individuals’ Right under HIPAA to Access their Health Information 45 CFR § 164.524. Retrieved from: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
U.S. Department of Health & Human Services. (n.d.). Summary of the HIPAA Privacy Rule. Retrieved from: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
U.S. Department of Health & Human Services (n.d.). Summary of the HIPAA Security Rule. Retrieved from: https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
The post Assignment Instructions|The following EHRGo Assignment covers the following CAHIIM competencies: (Assignment instructions are below this CAHIIM Domain section) appeared first on Homework Aider.
What Students Are Saying About Us
.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐"Honestly, I was afraid to send my paper to you, but you proved you are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 11***| Rating: ⭐⭐⭐⭐⭐
"This company is the best there is. They saved me so many times, I cannot even keep count. Now I recommend it to all my friends, and none of them have complained about it. The writers here are excellent."
"Order a custom Paper on Similar Assignment at essayfount.com! No Plagiarism! Enjoy 20% Discount!"
