| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
About the Authors | |
| |
| |
| |
Introduction to the American Legal System | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
The Nature of Law | |
| |
| |
Sources of Law | |
| |
| |
The Constitution | |
| |
| |
Statutes | |
| |
| |
Decisions and Rules of Administrative Agencies | |
| |
| |
Court Decisions | |
| |
| |
Governmental Organization and Function | |
| |
| |
Organization of the Court System | |
| |
| |
State Court System | |
| |
| |
Federal Court System | |
| |
| |
| |
Medical Records and Managed Care | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
Utilization Review | |
| |
| |
Managed Care | |
| |
| |
Managed Care Organizations and Related Entities | |
| |
| |
Health Maintenance Organizations | |
| |
| |
Preferred Provider Organizations | |
| |
| |
Independent Practice Associations | |
| |
| |
Group Practice Without Walls | |
| |
| |
Consolidated Medical Group | |
| |
| |
Physician/Hospital Organizations | |
| |
| |
Management Services Organizations | |
| |
| |
Foundation Model Integrated Delivery System | |
| |
| |
Physician Ownership Model Integrated Delivery System | |
| |
| |
Other Managed Care Organizations | |
| |
| |
The Impact of Managed Care on Health Information Management | |
| |
| |
HIPAA and State Privacy Rules | |
| |
| |
Changes in Medical Records Standards | |
| |
| |
| |
Medical Records Requirements | |
| |
| |
Chapter Objectives | |
| |
| |
Records That Must Be Kept | |
| |
| |
The Legal Health Record | |
| |
| |
Content Requirements | |
| |
| |
Record Retention Requirements | |
| |
| |
Statutory and Regulatory Concerns | |
| |
| |
Statutes of Limitations | |
| |
| |
Medical Research and Storage Space Considerations | |
| |
| |
Association and Accreditation Agency Guidelines | |
| |
| |
Developing a Record Retention Policy | |
| |
| |
Destruction of the Record | |
| |
| |
| |
Medical Records Entries | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
Legible and Complete Medical Records Entries | |
| |
| |
Timely Medical Records Entries | |
| |
| |
Authorship and Countersignatures | |
| |
| |
Authentication of Records | |
| |
| |
Auto-Authentication | |
| |
| |
Verbal Orders | |
| |
| |
Corrections and Alterations | |
| |
| |
| |
Document Consent to Treatment | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
Legal Theories of Consent | |
| |
| |
Express and Implied Consent | |
| |
| |
Informed Consent | |
| |
| |
Exceptions to the Informed Consent Requirement | |
| |
| |
Distinguishing Informed Consent and HIPAA Authorization | |
| |
| |
Who Can Give Consent | |
| |
| |
Competent Adults | |
| |
| |
Incompetent Adults | |
| |
| |
Minors | |
| |
| |
Responsibility for Obtaining Consent | |
| |
| |
Documentation | |
| |
| |
Types of Consent Forms | |
| |
| |
Short Consent Forms | |
| |
| |
Long Consent Forms | |
| |
| |
Challenges to Consent Forms | |
| |
| |
Withdrawal of Consent | |
| |
| |
Impact of State Statutes | |
| |
| |
Impact of the Medicare Conditions of Participation | |
| |
| |
HIPAA Preemption | |
| |
| |
| |
Access to Health Information | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
Types of Health Information | |
| |
| |
Protected Health Information | |
| |
| |
De-Identification of Health Information | |
| |
| |
Limited Data Set | |
| |
| |
Designated Record Set | |
| |
| |
Ownership of the Medical Record | |
| |
| |
Summary of Confidentiality Requirements | |
| |
| |
Federal Law | |
| |
| |
State Law | |
| |
| |
International Privacy Standards | |
| |
| |
Accreditation Organizations | |
| |
| |
HIPAA Covered Entities | |
| |
| |
Healthcare Providers | |
| |
| |
Healthcare Clearinghouses | |
| |
| |
Health Plans | |
| |
| |
Exercise of Professional Judgment | |
| |
| |
Minimum Necessary Rule | |
| |
| |
Hybrid Entities, Affiliated Covered Entities, and Organized Healthcare Arrangements | |
| |
| |
Hybrid Entities | |
| |
| |
Affiliated Covered Entities | |
| |
| |
Documentation of Designations | |
| |
| |
Organized Healthcare Arrangement | |
| |
| |
Uses and Disclosures of Medical Records Information | |
| |
| |
Access by or on Behalf of the Patient | |
| |
| |
Access, Uses, and Disclosures with the Patient's Authorization | |
| |
| |
Access by Family and Friends | |
| |
| |
Facility Directories | |
| |
| |
Records of Minors | |
| |
| |
Access for Treatment, Payment, or Healthcare Operations | |
| |
| |
Access by Employers | |
| |
| |
Mental Health Records | |
| |
| |
Alcohol and Drug Abuse Patient Records | |
| |
| |
Genetic Information | |
| |
| |
Record Duplication and Fees | |
| |
| |
QIO Record Keeping | |
| |
| |
QIO Access to Individual Patient Records | |
| |
| |
Third Party Access to Information Collected by a QIO | |
| |
| |
Patient Access to QIO Information | |
| |
| |
Utilization Review and Quality Assurance | |
| |
| |
Business Associates | |
| |
| |
Qualifying as a Business Associate | |
| |
| |
Requirements for Business Associate Agreements | |
| |
| |
Non-HIPAA Required Provisions for Business Associate Agreements | |
| |
| |
Liability for Acts or Omissions of Business Associates | |
| |
| |
Additional Patient Rights Under HIPAA | |
| |
| |
Right to Notice of How a Covered Entity Will Use and Disclose PHI | |
| |
| |
Right to Have Access to, Inspect, and Copy PHI | |
| |
| |
Right to Request Restrictions on the Uses and Disclosures of PHI for Treatment, Payment, and Healthcare Operations | |
| |
| |
Right to Request to Receive Confidential Communications | |
| |
| |
Right to Request Restrictions on the Uses and Disclosures for Which an Authorization Is Not Required | |
| |
| |
Right to Request an Amendment to PHI | |
| |
| |
Right to Receive an Accounting of Disclosures of PHI | |
| |
| |
Right to Report Violations of the Regulations to the Secretary of DHHS | |
| |
| |
Verifying Identity and Representations | |
| |
| |
HIPAA Administrative Requirements | |
| |
| |
Policies and Procedures | |
| |
| |
Documentation | |
| |
| |
Personnel | |
| |
| |
Training | |
| |
| |
Sanctions Imposed on Workforce | |
| |
| |
Duty to Mitigate | |
| |
| |
Safeguards | |
| |
| |
| |
Reporting and Disclosure Requirements | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
Disclosures Required by Law | |
| |
| |
Child Abuse and Neglect | |
| |
| |
Abuse of Adults and Injuries to Disabled Persons | |
| |
| |
Controlled Drug Prescriptions and Abuse | |
| |
| |
Occupational Diseases | |
| |
| |
Abortion | |
| |
| |
Birth Defects and Other Conditions in Children | |
| |
| |
Cancer and Other Registries | |
| |
| |
Death or Injury from Use of a Medical Device | |
| |
| |
Communicable Diseases | |
| |
| |
Misadministration of Radioactive Materials | |
| |
| |
Death | |
| |
| |
Gunshot and Knife Wounds | |
| |
| |
Other Health Related Reporting Requirements | |
| |
| |
Required Disclosure by Managed Care Organizations | |
| |
| |
Health Oversight | |
| |
| |
| |
Documentation and Disclosure: Special Areas of Concern | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
Special Documentation Concerns | |
| |
| |
Emergency Department Records | |
| |
| |
Celebrity Patients | |
| |
| |
Hostile Patients | |
| |
| |
Recording Indicators of Child or Elder Abuse or Domestic Violence | |
| |
| |
Patients Reusing Treatment and/or Near Death | |
| |
| |
Deceased Patients and Autopsy Authorizations | |
| |
| |
Recording Disagreements Among Professional Staff | |
| |
| |
Special Disclosure Concerns | |
| |
| |
Use and Disclosures for Marketing Purposes | |
| |
| |
Use and Disclosures for Fund-Raising | |
| |
| |
Records Sought by Managed Care Organizations | |
| |
| |
Records Sought by Parties to Adoption | |
| |
| |
Records Indicating Child or Elder Abuse | |
| |
| |
Health Information Sought by Law Enforcement Agencies | |
| |
| |
Warrants and Searches | |
| |
| |
Responding to Subpoenas and Court Orders | |
| |
| |
Fraud and Abuse Investigations | |
| |
| |
Oversight for HIPAA Compliance | |
| |
| |
Use of Outside Test Reports in Hospital Patients' Records | |
| |
| |
Licensure and Accreditation | |
| |
| |
Antitrust Issues | |
| |
| |
Change of Ownership or Closure: Disposition of Records | |
| |
| |
| |
HIV/AIDS: Mandatory Reporting and Confidentiality | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
Duty to Report | |
| |
| |
Protecting Confidentiality of HIV-Related Information | |
| |
| |
The Privacy Rule and the Security Rule | |
| |
| |
State Law | |
| |
| |
Statutory Provisions Regarding Disclosure | |
| |
| |
Disclosures Permitted by the Privacy Rule | |
| |
| |
Disclosure to Third Parties with Patient Authorization | |
| |
| |
Disclosure to Healthcare Workers | |
| |
| |
Disclosure Without Consent to Emergency Medical Personnel | |
| |
| |
Disclosure Without Consent to Spouse or Needle-Sharing Partner | |
| |
| |
Other Permissible Disclosures Without Patient Authorization | |
| |
| |
Disclosure of Healthcare Provider's Status to Patients | |
| |
| |
Disclosure by Court Order | |
| |
| |
Liability for Unauthorized Disclosure of HIV-Related Information | |
| |
| |
Recommended Policies and Procedures | |
| |
| |
| |
Discovery and Admissibility of Medical Records | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
Discoverability of Medical Records | |
| |
| |
Physician-Patient Privilege | |
| |
| |
Admissibility of Medical Records | |
| |
| |
Medical Records as Hearsay | |
| |
| |
Other Healthcare Documentation | |
| |
| |
Peer Review Records | |
| |
| |
Incident Reports | |
| |
| |
| |
Legal Theories in Improper Disclosure Cases | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
HIPAA Liability | |
| |
| |
Violations | |
| |
| |
Other Statutory Bases for Liability | |
| |
| |
Theories of Liability | |
| |
| |
Defamation | |
| |
| |
Invasion of Privacy | |
| |
| |
Breach of Confidentiality | |
| |
| |
| |
Risk Management and Quality Management | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
Increased Scrutiny of Medical Errors and Demand for Improving Quality Care | |
| |
| |
Relationship Between Risk Management and Quality Management | |
| |
| |
Risk Management | |
| |
| |
Quality Management | |
| |
| |
HIPAA and Risk Management/Quality Management | |
| |
| |
Compliance Programs | |
| |
| |
Medical Records in Risk Management, Quality Review, Compliance Activities, and Pay for Performance Initiatives | |
| |
| |
| |
Electronic Health Records | |
| |
| |
Chapter Objectives | |
| |
| |
The Movement to Electronic Health Records | |
| |
| |
Electronic Health Records Systems | |
| |
| |
HIPAA Privacy Rule | |
| |
| |
Privacy Rule Issues for Interoperable Electronic Health Records | |
| |
| |
Other Privacy Issues | |
| |
| |
HIPAA Security Rule | |
| |
| |
General Security Requirements | |
| |
| |
Administrative Safeguards | |
| |
| |
Physical Security Standards | |
| |
| |
Technical Security Standards | |
| |
| |
Organizational Security Safeguards | |
| |
| |
Security Requirements in Health Data Networks | |
| |
| |
State Data Security Laws | |
| |
| |
Electronic Health Records Contracting Issues | |
| |
| |
Considerations for Contracting | |
| |
| |
Health Data Network Agreements | |
| |
| |
Vendor Agreements | |
| |
| |
Participation Agreements | |
| |
| |
Regulatory Issues | |
| |
| |
Antikickback Laws | |
| |
| |
Stark Law | |
| |
| |
Tax Laws Affecting Tax-Exempt Organizations | |
| |
| |
Antitrust | |
| |
| |
Electronic Health Records as Evidence | |
| |
| |
The Rule Against Hearsay | |
| |
| |
Best Evidence Rule | |
| |
| |
The Difficulties of E-Discovery | |
| |
| |
Professional Liability | |
| |
| |
Specific Electronic Health Records Security Issues | |
| |
| |
Facsimile Transmission of Health Information | |
| |
| |
Electronic Claims Processing: The Transactions Code Set Rule | |
| |
| |
Telemedical Records | |
| |
| |
Electronic Mail | |
| |
| |
Transmission of Health Information Through the Internet | |
| |
| |
| |
Health Information in Medical Research | |
| |
| |
Chapter Objectives | |
| |
| |
Introduction | |
| |
| |
U.S. Federal Laws Relating to Acquisition and Use of Health Information in Connection with Medical Research | |
| |
| |
The Common Rule | |
| |
| |
HIPAA Privacy Rule | |
| |
| |
Information Protected Under the Family Educational Rights and Privacy Act | |
| |
| |
Transitional Rule | |
| |
| |
Use of De-Identified Information and Limited Data Sets | |
| |
| |
Other Accommodations for Research in the HIPAA Privacy Rule | |
| |
| |
Certificates of Confidentiality | |
| |
| |
State Laws Relating to Acquisition and Use of Health Information in Connection with Medical Research | |
| |
| |
State HIPAA Statutes | |
| |
| |
State Common Law | |
| |
| |
International Laws Relating to Medical Records and Clinical Trials | |
| |
| |
European Union (EU) | |
| |
| |
United Kingdom | |
| |
| |
Canada | |
| |
| |
Japan | |
| |
| |
Other Guidance | |
| |
| |
International Conference on Harmonisation | |
| |
| |
Conclusion | |
| |
| |
| |
Glossary: Acronyms and Definitions | |
| |
| |
Index | |