Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Unfinished Business: More HIPAA Guidelines to Come

Written by:

The following is a guest blog post by Rita Bowen, Sr. Vice President of HIM and Privacy Officer at HealthPort.

After all of the hullabaloo since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) release of the HIPAA Omnibus, it’s humbling to realize that the work is not complete. While the Omnibus covered a lot of territory in providing new guidelines for the privacy and security of electronic health records, the Final Rule failed to address three key pieces of legislation that are of great relevance to healthcare providers.

The three areas include the “minimum necessary” standard; whistleblower compensation; and revised parameters for electronic health information (EHI) access logs. No specific timetable has been provided for the release of revised legislation.

Minimum Necessary

The minimum necessary standard requires providers to “take reasonable steps to limit the use or disclosure of, and requests for, protected health information to the minimum necessary to accomplish the intended purpose.”

This requires that the intent of the request and the review of the health information be matched to assure that only the minimum information intended for the authorized release be provided. To date, HHS has conducted a variety of evaluations and is in the process of assessing that data.

Whistleblower Compensation

The second bit of unfinished legislation is a proposed rule being considered by HHS that would dramatically increase the payment to Medicare fraud whistleblowers. If adopted, the program, called the Medicare Incentive Reward Program (IRP), will raise payments from a current maximum of $1,000 to nearly $10 million.

I believe that the added incentive will create heightened sensitivity to fraud and that more individuals will be motivated to act. People are cognizant of fraudulent situations but they have lacked the incentive to report, unless they are deeply disgruntled.

Per the proposed plan, reports of fraud can be made by simply making a phone call to the correct reporting agency which should facilitate whistleblowing.

Access Logs

The third, and most contentious, area of concern is with EHI access logs. The proposed legislation calls for a single log to be created and provided to the patient, that would contain all instances of access to the patient’s EHI, no matter the system or situation.

From a patient perspective, the log would be unwieldy, cumbersome and extremely difficult to decipher for the patient’s needs. An even more worrisome aspect is that of the privacy of healthcare workers.

Employees sense that their own privacy would be invaded if regulations require that their information, including their names and other personal identifiers, are shared as part of the accessed record.  Many healthcare workers have raised concern regarding their own safety if this information is openly made available. This topic has received a tremendous amount of attention.

In discussion are alternate plans that would negotiate the content of access logs, tailoring them to contain appropriate data regarding the person in question by the patient while still satisfying patients and protecting the privacy of providers.

The Value of Data Governance

Most of my conversations circle back to the value of information (or data) governance. This situation of unfinished EHI design and management is no different. Once released the new legislation for the “minimum necessary” standard, whistleblower compensation and revised parameters for medical access logs must be woven into your existing information governance plan.

Information governance is authority and control—the planning, monitoring and enforcement—of your data assets, which could be compromised if all of the dots are not connected. Organizations should be using this time to build the appropriate foundation to their EHI.

About the Author:
Rita Bowen, MA, RHIA, CHPS, SSGB

Ms. Bowen is a distinguished professional with 20+ years of experience in the health information management industry.  She serves as the Sr. Vice President of HIM and Privacy Officer of HealthPort where she is responsible for acting as an internal customer advocate.  Most recently, Ms. Bowen served as the Enterprise Director of HIM Services for Erlanger Health System for 13 years, where she received commendation from the hospital county authority for outstanding leadership.  Ms. Bowen is the recipient of Mentor FORE Triumph Award and Distinguished Member of AHIMA’s Quality Management Section.  She has served as the AHIMA President and Board Chair in 2010, a member of AHIMA’s Board of Directors (2006-2011), the Council on Certification (2003-2005) and various task groups including CHP exam and AHIMA’s liaison to HIMSS for the CHS exam construction (2002).

Ms. Bowen is an established speaker on diverse HIM topics and an active author on privacy and legal health records.  She served on the CCHIT security and reliability workgroup and as Chair of Regional Committees East-Tennessee HIMSS and co-chair of Tennessee’s e-HIM group.  She is an adjunct faculty member of the Chattanooga State HIM program and UT Memphis HIM Master’s program.  She also serves on the advisory board for Care Communications based in Chicago, Illinois.

August 4, 2014 I Written By

EHR and Malpractice Lawsuits

Written by:

Long time reader Carl recently pointed me to this excellent AHIMA article on EHR and Malpractice Lawsuits. It’s first section sums up the current state of EHR and lawsuits quite well:

Medical records are a vital part of any healthcare lawsuit because they document what happened during treatment. Paper medical records are relatively simple aspects of litigation. HIM staff pull the requested chart, track down additional information as necessary, and sometimes provide a deposition on the record’s accuracy.

The process is far more complex with an EHR. The record of a patient’s care that a clinician views on screen may not exist in that form anywhere else. When the information is taken out of the system and submitted into legal proceedings, the court has a very different view—one that often confuses the proceedings and, in the worst instances, raises suspicions about the record’s validity.

The challenges stem from the design of the systems, which were built for care—not court. If the provider struggles in providing documentation, a trial involving malpractice can easily shift its focus from an examination of care to a fault-finding mission with the recordkeeping system. At other times, the provider’s inability to put forward the information in a comprehensible format may raise suspicions that it is missing, withholding, or obscuring information.

I’d probably modify the sentence that says that EHR’s were “built for care-not court” to say that EHR’s were “built for billing-not court”, but the idea is still the same. The big issues for EHR in lawsuits is that there’s no really good precedent for how an EHR will be treated in court. We’re so early in the process of legal cases that use EHR documentation, that we just don’t know how the courts are going to deal with EHR documentation.

Plus, when you consider that there are 300+ EHR companies out there, I’m not sure that a legal case with one EHR software is going to be applied the same way to the other EHR software. Each EHR displays data differently. Each EHR audits users differently. Each EHR stores data differently. So, I expect that each EHR will be looked at in a different way.

The AHIMA article linked above is a good read for those interested in this topic and points out a lot of other issues that could face an HIM staff that’s dealing with a case involving documentation in an EHR. Although, one of the overriding messages is that HIM staff and healthcare organizations are going to need an expert of their EHR involved in the process. In fact, I can see many HIM departments getting trained up on EHR in order to fulfill this need.

What I also see coming is a new group of EHR expert witnesses. Again, I think that these expert witnesses will have to have specific knowledge of a particular EHR to be really effective. I’m sure they’ll come from the ranks of EHR consultants, former EHR employees, and some EHR users. Considering the millions of dollars on the line in these malpractice cases, these EHR expert witnesses stand to make a lot of money.

I don’t want to make it all sound doom and gloom. I expect that there will be many cases involving EHR where a doctor or institution is covered better by an EHR than they were in the paper world. This will be even more true as EHR vendors continue to shore up their EHR audit logs and processes. There’s new legal risks with EHR, but there are also old risks that are removed by using an EHR. We just need to make sure we’re ready for the new risks.

January 23, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

HIM Staff and EHR Implementations

Written by:

I got into a recent discussion about the role of HIM professionals in an EHR implementation. I thought this was also a timely post since I got a request today to again attend the AHIMA annual conference. I had such a good time at the AHIMA conference last year, that it looks like I’m going to attend AHIMA 2012 in Chicago, but I digress.

In response to the discussion about the HIM professionals role in EHR implementations, I offered the following comment:

I think they’re an essential part of the implementation. The place I see them most used is in how to deal with the old paper charts. The challenge is usually turning them on the idea that they’re useful and valuable even in an EHR world. Many just assume (incorrectly) that their job is gone. It’s not, but it does change.

Just a few places where they will still have to be involved post EHR implementation can include:
-ROI (Release of Information) from the EHR and the old paper charts
-Scanning Loose Paper into EHR (or overseeing that process)
-Quality Checking (similar to paper chart audits)

I’m sure there are more, but those are a few off the top of my head.

Personally, I loved talking with our HIM staff during our EHR implementation. In many ways they were a great “sanity” check for me. They weren’t afraid to point out things that I may not have considered. I did feel bad, because I could tell that the HIM director always felt like HIM wasn’t really listened to during the EHR implementation. I can’t speak for some of the other clinical leadership, but I was always grateful for the role that HIM played in the EHR implementation.

August 1, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.

An Outsiders First Perspective of AHIMA 11

Written by:

This being my first time to attend the AHIMA Annual Conference I thought I’d do a post talking about my experience for those who haven’t attended. Plus, a look at some of the major topics of discussion that I’m sure to write about in the near future.

I must admit that it feels like a very different conference for someone who’s use to attending conferences in the predominantly male driven IT world. I’m certainly not complaining about it at all, but it is interesting to see the subtle differences based upon the predominantly female AHIMA attendees. For example, I have a bottle of nail polish in my pocket from 3M. That’s definitely something you wouldn’t find at a male dominated IT conference. Although, even I as a male took one for my daughter. Can you imagine how much she’ll love me for it?

I must admit that I’m still a little torn about the AHIMA conference, because I can’t help but wonder how many of the AHIMA members really exert influence over decision makers in their organization. This was partially highlighted to me by the choice of AHIMA keynotes which focus on leadership. It seems that AHIMA is making an effort to help their members become leaders in their organization and not just “worker bees.”

I’m sure my perspective is tainted a little bit when I think back to times where I’ve seen some of my HIM friends come back from conferences that taught them about EMR. They have all this energy about the interesting technologies or new products, but they far too often say something like, “Not that anyone cares, since they won’t really listen to me about EHR.” I really hope that this is a rather broad generalization. Plus, while it might be true that many in healthcare don’t listen as highly to HIM (or doctors in many cases) when it comes to EHR, I think HIM does have more of a voice when it comes to things like managing Release of Information, ICD-10, document imaging, etc.

The micro industries that exist has been one of the interesting things I’ve found at AHIMA. For example, there’s some really interesting and relatively large companies working in the Release of Information space. It’s quite amazing to me to see something so niche be so successful.

One thing I have really enjoyed about the people at AHIMA is how supportive they are of each other. There seem to be really tight bonds and great relationships between those that attend.

Overall I’ve really enjoyed my AHIMA experience so far. I’ve only been able to attend one session (see my post on EMR and EHR about the Healthcare Social Media session I attended), but the people I’ve met have been interesting and beneficial. I guess that’s true for most conferences. It’s all about the people.

October 4, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 14 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus. Healthcare Scene can be found on Google+ as well.