2. Chapter 11
Information Management
2

3. Medical Record
Means of Communication - I
• Documentation of a patient's
– Illness
– Symptoms
– Diagnosis
– Treatment
3

4. Medical Record
Means of Communication - II
• Planning tool for patient care
• Document communication (e.g., progress
notes)
• Protect legal interests of
patient, organization, & practitioner
• Provide database for use in statistical reporting
4

5. Medical Record
Means of Communication - III
• Continuing education
• Research
• Provide info necessary for 3rd-party billing
5

6. Managing Information - I
• Determine customer needs
• Set goals & establish priorities
• Improve accuracy of data collection
• Provide uniformity of data collection &
definitions
• Limit duplication of entries
6

7. Managing Information - II
• Deliver timely & accurate information
• Provide easy access to information
• Maintain security & confidentiality of
information
• Enhance patient care activities
• Improve collaboration across organization
through information sharing
7

8. Managing Information - III
• Establish disaster plans for recovery of info
• Orient & train staff on information mgmt
system
• Provide annual review of information plan to
include its scope, org, objectives, &
effectiveness
8

9. Contents of Medical Record – l
Admission record
• Age
• Address
• Reason for admission, social security number
• Marital status
• Religion
• Health insurance . . .
9

10. Contents of Medical Record – lI
• Consent and authorization for treatment forms
allowing the healthcare facility to perform various
procedures, such as routine diagnostic testing
• Advance directives
10

11. Contents of Medical Record – lII
• Medical history and physical examination,
including diagnosis, and findings that support
the diagnosis
• Patient screenings and assessment
– (e.g., nursing, functional, nutritional, social, and
discharge planning)
11

12. Contents of Medical Record – lV
• Treatment plan
• Physicians’ orders
• Progress notes
• Nursing notes (where an integrated record
exists, nursing notes are often placed in the
progress notes, along with the notes of other
disciplines)
12

13. Contents of Medical Record – V
• Diagnostic reports (e.g., laboratory and
imaging)
• Consultation reports
• Vital signs charts
• Fluid intake and output charts
• Pain management records
• Anesthesia assessment
13

14. Contents of Medical Record – VI
• Operative reports
• Medication administration records
• Discharge planning/social service notes and
reports
• Patient education
• Discharge summaries
14

15. Ownership & Release of
Medical Records
• “Hospital Workers Punished for Peeking at
Clooney File”
• Ownership resides with organization or
professional rendering treatment
• Right to privacy
15

16. Privacy Act of 1974
Privacy Act of 1974 enacted to safeguard individual
privacy from misuse of federal records, to give
individuals access to records concerning
themselves that are maintained by federal
agencies, & to establish a Privacy Protection
Safety Commission.
16

17. Ownership & Release of Records
• Request by Patients • Privacy Exception
• Failure to Release Records – criminal
– can lead to legal action investigations
• Requests: 3rd Parties – medicaid fraud
– insurance carriers – substance abuse
processing claims records
– medical researchers
– educators
– gov. agencies
17

18. Retention of Information
• Length of time medical records must be retained
varies state to state
• Retention of X-Rays: Failure to Preserve
– Illinois Supreme Court held that a private cause of
action existed under the X-ray retention act, & that
the plaintiff stated a claim under the act. The act
provides that hospitals must retain X-rays & other
such photographs or films as part of their regularly
maintained records for a period of five years.
• See text case: Rodgers v. St. Mary's Hosp. of
Decatur
18

19. Computerized Medical Records
Advantages – I
• Retrieve demographic information & consultants'
reports, as well as lab, radiology, & other test results
• Improve productivity & quality
• Reduce costs
• Support clinical research
• Play an ever-increasing role in education p
• Allow for computer-generated prescriptions
(integrated computer systems & clinical pharmacy
services are associated with reducing the incidence of
medication errors).
19

20. Computerized Medical Records
Advantages – II
• Allow for interactive computer-assisted diagnosis &
treatment
• Generate reminders for follow-up testing.
• Assist in the decision-making process.
• Aid in standardizing treatment protocols.
• Assist in the identification of drug-drug & food-drug
interactions.
• Used in telecommunications around the
world, transporting picture graphics (e.g., computed
tomography scans) between nations.
20

21. Computerized Medical Records
Disadvantages
• Increased risk of lost confidentiality & unauthorized
disclosure of info.
• Rapid growth of internet has led to an explosion of
high-technology crime & related illegal activities.
• Increases in cyber crime have led to a need for high-
end technology products & services to combat these
problems.
• Billions of dollars spent annually to protect networks
& critical infrastructures from cyber-based threats.
21

22. Medical Record Battleground
• Tampering
• Angry recordings
– registering complaints by other caregivers & the
organization
• Rewriting & replacing notes
22

23. Text Cases – I
• Patient Objects to Record Notations
• Failure to Record Patient’s Condition
• Falsification of Records
• Falsifying Medical Records
• Falsifying Business Records
• Falsifying Records
• Moskovitz v. Mount Sinai Med. Ctr.
23

24. Text Cases – II
• Tampering with Record Entries
• Maintaining Integrity of Patient Records
• Inaccurate Record Entries
• Rewriting & Replacing Notes
• Nurse Changes Record Entries
• Illegible Entries
24

25. Text Cases – III
• Failure to Maintain Records
• Improper Record Keeping
• Charting by Exception
• Charting & Reimbursement
• Incomplete Records: Loss of Privileges
• Legal Proceedings & the Medical Record
25

26. Confidential Communications – I
• Breach of Physician-Patient Confidentiality
• Reports of the Joint Commission Privileged from
Discovery
• Privileged Information: Statements Protected
• Credentialing Files Privileged
• Ordinary Business Documents
• Attorney-Client Privilege
26

27. Confidential & Privileged Communications
II
• Some Committee Minutes Not Privileged
• Peer-Review Documents Discoverable
• Staff Privileging Documents Discoverable
– Discoverable: Illinois
• Staff Privileging Documents Not Discoverable
• Search Warrant
– Peer Review Documents: Michigan
27

28. HIPAA
• Designed to protect the
privacy, confidentiality, and security of patient
information
• Standards apply to all health information in all
formats
28

29. HIPAA
Privacy Provision – I
• Patients able to access their record & request
correction of errors.
• Patients must be informed of how personal info will
be used.
• Patient consent for release of info for marketing
purposes required.
• Patients can ask insurers & providers to take
reasonable steps to ensure their communications are
confidential.
• Patients can file privacy-related complaints.
29

30. HIPAA
Privacy Provision – II
• Health insurers or providers document their privacy
procedures.
• Health insurers or providers designate a privacy
officer & train their employees.
• Providers may use patient info without patient
consent for
– purposes of providing treatment
– obtaining payment for services
– performing non-treatment operational tasks of the
provider's business.
30

31. HIPAA
Security Provision– I
• P & Ps designed to show how entity will comply with
the act.
• Entities must adopt a written set of privacy p & ps.
• Privacy officer for developing & implementing p &
ps.
• P & Ps must reference mgm’t oversight & org buy-in
to comply with documented security controls.
• Procedures identify employees who will have access
to protected health info.
• Access to PHI in all forms restricted to employees
who have a need for it to complete job function.
31

32. HIPAA
Security Provision – II
• Procedures address access
authorization, establishment, modification, &
termination.
• Ongoing training program.
• Entities that outsource business processes to 3rd party
ensure vendors have framework to comply with
HIPAA.
• Care taken to determine if vendor further out-sources
any data handling functions to other vendors, while
monitoring whether appropriate contracts & controls
are in place.
• Contingency plan for responding to emergencies.
• Covered entities responsible for backing up their data
& having disaster recovery procedures in place. 32

33. HIPAA
Security Provision – III
• Recovery plan should document data priority &
failure analysis, testing activities, & change control
procedures.
• Internal audits review operations with goal of
identifying potential security violations.
• P & Ps document scope, frequency, & procedures of
audits.
• Audits routine & event based.
• Procedures document instructions for addressing &
responding to security breaches.
33

34. HIPAA
Physical Safeguards – I
• Responsibility for security must be assigned to a
specific person or department.
• Controls must govern the introduction and removal of
hardware and software from the network.
• When equipment is retired, it must be disposed of
properly to ensure that PHI is not compromised.
• Access to equipment containing health info should be
carefully controlled & monitored.
• Access to hardware & software must be limited to
properly authorized individuals.
34

35. HIPAA
Physical Safeguards – II
• Required access controls consist of facility security
plans, maintenance records, & visitor sign-in and
escorts.
• Policies are required to address proper workstation
use.
• Workstations should be removed from high-traffic
areas and monitor screens should not be in direct
view of the public.
• If the covered entities utilize contractors or
agents, they too must be fully trained on their
physical access responsibilities.
35

36. HIPAA
Technical Safeguards – I
• Information systems housing PHI must be protected
from intrusion.
• When info flows over open networks, some form of
encryption must be utilized.
• If closed systems/networks are utilized, existing
access controls are considered sufficient & encryption
is optional.
• Each covered entity responsible for ensuring data
within its systems has not been changed or erased in
an unauthorized manner.
36

37. HIPAA
Technical Safeguards – II
• Data corroboration, including use of check sum,
double-keying, message authentication, & digital
signature may be used to ensure data integrity.
Covered entities must also authenticate entities with
which it communicates.
• Authentication consists of corroborating that an entity
is who it claims to be.
• Covered entities must make documentation of their
HIPAA practices available to the government to
determine compliance.
37

38. HIPAA
Technical Safeguards – III
• Information technology documentation should
also include a written record of all
configuration settings on components of the
network because these components are
complex, configurable, & always changing.
• Documented risk analysis & risk management
programs are required.
38

39. Charting: Some Helpful Advice - I
• Complete & pertinent entries
• Timely entries
• Legible entries
• Clear & meaningful entries
• Complete
39

40. Charting & Helpful Advice - II
• Avoid
• defensive & derogatory notes
• erasures & correction fluids
• Criticism
• Complaints
• tampering with the chart
40

41. Charting & Helpful Advice - III
• Secure records pending legal action
• Obtain legal advice
• Entries made by others must not be ignored
• patient care is a collaborative
interdisciplinary team effort
• entries made by health care professionals
provide valuable information in treating the
patient

42. Charting & Helpful Advice - IV
• Reasoning for not following the advice of a
consultant should be noted in the medical
record, not so as to discredit the consultant, but
to show the reasoning why a consultant’s
advice was not followed.
42

43. REVIEW QUESTIONS
1. What is information management as it
relates to health care?
2. What are the basic purposes of medical
record?
3. Discuss the advantages & disadvantages of
computer-generated medical records.
43

44. REVIEW QUESTIONS, con’t
4. The medical record is sole property of the patient
& should never be released. Discuss your opinion on
this statement.
5. What is the reasoning for the establishment of
statutes that protect an organization's peer-review
info?
6. Should statements given by a defendant to a
hospital's internal peer-review committee be
discoverable by a plaintiff? Explain your answer.
44

45. REVIEW QUESTIONS, con’t
7. What records or parts thereof should be protected
from discovery?
8. Should information gathered prior to a physician's
application for staff privileges be privileged from
discovery? Explain.
9. How long should patient records be maintained?
45