StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Health Information Management of Legal Aspects - Case Study Example

Cite this document
Summary
The paper "Health Information Management of Legal Aspects" describes that computers and laptops which contain PHI must be placed in areas which can be accessible to authorized personnel alone.  This is advantageous because it physically restricts access to computers…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.3% of users find it useful
Health Information Management of Legal Aspects
Read Text Preview

Extract of sample "Health Information Management of Legal Aspects"

Running head: HEALTH INFORMATION MANAGEMENT Health Information Management (HIM) Legal Aspects (school) Health Information Management (HIM) legal aspects Case Study #1 Describe the roles that each of the three branches of the US government plays in creating changes in the law and in regulations. (B-1pt)What can you and your professional organization, AHIMA, do to influence this process? Answer: Each branch of the government has their role to play in creating changes in the law and regulations. The legislative branch of the government however plays the major role in initiating these changes (Hamilton, 2004). They frame the words and changes in the law into substantial text, reviewing its application based on specific goals. Legislators are tasked with the responsibility of reviewing the viability of changes in the laws, and establishing the general need for these changes (Hamilton, 2004). These legislators debate the changes, weighing their advantages and disadvantages, and making sound and logical decisions based on their debates and discussions (Hamilton, 2004). A consensus on whether or not such changes are needed usually follow such deliberations (Leid, 2004). Consequently, decisions on the passage of such changes are made by such legislators. After laws and changes are passed, the executive department then implements these laws. The primary task of the executive department is to implement the changes. The implementation of these changes usually calls for the establishment of implementing laws and policies (Leib, 2004). For example, the legislature may establish changes in the law on health insurance (Campbell, 2004). The executive department would then implement these changes by establishing policies which executive officials can follow. These implementing rules and policies would specify functions and duties which would then guide the government officials in their implementation of the changes (Leib, 2004). The judicial body is the adjudicative body which is tasked with determining the constitutionality of any laws and changes in the laws passed by the legislature (Hamilton, 2004). The judiciary interprets the laws and decides on questions of law brought before its jurisdiction. Their task is to determine whether the changes passed violate the constitution or public policy. Individuals or organizations who believe that there are issues of constitutionality in the laws can file the appropriate case with the judiciary (Sobel and Gilgannon, 2001). The judicial body would then proceed to pass its judgment on the case, using the constitution, jurisprudence, and common law to guide its adjudicatory processes. In order to influence the process of legislation, I can coordinate with AHIMA for them to call the attention of legislators and executive officials. A petition letter signed by the members of the organization calling for the need to implement changes in the laws can be addressed to the legislators. Calling the attention of the legislators is an important first step in introducing changes in the laws (Hamilton, 2004). If the AHIMA would point out and specify the issues they are encountering in their organization and in their health care practice, they can attract the attention of the legislators who can then make considerations on whether changes would be needed in the laws. Calling the attention of the executive body would also be important in the establishment of changes in the laws (Hamilton, 2004). Executive officials can also be convinced by the organization to lobby for these changes. Persistent lobbying which is fully supported by evidence can also help in the implementation of these changes. The legislative body has to have the necessary proof to support their decision to change the laws, and the organization can give that proof to them (Hamilton, 2004). References Campbell, T. (2004). Separation of powers in practice. California: Stanford University Press. Hamilton, J. (2004). Branches of government. New York: ABDO. Leib, E. (2004). Deliberative democracy in America: a proposal for a popular branch of government. Pennsylvania: Penn State Press. Sobel, S. & Gilgannon, D. (2001). U.S. Constitution and You, The. California: Barrons Educational Series. Case Study #2 2. (6) A staff physician comes to the Health Information Management Department and complains that another physician has accessed her electronic medical record. She states that she believes that he did this because they are competing for a position at the nearby academic institution. (A-1 pts) What are the possible ethical violations if this complaint is true? (B-1pt) What further information does the HIM director need to acquire to verify the complaint? (C-1pt) If the complaint is valid, how would you respond as the HIM director, and why? (D-2pts) What are some possible “causes of action” that the first physician could file against the violating physician? Against your facility? (E-0.5 pt) If the facility takes no action, what are the possible consequences for that facility? (F-1.5pts) If you receive a Subpoena Duces Tecum (SDT) for the medical record of the complaining physician, how should you respond? Answer 1. Possible ethical violations committed include provisions on the AHIMA Code of Ethics: violation of an individual’s right to privacy and violation of the doctrine of confidentiality in the use and disclosure of information (AHIMA, 2011). The staff physician’s right to the privacy and confidentiality of her medical records were violated by the other physician. Answer 2. Information which the HIM director needs to establish would have to include proof of access. The staff physician makes such claims, but these claims may not be sufficiently supported. The director needs to prove that there was indeed an actual invasion of the staff physician’s privacy (Harman, 2006). The director also needs to establish how the records were accessed and if there were other individuals who helped the violating physician access the records. These individuals would also be liable for violating the staff physician’s rights to privacy and confidentiality (Harman, 2006). Answer 3. If the complaint is valid, as the HIM director, I would file a case of invasion of privacy against the physician who accessed the staff physician’s records (Shnering, Butts, and Cook, 2011). I would also file a case against the facility for failing to secure employee records. In other words, they are also liable for violating the staff physician’s rights to privacy and confidentiality (Schnering, et.al., 2011). Answer 4. If the facility takes no action and implement disciplinary action against the violating physician, it would be liable for violating the ethical provision which indicates the importance of: preserving, protecting, and securing “personal health information in any form or medium and hold in highest regards health information and other information of a confidential nature obtained in an official capacity…” (AHIMA, 2011). The facility’s attention would be called for violating the above ethical provision, specifically for failing to secure the safety their employees’ personal health information. They are also equally liable for violating the patient’s privacy and confidentiality and may be charged with the appropriate actions for their violations (AHIMA, 2011). Every employee in the institutions jurisdiction must feel secure in his privacy, especially his health records in his workplace. The work institution holds an enormous amount of power over an employee just by having custody of such employee records (Harman, 2006). The institution must therefore secure these records, especially when these records may be used unfavorably against the employee. Answer 5. If I would receive a subpoena duces tecum for the medical record of the complaining physician, I would respond accordingly by checking the veracity of the subpoena, informing the violating physician of the subpoena, and informing the institution of the subpoena (Lindh, Pooler, Tamparo, and Dahl, 2009). I would then comply with the subpoena and produce the specific documents being requested. Since the subpoena is a legally binding court order, I cannot refuse compliance. The physician and the institution also cannot order me to refuse compliance. I would also check the specific data being requested, and prevent access to any other data not specified in the subpoena (Lindh, et.al., 2009). References American Health Information Management Association (AHIMA) (2011). Code of Ethics. Retrieved from http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_024277.hcsp?dDocName=bok1_024277 Harman, L. (2006). Ethical challenges in the management of health information. New York: Jones & Bartlett Learning. Lindh, W., Pooler, M., Tamparo, C., & Dahl, B. (2009). Delmars comprehensive medical Assisting: Administrative and clinical competencies. California: Cengage Learning. Shnering, P., Butts, D., & Cook, D. (2011). Professional review guide for the RHIA and RHIT examinations. California: Cengage Learning. Case Study #3 You have been asked by the CEO of your hospital to identify which of its vendors are HIPAA Business Associates (BAs), and therefore need a HIPAA Business Associate Agreement. A.-3pts) What criteria will you use to determine which vendors are HIPAA BAs? B.-2pts) Will you include medical students on your list? Why or why not? Answer 1. The criteria I would use in determining which vendors are HIPAA BAs include the following main indicators: that the BA is performing on behalf of the covered entity functions of activities which involve the application or disclosure of protected health information (PHI); and that they are not a member of the entity’s workforce (HIPAA Group, 2012). The function or activity may cover a wide range of activities, including legal, actuarial, accounting, consulting, data processing, accreditation, financial services, and any other services where covered entities may contract out (University of Miami, 2005). I would also use the criteria as laid out in the Code of Federal Regulations (2002) which indicate that business associates are individuals who, in behalf of covered entities, performs or assists in any function related to the use or disclosure of individually identifiable health data, including data assessment, utilization assessment, billing, and repricing. The Code (2002) also specifies the covered entities being those involved in organized health care activities, and those which carry out activities specified for the organization. BAs may also include a business associate of another covered entity. Based on the above criteria, covered entities are not required to participate in business associate contracts with organizations, including the US Postal Service, private couriers, and other electronic services which are vessels for protected health information (US Department of Health and Human Services, 2006). Conduits or vessels transport the data but do not have the right to access it, other than to carry out random evaluation of data in accordance with their federal requirements in the transport of mail. I would also establish who the business associate is by using the criteria of the Health Science Center. They consider business associates as a person or entity to which the Health Science Center would reveal protected data to so that the person or entity can implement, assist, or perform functions for the Health Science Center (UT Health Science Center, 2010). A business associated can be tested using the following questions: Is the Health Science Center disclosing PHI?; Does the recipient of the PHI provide service to, for, or on behalf of the Health Science Center? Based on such considerations, the workforce of the Health Science Center, including faculty, residents, and students are not considered BAs. Health care workers issuing treatment, companies which are conduits of PHI, including postal services, UPS and private couriers, as well as individuals or companies with limited exposure to health information are not considered business associates (UT Health Science Center, 2010). Individuals with whom business associate agreements are laid out include those who are required to sign contracts with special language and provisions as indicated by privacy policies. The following are potential business associates: lawyers, external auditors, professional translators, answering services, consultants, accreditation agencies, shredding companies, data processing institutions, and medical transcription services (UT Health Science Center, 2010). Answer 2. The medical students are not considered as business associates because they are not performing activities which involve the application of protected health information (UT Health Science Center, 2010). They are also members of the entity’s workforce, carrying out functions in order to secure the goals of the institution. Secondly, the role of medical students is not covered in any of the enumerated list of possible business associates. References Code of Federal Regulations (2002). Title 45 - Public Welfare. Retrieved from http://www.gpo.gov/fdsys/pkg/CFR-2002-title45-vol1/xml/CFR-2002-title45-vol1-sec160-103.xml The HIPAA Group (2012). What is the HIPAA. Retrieved from http://www.hipaaba.com/ University of Miami (2005). Business associate (HIPAA). Retrieved from http://privacy.med.miami.edu/glossary/xd_business_associate.htm US Department of Health and Human Services. (2006). Are the following entities considered "business associates" under the HIPAA Privacy Rule: US Postal Service, United Parcel Service, delivery truck line employees and/or their management?. Retrieved from http://www.hhs.gov/hipaafaq/providers/business/245.html UT Health Science Center (2010). Determining who is a Business Associate. Retrieved from http://www.uthscsa.edu/hipaa/assoc-who.asp Case Study #4 A threat to privacy of the electronic health record (EHR) is someone who steals a desktop computer, laptop, external hard drive, thumb drive, or CD containing patient information. What options can you recommend to health care practitioners to safeguard PHI data from hardware thieves? What are the advantages and disadvantages of each option? Answer 1. Encryption of data. In order to secure hardware from data thieves, data can be encrypted. Encrypting data would ensure that only individuals with the authority to access the data would know what key to apply in order to decrypt data (Kim, 2012). In effect, even if the data would be stolen, the data would be virtually useless to the hardware thieves. Encryption of data also limits the number of individuals who can access the data (Kim, 2012). As all records are now in computers and these computers are often part of the hospital network, it may be easy for anyone to access these records even when they are not looking for it. Encrypting the data would ensure that even if the data were to be easily seen in the hospital network, the essential information would still be intact (Kim, 2012). Encryption is however not full proof. Skillful data hardware thieves may be able to use their skills in order to break through the encryption and thereby access essential data (Kim, 2012). Decrypting data may also require the expertise of skilled technicians which the hospital may not always have access to (Kim, 2012). Answer 2. Another way of securing hardware from thieves is to create strong firewall systems which can prevent the hacking of data and retrace electronic signature back to the possible hardware thieves (Roach, Jr., 2008). Securing such a system is beneficial because it can prevent hacking and any other unauthorized access. It can be disadvantageous in the sense that it is sometimes costly to implement into the system (Roach, Jr., 2008). Hospitals may not have access to funds to secure such technical manpower. This type of system also needs constant upgrades (Roach, Jr., 2008). Answer 3. Restricting the number of individuals who can access the medical records is also another means of preventing any hardware theft. Separating the database system of hospital employees with the hospital patients is one of the first steps which can be taken in order to eliminate unauthorized access to PHI as well as employee records (Brathwaite, 2002). By separating the access points, it would be difficult for hospital employees to access any employee or patient data without the proper authorization. Separating the systems would also secure each system in instances when the other system may be compromised (Brathwaite, 2002). This can however be tedious for the hospital administrators who have to establish two separate secure systems for the hospital. It can also be back fire on the health personnel who may need immediate access to patient records for treatment purposes (Brathwaite, 2002). Going through the channels of security would slow down their efficacy. Answer 4. Physically securing the computers and laptops which contain PHI can also be implemented in order to prevent hardware theft (Morley and Parker, 2009). Computers and laptops which contain PHI must be placed in areas which can be accessible to authorized personnel alone. This is advantageous because it physically restricts access to the computers. It also secured easy visibility for people wanting to access the computers (Morley and Parker, 2009). It is however disadvantageous because it may be difficult to implement because computers can be used sometimes by any personnel to access patient records (Morley and Parker, 2009). References Brathwaite, T. (2002). Securing e-business systems: a guide for managers and executives. New York: John Wiley & Sons. Kim, K. (2012). Proceedings of the international conference on IT convergence and security 2011. New York: Springer. Morley, D. & Parker, C. (2009). Understanding computers: today and tomorrow, comprehensive. California: Cengage Learning. Roach, William, Jr. (2008). Medical records and the law. Michigan: Jones & Bartlett Publishers. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Health Information Management of Legal Aspects Case Study, n.d.)
Health Information Management of Legal Aspects Case Study. https://studentshare.org/health-sciences-medicine/1781108-health-information-management-him-legal-aspects
(Health Information Management of Legal Aspects Case Study)
Health Information Management of Legal Aspects Case Study. https://studentshare.org/health-sciences-medicine/1781108-health-information-management-him-legal-aspects.
“Health Information Management of Legal Aspects Case Study”. https://studentshare.org/health-sciences-medicine/1781108-health-information-management-him-legal-aspects.
  • Cited: 0 times

CHECK THESE SAMPLES OF Health Information Management of Legal Aspects

ABC Health Care

Other important aspects that the new design of network should address include the possibility of maintenance and enhancement of security without incurring a significant increase in the overheads of management or other related complexities.... In addition, the company should also include both internal as well external aspects of network development in improving its technical designs.... This is through the considerations that the untrusted aspects of network connectivity would include connectivity of users to the internet, whereas the trusted network would mainly deal with the purpose of supporting all business functions, as well as ensuring that the company overcomes it current flaws in network connectivity....
6 Pages (1500 words) Research Paper

Events Management Law

It would be first of all, necessary to take up aspects of health and safety laws since providing for necessary air- conditioning would come primarily under public safety standards.... hellip; The legal aspect rules that what has been contracted needs to be enforced by the parties.... In this case, the covenant between the performing artiste and her crew members, on the one hand, and, the event management company, on the other, which has undertaken the responsibility for staging this show successfully, needs to be considered....
11 Pages (2750 words) Essay

Conceptualizing a Business

nbsp; Eating healthy is significant because it reduces the risk for certain diseases, improves the physical well-being, weight management, strengthen immune systems and extended life expectancy.... This is because the food is cheap, but it has many calories that pose health risks to citizens.... This mission is significant because it will improve the health living standards of many people; thus maintaining a healthy nation....
15 Pages (3750 words) Essay

Allied Health, Information and Informed Consent

linical legal aspects of the Multidisciplinary Patient CareThe multidisciplinary care has been incorporated in the national clinical practice frameworks, guidelines, frameworks and plans.... legal aspects of Health Care Administration (11 Ed).... The multidisciplinary teams involve people from many disciplines who come together in order to Allied aspects of Healthcare Administration Multidisciplinary Care The multidisciplinary care refers to the doctors are specialists in different medical areas and work together to provide a comprehensive treatment plan to the patients....
2 Pages (500 words) Essay

Report of Warwickshire College

Record keeping is an important step for start up of Warwickshire College because management of records related to VAT and Tax liabilities will be helpful for the management to track the liabilities in future.... Liabilities can be defined as the obligations or legal debts which arise during the time of operation of the business.... Record keeping is also known as record management which is professional process to get easy and quick access and step by step guidance to access the confidential and archived records which may provide sensitive and personal records about the college....
4 Pages (1000 words) Essay

ERM: North Shore LIJ Health System

Among other departments therefore, the health system is bound to have a risk management department.... North Shore LIJ is Enterprise risk management (ERM) is defined as the process to manage risks facing organizations which might jeopardize their operations.... management efforts to monitor risks follows a choreographed approach meant to correctly identify analyze and promptly respond to the various risks and opportunities facing the internal and external environment of an enterprise....
4 Pages (1000 words) Essay

Health Information Technology

The present essay "health information Technology" dwells on the features of Medios EHR Software.... health information TechnologyI would decide to purchase Medios because it has superior features that other EHR do not have.... Potential solutions regarding usability, quality and reliability may be more strict oversight of many aspects of the system such as clinical decision support.... There are legal, ethical, and financial dilemmas amid opportunity for patients to receive improved coordinated care and making it easier for everyone to get much better informed about the patients' health care....
1 Pages (250 words) Assignment

The Various Legal Aspects Associated with the Warwickshire College

 This essay projects a brief understanding of the legal aspects and the law abidance in context for Warwickshire College....  …  Before getting in touch with the various legal aspects associated with the 'Warwickshire College', it is necessary that few factors and general aspects regarding this college gets known.... In the backdrop of this, the essay intends to produce an informal report considering the legal aspects of Warwickshire College....
4 Pages (1000 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us