Rasmussen Hospital Health Information Management Policy ✓ Solved
Rasmussen Hospital Health Information Management policy And Pro
Identify and correct the errors in the following areas:
1. Policy paragraph
2. Procedure sections A, B, and J.
Explain POLICY: Workforce members can use or disclose protected health information (PHI) without the consent or authorization of patients for purposes other than treatment, billing or health care operations. Access, use, and disclosure of PHI will not be limited to the minimum necessary to perform their roles, regardless to the extent of access provided.
PROCEDURE: A. Confidential patient records will be released only upon receipt of consent from the patient, legal guardian, or authorized representative. 1. If the patient is a minor, the parent should sign the consent form. There should not be any exception to this rule. 2. Any authorization signed by a deceased patient's family member shall be honored. 3. If the patient is unable to sign the authorization by reason of physical or mental incapacity, the authorization should be signed by an authorized representative or legally appointed guardian. B. CONTENT OF RELEASE OF INFORMATION AUTHORIZATION Authorizations to release information should be completed in entirety. They must include the following information: 1. First and last name of the patient. 2. Name of person, agency, or organization that will be releasing information. 3. Name of person, agency, or organization to which the information is to be released. 4. Specific information to be released. 5. Purpose of disclosure 6. Signature and date of patient, parent/guardian or authorized representative. 7. Notice that the authorization is valid for a specified period of time. C. VALID CONSENT The written consent of a patient, legal guardian, or authorized representative is considered valid only if the following conditions are met: 1. Patient or the representative is informed, to their understanding, of the specific type of information that has been requested and, if known, the benefits and disadvantages of releasing the information. 2. Consent is given voluntarily. 3. Services are not contingent on their decision concerning the release of information. 4. Patient’s consent is acquired in accordance with applicable law and regulation. D. Forward any written requests or phone calls from a commercial insurance company for onsite record review to a Nurse Account Specialist at the Shared Services office. E. PROCESSING TIME Act upon each request no later than 30 days (or more stringent state-required time frame) after the request is received. If any challenges are encountered fulfilling an access request within the initial 30-day timeframe (i.e., the requested PHI is in off-site storage and may take some time to retrieve, etc.), notify the requester about the status and the intent to provide the requested PHI within the next 30 days. F. COSTS - determined by state statute or regulation 1. Nonpatient-initiated requests, charge state-regulated fee. 2. Charge a flat rate of $6.50 for the following requests a. All patient-initiated requests and attorney requests on behalf of the patient b. All records released via SFTP (secure e-mail) 3. Payment received for copies of medical records must be sent to the hospital’s Shared Services Director of Finance at the address below. Note: Cash is not accepted. Check, money order, or cashier’s check only made payable to the hospital. Please see Attachment A for current Record Copy Fees by state 4. Patients and other authorized representatives may be reminded that there is no charge for viewing a record onsite, and that electronic transfer of records (via secure file transfer protocol, known as SFTP or other available method) is preferable and less costly compared with paper release. G. REQUESTS FOR INFORMATION 1. When authorization is received, hospitals will log request in Release of Information logbook and stamp request with date of receipt. 2. Review authorization for completeness. If authorization is incomplete or more information is needed, complete Release of Information Response Letter and return to requester. 3. Request prepayment on all record requests that are billable. (See letter E for handling payments received) – Cash is not accepted. Check, money order, or cashier’s check only made payable to the hospital. 4. If authorization is complete and prepayment has been received, copy the requested information. 5. Hospitals will complete Release of Information log. 6. Release copies of records via the method requested to requester. 7. File original request and authorization in the correspondence section of the paper medical record if the chart is available on site. Add or scan the original request/authorization and index to the HIM ROI Authorization in the EMR. H. TELEPHONE REQUESTS Telephone requests for release of information will be discouraged and limited to emergency or urgent situations at the request of other health care providers. Information will be released only on a “call back” basis as a means of verifying the identification of the person making the request. Documentation of the nature of the release of information, circumstances that led to the release of information, and to whom the information was released shall be noted in the medical record. I. FAXING INFORMATION Information may be faxed to other health care professionals or facilities treating the patient or for record completion. Hospital staff should verify the location and name of staff who will be receiving the faxed information. J. REQUEST FROM INSURANCE OR QUALITY IMPROVEMENT ORGANIZATION Information may not be sent to an organization for treatment, payment, or health care operations. Employees must not comply with requests for information from Public Health reporting entities, oversight organizations, or family members. K. REQUESTS FOR RADIOLOGY When requests for information with appropriate authorizations include a request for radiology images, obtain images or films from the onsite Radiology Tech or Radiology department of the host hospital or other contracted radiology group. L. All releasing of records will be tracked with the Release of Information function in the EMR. Records can still be released in paper format, via fax, or electronic release.
Paper For Above Instructions
In the context of access and disclosures regarding protected health information (PHI), several scenarios require careful consideration to ensure compliance with legal and ethical standards. Below, I will analyze each scenario, discussing the appropriate actions taken by the Release of Information (ROI) clerk at Rasmussen Clinic and Hospital.
Scenario 1: Tom's Clinic Visit
Tom is a 16-year-old male who recently visited the physician, and his parents are requesting his clinic notes. According to HIPAA and state laws concerning the release of information for minors, parental consent is generally required. However, given that Tom is legally considered a minor, the ROI clerk should communicate that the clinic note cannot be released without Tom’s consent or unless there is documentation that allows the parents to make medical decisions on his behalf due to specific legal advisory notes. Hence, I would not provide a copy of the clinic note to Tom's parents without his authorization, respecting the confidentiality rights of the minor patient (American Academy of Pediatrics, 2017).
Scenario 2: Becky and CDC Request
In Becky's case, she has been diagnosed with chlamydia, and the CDC has requested her clinical notes without authorizations. Under HIPAA regulations, providers must have authorization from the patient to disclose PHI for purposes unrelated to treatment, payment, and healthcare operations, unless an exemption applies (U.S. Department of Health & Human Services, 2013). Since there is no authorization for release, I would deny the request to maintain Becky's privacy and comply with relevant laws.
Scenario 3: Mike’s Insurance Requests
Mike's insurance company, ABC Insurance, has requested his clinic notes to process a claim but without authorization from Mike. According to HIPAA guidelines, for the insurance company to receive this information, Mike’s explicit consent is necessary. Thus, the ROI clerk must decline the request due to the lack of proper authorization, adhering to the ethical standards of patient privacy (Harris, 2018).
Scenario 4: Elizabeth and Her Attorney
In this scenario, Elizabeth signed an authorization for her information to be released to her attorney, which specifically requests notes only from September 1-15, 2019. Since the September 14 visit falls within this date range, the ROI clerk would comply with the request and release the relevant documents, as the authorization meets all required criteria (American Bar Association, 2020).
Scenario 5: Richard’s Attorney Request
Richard has provided a signed consent dated February 2, 2019, but the request is for information from February 23, 2019. Since the consent predates the visit and does not cover it, the ROI clerk would not release this information, due to the lack of valid authorization for that specific date (U.S. Department of Health & Human Services, 2017).
Scenario 6: Peter's Workers' Compensation
For Peter, the ROI clerk has received a request to send emergency department notes to his employer related to a workers' compensation claim. Generally, such requests require an employee's authorization, especially regarding sensitive medical information. Without Peter’s explicit consent, the ROI clerk should deny the release of information, thus protecting Peter's confidentiality (Kahn, 2021).
Scenario 7: Curt's Minimum Necessary Rule
Curt presents a valid signed authorization to release information to another clinic. HIPAA endorses the ‘minimum necessary’ standard, implying that the releasing organization should provide only the information required for the stated purpose. However, since Curt has provided authorization, the ROI clerk should release the requested information without restriction beyond what was agreed upon in the authorization (HIPAA Journal, 2021).
Scenario 8: Coroner's Request
In this case, the local coroner requests clinical information according to state law requiring a subpoena, while HIPAA allows release without one. The ROI clerk should prioritize compliance with state law since it is more stringent. Thus, the clerk should deny the request until a legal subpoena is presented (Iserson, 2020).
Scenario 9: Susan’s Husband Request
Lastly, John requests Susan's inpatient clinical information, having signed an authorization. As long as the authorization is valid and covers the specific information requested, the ROI clerk would honor John's request and provide Susan's clinical information, thereby upholding the patient's right for her information to be managed as per her consent (Johnson, 2019).
Conclusion
These scenarios demonstrate the critical need for healthcare professionals to adhere to established policies and procedures while handling requests for information. Compliance with HIPAA regulations, state laws, and ethical standards ensures patient rights are respected and maintained.
References
- American Academy of Pediatrics. (2017). Consent and Confidentiality in Adolescent Health Care.
- American Bar Association. (2020). HIPAA & the Law: Case Studies.
- Harris, P. (2018). Protecting Patient Privacy: A Guide for Physicians.
- HIPAA Journal. (2021). Understanding the Minimum Necessary Rule.
- Iserson, K. V. (2020). Death Notification: A Guide for Health Care Professionals.
- Johnson, M. (2019). Patient Rights and Healthcare Reform.
- Kahn, A. (2021). Protecting Workers' Compensation: A Legal Overview.
- U.S. Department of Health & Human Services. (2013). Summary of the HIPAA Privacy Rule.
- U.S. Department of Health & Human Services. (2017). Communications and Your Rights Under HIPAA.
- Washington State Hospital Association. (2019). HIPAA Compliance Guidelines for Hospitals.