Electronic Medical Records Lesson 1-5

Introduction to Electronic Health Records

Electronic Health Records (EHRs) are digital versions of patients' medical charts, designed to store and manage health information efficiently. Unlike traditional paper records, EHRs provide real-time, patient-centered data that can be accessed instantly by authorized healthcare providers.

Key Features of EHRs

• Comprehensive Patient History – Includes diagnoses, medications, immunizations, lab results, and treatment plans.

• Improved Accessibility – Allows healthcare providers to access and update records across different facilities.

• Enhanced Accuracy – Reduces errors in documentation and streamlines workflow.

• Decision Support Tools – Offers evidence-based recommendations to assist in patient care.

• Interoperability – Enables seamless sharing of patient data among hospitals, clinics, and specialists.

Benefits of EHRs

• Reduces paperwork and administrative burdens.

• Improves coordination between healthcare providers.

• Enhances patient safety by minimizing medical errors.

• Supports billing and insurance processing efficiently.

Clinical Information

refers to data related to a patient's health, medical history, treatments, and diagnoses. It is used by healthcare providers to make informed decisions about patient care and treatment plans.

Key Components of Clinical Information

• Patient History – Includes past illnesses, surgeries, allergies, and family medical history.

• Diagnostic Data – Lab results, imaging reports, and physician assessments.

• Treatment Records – Medications prescribed, procedures performed, and ongoing care plans.

• Electronic Health Records (EHRs) – Digital systems that store and manage clinical information for easy access and sharing.

Legal Document

A legal document in healthcare settings is any written record that establishes rights, responsibilities, or agreements related to medical care, compliance, and patient protection. These documents ensure that healthcare providers, patients, and organizations follow legal and ethical standards.

Common Legal Documents in Healthcare

1. Consent Forms – Patients authorize medical procedures or treatments.

2. HIPAA Privacy Notices – Protect patient confidentiality and outline data-sharing policies.

3. Advance Directives – Documents like living wills and healthcare proxies that specify a patient's wishes for medical care.

4. Medical Records – Serve as legal evidence of treatment history and patient care.

5. Insurance & Billing Agreements – Define financial responsibilities and reimbursement policies.

6. Employment Contracts – Agreements between healthcare professionals and medical institutions.

7. Malpractice Waivers – Limit liability in certain medical situations.

These documents are essential for healthcare administration, ensuring compliance with legal regulations, insurance policies, and patient rights.

Administrative Information

Information used by the front office staff and billing staff to maintain appointments and bill insurance companies appropriately.

Includes:

• patient demographics

• insurance info

• prior authorizations

• referral letters, and so on

Who documents in the Medical Record?

• Physicians & Specialists – Record diagnoses, treatment plans, prescriptions, and progress notes.

• Nurses – Document patient assessments, vital signs, medication administration, and nursing care.

• Medical Assistants – Enter basic patient information, assist with documentation, and update records.

• Medical Coders & Billers – Assign standardized codes for procedures and diagnoses to ensure proper billing.

• Healthcare Administrators – Maintain compliance with regulations, insurance claims, and patient confidentiality.

• Patients (in some cases) – May provide self-reported health history or complete consent forms.

Who owns the Medical Records?

depends on state laws and healthcare regulations. In general:

• Healthcare providers or facilities (such as hospitals and clinics) typically own the physical medical records.

• Patients own the information contained within the records and have the right to access copies.

• HIPAA regulations ensure that patients can request their records but do not necessarily grant them ownership of the original documents.

• State laws vary—for example, New Hampshire explicitly states that patients own their medical records, while other states assign ownership to the provider or facility that created them.

Meaningful use (MU)

A payment incentive program for physicians who implement and use their EHR in a meaningful way to improve quality, safety, and efficiency; reduce health disparities; engage patients and family; improve care coordination and population; and maintain privacy and security of patient health information (PHI).

The Four Buckets of Meaningful Use

The Four Buckets of Meaningful Use categorize key aspects of electronic health record (EHR) adoption and utilization in healthcare. These buckets help providers meet government standards for EHR implementation and data management. The four buckets are:

1. Adopt and Use Technology – Healthcare providers must implement certified EHR systems and integrate them into daily operations.

2. Capture Data – Ensuring that patient information, diagnoses, and treatments are accurately recorded in digital formats.

3. Move Data Interoperable – Facilitating seamless data exchange between different healthcare systems to improve coordination and patient care.

4. Report Data – Submitting clinical data to regulatory agencies (such as CMS) to demonstrate compliance and improve healthcare outcomes.

These buckets are essential for healthcare administration, particularly in managing patient records, insurance claims, and regulatory compliance.

EHR Software:

a digital system used by healthcare providers to store, manage, and share patient health information securely. It replaces traditional paper records, improving efficiency, accuracy, and accessibility in medical settings.

Key Features of EHR Software

• Patient Data Management – Stores medical history, diagnoses, prescriptions, and lab results.

• Interoperability – Allows seamless data exchange between healthcare providers.

• Billing & Insurance Integration – Supports coding, claims processing, and reimbursement tracking.

• Clinical Decision Support – Provides alerts and recommendations based on patient data.

• Regulatory Compliance – Ensures adherence to HIPAA and other healthcare laws.

Popular EHR Software Options

Several EHR systems are widely used in healthcare, including:

• Epic Systems

• Cerner

• NextGen Healthcare

• Athena Health

• eClinicalWorks

Basic Functions of EHR

to digitally store, manage, and share patient health information efficiently. EHR systems enhance healthcare operations by improving accessibility, accuracy, and coordination among providers.

Core Functions of EHR

1. Health Information & Data Management – Stores patient history, diagnoses, medications, allergies, and lab results.

2. Result Management – Allows healthcare providers to access and track lab tests, imaging results, and other diagnostics.

3. Order Management – Facilitates electronic ordering of prescriptions, tests, and treatments.

4. Decision Support – Provides alerts, reminders, and evidence-based recommendations to assist in patient care.

5. Electronic Communication & Connectivity – Enables secure messaging and data exchange between healthcare providers.

6. Patient Support – Offers tools for patient education, appointment scheduling, and engagement.

7. Administrative Processes & Reporting – Streamlines billing, insurance claims, and regulatory compliance.

8. Public Health & Population Reporting – Supports disease tracking, research, and healthcare analytics.

Clinical Decision Support (CDS)

a health IT system that provides timely, relevant, and evidence-based information to healthcare providers, helping them make informed decisions about patient care. It enhances quality, safety, efficiency, and effectiveness in medical settings.

Key Features of CDS

• Alerts & Reminders – Notifies providers of potential risks, medication interactions, or preventive care needs.

• Clinical Guidelines – Offers evidence-based recommendations for diagnosis and treatment.

• Order Sets – Standardized templates for prescribing medications or ordering tests.

• Diagnostic Support – Assists in identifying conditions based on patient data.

• Contextual Reference Information – Provides relevant medical literature and best practices.

Why CDS Matters in Healthcare

• Improves patient safety by reducing errors.

• Enhances efficiency in clinical workflows.

• Supports compliance with healthcare regulations.

• Optimizes treatment decisions through data-driven insights.

Practice management software (PMS)

DEMOGRAPHICS: Age, sex, marital status, language, race, contact information.

BILLING AND INSURANCE: Insurance cards should be reviewed at every patient visit and scanned into the system.

APPOINTMENT SCHEDULING: Each patient is scheduled to appear at the clinic on a specific day and time. There are time intervals for appointment slots, based on whenever the patient is new or established. An established patient has been seen by a provider in the office within three years and a new patient has either never been seen or it has been more than three years.

ADVANCE ACCOUNTING PROCEDURES: An account ledger is a document that contains the guarantor (responsible payer), patient's identifying and contact information, services provider, payments made, insurance reimbursement, account adjustments, and balance owed. After this is receives, a claim is submitted to a third-party payer, which is typically the insurance company.

Advantages of EHR include:

Advantages of EHRs

1. Improved Patient Care – Provides accurate, up-to-date, and complete patient information at the point of care.

2. Efficient Data Access – Enables quick retrieval of medical records for coordinated treatment.

3. Enhanced Communication – Facilitates secure sharing of health information between providers and patients.

4. Reduced Medical Errors – Helps prevent prescription mistakes and improves diagnostic accuracy.

5. Streamlined Billing & Coding – Supports accurate documentation for insurance claims and reimbursement.

6. Better Clinical Decision-Making – Integrates patient data from multiple sources to assist healthcare providers.

7. Cost Savings – Reduces paperwork, minimizes redundant tests, and improves operational efficiency.

8. Patient Engagement – Allows patients to access their health records, promoting self-management.

Include: continuity of care, increased efficiency, easier access, reduced expenses, improved job satisfaction for providers, and improved patient satisfaction.

Continuity of care (1)

refers to the ongoing, coordinated healthcare management of a patient across different providers and settings. It ensures that medical care remains consistent, efficient, and patient-centered over time.

Key Aspects of Continuity of Care

• Long-Term Patient-Provider Relationship – A physician or care team maintains familiarity with a patient’s medical history.

• Seamless Transitions Between Providers – Ensures smooth handoffs when a patient moves between specialists, hospitals, or home care.

• Comprehensive Care Coordination – Reduces fragmentation in treatment and improves patient safety.

• Improved Health Outcomes – Helps prevent medical errors, enhances treatment effectiveness, and supports chronic disease management.

As many EHR s are internet-based, they can be accessed despite computers or a medical facility being destroyed by a disaster, leading to more accurate continuation of care.

Provide increased efficiency (2)

refers to improving productivity, reducing wasted time, and optimizing resources to achieve better results with less effort.

Ways to Increase Efficiency

1. Automation – Using technology to handle repetitive tasks, such as scheduling and billing.

2. Time Management – Prioritizing tasks and setting clear goals to maximize productivity.

3. Process Optimization – Identifying inefficiencies and refining workflows for smoother operations.

4. Data Accessibility – Ensuring quick access to relevant information for informed decision-making.

5. Collaboration & Communication – Enhancing teamwork and reducing delays through effective communication tools.

Easier to Access (3)

Interconnecting EHRs decreases delays in initiation of care.

EHRs provide better security as they're protected by a username and password, with the password changing periodically. Each user has a different level of access. The system can be audited to determine what each user has viewed or modified to protect patients from inappropriate access to their medical record.

Reduce expenses (4)

EHRs allow for reduced expenses - transcription fees and storage facilities for paper charts are no longer needed, and duplicate tests aren't being performed.

Improved job satisfaction - occurs as providers are more confident in the delivery of high-quality care and the support staff is more comfortable with day-to-day operations, such as phone calls, medication refills, and results of testing.

Improved patient satisfaction - occurs as patients feel that their phone messages and refills are handled better with EHR.

Disadvantages of EHRs include:

Disadvantages of EHRs

1. High Implementation Costs – Setting up EHR systems requires significant financial investment in software, training, and infrastructure.

2. Learning Curve for Staff – Healthcare providers may struggle to adapt to new digital workflows, leading to temporary inefficiencies.

3. Privacy & Security Risks – EHRs are vulnerable to cyberattacks, data breaches, and unauthorized access.

4. System Downtime & Technical Issues – Software glitches or outages can disrupt patient care and administrative processes.

5. Data Entry Burden – Healthcare professionals may spend excessive time inputting data, reducing direct patient interaction.

6. Interoperability Challenges – Different EHR systems may not communicate effectively, causing issues in data sharing between providers.

7. Potential for Errors – Incorrect data entry or system malfunctions can lead to medical errors and misdiagnoses.

Employees resist

Due to unfamiliarity with computer technology, including office staff and providers close to retirement, and providers can feel that they have more work and are less able to delegate tasks.

Regimentation

More standardized documentation of progress notes, using templates and check boxes, can obscure the provider's reasoning or the narrative of the patient's story.

Security gaps

Such as power outages, viruses, backup procedures, and computer freezes cause safety concerns for protection of EHRs.

Professional Use of the EHR

Patient care is the primary goal when using the EHR. It is important to understand medical terminology and anatomy and physiology when deciphering through the EHR to interpret information presented in the chart.

Basic typing and computer skills, organization skills, and interpersonal skills are all attitudes needed to excel at using the EHR.

Three items that might be found in a patient medical record:

• Operative Reports

• Immunization Records

• Living Will

Overview of SimChart for the Medical Office:

Simchart for Medical Office (SCMO)

a specialized type of software, called Software as a Service (SaaS), meaning the software is housed in a central location and it can be accessed through the internet and therefore can be accessed in a variety of locations.

It contains all components, including front-office, clinical care, and billing/coding.

SCMO Front Office modules

Uses the calendar as the default for this page. Appointments can be created deleted, or edited. Schedules can be blocked for meetings or lunch hours. Patient letters, emails, and phone calls can be created.

SCMO Coding & Billing modules

The Coding & Billing modules in SimChart for the Medical Office (SCMO) provide hands-on training in medical coding, insurance claims, and financial management within a simulated healthcare environment.

Key Features of SCMO Coding & Billing Modules

• Superbill – Captures services provided to a patient for billing purposes.

• Ledger – Tracks financial transactions, payments, and outstanding balances.

• Claim Processing – Helps users generate and submit insurance claims.

• Day Sheet – Summarizes daily financial activities for reconciliation.

• Reporting & Auditing – Ensures accuracy in billing and compliance with regulations.

SCMO Clinical Care modules

focuses on patient documentation and medical charting within a simulated healthcare environment. It allows users to practice recording clinical encounters, treatment plans, and patient assessments.

Key Features of SCMO Clinical Care Module

• Patient Dashboard – Displays a summary of all patient record entries.

• Encounter Documentation – Users must be in a patient encounter to record clinical details.

• Medical Charting – Includes structured and unstructured data entry for patient history, diagnoses, and treatments.

• Integration with Other Modules – Works alongside Front Office and Coding & Billing modules to simulate a complete medical office workflow.

SCMO recurring features:

includes several recurring features that streamline medical office workflows and enhance user experience. These features ensure consistency across different modules, making SCMO an effective training tool for healthcare administration.

Key Recurring Features in SCMO

1. Buttons & User Interface Elements – Interactive buttons with graphics and text labels that execute commands like save, confirm, cancel, or exit.

2. Default Settings – Preselected values such as margins, font type, and size, which appear when opening dialog boxes or screens.

3. Info Panel – Used in Clinical Care to create encounters or enter test results, and in Coding & Billing to manage reimbursement tasks.

4. Structured & Unstructured Data Entry – Allows voice dictation or free-text entry (unstructured) for flexibility, and coded data (structured) for interoperability.

Active, Inactive, and Closed Patients

1. Active Patients

• Patients who have received medical care within a recent timeframe (often within the last 12 to 24 months).

• Their records are regularly updated and maintained for ongoing treatment.

• They are considered current patients of the practice.

2. Inactive Patients

• Patients who haven’t visited the healthcare facility for an extended period (typically over 24 months).

• Their records are still retained but may be archived or stored separately.

• They can become active again if they return for treatment.

3. Closed Patients

• Patients whose records are no longer maintained due to specific reasons, such as:

  • Transferred care to another provider.

  • Deceased status.

  • Legal or administrative closure of their file.

Retention period

The term that describes the amount of time records must be kept in storage by a medical office.

Professional use of the internet

Occurs as most EHRs, including SCMO.

Other uses of the internet in the medical office, include looking up information about testing sites, medications, support groups, and patient education material. Caution should be taken online, as not all internet sites are reliable.

Personal use of the internet shouldn't occur while at work.

This includes use of social media sites, online shopping, playing games, checking bank account information, or paying bills. The internet should be used solely for tasks related to one's job.

Describe HIPAA

HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law enacted in 1996 to protect sensitive health information from unauthorized access and disclosure. It establishes national standards for privacy, security, and electronic healthcare transactions.

Key Components of HIPAA

1. Privacy Rule – Regulates the use and disclosure of Protected Health Information (PHI) by healthcare providers, insurers, and business associates.

2. Security Rule – Sets standards for safeguarding electronic PHI (ePHI) against cyber threats and unauthorized access.

3. Transactions & Code Sets Rule – Standardizes electronic healthcare transactions to improve efficiency and accuracy.

4. Breach Notification Rule – Requires healthcare entities to notify affected individuals in case of a data breach.

5. Enforcement Rule – Establishes penalties for non-compliance, including fines and legal consequences.

Confidentiality

The right of an individual to have all of his or her information kept private.

Only those directly involved in the patient's care should view their healthcare information.

Confidentiality and privacy can be used interchangeably in casual speech, but with relation to HIPAA and healthcare, they have different meanings.

Anonymity

Means that the patients information wouldn't be attached to specific testing, therefore the testing couldn't be traced back to the patient.

The notion of confidential information is that the healthcare information isn't shared. However, there are multiple instances when information is shared, such as in cases involving sexual assault, child protective services, and sexually transmitted diseases.

Privacy

Is the patients right to control how his or her healthcare information is used and shared with others.

HIPAA states that if the patient information is being used for treatment, payment, or operations, the patients doesn't need to give permission.

Patient have the right to know who has accessed their health record and who has received information from the health record. All of this is tracked within EHR.

HIPAA Privacy Rule

Establishes standards for the use and disclosure of individually identifiable health information, promotes patients understanding of their privacy rights, and helps patients control ways in which their health information is used and disclosed. This applies to all health information in any form, such as conversation, paper, or electronic.

Protected Health Information (PHI)

Any identifiable health information that may include demographic information, diagnosis, or billing information that's stored, maintained, or transmitted electronically. If PHI is released for any reason other than healthcare operations, this must be documented and kept in a log for six years.

If PHI is needed for research purposes, all of the information must be

Covered entities

Are any medical provider (business within the healthcare industry that transmits claims, including laboratories and accounting firms that process medical billing claims), health plan (any payer of medical cost, expect law enforcement, workers compensation, or vehicle insurance policies), or healthcare clearinghouse (information processing company that allows healthcare services and billing companies with compatible platforms to share information) that transmits health information electronically.

Business associates

Any person or entity that performs functions or activities that involve the use or disclosure of PHI. A contract is written from the covered entities for the business associates that outlines the privacy and security requirements of the PHI.

Minimum necessary standard

Means that only the minimum amount of information should be included when a covered entity makes an allowed disclosure to accomplish the task.

Patients may sign an authorization form in order to give permission for PHI to be discussed with others, such as a spouse.

Patients must also sign consent for their health information to be used for treatment, payment, and operations.

TPO

Treatment, Payment, and Healthcare Operations (TPO) are core healthcare activities defined under the HIPAA Privacy Rule. These functions allow healthcare providers and insurers to use and disclose Protected Health Information (PHI) without requiring patient authorization, ensuring efficient care delivery and administrative processes.

1. Treatment

• Involves providing, coordinating, or managing healthcare services.

• Includes consultations between providers and referrals to specialists.

• Ensures continuity of care across different healthcare settings.

2. Payment

• Covers activities related to billing, claims processing, and reimbursement.

• Includes insurance eligibility verification and risk adjustments.

• Helps healthcare providers receive compensation for services rendered.

3. Healthcare Operations

• Encompasses administrative, financial, legal, and quality improvement activities.

• Includes staff training, compliance audits, and performance evaluations.

• Supports the overall efficiency and effectiveness of healthcare organizations.

PATIENTS RIGHTS

1) See and receive copies of their medical records.

2) Request an amendment to their records.

3) Control who is informed about their health information.

4) See an accounting of their non-routine disclosures.

5) Restrict information

6) File complaints

7) Receive a Notice of Privacy Practice

Administrative Safeguards

a set of security measures required by the HIPAA Security Rule to protect electronic protected health information (ePHI). These safeguards focus on policies, procedures, and workforce management to ensure compliance with HIPAA regulations.

Key Components of Administrative Safeguards

1. Security Management Process – Identifies and mitigates risks to ePHI.

2. Assigned Security Responsibility – Designates a security officer to oversee compliance.

3. Workforce Security – Ensures employees have appropriate access to ePHI.

4. Information Access Management – Controls who can view or modify patient data.

5. Security Awareness & Training – Educates staff on HIPAA compliance and cybersecurity.

6. Security Incident Procedures – Establishes protocols for handling security breaches.

7. Contingency Plan – Prepares for emergencies like data loss or system failures.

8. Evaluation – Regularly assesses security measures for effectiveness.

9. Business Associate Contracts – Ensures third-party vendors comply with HIPAA.

Physical Safeguards

Physical Safeguards are security measures required by the HIPAA Security Rule to protect electronic protected health information (ePHI) from unauthorized access, environmental hazards, and physical threats.

Key Components of Physical Safeguards

1. Facility Access Controls – Limits access to data centers and secure areas using badge systems, security cameras, or restricted keys.

2. Workstation Security – Protects workstations with password access, screen timeouts, and physical locks.

3. Device and Media Controls – Secures devices like laptops, external drives, and backup media to prevent theft or unauthorized use.

These safeguards ensure confidentiality, integrity, and availability of patient data while complying with HIPAA regulations.

Technical Safeguards

Technical Safeguards are security measures required by the HIPAA Security Rule to protect electronic protected health information (ePHI) from unauthorized access, alteration, and transmission. These safeguards focus on technology-based protections to ensure data security and integrity.

Key Components of Technical Safeguards

1. Access Controls – Restrict access to ePHI by requiring unique user identification, emergency access procedures, and automatic logoff.

2. Audit Controls – Track and monitor system activity to detect unauthorized access or changes to patient data.

3. Integrity Controls – Ensure that ePHI is not improperly altered or destroyed.

4. Authentication Controls – Verify that users accessing ePHI are authorized.

5. Transmission Security – Protect ePHI during electronic transmission using encryption and secure communication protocols.

These safeguards are essential for healthcare administration, ensuring compliance with HIPAA regulations, patient confidentiality, and data security.

Protection Health Information (PHI)

refers to any individually identifiable health data that is created, received, stored, or transmitted by healthcare providers, insurers, or business associates. PHI is safeguarded under HIPAA (Health Insurance Portability and Accountability Act) to ensure patient privacy and security.

Key Elements of PHI

• Patient Identifiers – Name, address, birth date, Social Security number.

• Medical Records – Diagnoses, treatment history, lab results, prescriptions.

• Billing & Insurance Information – Claims, payment details, financial records.

• Communication Records – Emails, appointment reminders, and physician notes.

HIPAA Protection Measures

• Privacy Rule – Limits unauthorized access and disclosure of PHI.

• Security Rule – Requires safeguards like encryption and access controls.

• Breach Notification Rule – Mandates reporting of data breaches affecting PHI.

Protection of Health Information:

Government agencies can have access to EHRs

• Centers for Medicare & Medicaid Services (CMS) – Reviews EHRs for Medicare and Medicaid eligibility, billing audits, and fraud prevention.

• Department of Veterans Affairs (VA) – Uses EHRs to manage veteran healthcare services.

• Department of Defense (DOD) – Maintains EHRs for military personnel and service members.

• Social Security Administration (SSA) – Examines medical records to verify disability claims and benefits eligibility.

• Public Health Agencies (CDC, FDA, NIH) – Access EHRs for disease tracking, outbreak response, and medical research

Protection of Health Information:

Consumer reporting agencies

Consumer reporting agencies (CRAs) are organizations that collect and maintain consumer credit and financial information. They provide reports to businesses, lenders, employers, and government agencies to help assess an individual's creditworthiness, financial history, or eligibility for services.

Key Functions of Consumer Reporting Agencies

• Credit Reporting – Tracks credit history, payment behavior, and debt management.

• Employment Screening – Provides background checks for hiring decisions.

• Tenant Screening – Assesses rental applicants based on financial and legal records.

• Insurance Risk Assessment – Helps insurers evaluate applicants for coverage.

• Government Eligibility Verification – Assists agencies in determining benefits and assistance qualifications.

Major Consumer Reporting Agencies

The three primary nationwide credit bureaus are:

1. Equifax

2. Experian

3. TransUnion

Protection of Health Information:

Employers

Employers with group health plans covering 50 or more employees are subject to HIPAA and have access to review the summary of healthcare expenses for their employees.

Protection of Health Information:

Friends and Family

Disclosure of patient information to family and friends of the patient must be specified by the patient. An exception is if the patient is incapacitated and it can be reasonably known that the patient wouldn't object, relevant health information can be disclose, particularly if its in the best interest of the patient.

Protection of Health Information:

Research companies

Research companies that work with Protected Health Information (PHI) must comply with HIPAA regulations to ensure patient privacy and data security. These companies often conduct clinical studies, medical research, and healthcare analytics using PHI.

How Research Companies Handle PHI

• De-identified Data – Many research organizations use de-identified health information to avoid HIPAA restrictions.

• Institutional Review Board (IRB) Approval – Research involving PHI often requires IRB or Privacy Board approval.

• Limited Data Sets – Some studies use limited data sets with indirect patient identifiers under HIPAA guidelines.

• Business Associate Agreements (BAAs) – Research companies working with healthcare providers must sign BAAs to ensure compliance.

Examples of Research Entities Handling PHI

• National Institutes of Health (NIH) – Conducts federally funded medical research.

• Centers for Disease Control and Prevention (CDC) – Uses PHI for disease tracking and public health studies.

• Pharmaceutical & Biotech Companies – Perform drug trials and medical research.

• University Research Centers – Conduct academic studies on healthcare trends.

Patients should check records for inaccuracies that can be made by human error and may affect their health:

• Patients may revies medical, dental, and prescription drug records, and if there are any inaccuracies, can request an amendments. This is to be completed within 60 days.

• Patients may request restrictions on disclosure of sensitive information for payment purposes.

• Patients may ask to receive correspondence and medical bills at alternate locations and choose whether to allow providers to leave telephone messages.

• Patients may pay out of pocket for certain medical visits out of pocket for medical health or addiction medicine, keeping their information "off the grid" from an insurance company or private payer.

• Patients may opt for online versus paper statements. In terms of identity theft, many identity thieves steal mail directly out of the mailbox, so its best to receive electronic statements.

FLASHCARDS: Definition

MEDICAL RECORD:

A complete physical collection of an individual's healthcare information

HEALTHCARE RECORD:

A combination of all the health information and documents of a single individual.

ADMINISTRATIVE INFORMATION:

Information used by the front office staff and billing staff to maintain appointments and bill insurance companies.

ELECTRONIC MEDICAL RECORD (EMR):

An electronic patient record created by a medical practice or hospital.

ELECTRONIC HEALTH RECORD (EHR):

An interconnected aggregate of all the patient's health records from multiple providers and healthcare facilities.

PRACTICE MANAGEMENT SOFTWARE:

Software that allows for the electronic management of the business side of a medical or healthcare practice.

SimChart for Medical Office (SCMO)

Software that is housed in a central location and can be accessed through the internet, allowing it to be accessed in a variety of locations

Front Office

Module in SCMO that uses the calendar as the default and allows appointments to be created, deleted, or edited; schedules to be blocked for meetings; and patient letters, emails, and calls to be made

Three duties that are commonly performed by a front office assistant:

• Greeting and Assisting Visitors – Welcoming patients or clients, directing them to the appropriate department, and answering inquiries.

• Scheduling Appointments – Managing calendars, booking appointments, and coordinating with healthcare providers or office staff.

• Handling Administrative Tasks – Answering phone calls, processing paperwork, maintaining records, and managing office supplies2.

Active Patient

Patient who has been seen by a provider in the clinic within three years

Closed Patient

Patients who have terminated their relationship because they have moved away, have been discharged from the practice, or have died

Covered Entities

Any medical provider, health plan, or healthcare clearinghouse that transmits health information electronically

Protected Health Information

Any identifiable health information that may include demographic information, diagnoses, or billing information that's stored, maintained, or transmitted electronically

Consumer Reporting Agencies

Organizations used by potential lenders to check your payment history before providing a loan

adverse action

ABC Insurance has decided to discontinue Avery's insurance based on information it received from the local consumer reports agency.

Notice of Privacy Practices

An example of a HIPAA form that's included in the medical record

Documenter

An individual who is responsible for recording data in the patient record

Minimum necessary standard

Only those progress notes pertaining to treatment of rhinitis and copies of sinus X-rays are sent to the specialist's office.

Medical Office Workflow

student resources will provide help with completing tasks in SimChart for the Medical Office

Form Repository

To locate and complete the Medical Records Release document, click on icon in SimChart for the Medical Office

Disclosure Authorization

In order to release patient information for participation in a research study, a/an Disclosure Authorization form would be completed in SimChart for the Medical Office.

Which of the professional organizations is made up of health information management professionals?

American Health Information Management Association (AHIMA). AHIMA is dedicated to advancing the HIM profession through education, certification, and advocacy.

Other organizations that support HIM professionals include:

• American Medical Informatics Association (AMIA) – Focuses on biomedical and health informatics.

• Healthcare Information and Management Systems Society (HIMSS) – Promotes the use of health IT to improve patient care.

• American Nursing Informatics Association (ANIA) – Supports nurses specializing in health informatics

Prior authorization form

an administrative form but likely also contains health information.

Cross-trained

With the implementation of an EHR, it's helpful if employees can be cross-trained so that they're able to perform more than one duty within the EHR.

Retention

Closed patient records must be kept for a certain amount of time, which is set forth by law that varies from each state.

Administrative and Clinical Use of the EHR:

Communication in the Medical Office

Good communication with providers, staff, and patients throughout the clinic is key to providing quality acre and increasing job satisfaction.

It's important to remain within the HIPAA Privacy Rule when communicating patient information.

Patient Portals

Used within the EHR to allow patients to contact the clinic and potentially make their own appointments.

Patient portals are connected directly to a specific EHR and are controlled by the provider.

Patient portals are websites for which information is transferred between patient and provider with services included such as email, search capabilities, test results, and online appointments booking.

Some common telephone etiquette guidelines include:

• Answering by the third ring if possible

• Avoiding personal calls on office telephone lines.

• Smiling before answering the phone

• Answering with a professional and pleasant greeting

L02-095 No-show appointment

Can be a waste of time as well as a loss of revenue for the clinic.

Medical office correspondence

A variety of correspondence can be generated in the EHR including work excuse notes, referral letters, patient instructions, and patient letters.

Some correspondence requires basic knowledge of medical terminology and coding.

The International Classification of Diseases, 10th Edition (ICD-10), is used to designate alpha numerical codes for patient's diagnoses.

Current Procedural Terminology (CPT) codes designate numerical codes for office visits and procedures.

Medical office correspondence: EMAILS

Secure email is used throughout medical offices, as it's an inexpensive and efficient means of communication that can replace postal mail. Might be used to contact an insurance company to obtain an authorization or a specialist office regarding a patient referral.

Encryption technology converts data to an unreadable code during transmission to keep the data secure.

EHR applications allow messaging between office members and patients within the system.

Messages should be encrypted and have are HIPAA disclosure attached to each massage.

Medical office correspondence: REFERRAL LETTERS

The front office assistant would create a referral letter giving the specialist a clear picture of the patient's general health and reason for the referral.

Medical office correspondence: INCIDENT REPORTS

Communicate situations to the risk manager such as falls, needle sticks, and medication errors.

Incident reports is filled out by an employee who witnessed the accident, and who also could have been involved in the accident. The report should give a description of the accident and the actions taken.

Medical office correspondence: FAXES

Encode documents to be sent over telephone lines.

Potential security and integrity risks include:

-Misdirected faxes due to human or technical error

-Inability to verify the fax recipient-anyone can pick up the document from a non-secure location

-Difficulty in verifying recipient of all pages

Ways to reduce these risks are as follows:

• Informing the recipient before sending the fax

• Including a cover sheet with recipient name and confidentiality disclaimer

• Following up with the intended recipient to ensure receipt

• Documenting the date/time and initial faxed information to create a paper trail

• Filing the completed cover sheet in the patient's file

Medical office correspondence: PATIENT LETTERS

Commonly produced in the medical office. For new patients might include notification of normal lab results or a welcome letter. For legal protection of the practice, sometimes unpleasant correspondence needs to be drafted, such as letters to request payment/provider relationships due to continually missed appointments or failure to adhere to a treatment plan.

Managing EHR

The security of EHR must be monitored daily to prevent hacking and the potential for damaged or destroyed records, which can compromise patient care. Major software updates are important to keep the EHR secure and add new functionality.

Avoid duplicate charts:

• Always ask if the patient has been seen by the practice before

• Always search for the patient before creating a new chart

• Ask established patients if they've had a name change

• Always set up the EHR with the name listed on the insurance card, as a claim can be denied if the name doesn't match precisely.

Healthcare records are categorized into three different groups, ACTIVE, INACTIVE, and CLOSED

Purging is the act of separating active records from closed records. Closed records may be placed on CD, cloud storage, or computer hard drive.

Signature Pads

Allows for electronic signature to verify that patients have received proper documentation of policies and procedures. It's important that all devices keep patient information protected under HIPAA.

EHR vendors may provide tools to help with managing records:

• Maintaining backup records

• Providing recovery and virus protection

• Providing remote backup online (SaaS-based vendors)

• Healthcare facilities are required to have a written back-up plan listing procedures to follow in case of an emergency.

The plan should be easily accessible and include the following information:

• What constitutes an emergency

• Contact information for restoring the EHR

• Location of back-up copies

• Instructions for managing patients during software downtime

• Plans for inputting data once software is functional again

• Its important on scheduling an appointment that demographic information is reviewed and updated as needed. Once the appointment is made, the demographics are auto-populated into the schedule.

Different views on the scheduling system in SimChart for the Medical Office (SCMO):

These views are blue tabs at the left side of the screen and include:

• -Calendar view

• Examination room

• Provider view

In order to schedule within SCMO, click on the orange Add Appointment button in Calendar view. Another option is to double-click in the calendar.

Once the New Appointment box appears, this allows for entering of three different types of appointments:

• Patient--either new or established patients with any provider.

• Block--indicating times a provider is unavailable, such as for lunch or time off

• Other--such as time for staff, sales, and pharmaceutical meetings.

Appointment Matrix

The first step in developing an efficient schedule for a healthcare facility.

A matrix can be set up to do the following:

• Show provider availability

• Account for routine days off such as holidays

• Schedule provider vacations

• Flag urgent appointments

• Show maternity leave or sick leave

• Block time before or after lunch or before closing to ensure the office staff has lunch or is able to leave at an appropriate time

Appointment slots should be blocked as soon as they become unavailable and holidays should be blocked at the beginning of the year.

There are several reasons this may occur:

• The practice expects a certain number of no-show appointments.

• The practice expects certain patients to arrive early and others to arrive late, staggering the schedule.

• The double-booked patients are being seen for different reasons with different clinic rooms needed.

• Patients with urgent medical problems need to be accommodated.

Keep in mind that providers may have specific times that they allow for double-booking, such as first thing in the morning or directly before lunchtime.