Confidentiality in allied health

Subpoena

command issued by the court

Court order

used to get a release of medical information protected under HIPAA

subpoena duces tecum

requests production of records and documents

subpoena ad testificandum

command a witness to appear and give testimony

Dual function of medical records:

1. provides information for patients' care

2. evidence in malpractice suits

Hippocratic Oath

traditional vow of the physician pertaining to the ethical practice of medicine, duty, and confidentiality.

Doctor-Patient Privilege

A relationship in which a patient's medical history, conditions, and related information can't be made known without that patient's permission

informed consent

communication between a doctor and a patient in which the doctor explains the factors involved in a recommended medical process.

Substituted consent

involves an authorized person making a medical decision for a person who is unable to do so.

Covered Entity

organizations that handle protected health information in any capacity. They include:

- Healthcare providers

- Healthcare clearing houses

- Health plans

limited data set

contains information of a patient record with a restricted number of identifiers such as geographic location and dates.

Privacy rule of HIPAA

provides special rules regarding psychotherapy notes that limit use or disclosure without consent. It requires that patients be given a notice of use or disclosure of patient-specific information.

Attorney-Client Privilege

protects medical incident reports distributed to the facility's attorney

National Practitioner Data Bank (NPDB)

must be informed by an entity making malpractice payment

Quality Management

traditionally performed by peer review committees.

Biometrics

aids in associating a patient with his/her correct medical records.

demostrative evidence

something that helps illustrate a witness's testimony, such as a map, chart, photograph, x-ray, videotape, movie, sound recording, or model

Competent Evidence

evidence that the court should accept into proof

Hearsay

Evidence in which witnesses aren't telling what they know personally, but rather what others have said to them

Medical records

a document that includes a patient's history, condition, diagnostic and therapeutic treatment, and the results of treatment

Author of a Medical Record

the medical provider who has created the data that appear in the record

Authentication

the confirmation of the content of an entry in a medical record; must be performed by the person who creates the data

Age of Majority

When a person becomes an adult

certificate of destruction

Documents that records were properly destroyed in the ordinary course of business

Freedom of Information Act (FOIA)

A federal law intended to provide access to government records

Privacy Act of 1964

prohibits disclosure of certain medical information by government agencies unless the patient gives written consent

Legal Basis for Confidentiality

The right of privacy derived from the Constitution, statutes, and the common law

Three Groups to which HIPAA Regulations Apply

health care providers, health plans, health care clearinghouses

Protected Health Information (PHI)

Any individually identifiable health information

Identifiable Information

Data about a specific person

de-identified information

Information stripped of data that may identify an individual

Treatment

the provision of healthcare and related services

Payment

The activities of healthcare providers to obtain payment or be reimbursed for their services and the activities of a health plan to obtain premiums, to fulfill their coverage responsibilities and provide benefits under the plan, and to obtain or provide reimbursement for the provision of healthcare

Health care operations

Certain administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment

Occupational Safety and Health Administration (OSHA)

Responsible for enforcing safety rules in the workplace

Whistleblower

An employee who informs OSHA of illegal activity

mutual consent registry

One method many states use to arrange the consents required for the release of identifying information related to adoptions

Substance abuse

refers to the excessive use (or abuse) of alcohol or drugs

Genetic Information Nondiscrimination Act (GINA)

Adopted in 2008; designed to prevent the discriminatory use of genetic information by employers and insurers

Centers for Disease Control and Prevention (CDC)

Serves as a national focus for developing and applying disease prevention and control., environmental health, and health promotion and education activities designed to improve the health of the people of the U.S.

Enzyme Immunoassay (EIA)

The most common screening test used to look for HIV antibodies

Consumer-Controlled Test Kits

Popularly known as home testing kits; first licensed in 1997; used to collect a blood sample to send to a licensed laboratory for testing

Ways to Transmit HIV/AIDS Virus

Transmitted in four common ways: High-risk sexual contact Injection drug use Transmission from mother to child around the time of birth Blood transfusions and other unknown causes

Routine HIV Testing

The CDC has recommended routine HIV testing for all Americans between 13 and 64 as a regular part of their healthcare

Risk Management

identifies areas of risks to medical service providers

Loss Prevention

A planned, systematic, and proactive process; in the area of healthcare, providers such as hospitals identify those activities, problems, and situations that may result in potential liability for the hospital, its employees, physicians, and even other healthcare providers

Loss reduction

The steps taken after an event or incident occurs

Incident report

Proper documentation of adverse incidents that occur during the treatment of a patient

Peer review committees

Consist of health professionals who monitor the quality and use of healthcare services

Use of biometrics

1. To identify a patient

2. To simplify secure access to records

Medical records custodian

Should know the hardware, software, and procedures for data entry to lay a foundation to admit medical records

Ways to reduce security breaches of medical records

a. use good passwords

b. change them frequently and don't share them

c. use biometrics instead of password

d. reduce unnecessary access to medical records by creating different levels of access based on the need to know

e. train employees in safe practices, such as logging off immediately after access

f. install appropriate software to guard against hacking, spyware, viruses, and the like

h. implement appropriate protections, such as backing up files

________ doesn't directly identify a patient, but may contain some identifiers.

a limited data set

Which of these is a special type of health information?

information related to substance abuse treatment

Which of these is a rule the Health Insurance Portability and Accountability Act includes?

protected health information includes any individually identifiable health information

Mandatory HIV testing may be ordered for whom?

individuals who present health threat to others

What is the name of the legal rules that provide protections for workers from situations at work that are known to be potentially able to cause injury or death?

Occupational Safety and Health Act

Specifying that only certain persons may pull medical files or that medical files not in use must be filed immediately is an example of what type of safeguard?

administrative

Healthcare providers who make entries in a medical record must do so when?

At the time that the event occurs.

The legality in which a patient's medical history, conditions, and related information can't be made known without that patient's permission is:

doctor-patient privilege

Attorney-client privilege and __________ are two methods to avoid incident reports being subject to discovery by a plaintiff during litigation.

work product doctrine

The AMA's Code of Medical Ethics states that the information disclosed to a physician during the course of the doctor-patient relationship is

confidential to the utmost degree.

An employer's use of medical records to decide whether or not a patient is disabled is what type of use?

nonclinical use

The process of communication between a doctor and patient in which the doctor explains the factors involved in a recommended medical process is called what?

informed consent

A __________ should document that medical records were properly destroyed in the ordinary course of business.

certificate of destruction

Most states require doctors practicing telemedicine across state lines to have what type of license?

a license in each state where the patients live or where physical care is being given

Evidence in which witnesses aren't telling what they know personally, but rather what others have said to them is what type of evidence?

Hearsay

According to the AMA, what is a key reason behind physicians' duty of confidentiality to patients?

Patients will feel more confident in disclosing information to their physicians.

__________ is one type of information that must be reported to the NPDB.

medical malpractice payment

A hospital is required to query the NPDB when

a practitioner applies for temporary privileges

Which of the following factors would be considered de-identified information?

Patient condition: improved breathing with new medication

The main purpose of a peer review committee is to:

identify activities that suggest guidelines aren't being followed

Which of the following pieces of information would be allowed as part of a limited data set?

Birth date

Which of the following activities is considered part of health care operations under HIPAA?

reviewing the competency of health care workers

What law provides access to government records, with exception for records with medical information?

Freedom of Information Act

Under what circumstances may a health insurer charge a higher premium to a woman with a genetic disposition to breast cancer?

Health insurers can never discriminate based on genetic information in this way.

Which of the following statements is true of patients' right to have errors corrected in their medical records?

The Dr. doesn't have to make the change but the patient is entitled to a written notice of the decision

Which one of the following steps can shield against discovery of an incident report?

Invoking the work product doctrine

A mutual consent registry is relevant to obtaining medical information about

a party to an adoption

Which of the following is not an example of a limited data set?

unique identifying numbers

Which of the following statements is true of HIPAA rules regarding the release of PHI by covered entities to business associates?

Covered entities must require adequate assurances in writing that business associates will adequately safeguard PHI

Suppose the statute of limitations for a particular state is three years and the age of maturity in the state is 21. If you have a medical records for a 13-year-old girl, how long should you maintain them?

11 years

If an institutional review board is involved in a request for PHI, the information is likely sought by a?

a healthcare facility

Rita works as a medical coder for an ambulatory surgery center. Under the terms of HIPPA, is Rita considered a covered entity?

Maybe, depending on her employment status.

What is a doctor's responsibility if a patient requests restrictions on the use of his/her PHI?

the doctor need not comply with the patient's wishes if HIPAA would otherwise permit the use.

Which of the following is an example of demonstrative evidence?

Map

A patient's authorization for disclosure of PHI must include the purpose of the disclosure and what information is to be released if the PHI relates to

treatment for substance abuse

Which of the following statements about risk management is true?

risk management is concerned with reducing exposure to legal liability.

The __________ is the only person who can authenticate the information in a patient's medical record.

The "person who creates the data" in the record

Which of the following statements about HIV testing is true?

Some HIV tests can provide results in as little as 20 minutes