The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the larger American Recovery and Reinvestment Act of 2009, was created to encourage and regulate the use of technology in healthcare. HITECH brought meaningful use, an incentive plan designed to increase the use of certified electronic medical records, and amendments to the Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Although some provisions of HITECH have not been implemented (e.g., the more robust three-year accounting of disclosures for electronic protected health information [PHI]), the following is a list of the major topics that have been amended with the adoption of HITECH:
Creating secure passwords, guest wireless networks, and emailing PHI
by Chris Apgar, CISSP
Q: I work at a doctor's office. If a patient calls and asks to have a copy of his or her medical records sent to his or her home address, are we required to obtain any additional verification beyond checking that the address matches the one we have on file? We have a patient portal where most of our patients are able to access their records, but some still prefer to have copies sent to them.
A: As with any request for PHI from an external party, whether it be the patient or someone else, proper authentication is necessary. This means you need to ask questions such as what is the patient's birthdate before agreeing to send the patient a copy of his or her medical record or designated record set (DRS).
It's a good idea to ask the patient to make the request in writing. Per the HIPAA Privacy Rule, "The covered entity may require individuals to make requests for access in writing, provided that it informs individuals of such a requirement" (45 CFR §164.524(b)(1). This is not a "you shall." It's a "may" so in the end you may elect to not require the request be in writing. However, this might leave your practice vulnerable to the risk of someone impersonating the patient and requesting the record or the patient later complaining you sent a copy of his or her DRS without his or her permission.
If you require patients to make the request in writing, you can't make it too burdensome. For example, you can't require patients get the signed request notarized or walk the request in to the doctor's office. OCR recently published guidance regarding a patient's right to access his or her DRS (www.hhs.gov/hipaa/for-professionals/privacy/guidance/access). It provides more detailed information about the dos and don'ts of meeting the HIPAA Privacy Rule requirement that patients are entitled to view or request a copy of their DRS.
Editor's note: Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are that of the author and do not represent HCPro or ACDIS. Email your HIPAA questions to Associate Editor Nicole Votta at nvotta@hcpro.com.
Clinical documentation and coding has a significant impact on value-based quality outcome performance. Such outcomes include risk-adjusted mortality, readmission, patient safety, complication rates, and cost efficiency measures.
Value-based outcomes linked to payment represent the next wave of opportunity for CDI programs to support their health systems. Clinical documentation and coding across the continuum impact performance for claims-based measures contained within these standard data sets. Claims-based outcome measures use ICD-10 codes submitted on claims both to define the populations (or cohorts) included in the measure, as well as to risk-adjust performance.
Let's look at a few examples to illustrate how clinical documentation and code assignment can impact performance for one of the claims-based measures in the figure, the risk standardized complication rate?THA/TKA (RSCR THA/TKA):
Assignment of the discharge disposition as "AMA" also excludes the THA/TKA discharge from the measure.
Documentation and reporting of "morbid obesity" prior to the admission for the THA/TKA procedure strengthens risk adjustment. Note: "Obesity" does not impact risk adjustment.
Documentation and reporting of "chronic renal insufficiency" prior to the admission for the THA/TKA procedure will further strengthen risk adjustment. Note: "Renal insufficiency" will not count.
Documentation and reporting of "coronary artery disease" in the THA/TKA inpatient encounter will strengthen the risk adjustment even further.
The alignment of quality measures that will be linked to payment by public and private payers provides a framework upon which future efforts can be based. CMS will go through a public notice and comment rulemaking for implementation of these core sets and looks forward to public input on the measures included in these core measure sets.
Those who regularly attend the annual AHIMA Convention and Exhibit no doubt have seen the exceptional quilt created each year by AHIMA member Katy Sheehy, MPA, RHIA, and sponsored by the Dames of Distinction to be bid at auction. The quilt is auctioned in support of the Linda Culp Memorial Scholarship fund, which was established in memory of the late Linda Culp, a former HIM professional, hospital chief executive officer, and AHIMA member. If you have seen the quilt, you have probably asked yourself, "Who are these people?"
The healthcare industry is focused on the triple aim: reducing healthcare costs, improving patient experience, and improving the health outcomes of populations. Healthcare organizations will no longer be paid based on the volume of services provided but rather on the value of care delivery.
