Download - ADVANCE for Physical Therapy & Rehab Medicine

More documents

Recommendations

Info

HIPAA Privacy and RoI: the Adventure Continues A good foundation for privacy/security is just the beginning in avoiding audits By rita Bowen, MA rhiA, ChiPs, ssgB mation unconstrained by physical boundaries. Healthcare organizations now live in a virtual world, and HIM professionals must provide privacy leadership across the institution and beyond. Although it is easy for us to succumb to tunnel vision, paying attention only to that which is perceived to be in our realm, our responsibilities for patient privacy go further-much further. Our vision must expand to encompass a complete data governance policy for the entire organization. We’ll provide the remainder of a complete ROI checklist and discuss three critical areas within an organization-wide privacy and security policy where HIM professionals can lend an important hand: PHI location and JEFFREy lEESER Technology has made patient infor- data classification audits, understanding privacy and security laws and establishing a global encryption policy. ROI Checklist Continued Before we try to influence the privacy of the rest of the institution, we need assurance that our own house is in order. The ROI process is your best place to start. These checklist items are general and not all-inclusive. You must tailor them to your specific needs and situation. That being said, all of them need to be implemented to some extent. • Policy/procedures for chart pulls if you are in a paper or hybrid environment; • Principles for patient identity controls and patient look-up if you are totally electronic; • Mail opened and logged—same day; [MANAgEMENt FoCus] • Information maintained in secure/private manner on desks; • If material is printed—disposal is made within shred-bins; • Are shred bins locked prior to shredding; • Scanned document validation of patient ID and second identifier; • EHR validation of patient ID and second identifier; • Processing of subpoenas observed—standards met; • Knowledge of who to report MPI issues to; • Employees can verbalize understanding of privacy standards. Be sure to document all processes, training and validation. This is important should you ever need to show that all these steps have been taken. Validation of your efforts is the best way to minimize any penalties, fines or investigations should a breach occur. Good faith best efforts go a long way and are proof that everyone was doing their part should the inevitable occur. Beyond Checklist 101 A good foundation for privacy/security is just the beginning of the process. There is a need for considerably more broad work to be done to create a complete data governance program, as mentioned in the beginning of this article. More advanced efforts may be the purview of management, but those efforts must translate to action. Three areas of concern that HIM directors should participate in or lead are: • PHI location and data classification audit; • Federal/state privacy and security law analysis; • Global encryption policy. Where Is It? It is amazing the number of places you can find PHI. Ask IT, the business office, case management, utilization review and all clinical areas where PHI resides, and you will have a good starting point for defining the world of privacy. After compiling your list, walk around and classify the type of data. Then you should work with IT to verify the list. You will often find areas that are overlooked such as unattended computer terminals and ADVANCE for Physical Therapy & Rehab Medicine 9
[MANAgEMENt FoCus] sticky notes with patient information stuck everywhere. You also may find areas of PHI that are not on anybody’s radar screen such as discarded documents in ancillary departments or stacks of charts left unattended. Lastly, business associates (BA) need to be contractually obligated to adhere to HIPAA compliant privacy and security policies and procedure. Any PHI that leaves your organization with a BA, paper or electronic, must be covered. Your BAs also should be subject to your “trust but verify” school of thought. Which Rule Do We Adhere To? State and federal privacy and security laws exist, and HIM professionals should understand both. Adhere to the most stringent policies in cases where they differ. It comes as no surprise that in some cases state and federal law contradict each other. You need to know where these conflicts are and present them to your legal counsel for clarification on how to proceed is that instance. 10 ADVANCE for Physical Therapy & Rehab Medicine To Encrypt or Not To Encrypt That is the question. The law does not mandate encryption. Yet we believe it is on the way. We suggest you go beyond and above the law with encryption by establishing a global encryption policy for your organization. The majority of large breaches involved theft of an unencrypted device, hard drive or other electronic media. Simple, inexpensive encryption would have saved the day in many of these breaches. Yes, it is a bit of work and does incur an added expense. However, the cost of encryption has dropped steadily while the cost of breach has risen considerably. This better justifies the cost/benefit of encryption. For example, Blue Cross Blue Shield of Tennessee just settled for a $1.5 million penalty in a large breach that involved unsecured physical facilities and unencrypted computer hard drives. It was stated by Computerworld that BCBS spent nearly $17 million in investigation, notification and protection efforts. Encrypting the data and locking down access seems like a much more cost- effective solution. Finally, it is important for HIM professionals to remember that if a breach occurs by an HIM business associate (e.g., record auditor, outsourced transcription or coding services provider) your organization is held responsible and must bear the brunt of the cost and reputational harm. So as you can see through this article and the CMS “wall of shame,” our realm is really much larger than it looks. HIM responsibilities to help protect patient information extend across the entire galaxy of data governance. Data governance is a whole new world for HIM professionals. n Rita Bowen is senior vice president of HIM and privacy officer, Health Port, Alpharetta, GA. www.advanceweb.com/pt For more information on business & practice management, see our specialty resource centers at www. advanceweb.com/PTBusiness
Page 1 and 2: Our digital editions give you two u
Page 3 and 4: Don’t win an iPad... Cross ss Cou
Page 5 and 6: contents ADVANCE FoR PHYsICAl tHERA
Page 7 and 8: [MORe ARTiCleS] 9 Management Focus:
Page 9: [EDiToR’S ViEw] 8National Rehabil
Page 13 and 14: [CoVER stoRY] ruNNiNg righT how To
Page 15 and 16: [CoVER stoRY] that patients adhere
Page 17 and 18: [Foot DRoP] Positive steps Understa
Page 19 and 20: [Foot DRoP] for strengthening or us
Page 21 and 22: [lAsER tHERAPY] laser and living ti
Page 23 and 24: [lAsER tHERAPY] Therapeutic Laser S
Page 25 and 26: [BACK PAIN] Pain Epidemic Physical
Page 27 and 28: [INFECtIoN CoNtRol] soft-surface Co
Page 29 and 30: [AquAtIC tHERAPY] Confidence gain W
Page 31 and 32: 30 ADVANCE for Physical Therapy & R
Page 33 and 34: [CoVER stoRY] running continued fro
Page 35 and 36: [CE DIRECTORY] • • Summer Webin
Page 37 and 38: Register Online at www.usa.edu or C
Page 39 and 40: [CE DIRECTORY] Attention Therapists
Page 41 and 42: [CE DIRECTORY] AUG. 12, 2012 NEWPOR
Page 43 and 44: [CE DIRECTORY] group discounts. Con
Page 45 and 46: [CE DIRECTORY] with disabilities. T
Page 47 and 48: [CE DIRECTORY] program producing LA
Page 49 and 50: EMPLOYMENT OPPORTUNITIES New York,
Page 51 and 52: EMPLOYMENT OPPORTUNITIES New Jersey
Page 53 and 54: EMPLOYMENT OPPORTUNITIES Pennsylvan
Page 55 and 56: EMPLOYMENT OPPORTUNITIES North Caro
Page 57 and 58: EMPLOYMENT OPPORTUNITIES Hawaii, Al
Page 59 and 60: EMPLOYMENT OPPORTUNITIES National,
Page 61 and 62:
Travel Mug 12 oz. Stainless steel.
Page 63 and 64:
Celebrate Rehab! 62 ADVANCE for Phy
Page 65 and 66:
Introducing the newest innovation f
Page 67 and 68:
Have you visited advancehealthcares
Page 69:
(505) 856-2029 www.KinesioTaping.co
show all

Download - ADVANCE for Physical Therapy & Rehab Medicine

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?