Health Care Information Regulations, Laws, and Standards

1
Health Care Information Regulations, Laws, and
Standards

• Chapter 3

2
Outline

• Accreditation, Licensure Certification
• Facility Licensure
• Certification
• Joint Commission on Accreditation of Healthcare
  Organizations (JCAHO)
• Other Accrediting Organizations

3
Outline

• Legal Aspects of Health Care Information
• Health Record as a Legal Document
• Definition
• Retention of Health Records
• Authentication
• Privacy and Confidentiality
• Pre-HIPAA
• HIPAA
• Release of Information

4
Facility Licensure

• States oversee facility licensure
• Facilities must have a license to operate
• Emphasis is on standards for physical plant,
  safety, etc.
• Minimum standards for patient records

5
Certification

• Gives authority to participate in Medicare and
  Medicaid
• Standards were established in 1970s
• Hospitals with JCAHO Accreditation have deemed
  status

6
Accreditation

• Voluntary external review
• Well known agencies
• JCAHOhospitals and other health care facilities
• NCQAmanaged care plans
• AOAOsteopathic health care organizations
• CARFRehabilitation facilities
• AAAHCAmbulatory care facilities

7
Accreditation

• Possible Benefits
• Deemed status for CMS programs and some state
  licensure
• Required for reimbursement from some payers
• Validates quality of care
• May influence liability insurance
• May enhance managed care contracts
• Gives competitive edge over non-accredited

8
JCAHO (www.jcaho.org)

• Founded as non-profit in 1951
• 85 of all general hospitals 95 of those over
  200 beds
• Now includes other types of healthcare
  organizations
• Survey every three years to compare practice to
  standards

9
JCAHO (www.jcaho.org)

• Accreditation decisions
• Accreditation
• Provisional accreditation
• Conditional accreditation
• Preliminary denial of accreditation
• Denial of accreditation
• Preliminary accreditation

10
JCAHO (www.jcaho.org)

• Emphasis on health care information and
  documentation of care
• 150 JCAHO hospital standards are scored on
  patient medical record alone

11
JCAHO Information Management

• Goal
• to support decision making to improve patient
  outcomes, improve health care documentation,
  assure patient safety, and improve performance in
  patient care, treatment, and services,
  governance, management, and support processes
  (JCAHO, 2004)

12
JCAHO Information Management

• To comply with JCAHO IM standards, hospitals must
  (JCAHO, 2004)
• Identify their information needs
• Design the structure of their information
  management system(s)
• Capture, organize, store, retrieve, process, and
  analyze data and information
• Transmit, report, display, integrate and use data
  and information
• Safeguard data and information

13
JCAHO Information Management

• There is a large section of the IM standards
  devoted to content and maintenance of patient
  records
• Other IM standards relate to
• IM planning
• Confidentiality and security
• IM processes
• Information-based decision making

14
NCQA (www.ncqa.org)

• National Committee for Quality Assurance is
  associated with three activities
• Accreditation of managed care organizations
  (MCOs)
• HEDIS (chapter 1)
• Quality Compass (chapter 1)

15
NCQA (www.ncqa.org)

• Began accrediting MCOs in 1991
• 3/4 of all enrollees in an HMO are in one
  accredited by NCQA
• NCQA surveys organizations

16
NCQA (www.ncqa.org)

• Published standards grouped into five categories
• Access service
• Qualified providers
• Staying healthy
• Getting better
• Living with illness

17
NCQA (www.ncqa.org)

• Assigns one of five accreditation levels
• Excellent
• Commendable
• Accredited
• Provisional
• Denied

18
Other Accrediting Bodies

• American Osteopathic Association (AOA)
• www.aoa-net.org
• Commission of Accreditation of Rehabilitation
  Facilities (CARF)
• www.carf.org
• Accreditation Association for Ambulatory Health
  Care (AAAHC)
• www.aaahc.org

19
Health Record as a Legal Document

• What is the legal Health Record?
• No simple answer in the electronic environment
• State and Federal laws are being modified

20
Health Record as a Legal Document

• AHIMA define Legal Health Record (LHR)
• the documentation of the healthcare services
  provided to an individual in any aspect of
  healthcare delivery by a healthcare provider
  organization.
• (Amatayakul, 2001)

21
Health Record as a Legal Document

• AHIMA defines four categories of patient data
• Legal Health Record
• Patient-Identifiable Source Data
• Administrative Data
• Derived Data

22
Retention of Health Records

• Most states have retention requirements
• When no state requirements retain records
• At least as long as the statute of limitations
• For minors, until the age of majority (defined by
  the state)

23
Authentication of Health Information

• JCAHO defines authentication as (JCAHO, 2004)
• the validation of correctness for both the
  information itself and for the person who is the
  author or the user of the information

24
Authentication of Health Information

• Forms of Authentication
• Handwritten signature
• Electronic signature
• Most states allow or are silent on electronic
  signatures
• Policies and procedures are needed to insure that
  electronic signature codes, etc are not shared

25

• What is the Definition of a Digital Signature?
• Under California law, a digital signature is
  defined as "an electronic identifier, created by
  computer, intended by the party using it to have
  the same force and effect as the use of a manual
  signature.
• Government Code Section 16.5 states that a
  digital signature shall have the same force and
  effect as a manual signature if and only if it
  embodies all of the following attributes
• It is unique to the person using it.
• It is capable of verification.
• It is under the sole control of the person using
  it.
• It is linked to data in such a manner that if the
  data are changed,
• the digital signature is invalidated, and
• It conforms to regulations adopted by the
  secretary of state.
• These proposed regulations, when adopted, will
  define the types of technologies that are
  acceptable for creating digital signatures for
  use by public entities in California. They also
  provide guidance to public entities that wish to
  utilize digital signatures for certain
  transactions.

26
Privacy and Confidentiality

• Privacyindividual's right to be left alone
• In health carethe right to limit access to
  health care information
• Confidentialitythe expectation that information
  will only be used for its intended purpose
• Confidentiality relies on trust

27
Privacy and Confidentiality

• Pre-HIPAA
• A few federal and state laws, but no
  comprehensive federal regulation to protect
  private health information
• HIPAA
• http//www.hhs.gov/ocr/privacy/hipaa/understanding
  /coveredentities/introdution.html
• Multiple Sections, including
• Privacy Rule

28
HIPAA Privacy Rule

• Key definitions
• Covered Entities
• Health plans
• Health care clearinghouses
• Health care providers

29
HIPAA Privacy Rule

• Key definitions
• Protected Health Information (PHI)
• Relates to physical or mental health, provision
  of or payment for health care
• Identifies the person
• Created or received by a covered entity
• Transmitted or maintained in any form

30
HIPAA Privacy Rule

• Five major components
• Boundaries
• Security
• Consumer control
• Accountability
• Public Responsibility

31
Release of Information

• Health care organizations need comprehensive
  policies and procedures for releasing patient
  information
• Routine Use requires consent
• Non-routine Userequires authorization

32
Release of Information Authorization Elements

• Patient Name
• Patient Date or Birth
• Name of entity to whom the information is being
  released
• Description of the health information being
  disclosed
• Statement of the reason or purpose for the
  disclosure

• Date, event or condition on which the
  authorization will expire
• Statement that the authorization may be revoked
  by the patient (or legal representative)
• Patient (or legal representative) signature
• Date of signaturemust be after the encounter

33
Summary

• Facility Licensure
• Certification
• Accreditation Standards and Processes
• JCAHO (www.jcaho.org)
• NCQA (www.ncqa.org)
• Other Accrediting Bodies

34
Summary (cont.)

• Health Record as a Legal Document
• Retention of Health Records
• Authentication of Health Information
• Privacy and Confidentiality
• HIPAA Privacy Rule
• Release of Information