POLICY & PROCEDURE. This policy applies to all healthcare organizations owned and/or managed by WFH.

Similar documents
Creation Date: 1/30/15 Title: Patient Right to Access, Inspect and Copy Revision History:

Pennsylvania Hospital & Surgery Center ADMINISTRATIVE POLICY MANUAL

PATIENT PRIVACY: RIGHT TO ACCESS PROTECTED HEALTH INFORMATION IN THE DESIGNATED RECORD SET POLICY

[Enter Organization Logo] USE AND DISCLOSURE OF MENTAL HEALTH RECORDS. Policy Number: [Enter] Effective Date: [Enter]

CLINICIAN S GUIDE TO HIPAA PRIVACY

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

POLICY NUMBER B JULY 8, 2014

HIPAA in DPH. HIPAA in the Division of Public Health. February 19, February 19, 2003 Division of Public Health 1

NOTICE OF PRIVACY PRACTICES UNIVERSITY OF CALIFORNIA IRVINE HEALTHSYSTEM

Notice of Privacy Practices

DEPARTM PRACTICES. Effective: Tel: Fax: to protecting. Alice Gleghorn, Page 1

REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY

HIPAA Privacy Rule and Sharing Information Related to Mental Health

NOTICE OF PRIVACY PRACTICES

A general review of HIPAA standards and privacy practices 2016

Privacy & Security of Occupational, Behavioral & Deceased Patient Records Alisha R. Smith, RHIA

SUMMARY OF JOINT NOTICE OF PRIVACY PRACTICES (HOSPITAL AND MEMBERS OF ITS MEDICAL STAFF)

NOTICE OF PRIVACY PRACTICES

SUNY DOWNSTATE MEDICAL CENTER POLICY AND PROCEDURE

Chapter 7 Section 22.1

Parental Consent For Minors to Receive Services

HEALTH INFORMATION TECHNOLOGY (HIT) COURSES

Mental Health. Notice of Privacy Practices

HIPAA Policies and Procedures Manual

MAIN STREET RADIOLOGY

HIPAA Notice of Privacy Practices

BON SECOURS RICHMOND NOTICE OF PRIVACY PRACTICES

Chapter 7 Section 22.1

Designated Record Set Health Record The health information described below may be maintained in any medium (paper, electronic, digital, etc)

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

NOTICE OF PRIVACY PRACTICES

Notice of Privacy Practices

Notice of HIPAA Privacy Practices Updates

OREGON ADMINISTRATIVE RULES DEPARTMENT OF HUMAN SERVICES, PUBLIC HEALTH DIVISION CHAPTER 333 DIVISION 270

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

The Queen s Medical Center HIPAA Training Packet for Researchers

Notice of Privacy Practices

SUMMARY OF NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES OF THE OSF HEALTHCARE SINGLE AFFILIATED COVERED ENTITY

HIPAA PRIVACY TRAINING

NORTH COUNTRY HEALTHCARE

NOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM

PARAGOULD DOCTORS CLINIC PRIVACY NOTICE

Release of Medical Records in Ohio OHIMA. Ohio Revised Code (ORC) HIPAA

HIPAA Privacy Training for Non-Clinical Workforce

NOTICE OF PRIVACY PRACTICES

Measures Reporting for Eligible Hospitals

AN ACT. SECTION 1. Title 4, Civil Practice and Remedies Code, is amended by CHAPTER 74A. LIMITATION OF LIABILITY RELATING TO HEALTH INFORMATION

Understanding the Privacy and Security Regulations

Memorial Hermann Information Exchange. MHiE POLICIES & PROCEDURES MANUAL

PFF Patient Registry Protocol Version 1.0 date 21 Jan 2016

JOINT NOTICE OF PRIVACY PRACTICES

CHI Mercy Health. Definitions

Privacy Practices Home Visit Doctor, LLC July 2017

NOTICE OF PRIVACY PRACTICE UNIVERSITY OF CALIFORNIA SAN FRANCISCO DENTAL CENTER

ACCF Diabetes Collaborative Registry Program Requirements v1.2 Posted on 9/14/2015

General Information. Overview. Purpose. Table of Contents

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA

2514 Stenson Dr Cedar Park TX Fax

CINCINNATI CHILDREN S HOSPITAL MEDICAL CENTER CONSENT TO PARTICIPATE IN A RESEARCH STUDY

NOTICE OF PRIVACY PRACTICES Mid-Atlantic Women s Care, PLC Effective Date: September 23, 2013 Last Revised: February 15, 2018

Patient Instructions to Obtain Copies of Medical Records

- Cardiac Catherization - Cardiac Angioplasty - Cardiac Bypass - MUGA - CT Scan

HIPAA Notice of Privacy Practices

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

Notice of Privacy Practices

Compliance Program, Code of Conduct, and HIPAA

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

NOTICE OF PRIVACY PRACTICES

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.

Prescription Monitoring Program State Profiles - Illinois

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES FOR MAYO CLINIC ARIZONA

1303A West Campus Drive

Associates in ear, nose, throat/ Head & Neck surgery, pllc

Columbia Medical Practice- Pediatrics Ken Klebanow M.D. and Associates

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

THE ECONOMICS OF MEDICAL PRACTICE UNDER HIPAA/HITECH

Form B - For those enrolled in other insurance

OREGON HIPAA NOTICE FORM

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

HIPAA and Joint Commission Requirements Compared and Contrasted

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

Lutheran Brethren Homes, Inc. NOTICE OF PRIVACY PRACTICES

HIPAA Education Program

Regulatory Issues Facing Student Health Centers Presented by: Richard T. Yarmel and Edward H. Townsend

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

Oklahoma Surgicare NOTICE OF PRIVACY PRACTICES. Effective Date: 02/17/2010

Johns Hopkins Notice of Privacy Practices for Health Care Providers

Patient Privacy Requirements Beyond HIPAA

RESEARCH POLICY MANUAL

Opp Health and Rehabilitation, LLC 115 Paulk Avenue P.O. Box 730 Opp, AL Phone Number: (334)

HIPAA PRIVACY RULE: ACCESS TO PROTECTED HEALTH INFORMATION. A. General Right to Access Protected Health Information 1

Greenwood Connections Notice of Privacy Practice

Qualifying for Medicare Incentive Payments with Crystal Practice Management. Version 1.0

Pre-Application Technical Assistance to Community-Based Primary Care Clinics

Re-Vita -Life. Sub-dermal Bio-identical Pellets

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

Transcription:

Category: POLICY & PROCEDURE Subject: Classification: Policy Owner: Management Approved Vice President of Corporate Responsibility Approved by: SVP Ascension Health/Wisconsin Ministry Market Executive Effective: June 1, 2016 POLICY: RATIONALE: SCOPE: DEFINITIONS: Healthcare ( WFH ) maintains a Designated Record Set that is subject to patients rights as defined under the Federal Health Insurance Portability and Accountability Act of 1996 ( HIPAA ). Our Values of Respect and Integrity call us to protect patient privacy, respect patient rights and follow regulations which govern health information. This policy applies to all healthcare organizations owned and/or managed by WFH. Administrative Data: As defined by the American Health Information Management Association ( AHIMA ), are patient identifiable data used for administrative, regulatory, health care operations and payment (financial) purposes. Examples include: birth certificate worksheets and authorization forms for release of information, correspondence concerning requests for records, vital certificate worksheets, audit trails, copies of claims, incident or patient safety reports, indices, logs, registries, patient identifiable data reviewed for quality improvement, peer review or utilization management. Derived Data: As defined by AHIMA, consists of information aggregated or summarized from patient records so that there are no means to identify patients. Derived data used for operational purposes of the organization include: audits and audit results, statistical reports, peer review records, quality improvement, utilization management, corporate compliance, and risk assessment records, anonymous patient data for research purposes, transmission reports for MDS, OASIS and IRF PAI, accreditation reports. Designated Record Set ( DRS ): As defined in the Federal Privacy Rule 42 CFR 164.501 (HIPAA), is 1. A group of records maintained by or for a covered entity that is: The medical records and billing records about patients maintained by or for a covered health care provider; The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or Information used in whole or in part, by or for the covered entity to make decisions about patients. 2. For purposes of this definition, the term record means any item, collection, or grouping of information that include PHI and is maintained, collected, used, or disseminated by or for a covered entity. Page 1 of 5

Legal Health Record ( LHR ): As defined by AHIMA October, 2001, is the documentation (official business record) of the health care services provided to an patient in any aspect of health care delivery by a health care provider organization. The LHR is individually identifiable data, in any medium, collected and directly used in and/or documenting healthcare or health status. The term includes records of care in any health-related setting used by health care professionals while providing patient care services, for reviewing patient data, or documenting observations, actions, or instructions. The LHR for each organization is outlined in Appendix A of this policy. Patient Identifiable Source Data: As defined by AHIMA, are data from which interpretation, summaries, notes, etc. are derived. Source data is an adjunct component of the LHR and is often maintained in a separate location or database and provided the same level of confidentiality as the LHR. Example: diagnostic films and images. Protected Health Information (PHI): As defined in the Federal Privacy Rule 42 CFR 164.501 is individually identifiable health information, whether oral or recorded in any form or medium, that is created by or received by the organization (health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse), including demographic information, that identifies a person, or provides a reasonable basis to believe the information can be used to identify a person, and relates to: 1. Past, present or future physical or mental health or condition of a personl. 2. The provision of health care to a person. 3. The past, present, or future payment for the provision of health care to a person. Psychotherapy Notes: As defined in the Federal Privacy Rule 42 CFR 164.501, means notes recorded (in any medium) by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and are separated from the rest of the patient s medical record. Psychotherapy notes exclude medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date. PROCEDURE: 1. The following shall be maintained in a DRS: Billing Record: Content of the patient account file in a paper or computerbased record environment. Health Plan Records: The enrollment, payment, claims adjudication, and case or medical management record maintained by or for a health plan. Medical Record: Information defined as the LHR in a paper or computerbased record environment. Other Records Used to Make Decisions About the Patient: o Records created by another health care provider when used to make decisions about the patient. o Documents/reports generated by health care providers to support the required documentation needs of the patient s care being provided at the organization (such as a hospital history and physical from the physician s office). o Outside test results such as pathology report for tests ordered by the physician and performed by another provider. Page 2 of 5

Personal Health Records: Copies of personal health records created, owned, and managed by the patient and provided to the organization. 2. The following shall not be maintained as part of the DRS: Administrative Data: (See definition above) including birth certificate worksheets and authorization forms for release of information, correspondence concerning requests for records, vital certificate worksheets, audit trails, copies of claims, incident or patient safety reports, indices, logs, registries, patient identifiable data reviewed for quality improvement, peer review or utilization management. CLIA Documents: Information not subject to disclosure under the Clinical Laboratory Improvements Amendments of 1988 (CLIA) or other federal or state laws. Derived Data (See definition above) including: audits and audit results, statistical reports, peer review records, quality improvement, utilization management, corporate compliance, and risk assessment records, anonymous patient data for research purposes, transmission reports for MDS, OASIS and IRF PAI, accreditation reports. Education records covered by the Family Educational Right and Privacy Act, as amended, 20 U.S.C. 1232g(a)(4)(B)(iv) such as immunization records. Employer Records held by a health plan or health care provider in its role as employer, such as pre-employment physicals, workers compensation related documentation, results of HIV and TB tests. Health information that is not used to make decisions about the patient such as data collected and maintained for research, peer review, or performance improvement purposes; appointment and surgery schedules, birth and death registers, and surgery registers. Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or other legal proceeding. Other Documents such as guardianship documents and adoption documents that include identifying information of birth parents. Psychotherapy Notes (See definition above) Source Data that is interpreted or summarized in the patient s medical record. Examples include films, videos, slides, tracings, raw test data, etc. unless interpretations, summarizations or transcriptions are not available. Working Records such as notes or other source documentation only if the information is available elsewhere in the medical or billing record. Examples include: raw test data, audiotapes, videos/photographs used for educational purposes, telemedicine records, coding/ur worksheets, billing/accounts payable working notes regarding claim status, patient conversations, claim reviews, etc. 3. Access to Source Data When a patient specifically requests access to source data in addition to the DRS, the patient will be provided with access to or a copy of the source data when such access is possible; would not violate state or federal laws or regulations and would not endanger the privacy, health or safety of the patient or another person. 4. Records Held by a Business Associate Records held by a business associate of WFH that meet the definition of DRS are part of the WFH organization s DRS. Page 3 of 5

REFERENCES AHIMA e-him Work Group on Legal Health Record. Update: Guidelines for Defining Legal Health Record for Disclosure Purposes. Journal of AHIMA 76, No. 8 (September 2005): 64A-G. AHIMA e-him Work Group on Legal Health Record. Update: Maintaining a Legal Sound Health Record Paper and Electronic. Journal of AHIMA 76, No. 10 (November-December 2005): 64A-L. Amatayakul, Margret et al. Practice Brief: Definition of the Health Record for Legal Purposes. Journal of AHIMA 72, no. 9 (2001). Hughes, Gwen. Practice Brief: Defining the Designated Record Set. Journal of AHIMA 74, no.1 (2003). NCHICA Designated Record Sets Word Group and Privacy and Confidentiality Focus Group. Guidance for Identifying Designated Record Sets under HIPAA. Version 2. February 3, 2003. Privacy Act of 1974. 5 USC, Section 552A. Standards for Privacy of Individually Identifiable Health Information ; Final Rule. 45 CFR Parts 160 and 164. Federal Register 67, no. 157 (August 14, 2002). Replaces: Cross reference: Review Period: Uses and Disclosure of Health Information policy Two (2) years Original Policy Date: Dates Updated: December 14, 2009; May 15, 2012; June 1, 2016 Page 4 of 5

Appendix A Legal Health Record WFH-All Saints, WFH-St. Francis, WFH-Franklin, Home Health and Hospice The Terrace at St. Francis, Woods, Lake Shore Manor Medical Group, Metro Physicians Legal Health Record The paper record maintained by Health Information Management, Horizon Patient Folder or EPIC (or similar electronic medical record) if implemented. A matrix will be maintained by Health Information Management to indicate the Electronic Health Record implementation by date and practice. The paper record maintained by Health Information Management and the Electronic Health Record. The combination of the paper record maintained by Health Information Management and the EHR if implemented. The paper record maintained by Health Information Management or EPIC (or similar electronic medical record) if implemented. A matrix will be maintained by Health Information Management to indicate the EHR implementation by date and practice. Page 5 of 5

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback