75-200 words each question, reference, original work
1. T = treatment. You can view a medical record for the purpose of providing treatment to an individual.
P = payment. You can look at a medical record to obtain the necessary information to construct an accurate bill.
O= operations.
Always ask TPO every time a chart is accessed. If the answer is ‘no” to all three STAY OUT!!
Can you share examples where people should not have been in a record and what the consequences (if any) were?
1. What are the breach notice requirements for business associates and covered entities under the HITECH Act (2009)? What are the ethical responsibilities of an administrator responding to a breach?
2. When considering HIPAA, be sure to understand the minimum necessary standard rule.
Just because somebody/some entity is entitled to information doesn’t mean it is a free for all. There are limits to what is available and for what reasons. You can also think about it along the lines of being on a “need to know” basis. Think TPO (see previous post), “need to know” and minimum necessary standard rule.
How does your facility encourage complying with this?
3. How can an administrator in a health care organization influence others in the organization to use data legally and ethically? How can an administrator respond to reluctance to comply with legal and ethical standards?
4. How would you handle the employee who individually takes records home and then leaves them inadvertently on the subway, for example? Is the scenario different if employees are permitted to take records home, but are required to safeguard them than if employees are discouraged from
taking records home?
5. What are the legal requirements of data reporting, electronic prescribing, preventive data indicators, and quality data reporting? What can an administrator do to promote ethical and legal compliance by the organization?