Chapter 3Risk Management in EmploymentEmployment Re.docx

Chapter 3:
Risk Management in Employment
Employment Relationship carries Risk
• Risk to an organization is not limited to
provider-patient relationships
• As in any business, the healthcare organization
has responsibilities to its employees. Many of
which, if not properly implemented/enforced,
can lead to negative and litigious results
Employment-at-Will
• An employer may dismiss an employee
hired for an indefinite period of time for
any reason or no reason at all without
incurring liability to the employee
• Caveat: cannot discharge for an unlawful
reason, such as racial discrimination

Implicit Employment Contracts
• Though most states follow the employment-at-
will doctrine, many organizations may
unknowingly negate their ability to apply this
principle through
– Employer policies (i.e. progressive disciplinary policy)
– Oral assurances (i.e. looks like you have a bright
future ahead of you here)
– Industry customs (i.e. after so many years in one
position, employees are promoted to the next level)
– Employer conduct (i.e. allowing some employees
more chances to correct errors than others)
Burden of Proof
• In civil litigation of discrimination, the burden of
proof is usually on the plaintiff -they must show:
• Membership in a protected group
• Satisfactory job performance or appropriate
qualifications for the job being sought
• Receipt of discipline, termination or rejection
despite having the qualifications

• Employees of another protected class were
disciplined less severely or the employer continued
to accept application of people who were no better
qualified
Sexual Harassment
• Unwelcome sexual advances, request for
sexual favors or other verbal or physical
conduct of a sexual nature when it is one of
the following:
• is a condition of employment
• is the basis of employment decisions
• interferes with work performance
• creates a hostile work environment
Minimizing Risk of Sexual Harassment
• Organization must exercise reasonable care to
prevent and correct any sexually harassing
behavior

– Written policies/procedures
– Documented staff training on policies/procedures
– Consistently adhere to and enforce policies
– Immediately investigate allegations of sexual
harassment
Responsibility of the Employee
• Employee must report occurrences of sexual
harassment to employer
– Employer must be given the opportunity to investigate
and take corrective action
• Though it is important that an employer investigate
all reports of sexual harassment, proactively
addressing situations or behavior that may be
perceived as sexual harassment is imperative.
– If management is aware of a potential situation and does
nothing, the risk of litigation and penalty is increased
People with HIV or AIDS
are protected by the ADA
Persons with HIV disease, both
symptomatic and asymptomatic, have

physical impairments that substantially
limit one or more major life activities and
are, therefore, protected by the law.
Americans with Disabilities Act
1990
• Definition of Disability:
A physical or mental impairment that
substantially limits one or more major life
activities or a record of such impairment or
being regarded as having such an impairment.
• The facility must determine the essential
job functions of a position and make
reasonable accommodations for a
disabled employee.
Due Process
• When confronting alleged misconduct, there
must be Due Process:
– A clear rule against the misconduct
– The rule must be reasonable

– A thorough and objective investigation
– Notice of the charges and penalty
– Opportunity to respond or appeal in some way
Worker’s compensation
• Mutually beneficial social insurance system
where the employer takes care of an injured
employee’s medical costs and part of the
salary in exchange for the waiver of the
employee’s right to sue.
Retaliation
• Retaliation may be said to occur when an employee
is subjected to adverse employment action (i.e.
termination) because of an action he took that was
within his rights (i.e. reported sexual harassment)
• Retaliation is more easily proved by the claimant
than other allegations. A claim includes:
– The employee engaged in protected activity
– The employer took adverse action against the employee

– A causal connection exists between the protected activity
and the adverse employment action
Whistleblowing
• Whistleblowing is the action in which an
employee reports employer misconduct to
legal authorities. It is supported by
– The Elder Justice Act
– False Claims Act
• Whistleblowers do NOT have to report the
misconduct internally to management first
Social Media
• As employees become more adept in using social
media, employers must take care in policing so as
not to impinge upon freedom of speech
• Employers need to implement policies that clearly
define what is and is not permitted during work
hours in terms of us of company computer
– Define confidential information that is not to be shared
– Prohibit defamation, harassment and use of
questionable websites

Background Checks
• Background checks are required in many
states and help minimize the risk of Negligent
hiring.
• Healthcare organizations must perform due
diligence when hiring:
– Background check for criminal record or other
disqualifying actions
– Validating credentials
Incivility and Violence
• Poor and/or disruptive behavior (some of
which is violent) by physicians and nurses is
well documented.
• Ignoring this problem can increase the risk of
patient and employee safety as well as of
litigation and penalty
Defamation
• As part of their due diligence, prospective
employers will contact previous employers to
requesting a reference. This may cause a
dilemma for the previous employer:
– Should they provide true information about the

applicant and perhaps open the organization up to
defamation charges?
– If they do not disclose information regarding the
potential for future harm to patients, is the
previous employer liable should harm take place?
Recommended Risk Management
Strategies for Employers
• Address issues of microinequity which, alone
may appear of little concern, but over time
have large implications to employee morale,
retention and patient safety
• Nurture employee engagement
• Management should be proactive in
monitoring provider and employee behavior
• Be consistent in application of policy
Summary
• It is crucial to understand employment
laws and how they relate to the facility
– Ignorance may lead to increased risk of
employment related lawsuits

– Patient safety may also be at risk if
employment laws are not followed
• Management staff and employees must
know and follow employment policies
Chapter 2:
Regulatory Environment
Most Regulated Industry
• Health Care is one of the most regulated
industries in the US.
• It is vital to be aware of and understand
what regulations may affect the facility.
Standards
Statements concerning proper procedures
taken in a given situation:
• Explicit or implicit

• National or local
• Validated or Consensual
• Used or ignored
• Periodically updated or static
Legal Standards
• Judicial system (court decisions) provides
initiative for implementing standards public
health rules
– Disease reporting requirements
– Immunizations
– Worker’s comp
– Licensing of professionals
Federal Mandatory Regulations
• CMS
• OSHA
• HIPAA
• EMTALA

• Mammography Quality Standards Act
• Safe Medical Devices Act
• MedWatch
• MWTA
• EPA
State Mandatory Regulations
• Professional Licensure of Providers
• Smoke-free Workplaces
• Smoke-free Environment
• Violence Prevention
State Mandated Risk
Management Legislation
• Risk Management Responsibility
• Governing Body Involvement
• Risk Identification
• Risk Analysis

• Risk Management Education
State Mandated Risk
Management Legislation
• Sharing Information
• Patient Grievance Procedures
• Immunity and Confidentiality for Providers
• Risk Management Follow-up Procedures
Reimbursement Standards
Payers set their own standards for
reimbursement
• Fee for service
• Negotiated fees
• Capitation
• Prospective payment
• RBRVS
Medicare Incentives to Improve Quality

• Evidence based medicine in now generally
accepted as essential to effective and safe
medical practice.
• This link was presented in 2 seminal works
from IOM:
– Crossing the Quality Chasm
– To Err Is Human
Deficit Reduction Act 2003 and Beyond
• Pay for Posting
• Pay for Performance
• Value Based Purchasing
• Scores and Withhold Determination
False Claims Act
• Anti-fraud activities
• Lawsuits
• Revocation of Medicare participation

Practice Guidelines
• Accreditation Programs develop standards
and facilities can voluntarily apply for review
– Joint Commission on the Accreditation of
Healthcare Organizations (Joint Commission)
– National Committee for Quality Assurance
(NCQA)
• Many equate facility accreditation with quality
– Medicare accepts a JCAHO accreditation as
evidence that a hospital meets Medicare
conditions of participation
Summary
• IGNORANCE of the Law is no excuse
• Know the regulations
– Identify which ones are pertinent to the facility
– Ensure that appropriate policies are in place
– Document compliance

Chapter 1:
Risk
Management
Dynamics
Healthcare can hurt…
• In the 1970’s, the fact that receiving healthcare
services can actually cause harm was brought
to the forefront with the Institute of Medicine
report “To Err is Human: Building a Safer Health
Care System”:
– In 2 studies, adverse events occurred in 2.9% and
3.7% of hospitalizations
– More than half of these adverse events were the
result of preventable medical errors
– Extrapolation: > 1 million medical errors may occur
each year resulting in 140,000 deaths
More data about medical errors
Studies indicate the following:

– Hospital employees recognize and report only 1 in
7 medical errors that harm Medicare patients
• Even after medical errors are reported and investigated,
many hospitals do not change their practices to prevent
repetition of the event
– >50% of patients treated for side effects and other
medication related injuries were 65+ years old
– Continued reporting of wrong-site surgeries
What can be done?
• The Joint Commission recommended safety
standards in 2001 that relate to:
– Providing leadership
– Improving organizational performance
– Information management
– Patient’s rights
• It is imperative to monitor adverse events
from 2 standpoints:
– Quality of care
– Legal responsibility to do no harm
How do we monitor adverse events and
ensure patient safety?

• Recognize and minimize instances where a
medical error can occur
This is the function of Risk Management
What is Risk?
Uncertainty about future events that
may threaten the safety of patients
and the assets and reputations of
providers.
What do we mean by assets?
• People – patients, clinicians, volunteers,
and employees
• Property – buildings, facilities,
equipment, and materials
• Financial – revenue, reserves, grants,
and reimbursement
• Goodwill – health and well-being,
reputation, and stature in the community

What is Risk Management?
• Discipline for dealing with the possibility
that some future event will cause harm.
– An organized effort to identify, assess and
reduce risks to patients, visitors and staff
Objective of Risk Management
• To reduce the risk of preventable
accidents and injuries and minimize the
financial loss if one occurs
– It provides strategies, techniques and an
approach to recognizing and confronting any
threat faced by an organization.
In other words…
• What can go wrong?
• What will we do to prevent harm and in the
aftermath of an incident?

• If something happens, how will we pay for
it?
What are the risks we
are trying to protect against?
• Antitrust violations
• Breach of contract
• Casualty exposure
• Defamation
• Embezzlement
• Environmental damage
• Fraud and abuse
• General liability
• Hazardous substance
exposure
• Professional
malpractice
• Securities violations
• Transportation liability
• Worker’s
compensation
So, what will be done?
In the Risk Management Process we will:

• Identify Risk
• Perform Risk Analysis
• Implement Risk Control/Treatment
• Finance Risk
Risk Identification
• Continuous collection of information to
search for the various liability risks such as
• Property risks
• Casualty/liability risks
• Employee benefit risks
Risk Analysis
• Evaluating past experience and current
exposure to limit the impact of risk,
keeping in mind that there are different
levels of Risk
• Severity to the individual and/or organization

• Number of people harmed or potentially
harmed
• Likelihood or frequency of occurrence
Risk Control/Treatment
• Most common function of risk management
programs
• Risk Management programs should categorize
potential liability into 4 categories:
• Bodily injury
• Liability loss
• Property loss
• Consequential loss
Risk Control/Treatment
• Risk Acceptance
• Exposure Avoidance
• Loss Prevention
• Loss Reduction
• Exposure Segregation

• Contractual Transfer
• There are many methods and techniques an
organization can use to minimize risk:
Risk Financing
• An organization should have financing
available to fund losses and implement risk
management activities
– Self-insurance
– Commercial insurance
– Budgetary funds set for activities and/or losses
American Society of Healthcare Risk
Management (ASHRM)
Components in a risk management program:
– Designate risk manager
– Access to all data
– Organizational commitment
– System for identification, review and analysis of
adverse outcomes

– Ability to integrate and share data
– Evaluate risk management program activities
– Provide educational programs
– Provide information on staff competency
Three Major Functions of Risk
Management – Business Orientation
• Reducing the organizations’ risk of malpractice
suite by maintaining or improving the quality
of care
• Reducing the probability of a claim being filed
• Preserving the organization’s assets once a
claim has been filed
‘Red Flag’ Areas to Watch
• Treatment Conditions
• Patient Relations
• Practice Management
• Conduct of Staff

Risk Management Tools
for Identifying Risk
• Incident Reporting
• Occurrence Reporting
• Occurrence Screening
Incident Reporting
System to identify events that are not
consistent with the routine operation of a
hospital or routine care of patients
Occurrence Reporting
A policy listing specific adverse events
that MUST be reports
• Required by some states and insurers
• Can increase identification of adverse
events to 40-60%

Occurrence Screening
System that identifies deviations from
normal procedures or expected
outcomes
• Uses criteria to identify adverse events
but does not rely on staff reporting
• Increases identification of adverse events
to 80-85%
Risk and Quality of Care
• There is sometimes overlap between
these functions in the healthcare setting.
• Integrating risk management and quality
assurance functions can result in:
– Maximization of the use of limited resources
– Elimination of duplication
– Developing new solutions to problems
– Facilitation of training programs
– Improvement of budget process

Specific Risk Management Functions
• Incident Identification, Reporting and Tracking
• State Mandated Incident Reporting
• Incident Review and Evaluation
• Take action to prevent recurrence of incidents
• Internal Documentation
• Credentialing and Privileging
• Patient Complaint Programs
• Risk Management Education
Summary
• Risk Management is about reducing
preventable adverse events and minimize
financial loss should such events occur.
• There are many tools available to assist
the Risk Manager.

CHAPTER
© 2012 The McGraw-Hill Companies, Inc. All rights
reserved.McGraw-Hill
2
HIPAA, HITECH, and
Medical Records
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Learning Outcomes
When you finish this chapter, you will be able to:
2.1 List several legal uses of a patient’s medical record.
2.2 Define HIPAA and HITECH, and name the three
types of covered entities that must comply with
them.
2.3 Discuss how the HIPAA Privacy Rule protects
patients’ protected health information (PHI).
2.4 Discuss how the HIPAA Security Rule protects
electronic protected health information (ePHI).

2.5 Explain the purpose of the HITECH breach
notification rule.
2-2
Learning Outcomes (Continued)
2.6 State the goal of the HIPAA Electronic Health Care
Transactions and Code Sets (TCS) standards and
list the HIPAA transactions and code sets standards
that will be required in the future.
2.7 Discuss some of the most common threats to the
privacy and security of electronic information and
ways in which the HITECH Act addresses them.
2.8 Define fraud and abuse in health care and cite an
example of each.
2-3

2.9 Describe the various government agencies that are
responsible for enforcing HIPAA.
2.10 Identify the parts of a compliance plan and the types
of documentation used to demonstrate compliance.
2-4
Key Terms
• abuse
• Acknowledgment of
Receipt of Notice of
Privacy Practices
• ASC X12 Version 5010
• audit
• breach

• breach notification
• business associate
• Centers for Medicare
and Medicaid Services
(CMS)
2-5
• clearinghouse
• code set
• covered entity
• electronic data
interchange (EDI)
• electronic protected
health information (ePHI)
• encryption
• fraud
• Health Care Fraud and
Abuse Control Program

Key Terms (Continued)
• Health Information
Technology for
Economic and Clinical
Health (HITECH) Act
• HIPAA Electronic Health
Care Transactions and
Code Sets (TCS)
• HIPAA National
Identifiers
• HIPAA Privacy Rule
• HIPAA Security Rule
2-6
• National Provider
Identifier (NPI)
• Notice of Privacy
Practices (NPP)

• protected health
information (PHI)
• release of information
(ROI)
• treatment, payment, and
health care operations
(TPO)
2.1 The Legal Medical Record 2-7
Medical records serve legal purposes, such as:
– providing a physician with defense against
accusations that patients were not treated correctly,
– providing appropriate documentation,
– proving medical necessity,
– proving medical professional liability was met.

2.2 Health Care Regulation 2-8
• Centers for Medicare and Medicaid Services
(CMS)—federal agency in the Department of
Health and Human Services that runs Medicare,
Medicaid, clinical laboratories, and other
government health programs; responsible for
enforcing all HIPAA standards other than the
privacy and security standards
• Electronic data interchange (EDI)—computer-
to-computer exchange of routine business
information using publicly available electronic
standards
2.2 Health Care Regulation (Continued) 2-9
• HIPAA is a law designed to:
– ensure the security and privacy of health information,
– ensure the portability of employer-provided health

insurance coverage for workers and their families
when they change or lose their jobs,
– increase accountability and decrease fraud and
abuse in health care, and
– improve the efficiency of health care delivery by
creating standards for electronic transmission of
health care transactions.
• Health Information Technology for Economic
and Clinical Health (HITECH) Act—provisions
in the ARRA of 2009 that extend and reinforce
HIPAA and contain new breach notification
requirements for covered entities and business
associates, guidance on ways to encrypt or
destroy PHI to prevent a breach, requirements
for informing individuals when a breach occurs,

higher monetary penalties for HIPAA violations,
and stronger enforcement of the Privacy and
Security Rules
• Covered entity—under HIPAA, a health plan,
clearinghouse, or provider who transmits any
health information in electronic form in
connection with a HIPAA transaction
• Clearinghouse—a company that processes
electronic health information and executes
electronic transactions for providers
• Business associate—a person or organization
that requires access to PHI to perform a function
or activity on behalf of a covered entity but is not
part of its workforce

2.3 HIPAA Privacy Rule 2-12
• HIPAA Privacy Rule—law that regulates the
use and disclosure of patients’ protected health
information
• Protected health information (PHI)—
individually identifiable health information
transmitted or maintained by electronic media or
in any other form or medium
– The minimum necessary standard means using
reasonable safeguards to protect PHI from being
accidentally released to those not needing the
information during an appropriate use or disclosure.
2.3 HIPAA Privacy Rule (Continued) 2-13
• Notice of Privacy Practices (NPP)—HIPAA-
mandated document stating the privacy policies

and procedures of a covered entity
• Acknowledgment of Receipt of Notice of
Privacy Practices—form accompanying a
covered entity’s Notice of Privacy Practices
• Release of information (ROI)—process
followed by employees of covered entities when
releasing patient information
2.3 HIPAA Privacy Rule (Continued) 2-14
• Treatment, payment, and health care
operations (TPO)—under HIPAA, three
conditions under which patients’ protected
health information may be released without their
consent
2.4 HIPAA Security Rule 2-15

• HIPAA Security Rule—law that requires
covered entities to establish administrative,
physical, and technical safeguards to protect the
confidentiality, integrity, and availability of health
information
• Electronic protected health information
(ePHI)—PHI that is created, received,
maintained, or transmitted in electronic form
– Regulations under the HIPAA Security Rule apply to
ePHI.
2.4 HIPAA Security Rule (Continued) 2-16
• The HIPAA Security Rule contains requirements
for three types of safeguards to prevent security
breaches:
– Administrative
– Physical

– Technical
• Encryption—process of converting electronic
information into an unreadable format before it is
distributed
2.5 HITECH Breach Notification Rule 2-17
• Breach—under the HIPAA Privacy Rule,
impermissible use or disclosure that
compromises the security or privacy of PHI that
could pose a significant risk of financial,
reputational, or other harm to the affected
person
• Breach notification—document used by a
covered entity to notify individuals of a breach in
their PHI required under the new HITECH
breach notification rules

2.6 HIPAA Electronic Health Care Transactions
and Code Sets, and National Identifiers
2-18
• HIPAA Electronic Health Care Transactions
and Code Sets (TCS)—HIPAA rule governing
the electronic exchange of health information
– Establishes standards that apply to electronic
formats, code sets, and identifiers
• ASC X12 Version 5010—updated electronic
data standard for transmitting HIPAA X12
documents
• Code set—alphabetic and/or numeric
representations for data
2.6 HIPAA Electronic Health Care Transactions
and Code Sets, and National Identifiers (Cont.)
2-19

• HIPAA National Identifiers—HIPAA-mandated
identification system for employers, health care
providers, health plans, and patients
• National Provider Identifier (NPI)—under
HIPAA, system for identifying all health care
providers using unique ten-digit identifiers
2.7 Threats to Privacy and Security 2-20
• Common threats to information security include:
– Utility failures
– Natural disasters
– Problems with computer systems and software
– Malware
– Identity theft
– Subversive employees or contractors
– Outsiders who try to damage or steal information
• HITECH Act makes business associates subject

to the same privacy and security requirements
as covered entities.
2.8 Fraud and Abuse Regulations 2-21
• Health Care Fraud and Abuse Control
Program—government program to uncover
misuse of funds in federal health care programs
run by the Office of the Inspector General
• Fraud—intentional act of deception to take
financial advantage of another person
– Example—forging another person’s signature on a
check
2.8 Fraud and Abuse Regulations
(Continued)
2-22
• Abuse—actions that improperly use another

person’s resources
– Abuse may or may not be intentional.
– Example—an ambulance service billing Medicare for
transporting a patient to the hospital when the patient
did not need ambulance service
2.9 Enforcement and Penalties 2-23
• Several government agencies help to enforce
HIPAA:
– Office for Civil Rights—handles civil violations
– Department of Justice—handles criminal violations
– Centers for Medicare and Medicaid Services—
enforces all the HIPAA standards except the privacy
and security standards
– Office of Inspector General—combats fraud and
abuse in health insurance and health care delivery
• Audit—formal examination or review

2.10 Compliance Plans 2-24
• According to the OIG, a voluntary compliance
plan should contain seven elements:
1. Consistent written policies and procedures
2. Appointment of a compliance officer and committee
3. Training plans
4. Communication guidelines
5. Disciplinary systems
6. Auditing and monitoring
7. Responding to and correcting errors
2.10 Compliance Plans (Continued) 2-25
• Common compliance documentation includes:
– Retaining written or electronic results of risk analysis
– Documenting the results of an audit

– Developing and implementing comprehensive privacy
and security policies and procedures
– Documenting staff training and security incident
threats
CHAPTER
© 2012 The McGraw-Hill Companies, Inc. All rights
reserved.McGraw-Hill
1
A Total Patient
Encounter
Learning Outcomes
1.1 Compare practice management (PM) programs and
electronic health records (EHRs).
1.2 Discuss the government health information

technology (HIT) initiatives that have led to
integrated PM/EHR programs.
1.3 List the eight facts that are documented in the
medical record for an ambulatory patient encounter.
1.4 Identify the additional uses of clinical information
gathered in patient encounters.
1.5 Compare electronic medical records, electronic
health records, and personal health records.
1-2
1.6 Describe the four functions of a practice
management program that relate to managing
claims.
1.7 List the steps in the medical documentation and
billing cycle.

1.8 Compare the roles and responsibilities of clinical and
administrative personnel on the physician practice
health care team.
1.9 Explain how professional certification and lifelong
learning contribute to career advancement in
medical administration.
1-3
Key Terms
• accounts receivable
(A/R)
• American Recovery and
Reinvestment Act of
2009 (ARRA)
• cash flow
• certification
• continuity of care

• data mining
• data warehouse
• diagnosis code
1-4
• documentation
• electronic health record
(EHR)
• electronic medical record
(EMR)
• electronic prescribing
• encounter
• health informatics
• health information
exchange (HIE)
• Health Insurance

Portability and
Accountability Act of
1996 (HIPAA)
• health information
technology (HIT)
• integrated PM/EHR
program
• meaningful use
• medical assistant (MA)
• medical biller
• medical coder
1-5
• medical documentation
and billing cycle
• medical malpractice
• medical necessity
• medical record
• National Health

Information Network
(NHIN)
• patient examination
• pay for performance
(P4P)
• personal health record
(PHR)
• Physician Quality
Reporting Initiative
(PQRI)
• practice management
(PM) program
• procedure code
• records retention
schedule

• regional extension
centers (RECs)
1-6
• revenue cycle
management (RCM)
• standards
1.1 Health Information Technology:
Tools for a Total Patient Encounter
1-7
• Health information technology (HIT)—use of
computers and electronic communications to
manage medical information and its secure
exchange
• Practice management (PM) programs—used
to perform administrative and financial functions
in a medical office
• Electronic health record (EHR)—computerized

lifelong health care record for an individual that
incorporates data from all sources that provide
treatment for the individual
1.1 Health Information Technology:
Tools for a Total Patient Encounter (Cont.)
1-8
• Health informatics—knowledge required to
optimize the acquisition, storage, retrieval, and
use of information in health and biomedicine
1.2 Major Government HIT Initiatives 1-9
• Health Insurance Portability and
Accountability Act of 1996 (HIPAA)—
legislation that protects patients’ private health
information, ensures health care coverage when

workers change or lose jobs, and uncovers fraud
and abuse in the health care system
– Standards—technical specifications for the electronic
exchange of information
• Electronic prescribing (e-prescribing)—
technology that enables a physician to transmit a
prescription electronically to a patient’s
pharmacy
1.2 Major Government HIT Initiatives
(Continued)
1-10
• Physician Quality Reporting Initiative
(PQRI)—Medicare program that gives bonuses
to physicians when they use treatment plans and
clinical guidelines that are based on scientific
evidence
• American Recovery and Reinvestment Act of

2009 (ARRA)—$787 billion economic stimulus
bill passed in 2009 that allocates $19.2 billion to
promote the use of HIT
(Continued)
1-12
• Health information exchange (HIE)—network
that enables the sharing of health-related
information among provider organizations
according to nationally recognized standards
• National Health Information Network
(NHIN)—common platform for health information
exchange across the country
• Integrated PM/EHR programs—programs that
share and exchange demographic information,
appointment schedules, and clinical data

(Continued)
1-11
• Meaningful use—utilization of certified EHR
technology to improve quality, efficiency, and
patient safety in the health care system
• Regional extension centers (RECs)—centers
that offer information, guidance, training, and
support services to primary care providers who
are in the process of making the transition to an
EHR system
1.3 Documenting the Patient Encounter 1-13
• Encounter (or visit)—meeting of a patient with a
physician or other medical professional for the
purpose of providing health care

• Patient examination—examination of a
person’s body in order to determine his or her
state of health
1.3 Documenting the Patient Encounter
(Continued)
1-14
• Documentation—record created when a
physician provides treatment to a patient
• Medical record—chronological health care
record that includes information that the patient
provides, such as medical history and the
physician’s assessment, diagnosis, and
treatment plan
• Continuity of care—coordination of care
received by a patient over time and across
multiple health care providers

1.3 Documenting the Patient Encounter
(Continued)
1-15
Eight data points included in an ambulatory care
medical record:
1. Patient’s name
2. Encounter date and reason
3. Appropriate history and physical examination
4. Review of all tests that were ordered
5. Diagnosis
6. Plan of care, or notes on procedures or treatments
that were given
7. Instructions or recommendations that were given to
the patient
8. Signature of the provider who saw the patient

1.4 Other Uses of Clinical Information 1-16
Clinical information has several important
secondary uses that involve:
– Legal issues
– Quality review
– Research
– Education
– Public health and homeland security
– Billing and reimbursement
1.4 Other Uses of Clinical Information
(Continued)
1-17
• Medical malpractice—provision of medical
services at a less-than-acceptable level of
professional skill that results in injury or harm to
a patient

• Pay for performance (P4P)—provision of
financial incentives to physicians who provide
evidence-based treatments to their patients
1.5 Functions of an Electronic Health
Record Program
1-18
• Electronic medical record (EMR)—
computerized record of one physician’s
encounters with a patient over time
– EHRs, on the other hand, can include information
from the EMRs of a number of different sources.
• Personal health records (PHRs)—private,
secure electronic health care files that are
created, maintained, and owned by the patient
1.5 Functions of an Electronic Health

Record Program (Continued)
1-19
EHRs have eight core functions:
1. Health information and data element maintenance
2. Results management
3. Order management
4. Decision support
5. Electronic communication and connectivity
6. Patient support
7. Administrative support
8. Reporting and population management
Advantages of EHRs include safety, quality, and
efficiency.
1.6 Functions of a Practice Management
Program
1-20
Practice management (PM) programs have

functions related to managing claims, including:
– Creating electronic claims
– Electronically monitoring claim status
– Receiving electronic payment notification
– Handling electronic payments
1.7 The Medical Documentation and
Billing Cycle
1-21
• Cash flow—movement of monies into and out of
a business
• Medical documentation and billing cycle—
ten-step process that results in timely payment
for medical services

Billing Cycle (Continued)
1-22
The Medical Documentation and Billing Cycle:
– Step 1: Preregister patients
– Step 2: Establish financial responsibility for visit
– Step 3: Check in patients
– Step 4: Review coding compliance
– Step 5: Review billing compliance
– Step 6: Check out patients
– Step 7: Prepare and transmit claims
– Step 8: Monitor payer adjudication
– Step 9: Generate patient statements
– Step 10: Follow up patient payments and collections
1-23
• Diagnosis code—code that represents the

physician’s determination of a patient’s primary
illness
• Procedure code—code that represents the
particular service, treatment, or test provided by
a physician
• Medical necessity—treatment that is in
accordance with generally accepted medical
practice
1-24
• Accounts receivable (A/R)—monies that are
coming into a practice
• Revenue cycle management (RCM)—
management of the activities associated with a
patient encounter to ensure that the provider
receives full payment for services

1-25
• Data warehouse—collection of data that
includes all areas of an organization’s
operations
• Data mining—process of analyzing large
amounts of data to discover patterns or
knowledge
• Record retention schedule—plan for the
management of records that lists types of
records and indicates how long they should be
kept
1.8 The Physician Practice Health Care

Team: Roles and Responsibilities
1-26
• Physicians—primary clinicians in the practice
• Physicians’ assistants (PAs)—health care
professionals who treat minor injuries and assist
with many aspects of an encounter
• Nurses—health care professionals who perform
a wide range of clinical and nonclinical duties
• Medical assistants (MAs)—health care
professionals who perform both administrative
and certain clinical tasks in physician offices
1.8 The Physician Practice Health Care
Team: Roles and Responsibilities (Cont.)
1-27
• Medical billers—health care professionals who
perform administrative tasks throughout the medical
billing cycle

• Medical coders—medical office staff members with
specialized training who handle the diagnostic and
procedural coding of medical records
• Practice or office managers—individuals who
direct the business operations of physician practices
• Compliance officers—individuals who investigate
and resolve all compliance issues relating to coding,
billing, documentation, and reimbursement
1.9 Administrative Careers Working with
Integrated PM/EHR Programs
1-28
• Certification—nationally recognized
designation that acknowledges that an individual
has mastered a standard body of knowledge
and meets certain competencies
• Education in the health care field is a lifelong
commitment.

Chapter 3Risk Management in EmploymentEmployment Re.docx

Chapter 3Risk Management in EmploymentEmployment Re.docx

Recommended

Recommended

More Related Content

Similar to Chapter 3Risk Management in EmploymentEmployment Re.docx

Similar to Chapter 3Risk Management in EmploymentEmployment Re.docx (20)

More from keturahhazelhurst

More from keturahhazelhurst (20)

Recently uploaded

Recently uploaded (20)

Chapter 3Risk Management in EmploymentEmployment Re.docx