The document discusses several scenarios relating to the AHIMA Code of Ethics and how health information management professionals should properly handle situations to protect patient privacy and confidentiality. In one scenario, an administrator carefully reviews a power of attorney to ensure only authorized information is released about a patient. In another, an expert identifies issues with an electronic medical record system that could lead to improper information disclosures if not addressed. The document emphasizes the importance of adhering to ethics codes and addressing potential unethical practices or policies to avoid negative consequences like legal penalties, loss of patient care, and closure of healthcare organizations.
AHIMA Code of Ethics and the Role of HIIM Professionals
1. AHIMA Code of Ethics and
the HIIM Professional
Claire Sperry
Western Governor’s University
2. Principle 1: AHIMA Code of Ethics
Advocate, uphold, and defend the individual's right to privacy and the
doctrine of confidentiality in the use and disclosure of information.
Defend
Uphold
3. Principle1-Scenario1:
TheCaseof Mrs.Jones
• Mrs. Jones’s Daughter Sophia has come into the hospital claiming to be Mrs. Jones’s
Power of Attorney (POA) and feels she is entitled to Mrs. Jones’s hospital record.
When Grace, the Health Information Management Administrator working that day,
asked the front desk receptionist to produce the POA for her review so that she
could be sure to only release the information that Mrs. Jones has authorized her POA
to receive in order to follow the Minimum Necessary requirement set forth by
Medicare and to protect Mrs. Jones’s information. After Grace reviewed the Power of
Attorney she discovered the Sophia was only allowed information pertaining to Mrs.
Jones’s Financial responsibilities but had no authority to receive medical records, or
to make medical decisions on Mrs. Jones’s behalf. Grace informed Sophia of the
information was entitled to and let her know that if Mrs. Jones would like for Sophia
to have her medical record she would need to sign the Authorized Representative
forms and establish exactly what information Sophia was authorized to have access
to. Grace told Sophia that once this was in place she would be happy to supply her
with the information.
4. Principle 1: Scenario Analysis
• According to the American Health Information Management
Association (AHIMA) Code of Ethics, Grace did exactly as she was
trained to do.
• AHIMA states that HIM professionals are to “safeguard all confidential patient
information to include, but not limited to, personal, health, financial, genetic,
and outcome information.”
• Grace was thoughtful and diligent in requesting the POA, in order to establish the
minimum necessary to meet Sophia’s need for the information.
• Grace also established a direct but positive communication channel with Sophia while
maintaining respect and confidentiality for Mrs. Jones. Should Sophia need information
on Mrs. Jones in the future she will have the correct authorization and will know the
process in which she must participate in order to obtain the information she is seeking.
5. Food For Thought: What would have happened had Grace not
reviewed the POA and released Mrs. Jones’s entire medical
record?
1. Mrs. Jones could have brought a legal case against the hospital for breaching
confidentiality.
2. This exposure would have initiated a corrective action for the hospital which
would entail, employee training, and possible theft protection for Mrs. Jones,
now that Sophia has all of her personal information such as her social security
number, birth date, address, and phone number.
3. It would have been required by law for Mrs. Jones to be informed of the breach
along with her patient rights.
6. Principle 3: AHIMA Code of Ethics
Preserve, protect, and secure personal health information in any form
or medium and hold in the highest regards health information and
other information of a confidential nature obtained in an official
capacity, taking into account the applicable statutes and regulations.
7. Principle 3: Scenario 2
The Case of Access and Education
Sally was working as a subject matter expert on a project for a health plan. This health
plan was in the process of updating all of their policies and procedures pertaining to
protected health information (PHI) and decided to conduct an internal audit of their
current processes to address any gaps or inconsistencies. While Sally was interviewing a
customer service representative, named Elizabeth, to get an idea of how the customer
service reps were answering questions posed by the members, Elizabeth informed her
that part of the Electronic Medical Record (EMR) didn’t give enough information for the
representative to know what information and to whom it could be released over the
phone. The customer service representatives didn’t have access to the documentation
portal of the EMR, so there was no way for them verify whether or not the person on the
phone was an authorized representative. Elizabeth was concerned because she had heard
a, less than diligent, co-worker decide to give the information in the hopes that is was
authorized for release. Sally thanked Elizabeth for her feedback and immediately
requested that the documentation portal be made available to the customer service
department and conducted a training for customer service to show them how to use the
information in addition to a refresher course on HIPAA requirements for the release of
information to authorized representatives.
8. Food For Thought: What might have happened if Sally hadn’t decided to do
an internal audit of the written processes prior to reviewing the “actual”
processes currently in practice in the Customer Service Dept.?
A lot of times inside an organization there are discrepancies between
what is written down as a policy and procedure and what actual takes
place.
1. Sally was able to address the gap between the actions of the customer
service department, and the written policies and procedures.
2. She was able to identify and correct the problem the customer service reps
were having with access to the documentation, that was impeding their
ability to verify authorizations.
1. In some organizations, if the information isn’t easily accessible, employees can
become complacent, in some cases resulting in improper disclosures, leaving the
company open to legal claims.
3. She was also able to identify some areas that more education was required.
9. Principle 4: AHIMA Code of Ethics
• Refuse to participate in or conceal unethical practices or procedures
and report such practices.
10. Principle 4: Scenario 4
The Case of The Unethical Suggestion
Silo Hospice Administrator, Kady Timpleton, and Swindle Hospital administrator, Ray Redding, got together
to discuss the increasing readmissions of patients on comfort care at skilled nursing facilities back to the
hospital with in 30 days. Theses readmissions create negative financial repercussions for both the hospital,
the skilled nursing facilities and, due to new Medicare regulations, the hospice companies. As a result, Ray
and Kady decided to encourage the skilled nursing facility, Care Life of Silo, to push patients into the hospice
category in order to help the Care Life, Swindle, and Silo Hospice avoid the penalty for high rates of
readmission. Medicare has specific qualifications a patient must meet in order to qualify for hospice
services. In short, the physician must certify that the patient is terminally ill, and beyond cure. This resulted
in several physicians working for Care Life and Silo Hospice to inappropriately recommend hospice for
patients that were not medically qualified to receive hospice services as they were not within 6 months of
death which resulted in improper payment for services from Medicare not to mention a decrease in needed
patient services. The HIIM Manager for the Care Life, Diligence McGee, noticed this was happening and
conducted a review of documentation and coding practices for the patients that had been placed on Hospice
over the last 90 days. She started to see that a few physicians were certifying patients that they had had
minimal interaction with, impeding their ability to document appropriately. She started to see a pattern with
three of the doctors. She then conducted an additional audit into those doctors patients with terminal
diagnosis and consulted the Medical Director over the compliance and care coordination program to review
the records.
11. Scenario 4: Continued…
• The Medical Director concluded the recommendations for Hospice were unfounded and
that many of the patients had ceased to receive needed medical care because of the
recommendation. Those physicians were brought before the Care Life Board, and The
Swindle Hospital Board. All hospital privileges were revoked, All three physicians were
relieved of their jobs with Care Life and they were reported to the Office of Inspector
General, Medicare, and the Board of Medicine, where their medical licenses were
brought into question. Due to the patient harm, and fraudulent charges they all lost
their medical licenses, and were placed on Medicare’s Exclusion List. Because of
Diligence’s actions the hospital was required to reimburse Medicare for 1.2 million
dollars of overpayment but were spared the 500,000 fine for improper coding and
documentation. The hospital was also able to avoid being placed on the Medicare
Exclusions list. Both Administrators were then investigated and required to resign their
positions. They were able to avoid legal repercussions, only because they stated that
they “suggested” that the physicians review patients on comfort care to see if they
qualified for Hospice and there were no personal financial gains received by the
administrators.
12. Food for Thought: What would have happened had Diligence
decided to look the other way, and let this trend go
unaddressed?
1. Patients would have continued to suffer, as they would not have
received the life saving care they might have needed.
2. The hospital, SNF and Hospice would have continued to received
inappropriate funds from Medicare.
1. Medicare would have eventually investigated and the all three
organizations involved would have come under scrutiny.
3. The Hospital would have been held accountable ultimately resulting
in their potential closure.
1. This would have been incredibly detrimental to the medical wellbeing of
community the hospital was serving.
13. Conclusion
• Adhering to the AHIMA code of Ethics and acting on problems is a huge
part of the Health Informatics and Information Management Professional.
Without them there would be no standards to live up to. Medicare rules
and regulations as well as state regulations are easy to manipulate, and
take advantage of, ultimately leading to the decline in quality of care. While
Medicare is attempting to rectify the situation by increasing scrutiny on the
quality of care received by patients, it is also increasing the creativity of
organizations and providers to continue to receive the same or more
money. The HIIM professional is there as a quality measure. This person
should be able to hold the organization accountable and out of the court
system. By addressing problems before they become irreversible and
damaging to the over all health of the community.
14. References
AHIMA. (2011) http://bok.ahima.org/doc?oid=105098#.WAJvvY8rLIU.
AHIMA Code of Ethics
OIG. (9/2016) https://oig.hhs.gov/oei/reports/oei-02-10-00492.pdf.
HOSPICES SHOULD IMPROVE THEIR ELECTION STATEMENTS AND
CERTIFICATIONS OF TERMINAL ILLNESS
The Fiscal Times. (2016) http://finance.yahoo.com/news/report-
uncovers-widespread-medicare-fraud-091500975.html
Report uncovers Widespread Medicare Fraud.
Editor's Notes
1.1. Safeguard all confidential patient information to include, but not limited to, personal, health, financial, genetic, and outcome information.
1.2. Engage in social and political action that supports the protection of privacy and confidentiality, and be aware of the impact of the political arena on the health information issues for the healthcare industry.
1.3. Advocate for changes in policy and legislation to ensure protection of privacy and confidentiality, compliance, and other issues that surface as advocacy issues and facilitate informed participation by the public on these issues.
1.4. Protect the confidentiality of all information obtained in the course of professional service. Disclose only information that is directly relevant or necessary to achieve the purpose of disclosure. Release information only with valid authorization from a patient or a person legally authorized to consent on behalf of a patient or as authorized by federal or state regulations. The minimum necessary standard is essential when releasing health information for disclosure activities.
1.5. Promote the obligation to respect privacy by respecting confidential information shared among colleagues, while responding to requests from the legal profession, the media, or other non-healthcare related individuals, during presentations or teaching and in situations that could cause harm to persons.
1.6. Respond promptly and appropriately to patient requests to exercise their privacy rights (e.g., access, amendments, restriction, confidential communication, etc.). Answer truthfully all patients’ questions concerning their rights to review and annotate their personal biomedical data and seek to facilitate patients’ legitimate right to exercise those rights.