LESSON 7 Using Technology for Process Improvement LE.docx

LESSON 7
Using Technology for Process Improvement
LEARNING OUTCOMES
_____________________________________________________
_________________________
In this lesson, you will do the following:
Discuss how various departments interact with health
information systems to assure both
compliance with regulations and quality improvement
processes.
READINGS
The following reading assignments are for Lessons 5 through 8:
Gartee Text:
Chapter 3, pp. 42 - 73

Chapter 8, pp. 182 - 205
HIPPA:
www.cms.gov
On the Internet, review the term “CPOE” in relationship to
electronic health records.
ACTIVITIES / ASSESSMENTS
The following activities/assessments are for Lessons 5 through
8:
1. Read the assigned pages from the Gartee text.
2. Review the Lecture Notes and Unit 2 PowerPoint.
3. Participate in the weekly discussion question.
4. Complete the written assignment.
http://www.cms.gov/

WRITTEN ASSIGNMENTS
Research how health information contributes to patient safety,
reduction of errors, quality
improvement, and enhanced productivity in providing medical
care to the patient and preventing
litigation.
PLEASE NOTE: All graded assignments for the lessons in this
unit should be grouped together
and submitted as ONE document using the Assignment
Submission form accessed from your
course homepage or http://www.sjcme.edu/gps/assignments.
LESSON 7
Using Technology for Process Improvement
LECTURE NOTES
_____________________________________________________
_________________________________
Opening Comments

Health care organizations spend a considerable amount of time
and resources recording information
in health records to achieve compliance with standards and
regulations. This information is used to
justify the billings submitted, to provide evidence of actions
taken and outcomes achieved, and to
create a history for future reference. The information is also
important for use in research and quality
improvement, and it is an additional benefit to both the patient
and the health care professional.
Eliminating treatments or protocols that are ineffective,
excessively costly, or just no longer used by
a practice can assist providers in reducing costs and improving
outcomes.
Research and Quality Improvement
Improving quality is heavily dependent on the ability of
providers to access the databases of patient
records and apply scientific methods and statistical analyses,
which are used to evaluate treatments
and practices so they can find superior outcomes for patients.
While this can be accomplished with a

paper-based health record, it is costly to copy the records,
extract information into a usable database,
and conduct the research. Having patient information in an
electronic format can be a great
enhancement to collecting patient outcome information for
research purposes. Parsing and extracting
information from an electronic health record can be done
quickly and less costly if the record is in a
format that can be easily translated into a database.
Additionally, statistical software is another
critical tool for conducting any significant analysis.
Quality improvement is an internal process used by
organizations to systematically improve
processes and outcomes of health care protocols. Accessing the
health information record is an
important part of the quality improvement process since it
creates a record of the actions taken (i.e.,
treatments) and the outcomes achieved. Ongoing adjustments to
standard operating protocols can be
made as the review of health records is conducted and evidence
is developed to support better
options for care.

Evidence-based protocols allow providers to adopt treatments or
processes that will reduce health
care costs, reduce recovery times, and achieve better outcomes.
Without this type of information and
research, making treatment decisions are much more difficult
for providers.
When conducting research, there are standards and rules for
using the information, including certain
disclosures to the patient on the use of the information and the
need for transparency and releases.
Using Technology Systems to Protect Information
The use of paper-based health information systems do have
some advantages over electronic
health information systems, especially in the area of the cost of
the system, training for staff, and
the ability to copy records. However, paper-based systems are
challenging when trying to limit
access to a health record. Unless health records or patient
charts are secured in a locked room,
file, or other secure system, unauthorized personnel or
individuals accessing the information is

quite easy. An electronic system has the capability of “locking
down” access to the information
by creating security screens that only allow authorized
individuals to access the record. Further,
software systems can be used to monitor who is accessing a
record, when the record is accessed,
and what information was reviewed. This type of system
creates an effective tool for preventing
breaches of private records.
The electronic health record can also be encrypted with very
secure technology that virtually
prevents the access of personal health information unless
authorized. This becomes critical when
information needs to be transferred via the Internet. This type
of security also has disadvantages
by creating barriers to authorized users of the system who have
multiple passwords or other log-
in techniques.
LESSON 6
Government vs. Private Sector Oversight

LEARNING OUTCOMES
_____________________________________________________
_________________________
Describe how voluntary accreditation compares to regulatory
requirements, including how both
oversight systems assure compliance and impact desired patient
outcomes.
READINGS
Gartee Text:
Chapter 8, pp. 182 - 205
HIPPA:

www.cms.gov
Joint Commission on the Accreditation of Health Care
Organizations:
www.jcaho.org
Centers for Medicare and Medicaid, Skilled Conditions of
Participation:
www.cms.gov
http://www.cms.gov/
http://www.jcaho.org/
http://www.cms.gov/
8:

WRITTEN ASSIGNMENTS
Research the HHS/CMS regulatory term “deemed status” and
whether it is related to the
regulatory oversight process of the federal government and/or
how it might be different? Is
“deemed status” a superior system for assuring regulatory
compliance and better patient
outcomes?
LESSON 6

Government vs. Private Sector Oversight
LECTURE NOTES
_____________________________________________________
_________________________________
The actions and behaviors of health care providers are
ultimately controlled by governmental
laws, rules, and regulations. They are considered to be minimal
standards that health care
providers need to comply with. Such minimum standards are
designed to protect the health and
safety of the public. Typically, governmental rules are not
frequently updated due to the
complexity of the process. Thus, they do not necessarily keep
up with changes in conditions or
new trends in health care delivery.
Compliance with governmental regulations is enforced by
agencies through both routine surveys
and complaints by patients. Sanctions may be imposed by
governmental agencies for violations
of standards, but providers typically have a time period in
which to correct violations, or they
have the ability appeal the action or sanction being imposed.
This can prolong the compliance

process for extended periods of time.
Professional standards are created by groups and organizations
that have information and/or
knowledge of current health care delivery systems, changes in
technology or treatment options,
educational updates, the latest evidence-based practices, and
other factors that might influence
better options for providing superior outcomes to a patient.
Accreditation is considered to be voluntary since the provider
chooses to follow the standards
and guidelines directed by a professional group or association.
In some instances, governmental
agencies accept accreditation in lieu of oversight, if the
standards are equal to or exceed
governmental mandates and the accreditation has been
approved. The terminology used is
referred to as “deemed status,” or the provider has been
“deemed” to meet the mandated
governmental standards.
The accreditation process can be developed by using on-site
surveys, completion of an

application, attendance at educational venues, or completion of
an examination by the
accrediting organization. For example, The Joint Commission
for the Accreditation of Hospitals
(JCAHO) has adopted very specific requirements for how health
records are maintained by health
care organizations. The American Family Practice Association
creates standards for health records
for Family Practice Physicians. The American Health
Information Association (AHIMA) has also
been instrumental in establishing standards for health records as
well as establishing procedures to
meet those standards, and they have been adopted or replicated
by other standard-setting
organizations. Other organizations provide accreditation to
other professions and care settings such
as CARF, ACS, CAP, etc.
For electronics, a number of voluntary, quasi-governments and
the federal government have
developed and/or proposed requirements for electronic health
care information systems. This has
involved standards for electronic transmissions, protocols for
record formatting, terminology,

interoperability of data, etc. All of this oversight and the
requirements have created an alphabet of
credentials, acronyms, and buzzwords such as CCHIT, HL7,
SNOWMED, ICD-9-CM, just to name a
few. These acronyms are readily available on the Internet for
review and reference.
LESSON 5
Regulation of Health Care
LEARNING OUTCOMES
_____________________________________________________
_________________________
Apply the protocols for medical privacy and confidentiality in
federal law and demonstrate how
the laws are implemented by providers.

READINGS
Gartee Text:
Chapter 8, pp. 182 - 205
HIPPA:
www.cms.gov
8:

http://www.cms.gov/
WRITTEN ASSIGNMENTS
Create a model privacy policy for a small Critical Access
Hospital (CAH) that describes how
information is protected, when it will be released, and how the
practice will protect the
information from unauthorized access. Review the information
on the CMS website for HIPPA
and use the information for research on this subject. Feel free to
access other information on the
Internet. Footnote your direct quotes or other use of the
information using APA format.

LESSON 5
LECTURE NOTES
_____________________________________________________
_________________________________
Introductory Lesson Comments
This lesson will focus on the legal, regulatory, and oversight of
health care organizations and
their health information systems.
For health care providers, many governmental agencies have the
responsibility to provide
regulations and oversight of health care organizations and
health care professionals. This might
include the following:
-related professions

Medicare and Medicaid
standards
regulations (i.e., OSHA, Wage and
Hour, EPA, IRS, etc.)
safety, etc.
Generally, laws, rules, and regulations by governmental
agencies are mandatory for health care
providers to follow. Failure to meet the standards may result in
the imposition of sanctions,
including monetary fines, suspension of payments, and
termination from a reimbursement
program.
For health information systems, there are numerous regulations
and requirements for the maintenance
of health records. These include federal, state, and local
regulations as well as the requirements of
credentialing bodies and payer agencies, such as insurance
carriers, health maintenance

organizations, and preferred provider networks.
The requirements may vary for each of the various entities;
however, most of the requirements are
quite similar. They might include the demand for certain
information in a mandated format, such as
an assessment form that is signed by the health care
professional that attests to the care, condition, or
diagnosis of the patient. Many of the required information tools
are needed by the paying agency to
verify the following:
patient
standards
utcome
Other standards for health records have been created by
professionals and experts to assist in the
organization of the actual health record. This is done to create
a standard format for health records

that allows for the accurate, timely, and completeness of the
information by the various health care
professionals who need to access or input information. By
creating standard protocols and formats
for health records, individual professionals who need to review
information or otherwise access the
information can quickly find a section of the record rather than
search numerous documents and
pages of information.
One of the main tools used by governmental agencies, insurance
carriers, and other third-party
payers is the use of payment for services to enforce standards,
rules, and requirements. Since
providers want to receive payment for services rendered, and
most health care services are
covered by either a governmental or insurance program,
providers are required to sign
agreements with those organizations that include certain
requirements and mandates for records.
This would include how the provider protects health
information.
Protecting Health Information – HIPAA and Related Privacy

Issues
The protection and privacy of patient information has been a
long-standing practice for health
care providers and has become an expectation of the public.
This needs to be a key focus area
for all health care providers in their policies and procedures, in
their orientation of employees,
and as an essential part of the culture of their organization.
Professional standards have evolved demanding that providers
take affirmative steps to protect
the confidentiality of personal health care information. While
professional standards were used
to create the privacy and confidentiality standards, these were
considered to be voluntary, and
compliance was sporadic. Since violations of the voluntary
standards did occur, some form of
governmental oversight and regulation was necessary.
Historically, medical privacy and confidentiality laws were first
regulated by local and state
governments. They created mandatory standards and could
impose sanctions on providers who

failed to adhere to the requirements. Voluntary standards were
included as part of the ethical
requirements of professional organizations, such as the
American Hospital Association, the
American Medical Association, and the American Nursing
Association. Most professional
organizations created a code of ethics or other requirements of
the profession for individuals to
follow to maintain the privacy and confidentiality of personal
health information.
As the role of the government as a source of payment grew
larger, the federal government
became involved in the protection of information through
various laws and regulations. This
role allowed the government to mandate stronger requirements
and impose sanctions for failure
to meet the standards.
Major federal legislation passed in 1996 increased the
requirements for privacy and is commonly
referred to as HIPAA (Health Insurance Portability and
Accountability Act of 1996 [P.L.104-

191]). This law has many provisions beyond privacy and
includes how patients may access
information, how they can extend health care coverage, and how
electronic data can be
exchanged.
The federal Department of Health and Human Services, Office
of Civil Rights (OCR), has the
responsibility for enforcing the HIPAA rules. The Department
issues rules and information for the
public to use in order to comply with the various requirements.
Providers must allocate resources to
assure that they are in compliance with the ever-changing
environment of privacy.
There are numerous and ongoing actions that involve providers
and the breaching of privacy or
security of protected information. The Department has the
authority to apply monetary and other
sanctions, and there are private civil actions for breaches of
privacy afforded to the patient.
Investigations typically begin with a complaint made by an
individual who believes his or her
privacy has been compromised.

As investigations of breaches by the OCR evolved over the
years, several major cases have been
covered by the media that indicated the imposition of major
fines to providers well into the hundreds
of thousands of dollars. This got the attention of Boards of
Directors and Senior Management Teams
of health care organizations as well as financial accountants,
consultants, and others who are
interested in this area of practice.
Systems have been developed to create internal protocols,
monitor performance, audit activities, and
generally create tools and resources to keep health information
from unauthorized access and
breaches. Unfortunately, all of those systems are dependent on
people to assure compliance. So,
ultimately, this is not a system or technology problem; it is a
people problem.
The creation of electronic information creates new challenges
and problems for providers, payers, the
government, and the patient in protecting confidential and
private information. HIPAA has processes
for establishing standards for electronic health information,

including how data may be exchanged
between entities, or electronic data interchange (EDI). These
standards began as part of the long
journey to establish electronic health records, which continues
today and well into the future as new
formats and forms of health information are created
electronically.
As requirements of law and others mandate the maintenance and
protection of information, this also
includes the storage of information once the service has been
rendered. Whether health information
is contained in paper form or electronic form, providers need to
create policies, procedures,
protocols, and systems for the long-term safe storage of this
information. The length of time for
record retention that is mandated by local, state, or federal law
is usually a time period of years.
Once the time period has expired, providers may dispose of the
records. However, they must do so
in a way that assures the records are not readable and are not in
a usable format, such as shredding or
other means to destroy the information.

Health care providers are also required to provide access to
records when requested by an authorized
agency or the patient. This means that the information, while
secure, still needs to be in a form or
location easily accessible by authorized individuals. Proper
written authorization or legally
mandated access demands the need to have policies and
procedures that are enforced by the
organization.
Failure to comply with any law, requirement, or rule could
cause sanctions to be imposed on the
offending provider which range from fines (in governmental
operated programs) to termination
from the payment system (used by both government and private
sectors.) In this situation,
sanctions or termination provide significant incentives for
providers to create systems, processes,
and protocols that assist in protecting an individual’s health
information.

LESSON 8
Legal Issues with Health Information
LEARNING OUTCOMES
_____________________________________________________
_________________________
Describe the ways health information systems are used during a
legal proceeding.
READINGS
Gartee Text:
Chapter 8, pp. 182 - 205
HIPPA:

www.cms.gov
On the Internet, do a search and review health care litigation
and the electronic health record.
8:
http://www.cms.gov/
WRITTEN ASSIGNMENTS
Research how the health record is used to prevent litigation and

how it is used if litigation is
commenced. Provide examples of how records can support a
legal proceeding.
All activities/assignments for this unit should be as follows:
1. Should include a cover sheet for each assignment stating the
following:
2. Each individual assignment number and copy of the
assignment directions should be
included in the submission as the starting header of each lesson.
3. Carefully check grammar and spelling.

4. Use APA format for any research or sources that are being
used or quoted.
5. Email the instructor if you have questions regarding the
assignments.
LESSON 8
Legal Issues with Health Information
LECTURE NOTES
_____________________________________________________
_________________________________
At some point in time, there will be a demand for access to a
patient’s health record by
organizations or individuals who are not authorized to review
the record. This may occur during
the review of a negative patient outcome by an attorney while
considering some type of
litigation. It might also be requested by a patient’s family for
use in reviewing the course of
treatment of the patient, or it might be requested from another
provider in order to conduct a
“second opinion” for a recommended treatment. Providers must

exercise great caution when
reviewing such a request since laws, rules, regulations, and
protocols do vary by location and for
the circumstance that might be presented.
As noted in prior lessons, the health information record,
regardless of whether this is a paper-
based system or an electronic system, is considered to be a legal
document of the services
provided to the patient and the outcomes achieved. Any
destruction, including deleting portions
of the record, rewriting the record after an event, or other such
actions that change the original
information, should not be done and is considered to be an
illegal act by the individual
conducting the action.
In some instances, the health information professional can be
required to provide a copy of the
“legal record” of a specific patient. In order to comply with
such a request, there are specific
rules, laws, and standards that need to be considered prior to the
release of this private
information. If the patient is capable, the patient can sign a

written request for a copy of the
record or can give permission to release the record to a third
party.
If the patient is deceased or not capable of providing an
adequate release of the record, other
requirements must be followed in order to comply with both the
request and the privacy
requirements. The organization and health information
professional must have procedures for
handling such requests and must have the request reviewed and
approved by legal counsel before
the information is released.
On an occasional basis, the health informational professional is
subpoenaed to bring a health
record to court and testify as to the nature of the record,
including its completeness, the details
included in the record, and other factors that might influence or
impact a question of law. Any
request for a record or a demand for an appearance in legal
proceedings should be carefully
reviewed by legal counsel to assure that only the information
requested is provided and released.

Further, the health information professional should be prepared
for any oral testimony to be
provided, again by qualified legal counsel.
If an unauthorized breach of access to a patient’s health record
does occur, besides potential
regulatory action, the patient may have a personal cause for
action or litigation to this
occurrence. This may be in the form of a civil action and could
result in a judgment imposed on
the individual or organization that caused the breach.
If information is gathered by the health information
professional or a health care organization for
quality improvement purposes, this use of health information
can be protected from use in legal
proceedings if properly protected according to the requirements
of the laws in the legal
jurisdiction. A review by legal counsel is necessary in order to
protect the quality improvement
information from legal discovery.

LESSON 7 Using Technology for Process Improvement LE.docx

LESSON 7 Using Technology for Process Improvement LE.docx

Recommended

Recommended

More Related Content

Similar to LESSON 7 Using Technology for Process Improvement LE.docx

Similar to LESSON 7 Using Technology for Process Improvement LE.docx (20)

More from SHIVA101531

More from SHIVA101531 (20)

Recently uploaded

Recently uploaded (20)

LESSON 7 Using Technology for Process Improvement LE.docx