Describe the critical nature of patient records and healthcare information and why it is so important that the information is accurate, available and secure. All hospital patients’ records and healthcare information adopts technology resource policy to insure that records and information are secure and accurate.
All resources are made available through well defined policies of different healthcare facilities. Users are well defined and given limitations and details of disclosing sensitive information. The most critical nature of patient’s records is its point of disclosure and penalties to be incurred by employees in case there are neglect and offenses in giving and keeping healthcare information.
Denial to access information like records pertaining to psychotherapy notes is critical since it is the person or patient himself who would not have the right to know his or her condition for reasons such as: the records will be used for legal proceedings, inmates cannot obtain a copy of protected information if it will affect other inmates and employee or other person at the institution and, while a research is being made according to the case of the patient. However, disclosures of sensitive information are always within the guidelines of the privacy official.
Right to access certain protected health information varies in some way with regards to the manner or detail it is obtained but over and above the policy and regulations are the same. It is always the patients’ rights to have privacy and amend records when necessary with regards to their protected health information but is only granted if the information is complete and accurate. Patients must also provide reasons for the amendment. Normally keeping of records are within six years while amendment request are in sixty days. Privacy complaints shall also be dealt with by the Privacy Official.
It has to be documented, reviewed and investigated and acted upon immediately. Minimum retention of the record is six (6) years either in written or electronic format. Despite privacy policies has many options, there is no policy for patients who would or are required to waive their rights under or anything that pertains to Privacy Regulations. B. What are the obvious themes common among each organization`s policies? The general term or the most common themes among the four organizations described in this study are the Electronic Resources usage and definitions.
Common to its policy are the methods information are disclosed, kept, amended and restricted. Georgetown and the Beth Israel Deaconess Medical Center are the two organizations which provide policy on training staff regarding keeping and securing of healthcare records. All organizations can only disclosed patient’s protected health records for treatment and payment but an authorization from the patient must be obtained. Information on drug or substance abuse records may require additional authorization.
Also all organization policies have the right to access mental health records except on matters which pertains to psychotherapy. But may do so by asking court order request. Uses and disclosure of information are the most important element in the management of healthcare records. For instance for psychotherapy notes, only a professional healthcare provider in mental health should document and make analysis private and family counseling. Healthcare assistance may assist provided he is given access when it is deemed necessary.
They must developed security and maintenance measures which are accessible, consistent with HIPPA security regulations such as: The meaning and intent do not change Do not use documents with marked unused Definitions are unchangeable and can not be segmented or added. C. Do any of the policies differ significantly between organizations? If so, how? BIDMC amendments and revisions are not that stiff compared with the Georgetown University. In some policy automatic amendment is allowed as long as all are informed. Therefore, privacy policies are sometimes not ruled out in other organizations.
Some differs in interpretation and is resolved in a way that it complies with the privacy rule based on the organizations operation. Policy with regards to request of disclosures varies from the different organization. At the Georgetown Medical Center Forms are a must and information is not amended. But in Mayo Foundation, amendments can be made as long as it does not interfere with the privacy policy set by the organization. Partners Healthcare System are quite similar with Georgetown and is not as technology driven like the Mayo and BIDMC in respect to its caring of information materials.
D. Identify what key security principles and elements are most important and describe why? The Georgetown Medical Center is the biggest recognized teaching and research hospital. It was ranked as among the best in research, patients care and teaching for almost eleven years. Their security principle is to care for the whole person. For this reason, they cast their attention in the security of their information that even patients with mental health problems are not aware of their condition. Disclosures are only given through the Privacy Director upon proper requests.
At the BIDMC their policy lies more on the content of their electronic communications. The organizations controls and conduct monitoring to its information and users do not have privacy of their own usage. However the internet based discipline may be viewed by users thru emails and chat groups. Securities are allowed only thru passwords. Mayo Foundation provided standards so that vital records are correct and complete. They defined responsibilities and functions, provided tested application software, and provide change control management because software continues to develop.
They included preventive measures on virus control and recovery of files. Mayo is keener in preserving its health care information and records. Partners Health Care System Security Policies summarizes the three other organizations regarding its procedures in HIPAA privacy, disclosures of health information, payment and care operations, and disclosures of health information.
References: BIDMC Technology Resources Policy Center Georgetown University Health Care Resource Center Mayo Foundation Information Securities, Rev. 20, 2002 Partners Health Care System Security Policies