Neehr Perfect Activity: Release of Information

Crystal J. Evans

Neehr Perfect Activity: Release of Information

Overview

This activity is intended for the beginning EHR student user. The student will access a patient’s medical record, and using the additional information provided in this document and through current knowledge, answer the questions at the end of the activity.

Prerequisites

1. Completion of Scavenger Hunts I - III

Student instructions

1. If you have questions about this activity, please contact your instructor for assistance.

2. Document your answers directly on this document as you complete the activity. When you are finished, save this document and upload it to your Learning Management System (LMS). If you have any questions about submitting your work to your LMS, please contact your instructor.

3. Screen displays are provided as a guide and some data (e.g. dates and times) may vary.

Objectives

1. Apply current knowledge of HIPAA, privacy, and release of information.

2. Identify if release of information has been properly obtained.

3. Demonstrate understanding of how to review of a patient chart for necessary data.

4. Show understanding of the identified terminology and its meaning.

Glossary

Authorization: Verifying that an individual or entity has the right to do something. For the purpose of this activity authorization relates to written or electronic approval or verification.

Protected health information (PHI): All "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. Some examples are: name, social security number, credit card number, address, photograph, fingerprint, handwriting.

Electronic protected health information (ePHI): Refers to individual identifiable health information in electronic form. It is intended to protect the confidentiality, integrity, and availability of ePHI when it is stored, maintained, or transmitted. PHI is ALL Confidential and/or Classified health information whether it’s in print, hard copy, recorded or live video/audio, OR electronic. There are 18 specific types of electronic protected health information, including patient names, addresses, Social Security numbers, email addresses, fingerprints or photographic images, among others. In addition, any past medical records or payment information is subject to the same degree of privacy protection.

HIPAA Privacy Rule: Establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.

HIPAA Security Rule: Deals with electronic Protected Health Information (ePHI), which is essentially a subset of what the HIPAA Privacy Rule encompasses. The security rules include administrative safeguards, physical safeguards, technical safeguards, organizational requirements and policy, procedure, and documentation requirements.

Individually identifiable health information: Information, including demographic data, that relates to a person’s past, present or future physical or mental health or condition, medical payment information, and any data that there is reasonable basis to believe it can be used to identify a person.

Release of information (ROI): Is the release or divulgence of information by an entity, such as a hospital or doctor’s office, to a person or organization outside of that entity, regarding one particular person.

Signature – “Digitized” or “Electronic”: An image of an individual's handwritten signature. It is typically generated by encrypted software that allows for sole usage by that person. A digitized or electronic signature requires a minimum of a date stamp (preferably includes both date and time notation) along with a printed statement such as, "Electronically signed by," or "Verified/reviewed by," followed by the person's name.

The activity

The case of Paula Smith’s sexual assault is going to court. However, the copies of her medical record that were originally sent to her attorney have been misplaced. Paula has contacted the hospital medical records office by mail to request copies of her hospital visit from that night to be sent to her attorney. An excerpt of General Hospital’s policy on releasing patient information is provided. A copy of Paula’s letter is below. Log into the EHR to view Paula Smith’s chart to answer the questions at the end of the activity.

Paula’s letter to the hospital arrived in the mail.

June 1, 2016

Paula Jeanne Smith

2615 Lake Side Road

Duluth, MN 33125

(555) 204-4747

DOB: 03-18-1987

To Whom It May Concern:

I am writing to request that once again my medical records from my ER visit be sent to my

attorney. I do not recall the exact date of my visit but it is the only time I have been to the

General Hospital emergency room. The records for my court case have been misplaced and

they are requesting new copies. My attorney is:

Mark McDonald, Sr.

Attorney at Law

M and M Law Firm

1616 Frontage Road

Duluth, Minnesota 23456

Telephone: 555-989-4444

Fax: 555-989-4456

My signature and authorization for release of information are on file. You may contact me

or my attorney with any questions. Thank you!

Paula J Smith

An excerpt from General Hospital’s policy on disclosing patient information.

Critical thinking questions

Carefully examine the information in Paula’s chart and in the letter she sent. Answer the following questions.

1. There are two discrepancies in the information for Paula – between her medical record and the letter she mailed (this may include missing or incorrect information). Identify the two discrepancies and the steps you need to take to clarify and/or correct the discrepancies.

a. Here middle name is spelled different from the medical record and the letter. Medical Record spelling is Jean, the patient letter is Jeanne. You would have to clarify with the patient in person to match the correct name with some form of ID or a birth certificate.

doesn’t contain the patient medical record or social security number to help with locating the chart. The patient much provide the social security number so that the correct patient information is located.

2. Does the date on the authorization form in Paula’s chart fall within the hospital’s policy guidelines to release the information today? Yes, it is a month old. Anything more than three years is null void

3. After reviewing the authorization form in Paula’s chart, is the following identified, per policy, to release her records?

a. The authorization is in writing, is dated, and is signed? yes

b. The authorization specifies the information to be disclosed? yes

c. The authorization specifies the entity or location to disclose the information? Attorney office

d. The authorization specifies the person or persons to receive the information? Yes, her attorney

4. Paula’s mother, Rita Smith, shows up and asks for the copies of Paula’s medical record to take to the attorney’s office. What are the clerk’s next steps? The patient mother cannot pick up the medical records. The patient must in writing authorize who can pick up records.

5. Using your textbook, online searches and resources, and this activity, match the items on the left with the appropriate statement or term on the right.

_I_ HIPAA Privacy Rule A. Release of Information

__e_ HIPAA Security Rule B. Medical record number

_b__ MR# C. Name and address

_d__ Authorized individual D. Paula Smith

___j Digital signature E. Technical safeguards

__a_ ROI F. Medical information stored electronically

_c__ PHI G. Classified

__f_ ePHI H. Hospital

__g_ Confidential I. National standards

__h_ Entity J. Electronically signed

Submit your work

Document your answers directly on this document as you complete the activity. When you are finished, save this document and upload it to your Learning Management System (LMS). If you have any questions about submitting your work to your LMS, please contact your instructor