You are the Director of Health Information for a large multi-campus health system. In the routine review of institutional policies, you have been asked to evaluate the laws and regulations associated with the management of health information and develop a plan for the CEO and Board of Directors. The laws include but are not limited to ‘The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules’, ‘HITECH Omnibus Rule’, ‘Substance Abuse and Mental Health Services Administration U.S. Department of Health and Human Services 42 CFR Part 2 (REVISED)’ and the ‘Genetic Information Nondiscrimination Act (GINA)’. Please follow the instructions below in completion of this assignment.
You will demonstrate the principles and techniques of auditing by analyzing laws and regulations regarding the Release of Information (RoI) process of a health information management department. Interpret the relevant compliance considerations for a large health system and critique at least three (3) considerations in the protection of electronic health information through confidentiality and security measures, policies, and procedures.
Appraise the current laws and standards that ensure the security and confidentiality of healthcare release of information and disclosure as they pertain to licensure requirements, compliance program elements and patient safety measures.
Having an understanding of the compliance needs for your health system, you will determine processes for compliance with current laws and standards related to health information initiatives and revenue cycle by evaluating the policies and procedures of auditing and monitoring. Please make sure to include non-retaliation policies.
Evaluate the effectiveness of ethical standards of practice by reviewing the AHIMA Code of Ethics, Patient Rights and Safety standards and the Ethical Decision-Making process/matrix. Compare and contrast the similarities and differences between these standards and identify any ethical issues or considerations related to the application of these standards in the practice of HIM.
Create a policy/procedure that focuses on a specific type of access/disclosure of PHI. Your policy should focus on the following items:
Permitted Disclosures that do not require patient consent.
Permitted Uses/Disclosures that do require patient consent
Your policy/procedure should be between 500-1000 words and should be professionally formatted and written.
Any outside research used to create the policy should be cited in the appropriate APA format.
Refer to this Policy Template for more guidance.