Health records and the law

Cover
Health Records and The Law
Copyright
Contents
Preface
About the Authors
Chapter 1 Introduction to the U.S. Legal System
	Principles and Applications
	The Nature of Law
	Sources of Law
		The U.S. Constitution
		State Constitutions
		Statutes
		Decisions and Rules of Administrative Agencies
		Court Decisions
	Government Organization and Function
	Organization of the Court System
		State Court System
		Federal Court System
		Stare Decisis
Chapter 2 Health Records and Managed Care
	Principles and Applications
	Utilization Review
	Managed Care
	Managed Care Organizations and Related Health Care Entities
		Accountable Care Organizations
		Health Maintenance Organizations
		Exclusive Provider Organizations
		Independent Practice Associations
		Physician-Hospital Organizations
		Management Services Organizations
		Point of Service Plans
		Preferred Provider Organizations
		Consolidated Medical Groups
		Integrated Care Models
		Other Managed Care Organizations
	The Effect of Managed Care on Patient Data Management
		HIPAA and State Privacy Rules
		Changes in Health Record Standards
Chapter 3 Health Record Requirements
	Principles and Applications
	The Legal Health Record
	Content Requirements
	Record Retention Requirements
		Statutory and Regulatory Concerns
		Statutes of Limitations
		Medical Research and Storage Space Considerations
		Professional Association and Accreditation Agency Guidelines
		Developing a Record Retention Policy
	Destruction of the Record
Chapter 4 Health Record Entries
	Principles and Applications
	Legible and Complete Health Record Entries
	Timely Health Record Entries
	Authorship and Countersignatures
	Authentication of Records
		Auto-Authentication
	Verbal Orders
	Corrections and Alterations
Chapter 5 Document Consent to Treatment
	Principles and Applications
	Legal Theories of Consent
		Express and Implied Consent
		When Is Consent Implied?
		Informed Consent
		Exceptions to the Informed Consent Requirement
	Distinguishing Informed Consent and HIPAA Authorization
	Who Can Give Consent
		Competent Adults
		Refusal of Consent
		Incompetent Adults
		Minors
	Responsibility for Obtaining Consent
	Documentation
	Types of Consent Forms
		Short Consent Forms
		Long Consent Forms
		Challenges to Consent Forms
		Withdrawal of Consent
		Effect of State Laws
		Effect of the Medicare Insurance Conditions of Participation
		HIPAA Preemption
Chapter 6 Access to Health Information
	Principles and Applications
	Types of Patient Data
		Protected Health Information
		De-Identification of Patient Data
		Limited Data Set
		Designated Record Set
	Ownership of the Health Record
	Summary of Confidentiality Requirements
		Federal Law
		State Law
		International Privacy Standards
		Accreditation Organizations
	HIPAA-Covered Entities
		Health Providers
		Clearinghouses
		Health Insurance Plans
	Exercise of Professional Judgment
	Hybrid Entities, Affiliated Service Groups, and Organized Health Care Arrangements
		Hybrid Entities
		Affiliated Service Groups
		Documentation of Designations
		Organized Health Care Arrangement
	Uses and Disclosures of Health Records
		Access by or on Behalf of the Patient
		Access, Uses, and Disclosures with the Patient’s Authorization
		Access by Family and Friends
		Patient Directories
		Records of Minors
		Access for Treatment, Payment, or Health Care Operations
		Access by Employers
		Psychiatric Records
		Substance Use Records
		Genetic Information
	Record Duplication and Fees
	Record Keeping of Quality Improvement Organizations
		QIO Access to Individual Health Records
		Third-Party Access to Information Collected by a QIO
		Patient Access to QIO Information
	Hospital Utilization Review and Quality Assurance
	Business Associates
		Qualifying as a Business Associate
		Requirements for Business Associate Agreements
		Non-HIPAA Required Provisions for Business Associate Agreements
		Liability for Acts or Omissions of Business Associates
	Additional Patient Rights Under HIPAA
		Right to Notice of How a Covered Entity Will Use and Disclose PHI
		Right to Have Access to, Inspect, and Copy PHI
		Right to Request Restrictions on the Uses and Disclosures of PHI for Treatment, Payment, and Health Care Operations
		Right to Request to Receive Confidential Communications
		Right to Request Restrictions on the Uses and Disclosures for Which an Authorization Is Not Required
		Right to Request an Amendment to PHI
		Right to Receive an Accounting of Disclosures of PHI
		Right to Report Violations of the Regulations to HHS
	Verifying Identity and Representations
	HIPAA Administrative Requirements
		Policies and Procedures
		Documentation
		Personnel
		Training
		Sanctions Imposed on the Workforce
		Duty to Mitigate
		Safeguards
Chapter 7 Reporting and Disclosure Requirements
	Principles and Applications
	Disclosures Required by Law
		Child Abuse and Neglect
		Abuse of Adults and Injuries to Disabled Persons
		Controlled Drug Prescriptions and Abuse
		Occupational Diseases
		Abortion
		Birth Defects and Other Health Conditions in Children
		Cancer and Other Disease Registries
		Death or Injury from Use of a Medical Device
		Communicable Diseases
		Misadministration of Radioactive Materials
		Death
		Gunshot and Knife Injuries
	Other Health-Related Reporting Requirements
		Required Disclosure by Managed Care Organizations
		Health Oversight
Chapter 8 Documentation and Disclosure: Special Areas of Concern
	Principles and Applications
	Special Documentation Concerns
		Emergency Department Records
		Celebrity Patients
		Hostile Patients
		Recording Indicators of Abuse
		Patients Refusing Treatment and/or Near Death
		Deceased Patients and Autopsy Authorizations
		Recording Disagreements Among Professional Staff
	Special Disclosure Concerns
		Uses and Disclosures for Marketing
		Uses and Disclosures for Fund-Raising
		Health Records Sought by Managed Care Organizations
		Records Sought by Parties to Adoption
		Records Indicating Abuse of a Child or Vulnerable Adult
		Patient Data Sought by Law Enforcement Agencies
		Warrants and Searches
		Responding to Subpoenas and Court Orders
		Health Care Fraud Investigations
		Oversight for HIPAA Compliance
		Use of Outside Test Reports in Hospital Records
		Change of Ownership or Closure: Disposition of Records
Chapter 9 Human Immunodeficiency Virus/Acquired Immune Deficiency Syndrome: Mandatory Reporting and Confidentiality
	Principles and Applications
	Duty to Report
	Protecting Confidentiality of HIV/AIDS Information
		The Privacy Rule and the Security Rule
		State Law
	Statutory Provisions Regarding Disclosure
		Disclosures Permitted by the Privacy Rule
		Disclosure to Third Parties with Authorization
		Disclosure to Health Care Workers
		Disclosure Without Consent to Emergency Medical Personnel
		Disclosure Without Consent to Spouse or Needle-Sharing Partner
		Other Permissible Disclosures Without Authorization
		Disclosure by Court Order
		Liability for Unauthorized Disclosure of HIV/AIDS Information
	Recommended Policies and Procedures
Chapter 10 Discovery and Admissibility of Health Records
	Principles and Applications
	Discoverability of Health Records
		Physician–Patient Privilege
	Admissibility of Health Records
		Health Records as Hearsay
	Other Health Care Documentation
		Peer Review Records
		Incident Reports
Chapter 11 Legal Theories in Improper Disclosure Cases
	Principles and Applications
	HIPAA Liability
		Violations
	Other Statutory Bases for Liability
	Theories of Liability
		Defamation
		Invasion of Privacy
		Breach of Confidentiality
Chapter 12 Risk Management and Quality Management
	Principles and Applications
	Increased Scrutiny of Medical Errors and Demand for Improving Quality Care
	Relationship Between Risk Management and Quality Management
	Risk Management
	Quality Management
		Joint Commission Accreditation
		National Committee for Quality Assurance
	HIPAA and Risk Management/Quality Management
	Compliance Programs
	Health Records in Risk Management, Quality Review, and Compliance Activities
		Joint Commission Standards
		Prospective Payment Systems
Chapter 13 Electronic Health Records
	Principles and Applications
		Electronic Health Record Systems
	HIPAA Privacy Rule
		Privacy Rule Issues for Interoperable Electronic Health Records
		Other Privacy Issues
	HIPAA Security Rule
		General Security Requirements
		Administrative Safeguards
		Physical Security Standards
		Technical Security Standards
		Organizational Security Safeguards
		Security Requirements in Health Data Networks
	State Data Security Laws
	Electronic Health Record Contracting Issues
		Considerations for Contracting
		Health Data Network Agreements
		Vendor Agreements
		Participation Agreements
	Regulatory Issues
		Anti-Kickback Laws
		Stark Legislation
		Tax Laws Affecting Tax-Exempt Entities
		Antitrust
	Electronic Health Records as Evidence
		The Rule Against Hearsay
		The Best Evidence Rule
		The Difficulties of E-Discovery
	Malpractice
		Specific Electronic Health Record Security Issues
Chapter 14 Health Information in Medical Research
	Principles and Applications
	U. S. Federal Laws Relating to Acquisition and Use of Health Information in Connection with Medical Research
		The Common Rule
		The HIPAA Privacy Rule
		Information Protected Under the Family Educational Rights and Privacy Act
		Use of De-Identified Patient Data and Limited Data Sets
		Other Accommodations for Research in the HIPAA Privacy Rule
		Certificates of Confidentiality
	State Laws Relating to Acquisition and Use of Health Information in Connection with Medical Research
		State Privacy Laws
		State Common Law
	International Laws Relating to Health Records and Clinical Trials
		European Union
		United Kingdom
		Canada
		Japan
	Other Guidance
	ICH
		The Future of Privacy with Global Data Sharing
Chapter 15 Looking to the Future
	Principles and Applications
	Sharing Information Among Electronic Record Systems
	Blockchain Technology
		Connectivity
		Ledger Technology
		Transparency with Pseudonymity
		Secure Data Encryption
		Unified Clinical Systems
	Transformational Law for Health Records
Index