How to develop your data management policy
How to develop your data management policy
You must answer the who,’ what,’ and why’
The Health Insurance Portability and Accountability Act of 1996 includes provisions that will allow Americans to keep their health insurance if they change jobs. It also includes several provisions that will affect the way payers and providers maintain and secure patient records.
First, the act requires that within the next three years federal laws and regulations must be enacted to ensure the confidentiality of patient records. Second, the act requires that the health care industry move to a single health insurance claim form to smooth the filing process and make patient interactions with providers easier to understand. Third, it requires providers to file patient claims electronically.
This last provision has consumer advocates up in arms. For case managers, however, writing and following a good information management standard whether for a paper or electronic medical record (EMR) comes down to having a clear answer to three questions, say experts interviewed by Case Management Advisor.
Those questions are:
• Who has access to the information?
• What information do they have access to?
• Why do they need the information?
"Case managers often have a depth of understanding about a patient that helps them weigh the importance of certain sensitive information to the payment of the claim," says Joyce M. Munsell, RN, BSNED, MPA, CCM, manager of health care resources for Parker Hannifin’s office in Irvine, CA. A manufacturing company, Parker Hannifin is based in Cleveland. "Sometimes, it comes right down to asking, Why do you need to know? What decision is this information going to impact?’ The case manager must ask questions until there is a personal comfort level about where patient information is going and how that patient information is going to be used."
As outlined in its 1996 Accreditation Manual for Hospitals, the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) requires hospitals to set strict standards for the security and confidentiality of patient information, with access based on need to know and defined by job title and function. (For more on confidentiality of patient records, see story, p. 77.) JCAHO also requires hospitals to address the following questions in their information management policies:
• What obligation does the user of information have to keep it confidential?
• When is the release of health information or removal of the medical record permitted?
• How is information protected against unauthorized intrusion, corruption, or damage?
• What process is followed when confidentiality and security are violated?
[Editor’s note: For more information on JCAHO standards for privacy and confidentiality of patient records, contact: JCAHO, 1 Renaissance Blvd, Oakbrook Terrace, IL 60181. Telephone: (630) 916-5600. Fax: (630) 916-5644. For other sources of policy guidelines specific to securing electronic patient records, see article, p. 77. For other sources on EMRs and how to keep them secure, see Resources, p. 82.]
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.