For organizations that allow clinicians to carry forward clinical documentation in electronic records, auditing its proper use is key to ensuring document integrity. Copying clinical documentation poses both clinical and compliance risk. The feature “Auditing Copy and Paste” offers guidance in creating a solid audit plan.

The story is adapted from the broader AHIMA resource “Copy Functionality Tool Kit.” It offers sample policies, testing activities, case scenarios, and questions organizations can ask when considering the use of copy and paste.

You’ll find a lot of other good practice resources on that page.

What’s the difference between a taxonomy and a terminology? A terminology and a vocabulary? The January “e-HIM Fundamentals” column offers help in differentiating the terms that describe data management in electronic clinical records. The online version (available to AHIMA members) offers an expanded list of definitions.

The January practice brief recommends resources for regulations and standards that apply to HIM practice in a range of settings. See the online version for links directly to the sources.

The January Journal examines the HIM issues in healthcare reform and the issues the incoming Obama administration needs to take on in order to move the industry forward. Other features outline best practices on auditing copy and paste, the need for standardized clinical terminologies for health information exchange, and how HIM professionals can lend a hand to medical practices facing changes in information management and technology. (more…)

PCASSO—the Patient Centered Access to Secure Systems Online project—was an early trailblazer in using the Internet to give patients and providers instant access to medical records. The project started in 1996, a time when most people considered the Internet an unsecure and scary place to post a person’s most private and sensitive information.

Now, more than 10 years since its creation, PCASSO can be more fully appreciated as an innovator in technology that many hospitals have only recently begun to adopt.

As complex health data exchanges such as health record banks, health information exchanges, and personal health records begin to gain ground, PCASSO deserves a retrospective look as an early project that promoted patient access to health records and demonstrated it could be done security over the Internet, says Dixie Baker, PhD, former principle investigator with the PCASSO project and senior vice president and chief technology officer for health solutions at Science Applications International Corporation. The project anticipated many of today’s security threats and incorporated a high level of protection that many contemporary portals do not. (more…)

Get hip with HIPAA.

That’s just one of the taglines attached to Sharp Healthcare’s HIPAA education modules. Photos from the age of hip—the late 1960s and early 1970s—permeate the online HIPAA training modules. Musicians Jimi Hendrix and Bob Dylan and era-TV icons like the Get Smart cast mingle with privacy requirements and confidentiality factoids.

The hip-themed training is just one theme in a series of HIPAA privacy, security, and confidentiality training modules at the San Diego-based facility.

The incorporation of a new theme each year assures that Sharp’s staff of 12,000 employees learn more than how to fall asleep during training, says Paul Belton, RHIA, Sharp’s vice president of corporate compliance and creator of the unique training programs.

“All this is to just try and keep this fresh,” Belton says. “You come up with something that would be tasteful and flavorful to them to [avoid] the dry and boring education modules that are so typical.”

Keeping a facility’s HIPAA education program interesting year after year can be a challenge for privacy officers. They must develop interesting, comprehensive programs that stick for new employees as well as fresh refresher programs for current staff. (more…)

An Arkansas woman who was the first in her state to be prosecuted under the Health Insurance Portability and Accountability Act (HIPAA) was sentenced to probation and community service.

Andrea Smith, a 25-year-old woman from Trumann, AR, was sentenced on December 3, 2008, to two years probation and 100 hours of community service for accessing and disclosing a patient’s health information for personal gain, according to Cherith Beck, public information officer with the United States Attorney for the Eastern District of Arkansas. (more…)

Chris Apgar, CISSP, consults on information security to the healthcare and financial services industries. He offers this overview of the Federal Trade Commission’s red flag rules regarding identity theft protection programs.

* * *

Healthcare organizations must be in compliance with the FTC’s red flag rules by May 1, 2009. The rules, which require financial institutions and creditors to establish identity theft protection programs, were included in the Fair and Accurate Credit Transactions Act passed by Congress in 2003.

The final rules were published in the Federal Register November 9, 2007, with an original compliance date of November 1, 2008. In October the compliance date was extended to May 1, 2009. The good news for most healthcare organizations is that the requirements represent only a modest expansion of the security incident response teams they have already formed to meet the HIPAA security rule.  (more…)

If you feel there are a thousand healthcare quality measures out there, you’re about right. The Department of Health and Human Services has compiled an inventory of that many measures and more used by its agencies and operating divisions for reporting, payment, or quality improvement.

HHS says that this is the first time it has compiled a comprehensive list of the quality measures in a single location. It intends the inventory as a step in the effort to advance collaboration and synchronization within the quality measurement community. The measures and specifications in the inventory were self-reported by HHS divisions.

The list is available as a spreadsheet, sortable through dropdown menus. HHS says it will be adding more sorting options in the coming months.

An overview of industry activity around data quality, quality management, and data content standards is available on AHIMA’s Web site.

The clarifications continue over CMS’s approach to signature stamps. This past July CMS issued a clarification that stamps were not permissable on any medical record. Now a new clarification advises that some payers do not accept stamps but the Conditions of Participation do not prohibit them.

In the latest memorandum, dated October 24, CMS writes that the Conditions of Participation:

“do not prohibit the use of rubber stamps in a hospital setting, when properly controlled, for authentication of medical record entries. However, as a point of information for surveyors and providers, we are taking this opportunity to add an information-only statement to the interpretive guidance for §482.24(c)(1) to note that some payers, including Medicare, may not accept such stamps as sufficient documentation to support a claim for payment.”