AHIMA Convention Makes PHI Data Security A Top Priority

Posted on October 4, 2012 by Frank J. Rosello

Why should hospitals centralize their policies and procedures for disclosing protected health information?

At the American Health Information Management Association (AHIMA) convention Wednesday, Don E. Hardwick, client relations and compliance, MRO Corp., a document and disclosure management company in King of Prussia, Pa., told the story of one hospital client that left PHI management up to each department.

A few years ago, a man went to the radiology department trying to get imaging films for a patient injured in a car accident. The department started processing the request before realizing that the man responsible for the accident wanted to destroy the films so they couldn’t be used in court.

his particular situation did not happen at the Chester County (Pa.) Hospital and Health System, but Kimberly Hagerty, health information management leader at the 220-bed community hospital, saw the need to standardize PHI quality control and patient privacy practices. “It’s getting a handle on information-release practices in your facility and looking outside,” said Hagerty.

Proper PHI management can reduce liability for HIPAA violations and, in the case of the near-disclosure of images to the wrong party with malevolent intentions, prevent potential litigation. It also helps to improve patient satisfaction by making the health system more customer-friendly.

“We’re presenting a good front to the patients,” Hagerty said.

Chester County Hospital is in the midst of creating a unified, centralized PHI disclosure process. The hospital has met Stage 1 meaningful use with its Siemens inpatient electronic health record and has attached a physician portal to the EHR. Software from MRO automatically sends discharge summaries into the portal for easy, secure access by referring physicians.
 
Hagerty said the hospital has reduced turnaround time for providing outside physicians with patient records to just two days, compared to 10-14 days before the centralization. This streamlined service has allowed health information management to reduce staffing by one full-time-equivalent employee, justifying the expense of changing disclosure policies. “It’s nice to be known as the ROI department,” Hagerty said.

The EHR has advanced, one-click reporting functionality, including electronic disclosure request, but they had not been activated until Chester County Hospital made the decision to centralize PHI management. “It was just using the technology and working smarter, not harder,” said Hagerty.

As a bonus, with so much information going out to the portal, Hagerty reported there have fewer requests for access.

The project is not complete, however. Audits of physician access are retroactive. The organization is rolling out a NextGen Healthcare Information Systems EHR at its ambulatory clinics and some affiliated physician practices.

It all is in preparation for routine health information exchange, according to Hardwick. “This is only the beginning of all the disclosure points,” he said. “At some point, HIEs are going to occur,” even if it’s just an internal HIE for an organization.

Article written by Neil Versel.

• Recent News

  • Texas Launches Certification Program To Bolster HIPAA Compliance
  • Internet Explorer Vulnerability: Steps To Take
  • Five Misconceptions About Cloud Computing
  • ONC Chief’s Perspectives On Patient Privacy and Security
  • ONC Chief DeSalvo Charts New Course

• Press Release Archives

• EI Connections Newsletter Archive

  
  

  Sign up for the
  EI Connections Newsletter

  * Email

  
  

• Categories

  • ACA
  • ACO Rule
  • ACOs
  • Cloud Computing
  • CMS
  • CMS eRx Rules
  • CMS Final Rule
  • CMS Proposed Rule
  • e-Health
  • EHR Adoption
  • EHR Data Sharing
  • EHR Implementation
  • EHR Incentives
  • EHR Information Security
  • EHR Meaningful Use
  • Electronic Health Records
  • Electronic Medical Records
  • EMR
  • Environmental Intelligence
  • Health Information Exchange
  • Health IT
  • Health IT Best Practices
  • Health IT Data Security
  • Health It Interoperability
  • Health IT Policy
  • Health IT Services
  • Healthcare
  • Healthcare Information Security
  • Healthcare Leasing
  • HHS
  • HHS Final Rule
  • HHS Initiatives
  • HIE
  • HIPAA 5010
  • HIPAA Complicance
  • HIPAA Omnibus Rule
  • HIPAA Privacy and Security Rule
  • ICD-10
  • Meaningful Use
  • medical practice best practices
  • mHealth
  • ONC
  • Patient Privacy
  • Personal Health Record
  • PHI Data Security
  • Press Releases
  • Radiology Systems
  • Telehealth
  • Telemedicine

• Tag Cloud

  CMS CMS EHR Incentives CMS Policy EHR EHR Adoption EHR Best Practices EHR Cloud Hosting EHR Consulting EHR Hosting EHR Implementation EHR Incentives EHR Study EHR Technology Enhancements EI Connections Newsletter Electronic Health Records Electronic Medical Records EMR Environmental Intelligence Healthcare Health Information Exchange Health IT Health IT Best Practices Health IT Information Security Health IT Policy Health IT Services Health IT Standards Health IT Tips HHS HIE HIE Standards HIPAA Compliance HIPAA Privacy and Security Rules HIT ICD-10 Meaningful Use medical practice best practices OCR ONC Patient Experience PHI PHI Data Breaches PHI Data Security PHI Security Stage 2 Meaningful Use Rule Stage 3 Meaningful Use