Electronic Health Records

Danielle P. Berthelot, RHIA

Director, Health Information Management

and Cancer Registry

Privacy Officer

Woman’s Hospital

Overview of Woman’s Hospital

Not-for-profit

225 bed Women and Infants Specialty Facility

82 bed Level III NICU

Statistics FY 2007• 8,200 births• 7,400 surgeries

• 12,000 adult admissions

Implementing an EHR

Where are we going?What do we need?How do we get there?Are we there yet?

Where are we going?

Set a Goal• What are we trying to

accomplish?

What do we need?

Defining the Task• Must have• Would like to have• Would love to have

How do we get there?

Implementing the Plan• Phased in approach• Flip the switch approach

Benefits

Forms ManagementDocumentation ConsistencyHealth Information AccessOnline Record Completion

Forms Management

Forms Management

Form locationForm revisionsPatient demographicsForm packetsForm identification

Documentation Consistency

Documentation Consistency

Standard informationRequired fields and formatsAutomated reports

Health Information Access

Health Information Access

Information controlRemote accessMulti-user access

Online Record Completion

Online Record Completion

Increased Physician FlexibilityIncreased Physician SatisfactionDecreased Delinquency Rates

Are we there yet?

Hurdles

Human ResourcesInconsistent Processes HardwareIntegration

Looking Back

What’s different about our organization today?What did we do to help staff accept the change?What did we do to help physicians accept the change?What challenged us as leaders?What was the best part of the experience?

Privacy and Security

What is HIPAA?

Law passed by Congress in 1996– Major rules affecting hospitals

• Transactions, Code Sets, and Identifiers• Privacy Rule – Sets standards for the protection of patient

information (oral, written, electronic)• Security Rule – Sets standards for protected health

information in an electronic format

Health Insurance Portability and Accountability Act

HIPAA Compliance Enforcement

Privacy Rule – Office for Civil Rights (OCR)Security Rule – Centers for Medicare/Medicaid Services (CMS)Criminal Matters – Department of Justice (DOJ)

What is Protected Health Information (PHI)?

NameAddress/DatesTelephone/fax #sSocial Security #sMedical Record #sPatient Account #sInsurance Plan #sVehicle Info.

Certificate/License #sMedical Equipment #sPhotographsFingerprintsEmail/Internet addressWeb URLsAny other unique code, or identifier

Most Frequent Privacy Complaints

Impermissible use and disclosure of PHILack of adequate safe guards to protect PHIRefusal or failure to provide an individual with access to his/her health recordsDisclosure of more information than is necessary to satisfy a request for informationFailure to provide the Notice of Privacy Practices

Most Frequent Security Complaints

Information access managementSecurity awareness and trainingAccess controlWorkstation useDevice and media control

Hot Topics

Permitted Uses and DisclosuresAuthorization FormsMinimum NecessaryFacility Directory

E-mailAccessEPHIDisposal of PHIAudits

Breaches/Violations

Inadvertent: accidental, often due to lack of education or awarenessIntentional: accessing PHI with not legitimate business purpose for doing soIntentional with malice: accessing PHI with the intent to use for personal gain or to harm someone.

Sanctions

Consistent throughout organizationFits the crime

Compliance Tips

Update policies and procedures regularly.Conduct ongoing training for staff.Discuss patient information in private areas.Keep voices down.Place computers, printers, fax machines in secure areas.Direct monitors away from view of visitors.Access only the information you need to perform your job.

Retrieve documents from printers and fax machines immediately.Dispose of PHI properly.Assist visitors promptly to ensure they do not access staff areas.Report and address issues immediately.Audit compliance with polices and procedures.Enforce compliance with polices and procedures.

Questions and Answers

Danielle P. Berthelot, RHIADirector, Health Information Management and

Cancer Registry Privacy OfficerWoman’s Hospital

Email: danielle.berthelot@womans.org