Legal Issues and Health Care PDF

Legal Issues and Health Care DR. MAHA AL-HAJERI General Definition of Law: Laws are collection of rules and regulation that governs the relation among people and are found to present order. The source of Medical laws would be the Ministries of Health, Medical Schools, and Hospital Lawyers. The patient can bring action against the doctor, the Ministry of Health and all other employees of the Ministry of Health or private hospitals. Sources of Laws: Laws that affect the health care system come from four main areas: Federal and state constitutions-the supreme law of the nation and state, respectively Federal and state statutes-laws enacted by Congress and state legislatures, respectively Rules and regulations of administrative agencies-acting under powers delegated to them by the legislature Court decisions-decisions that interpret statutes, regulations, and the Constitutions and, where no such statutes or regulations are applicable, that apply common law (the large body of principle that have evolved from prior court decision). Constitutional Law The U.S Constitution grants certain powers to the three branches of federal government: executive, legislative, and judicial. It also grants certain powers to the individual states. Powers granted by the Constitution may be either express or implied. The constitution also limits what federal and state governments can do. For example, the first 10 amendments to the constitution-the Bill of Rights-protect the rights of citizens to, among other things, free of speech, freedom of religion, and due process before deprivation of life, liberty, or property. Another Constitutional right important to the health care industry is the right to privacy, although that right is not an industry is the right of privacy, although that right is not an express one. What is the right to privacy? Generally, it is considered to be a constitutionally recognized right to be left alone, to make decisions about one’s own body, and to control one’s own information. In the court decision of Griswold v. Connecticut, the U.S. Supreme Court recognized a constitutional right of privacy. This right limits the government’s power to regulate abortion, contraception, and other reproductive issues. The constitutional right to privacy has also been interpreted as permitting the terminally ill ( or their legal guardians) to make decisions regarding the termination or withholding of medical treatment to prolong life. It is important to note that the Constitution is the overriding, or highest, law in the United States. If the lower laws (e.g., state or federal laws) conflict with principles in the Constitution, the Constitution overrides the conflicting law. Federal and State Statutes Laws enacted by legislatures, be they Congress, state legislatures, or local city councils, are another important source of laws that affects health care facilities as well as other business is the Americans with Disabilities Act. The Safe Medical Devices Act is another federal statute that affects all health care facilities. It requires that certain incidents that involve medical devices and equipment be reported to a national data bank When federal and state laws conflict, valid federal laws supersede the state laws. When state laws and local laws conflict, the valid state law controls. Court decisions (Case Law) When cases are brought before them, federal and state courts interpret statutes and regulations, decide their validity, and follow or create common law (also referred to as case law) when no statutes or regulations apply. The Legal System The federal court system and many state systems have three levels of court: Trail court Intermediate courts of appeals Supreme courts Supreme Court: The U.S Supreme Court is the nation’s highest court. It decides appeals from any of the U.S. courts of appeals. It may also hear appeals from the highest state courts if those cases involve federal laws or the U.S. Constitution. In some instances, if a U.S court of appeals or the highest state court refuses to hear an appeal, the case may be appealed directly to the U.S Supreme Court. State and Territory Courts: In some states, trail courts are divided into special branches that hear certain types of cases. Probate court Traffic court Juvenile court Family and divorce courts Kuwait court system: General Court: is where most civil cases are heard. i.e. medical legal cases. The Court of Appeal: is setup for the commended person to appeal. There is a limited period in which a person can appeal his judgment. The Supreme Court: is the highest court, it looks into sentences passed by previous courts and makes the final decision. Sources of laws in Kuwait: The Law in Kuwait is based on French law via Egypt and religious laws. The key Players:  Plaintiff: is the party who initiates the lawsuit by filling a complaint, petition or bill.  Complaints: is a written statement by the plaintiff that states his or her claims and commence the action.  Judge(s): are the person(s) who make the decisions. They listen to the testimony of both sides and make the decision. Depending on the court, different number of judges will hear the case.  General Attorney: is an attorney who represents the state.  Lawyers: explains the case to the court. They represent the parties in the case and are employed by the individual filing the case. Classification of cases: Cases can be civil, commercial, personal, criminal, or administrative cases. Civil cases: These are cases where the dispute is between person equally treated in rights and obligations to another person, company, or co-operations. These cases are governed by the civil laws. The commercial section cases: Looks into cases of merchant and are governed by the commercial laws of Kuwait. Personal statue cases: Deals with family conflicts such as relationship, inheritance or divorce. Such conflicts are dealt with according to Islamic Laws. Criminal cases: Such cases are held in a special court and general attorney. These cases deal with acts or omissions that are contrary to public order and society as a whole and which render the guilty person liable to punishment. Administrative cases: These cases are of special category, which is directly connected with state affairs and when there is a law suite between the state and individual. Cases that involve healthcare facilities & practitioners: Malpractice and negligence: is a conduct that society consider unreasonably dangerous because: o The individual or parity did foresee or should have foreseen that it would subject another to a risk or harm. o The magnitude of the perceivable risk was such that individual or party should have acted in safer manner. Negligence could be committed by doctors. Doctors and other professionals are judged by the amount of danger that they should have perceived from alternative course of accepted action Examples of Situations Leading to Malpractice Claims: Failure to properly diagnose a condition, such as cancer Failure to properly treat a condition-for example, not cleaning a wound before stitching it up Failure to monitor or supervise a patient’s condition and take appropriate action Failure to credential medical staff members properly (e.g., granting a physician privileges to perform some types of surgery for which the physician is not qualified) Malpractice claims are not the only kind of claims against health care organizations and providers. The following are some of the other types of claims that HIM professionals may encounter in their professional careers. Intentional Torts: Intentional tort claims that may be brought against health care facilities include assault and battery, false imprisonment, defamation of character, invasion of privacy, fraud or misrepresentation, and intentional infliction of emotional distress. Product liability: Product liability is the liability of a manufacturer, seller, or supplier of a product to a buyer or other third party for injuries sustained because of a defect in the product. Contractual Dispute: Breach of contract is a common claim in litigation that involve health care providers and organizations. Typically, the claims arise when one party to a contract fails to follow the terms agreed to in the contract. Interestingly, courts have been willing to enforce ethical standards prohibiting breach of confidentiality ( such as the American Hospital Association’s AHA’s patient right’s statement entitled the patient care partnership: understanding expectations, right and responsibilities, and ethical standards of the American medical association) How are medical records presented in court in Kuwait?  This defers by the type of case.  First a summary must be submitted through a written statement that is passed to the administrative committee in the court.  The written summary includes: the subject, the name of persons involved, reasons and justification for the court cases.  Then the committee will set a date to submit their statement in the court sessions of which the court can allow the person to have a lawyer.  The Ministry of Health will make a summary of the record.  In criminal cases the general attorney submits the case to t he court. Types: 1. Respondent superior: Courts hold employers responsible for those acts of their employees. 2. Corporate negligence: Courts hold the healthcare organization liable for their own act of negligence. Examples of situations that lead to malpractice: Failure to properly diagnose a condition such as cancer. Failure to properly treat a condition. Cases that involve healthcare practitioners: The prove negligence a person must: o Prove that the hospital had a duty to act in accordance with standards of reasonable care to prevent injury. o The defendant conduct breach of duty. o The defendant actions of duty cause the patient injury/harm. o The plaintiff must prove that he suffered actual harm as a result of defendant’s action. Intentional Torts: assaults and battery, false imprisonment, defamation of character. Invasion of privacy, fraud, misrepresentation and intentional infliction of emotional stress.  A battery: is nonconsensual, intentional touching of another person in a socially impermissible manner.e.g. an unconscious patient who had surgery performed on him without express consent.  Defamation of character: is oral (slender) or written (libel) communication to a person that tends to damage the defamed persons reputation in the eyes of the eye community. It falls into four categories: o Misuse of patients name for the defendant benefit. o Intrusion upon the patient’s solitude or private life. o Public disclosure of embarrassing private facts. o Publicity that places the patient in a false light in the public.  Product liability: is the liability of a manufacturer, seller, or supplier of a product to a buyer or other third party for injuries sustained because of a defect in this product.  Contractual Dispute: is a common claim in litigation that involves health care providers and organization. The claim arises when one party to a contract fails to follow the terms agreed to in the contract. i.e. releasing information to a hospital insurer.  Antitrust claims: deals with credentialing (the system by which a hospital checks that its healthcare practitioners are properly qualified) activities of medical staff.  Crimes: such as narcotic discrepancies count and angel of death murder. Kuwait and the law Privileged communication: o Privileged communication statues between patient and doctors are covered by Article 6 of law 25:1981. o Physician must not divulge a secret (release of information) that comes to his knowledge entrusted to him through his profession, except by the order of the court for justice proceeding.  Information can be released in the following cases:-  If the divulgence is to the benefit of the husband or wife, such divulgence will be to them personally, care should be taken to whose benefit the release may be done.  If the divulgence meant to prevent a crime such disclosure will be limited to the concerned official.  If the divulgence is to any infectious in accordance with the laws in this regards the divulgence will be to the concerned authority designated by the Ministry of Health.  If the concerned persons agrees in writing to divulge the secret to any other party specified by him. 2. Kidney Transplant:  Under the law of Kuwait the transplant of kidneys has been approved it has gone through the religious bodies and have received their approval. 3. Public health Laws: (Covered by Article6 of Law 25:1981)  Child Abuse: Such cases should be reported for actual or suspected child abuse to the appropriate authorities (the law in Kuwait is very open in this area and possible cases are not always reported)  Abortion: This must be reported in Kuwait. Illegal abortions can result in serving time for the patient in Kuwait.  Cancer cases: such cases are supposed to be reported to the cancer center, but some are missed unless he/she become a patient at the center.  Communicable diseases: are reported to Ministry of Health in all hospitals.  Poison and industrial accidents: are supposed to report to the Ministry of Social Affairs, but again not always. o Release to others:  Covered by article 6 of Law 25:1981  Action can be brought against a person for giving out information without the permission of the patient or for selling information about a person o Patients access to the medical records:  Covered by article 6 of Law 25:1981 o Police cases:  Covered by article 6 of Law 25:1981 Laws concerning witness in Kuwait: You cannot call a witness when he is seriously sick. The witness should be directly connected to the case. Before the witness makes his statement he should swear by the laws in front of the committee that he is telling the truth. The mentally handicapped person, or child statements are rejected; those who have previously lied are also rejected. How should we maintain health information? The laws of Kuwait require that a chart be kept on every patient seen in the health care system. Identification data that does not pertain to the patient’s health status or treatment. These are considered non confidential and are released without patient consent. Clinical data pertains to the patient diagnosis and treatment. These are confidential and need consent of the patient before its release. At present there are no enforced rules as what should be in the medical records. The Ministry of Public Health requires a H&P, progress notes, discharge summary, lab & x- ray reports, and nurses notes. BUT there is no regulation to the standard of the recording. Legal Obligations and Risks of Health Care Facilities and Individual Health Care providers Duties to patients, in General:  Patients have numerous rights associated with their health care.  The joint commission, and specific laws governing access to care, such as the Emergency Medical Treatment and active labor Act (EMTALA).  The EMTALA imposed new obligations on health care facilities to provide medical screening examinations and stabilizing treatment to patients before transferring them to other facilities.  The purpose of the law was to reduce inappropriate transfers (such as those done primarily for financial reasons when the patient has no insurance) that put the patient at risk of harm. Duty to Maintain Health Information One of the most fundamental duties that involves HIM professionals and their heath care facility employers is that of maintaining health information about patients. This duty is imposed explicitly by state and federal statutes and regulations as well as accreditation standards. In some states, the hospital licensing statutes could subject a facility to loss of licensure and closure. Accreditation standards of JCAHO also require accredited facilities to maintain medical records, and the HIPAA privacy rule also speaks to what documents must be maintained for patient access and use as part of a “designated record set” (DRS)-defined in that rule as a group of records maintained by or for a covered entity as follows:  The medical records and billing records about individuals maintained by or for a covered health care provider  The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan or  Used, in whole or in part, by or for the covered entity to make decisions about individuals  Patients must be able to a period to access that information for at least 6 years, and even longer if state or other federal laws require longer retention periods  The duty to maintain health information is also implied in other laws, for example, vital statistics laws requires the reporting of births and deaths.  Health care facilities must report to various data banks certain disease conditions and medical events, such as gunshot wound, suspected child abuse, elder abuse, industrial accidents, certain poisonings, abortions, cancer cases, and communicable disease.  Mandatory reporting requirements vary from state to state. These statutes have in common that reporting is required and the authorization of the patient is generally not needed  In fact, even if the patient expresses the wish not to have information released , the health care organization must comply with the reporting requirements  The reporting statutes attempt to encourage reporting in another important way. For example, failure to report child abuse can result in liability for injuries a child later sustains when discharged home to the suspected or actual abuser Duty to Retain Health Information and Other Key Documents and to Keep Them Secure Just as there are requirements to create patient records, there are also requirements to retain that information. Health care facilities take guidance from federal and state record retention laws and regulations and from state (statutes of limitations) in setting their own record and information retention policies It is not enough just to keep these records. HIM professionals must ensure that the records are kept in a way that minimizes the chance of their being lost, destroyed, or altered Plaintiffs have won negligence suits against facilities that failed to safeguard their being loss or destruction Security of health information has taken on new and more complex dimensions as more and more health information is stored in various electronic and other media Medical records security used to be a simple matter of controlling access to the file area and having adequate safeguards against physical threats such as fire, flood, and severe weather HIPAA security regulations, which went into effect in 2005, will assist in avoiding those security threats Health information is valuable only if it is accurate, complete, and available for use when needed. Error Correction Errors that are made in documenting information must be corrected as soon as they are detected with use of proper error correction methods These methods should be outlined inn the facility’s policy and procedure manual and taught to all people who document patient health information Generally the person who made an error should correct the error Addenda In some circumstances, simple error correction methods are insufficient. For example , if a substantial portion of a patient’s history and physical examination was left out of the original dictated report, it would be impossible to squeeze in the missing information on the original typed report The person making the addendum should enter a reference to the addendum near the original entry on information and then file the addendum Authentication and Authorship Issues One aspect of protecting the integrity of health information that has become increasingly controversial is the issue of authentication In other words, how can facilities identify the author of a particular record or computer entry into a health information system Authentication not only serves to identify the author of an entry but also indicates that the author has reviewed the entry or report for accuracy and attests to it Validity of Health Information as Evidence One of the reason it is important to protect the integrity of health information is so that the information or record may be used as evidence in court proceedings as an exception to the hearsay rules, which generally bar out-of-court unsworn statements from being used in court as proof. When submitting the record for use in court as a business record, the HIM professional must attest that the record was made in normal course of business Retention of Other Records and Information Patient records and information are not the only important documents to retain Medical staff credential files, incident reports, surgical videos that identify patients, peer review data and minutes, radiographs, surgery schedules, and emergency department logs are just a few of the items for which a retention schedule must be established Duty to Maintain Confidentiality: Health care providers are bound by various laws and ethical standards to maintain the confidentiality of private health information Determining what information is confidential is not always as straightforward as it might seem For example, for substance abuse treatment facilities, the very fact of patient’s admission for treatment is confidential, according to federal law, and may be not be disclosed without patient authorization except under limited circumstances Privacy Act of 1974: The privacy act was designed to give citizens some control over the information collected about them by the federal government and its agencies. It grants people the following rights: To find out what information about them has been collected To see and have a copy of that information To correct or amend the information To exercise limited control of the disclosure of that information to other parties Freedom of Information Act: The Freedom of Information Act (FOIA) became law in 1966. It requires that records pertaining to the executive branch of the federal government be available to the public except for matters that fall within nine explicitly exempted areas. Under certain circumstances, medical records may be exempt from the act’s requirement. One of the nine exempt categories includes “personnel and medical files and similar files, the disclosure of which would constitute a clearly unwarranted invasion of privacy” The following conditions must exist: The information must be contained in a personnel, medical , or similar file Disclosure of the information must constitute an invasion of personal privacy The severity of the invasion must outweigh the public’s interest in disclosure Interpreting this three-part test has been the subject of a number of court cases Regulations on Confidentiality of Alcohol and Drug abuse Patient Records: These regulations, restricting disclosures of patient health information without patient authorization, apply to facilities that provide alcohol or drug abuse diagnosis, treatment, or referral for treatment-a substance abuse program in the language of the regulations. For a health care facility to be considered such a program, it must offer either an identified unit that providers alcohol or drug abuse diagnosis treatment or referral for treatment or medical personnel or other staff whose primary functions is the provision of alcohol or drug abuse diagnosis, treatment, or referral for treatment and who are identified as such providers. The regulations are important for several reasons. They prohibit the disclosure of substance abuse patient records unless permitted by the regulations or authorized by the patient. The regulations require specific content in an authorization to release health information; those issues are discussed later. Internal Uses and External Disclosures of Health Information: When one is sorting through the maze of parties who request health information, it is sometimes useful to categorize the request as internal uses or external disclosures. Under the HIPAA privacy rule, internal uses for treatment, payment, or health care operations do not require patient authorization, unless other applicable laws or regulations For example: Sharing patient information with employees on the facility’s quality improvement staff would be an internal use for health care operations. Those staff would be entitled to review the records of patients in the course of their duties. Staff, physicians, nurses and therapies caring for the patient would have access to the patient’s information as an internal use for treatment. General Principles Regarding Access and Disclosure Policies: Health Information Ownership As a prerequisite for discussing specific access requests, it is important to have a basic understanding of health information ownership. Who owns the record and information? it is generally accepted that the health facility owns the record itself, but the exercise of those ownership rights is subject to the patient’s ownership interest in the information within the record.  Health information is, after all, a legal record of what was done for the patient and proof that billable services were rendered and that standards of care were met.  On the other hand, patients have a right to control, to the extent possible given state and federal laws and regulations, the flow of their private health information.  This is one of reasons why every health care facility needs policies and procedures to guide employees in handling health information access and disclosure requests.  Those who violate the patient’s right to control the flow of his or her health information may be liable to that patient. Resources on Releasing Patient Information: Various sources are available for setting policies and writing procedures to guide staff in handling health information and in responding to requests for information. Many state HIM associations have published excellent legal manuals. Peer in other local facilities are usually willing to share samples. AHIMA publishes various guidelines and practice standards, updating them and addressing new issues through position statements and guidelines. HIPAA’s privacy rule required almost all health care organizations update their practices on release on information. Because laws can change and case law evolves over time, it is important to use the most up-to- date sources available when establishing policies and procedures and to revisit those policies periodically to ensure that they reflect current legal and regulatory standards. Many health care facilities use in-house or outside legal counsel to review such policies. Authorization for Disclosure of Patient Information: When patients come to a health care facility or provider for treatment , it is reasonable to assume that they authorize their care providers to have information about their conditions and treatment. The HIPAA privacy rule supports this and allows internal uses of protected health information for treatment purposes without specific patient authorization. What is not reasonable to assume is that patients are granting access to anyone in the facility who may be curious to know that information as well. Internal uses for patient care purposes should be on a need-to-know basis. This means that those who really need to know the patient’s health information to diagnose or treat that patient should have access. Sometimes requests for disclosure of health information for patient care purposes come from outside the health facility where the information was originally collected. For example, if the patient chooses to begin seeing a new physician or is treated at another health facility, it may be important for that new health facility, it may be for that new health care provider to obtain a copy of the patient’s health history, a test result, or the entire record. In fact, certain regulations (such as Medicare’s Conditions of Participation) anticipate and require the transfer of relevant patient information on direct transfer of a patient from a hospital to a nursing facility.  HIPAA’s privacy rule permit disclosures of protected health information for treatment purposes without authorization.  Some HIM professionals cite arguments in favor of obtaining written authorization for any disclosure under this category, which involves releasing information outside the original facility, unless there is an emergency situation in which patient authorization cannot be obtained (e.g., the patient is unconscious and care providers cannot wait for the information until the patient recovers enough to authorize release). Disclosure for Performance Management and Patient Safety: Health information can be used to evaluate the quality of care and services provided to patients. The information provides evidence of exactly what was done, when it was done, and how things turned out. HIM professionals who are approached by a physician or other health professional with a request for records pertaining to other physicians or health professionals should ask the purpose of the request. Disclosure for Educational Purposes: Health information is a valuable teaching tool, both for student health professionals who are involved in formal training programs and for staff who must continue their education. Because some student health professionals may not employed by the facility or otherwise bound to abide by the facility policies on confidentiality, it is important to ensure that any students with access to patient- identifiable health information agree to follow facility policies on confidentiality. Disclosure for Research: Research, like educational purposes, usually involves an impersonal use of health information. The researchers are not interested in the identity of the patient , just that the patient falls within some predefined research population or control or group. Even so, facility policies should define the circumstances under which researchers may have access to health information without patient authorization. Under the HIPAA privacy rule, those circumstances are fairly limited. Ordinarily, authorizations would not be required only if an institutional review board has waived the requirement, if the request involves a review that is preparatory to research or if the research involves decedent’s information. In many facilities, researchers must have their projects approved by an institutional review board (IRB), an advisory board that reviews the proposed research project for its objectives and proposed methods.  If the researchers will have access to patient- identifiable data, it may be important to specify expected data security provisions in a written research agreement between the facility and the researcher.  The HIM professional may expect to review proposed data collection forms to ensure that patient- identifiable data are not being collected.  Be aware that the HIPAA privacy contains a number of provisions to guide the decision-making process of IRBs in deciding whether to waive the requirement for patient authorization. Uses for Administrative Purposes: Uses for administrative purposes refers to the many internal activities that support the day-to-day functioning of the health care facility other than direct patient care, billing, and quality management. For example, a department manager or administrator may need access to certain limited patient information if he or she is responsible for responding to a compliant about services provided to that patient by an employee of that department. Disclosure for Payment Purposes: One of the most frequent disclosures of health information involves billing insurers for services provided to patients. Though clinical codes on the bill, and through claims attachments, information about the patient’s diagnosis and procedures is relayed to the insurer, who then pays for the services provided. Under the HIPAA privacy rule, disclosures taking place for payment purposes do not require patient authorization, but some state laws may still require authorization. Disclosure to Attorneys: Written authorization from the patient or the patient’s legal representative or a valid subpoena that meets HIPAA’s special requirements is required for release of health information to an attorney, unless that attorney represents the health care provider that owns the record. In other words, the hospital’s legal counsel does not require patient authorization to obtain access to a specific record, but the attorney for the respiratory therapist employed by the hospital and involved in the case does. Disclosure to law Enforcement Personnel and agencies:  Occasionally, law enforcement representatives, including the medical examiner, are interested in gaining access to health information.  For example, a police officer who accompanies an unconscious injured patient to the emergency department may need access to the patient’s past records to contact family member.  The HIPAA privacy rule, in section 164.501, defines law enforcement officials quite broadly: an officer or employee of any agency or authority of the United States, a state, a territory , a political subdivision of a state or territory, or an American Indian tribe, who is empowered by law to investigate or conduct an official inquiry into potential violation of law or prosecute or otherwise conduct a criminal, civil, or administrative proceeding arising from an alleged violation of law. Disclosure to Family Member when the Patient is Minor: State laws permit certain minors to make their own health care decisions without parental or guardian involvement. In other words, they are treated as adults, under the law, and have the right to consent the treatment and authorize disclosure of their health information. Although the conditions vary, they generally involve minors that are married, living away from their parents and family, and responsible for their own support. Disclosure to Family Members in Cases of Incompetence or Incapacity:  A sad comment on the treatment of America’s elderly population-especially those who are involved in residential treatments programs such as nursing facilities-is that sometimes health care providers assume that the patient is incompetent to make decisions so younger family members are consulted about all treatment and disclosure.  The HIPAA privacy rule does permit health care providers to make certain assumptions about sharing information with family members who are involved in the care of the patient.  In cases of lengthy or permanent incapacity, legal guardian for the patient may be appointed through court proceedings.  When incapacity is anticipated, a person may grant “Power of Attorney” the legally recognized authority to act to another person, which authorizes the designee to act on behalf of another party.  The person with power of attorney or the legally appointed guardian is then responsible for making decisions regarding the disclosure of health information to others. Patient Access to Personal Health Information: Although the health care organization or provider owns the physical record of care, state statutes grant patients varying degrees of ownership interest in the health information in their records or data sets. Patient have no constitutional right to the information. However, the HIPAA privacy rule does grant patient fairly broad rights to access their health information held by entities that are covered by the rule.  Whatever approach is taken, the HIM professional must establish reasonable safeguards for the security and confidentiality of the information. For example, before information is handed over in response to a patient request, there should be some reliable means of identifying the requester as the patient.  It may be reasonable to obtain the patient’s request in writing by way of a signature on an authorization for release of information form, although this is not required by the privacy rule, and lack of a signed authorization form should not serve as an arbitrary barrier for acting on the patient’s request. Other Patient-Directed Disclosures: There are many other situations in which patients authorize other parties to receive their health information. For example, when patients apply life insurance, disability insurance, or admission to certain schools or programs, they may authorize disclosure of health information. Provided the authorization meets the facility’s valid requirements as to form and content, these requests should be promptly honored. Disclosure Issues:  Once a patient authorizes the disclosure of health information to other parties, such as insurer, control of the information is out of the facility’s-and often the patient’s-hands.  For this reason, health care organizations often include a notice along with the information being disclosed that advises the party receiving the information that redisclosure of the information is prohibited.  Through this notice, this third-party recipient is informed of its responsibility not to disclose the information further and to protect it from unauthorized use.  Another interesting practice with respect to redisclosure involves the insurance industry and the Medical Information Bureau (MIB).  The MIB has been described as a kind of medical “Credit Bureau”.  Its data bank contains files on millions of people that are shared among hundreds of member insurance companies.  Thus, information about any given patient may end up being redisclosed into the MIB without the patient’s knowledge into the MIB without the patient’s knowledge or permission. Disclosure to Outsourcing firms Handling Health Information Functions: External release-of-information vendor services are being used with increasing frequency in HIM departments, and outside contractors have been used over the years to microfilm records, digitally image records for storage, and perform medical transcription, coding, and other function. HIM professionals who use these services must take steps to oversee the confidentiality, security, and appropriate handling of health information. Disclosure to the News Media: A health care organization has no legal duty to disclose health information to the news media. In the past years, hospitals often released basic information about admissions and births to the news media, but many facilities have discontinued this practice. Under the HIPAA privacy rule, no such routine disclosure to news media of admissions and births should take place without patient authorization. Disclosure Pursuant to Legal Process: When health information must be used in court, the request for information comes in the for of subpoena, a written court order, or simply, a verbal order issued in court to the health care organization’s attorney. A subpoena is a written order that requires someone to come before the court to testify. It is required that a person come before the court and to bring certain document. The Form and Process that the Subpoena must Follow to be valid is Also a Matter of State Law and is Also Addressed in the HIPAA Privacy rule, but Generally a Subpoena Must Contain the :Following A docket number (an identification number assigned by the court, generally referring to the year the lawsuit was filed and the numerical order in which the cases are filed. The names of parties. The name of the court or agency before which the proceeding is being held. The details as to when and where the HIM director’s appearance is being requested. The documents that must be brought. The signature and seal of the official issuing the subpoena.  There are also some special rules associated with a subpoena of information from organizations covered by the Federal Regulations on Alcohol and Drug Abuse.  Any subpoena of this specific information must also be accompanied by a court order before it can be released.  Responding to any subpoena that requires a production of health information usually involves the same basic steps.  These steps, especially when electronic health records are involved, vary somewhat depending on the design of the facility’s information system. Most state HIM association’s legal manuals offer good step-by-step procedures for responding to subpoenas, based on the statutes and rules of the justification. Roach and the Aspen Health Law and Compliance Center recommend that the procedures include the following steps at a minimum:  Examine the information subject to the subpoenas to make certain that it is complete, that signatures and initials are legible, and that each page identifies the patient’s identification number.  Examine the information to determine whether the case forms the basis for a possible negligence action against the health care organization.  Remove any material that may not properly be obtained in the jurisdiction by subpoena, such as, in some cases, notes referring to psychiatric care, copies of information from other facilities and correspondence.  Number each page of the patient record, and write the total number of pages on the record folder.  Prepare a list of the record contents to be used as a receipt for the information if it must be left with the court or an attorney.  Whenever possible, use a photocopy of the record rather than the original in responding to legal process. Health Information Management Department Security Measures to Prevent Unauthorized Access:  Ensuring that all formal releases of information are appropriately handled is only one aspect of protecting the confidentiality and security of health information.  One important aspect of protecting health information is preventing unauthorized users.  Who might that “unauthorized user” be ? It may be a curious employee or coworker who knows that his or her neighbor was recently admitted and wants to find out what is wrong with the person.  It may be a private investigator who is trying to get information about certain client.  HIM policies and procedures should specify who has access to what-ideally, as specifically as possible.  This advice is consistent with the approach taken by HIPAA’s security regulations, which require access control decisions to be based on need, for example, by the role or function that person fulfills within the organization.  Many health care organizations are so large that it is impossible for HIM department employees to know all the employee in other departments.  Verification of employee identification is a legitimate security measure, as is checking with the employee’s supervisor about the validity of certain requests. Duty to Provide Care that Meets Professional Standards: In addition to a health care organization’s or provider’s duty to maintain the confidentially of a patient’s health information, there is a duty to provide care that meets professional standards. Liability can and does arise when providers fail to meet professionally accepted standards of quality, such as the practice guidelines and standards issued by various medical specialty societies, professional associations, and other consensus groups and those dictated by statute or regulation. Duty to Provide Care That Meets Professional Standards: In addition to a health care organization’s or provider’s duty to maintain the confidentiality of a patient's health information, there is a duty to provide care that meets professional standards. Health care providers must provide a reasonable quality of care to patients-care that meets professional standards. For any negligence or malpractice claim to succeed, the plaintiff must show that all the following elements of negligence or malpractice are present: Duty: the defendant must have had some duty to the plaintiff to use care. Breach: The defendant must be shown to have breached that duty. Proximate cause: The breach must be the “Proximate” cause of the harm that befell the plaintiff. Harm or damages: The plaintiff must show that he or she was harmed in some way. Duty to Obtain Informed Consent to Treatment:  One important duty to patients that HIM professionals must be aware of is the physician duty to obtain the patient formal consent to treatment.  Many times, when health professionals refer to obtaining consent, they mean getting a permit signed by a patient.  Actually, obtaining consent refers to a communication process between the health professionals and the patient.  Unless that communication successfully informs the patient about the anticipated treatments and meets certain basic requirements, it cannot be considered a valid informed consent. For practical purposes, the duty to obtained informed consents splits into the following parts: The duty to obtain a general consents for treatment. The attending physician’s or surgeon’s duty to obtain a separated informed consent before the performance of surgery or other invasive procedures. Because patient has presented at the facility for treatment and that implies (to a certain extent) his or her consent to basic care, obtaining a signature on the general consent to treatment is typically a simple process. Obtaining an informed consent before the performance of surgery or other invasive procedures is often much more complex. For a consent obtained by a health care provider to be valid, the health care provider must meet certain requirement: The informed consent should be obtained by the person who will carry out the procedure. In other words, the process of communicating the planned procedure or treatment and its risks, benefit, and alternatives should be handled by the person who will do or supervise the procedure. The patient must be capable of giving informed consent, In other words, the patient must be legally and mentally capable of understanding what is being proposed and making a decision. If the patient has been judged legally incompetent or because of certain emergency circumstances (such as unconsciousness accompanied by a life-threating injury) cannot give an informed consent, the guardian or next of kin (designated by state law to act in the patient’s stead) must receive the information and sign the consent Care givers must ensure that a patient can understand the risks, benefits, and alternatives to the proposed procedure before they obtain the patient’s signature. Many facilities maintain a list of employees who can speak a foreign language and who can use a sign language. Elements of Valid Informed Consent: The diagnosis The nature and purpose of the procedure(s) for which consent is sought All material risks and consequences of the procedure (s) An assessment of the likelihood that the procedure will accomplish the desired objectives) Circumstances in Which Informed Consent is not required:  In life-threatening situations in which the patient is incapable of expressing consents, consent is implied by law  In addition, there are situations in which although consent is required, it need not be accompanied by the normal disclosure of risks, benefits, alternatives, and so on. For example, if here is not time for full discussion of all relevant facts because treatment must begin immediately, some care providers have been excused for giving only a brief summary of the facts as long as the patient agrees to the treatment itself  In limited circumstances, some care providers have been excused from providing all relevant facts when the provider believes that full disclosure would be harmful “Therapeutic Privilege” could apply when a patient is clearly beyond his or her ability to cope with the details of needed treatment, but this would have to be clearly documented to withstand court scrutiny (Examination)  Patients may also waive the right to be informed. For example, if the physician attempts to inform the patient but the patient says that they rather not know Types of Consents: Consent to Treatment: all care settings must receive a consent for treatment from the patient or guardian. The body of the form contains a statement indicating that the patient agrees to receive basic, routine services, diagnostic procedures, and medical care. An additional statement explains the treatment explains that treatment outcomes cannot be guaranteed.  Consent to Release Information: The patient’s signature on the consent to release information authorizes the exchange of personally identifiable health information between the provider and the other organizations. Most commonly, this specifies release of health information complied during the episode of care to third-party payers. It may also permit the provider to request relevant health information from previous providers. This form is particularly appropriate to have translated into other languages. Verbal translation may also be necessary. Consent to Special Procedures: A special consent is required to authorize any non-routine diagnostic or therapeutic procedure before it is performed on the patient. For special consents to be valid, the physician must explain in lay terms the procedure named, the risks of having or refusing the procedure, available alternative procedures, and the likely outcome. Signature by the patient or guardian confirms that the explanation has been given and understood and that the procedure has been agreed to. This form is particularly appropriate to have translated into other languages. Verbal translation may also be necessary. Duty to provide a Safe Environment for Patients and Visitors: A common duty of health care facilities and providers is to provide a safe environment for patients and visitors. If a patient is dropped and injured while being moved from an emergency department stretcher to an X-ray table, the facility (as employer of the people involved) is likely to be held liable for any damages. If a visitor stumbles in the facility’s parking lot because the lot light were not functioning and lawn care equipment was carelessly left in the lot’s walkways by the facility’s maintenance employees, the facility is liable for damages. The Key issue in determining whether the facility breached its duty to provide a safe environment is whether the facility’s actions (or lack of actions) were reasonable under the circumstances. Certainly ,at a minimum, the public expects health care facilities to meet the following criteria: To comply with life safety and building codes and other recognized standards. To provide certain training to employees To make sure that the equipment and materials used on patients are clean and functioning properly. Duty to Supervise the Actions of Employees and the professional Staff: Just as health care organizations must take reasonable steps to provide a safe environment for patients and visitors, they must also supervise the actions of employees and the professional staff (including medical staff). A health care organization can be held liable for damages when its employees fail to perform their duties adequately, under the doctrine of “Respondent Superior” This does not apply just to patient care duties. A health care organization can be liable for an employee’s failure to perform other duties as well. For example, if an employee of a large physician group practice inappropriately releases confidential information to an unauthorized party, the group practice could be held liable in a breach of confidentiality suit field by the patient. Employees are responsible for training their staff to exercise their duties properly. Medical Staff Credentialing Process: Under the doctrine of corporate negligence, a health care organization can also be held liable for the acts of its non-employee staff, such as the medical staff. In one of the most important cases on the doctrine of corporate negligence, Elam v. College Park Hospital. The court held that a hospital is liable to a patient for the negligent conduct of independent physicians and surgeons who are neither employees nor agents of the hospital. The credentialing process has its own set of confidential information: the credentials file and the practitioner’s quality profile. The credentials file is basically a dossier on each medical or professional staff member. It typically contains at least the following: Completed medical staff application for appointment or reappointment. Copies of the practitioner’s license, diplomas, board certifications, controlled substances permit, proof of current professional liability insurance, response to the facility’s query of the National Practitioner Data Bank (NPDB). Completed references from various sources. Specific listing of the privileges requested by the physician and approved medial staff. Contract liability Issues and the Health Information Management Department: Contract are another common source of liability for health care facilities and provider- and HIM professionals. Some courts have begun to enforce ethical and statutory obligation regarding the confidentiality of patients’ health information as part of the contractual relationship between health care providers and their patients. To be valid, a contract must contain the following four elements: agreement, consideration, capacity, and legal purpose.

Legal Issues and Health Care PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue