Confidentiality and Documentation
Everyone’s Responsibility
Hit enter to move from slide to slide or use your right and left arrow keys.
� Describe the content and ownership of a health record.
� Describe the documentation requirements.
� Identify where information should be shared and where it should be protected.
� Describe responsibilities in protecting health information.
2
Objectives
At the completion of this training course, you will be able to:
� Differentiate between appropriate and inappropriate use of health care information.
� Describe responsibility in protecting health information and possible penalties.
� Identify the procedure to release health information.
� Explain penalties of unauthorized disclosure.
3
Objectives - continued……
The Prisoner Health Record
and Documentation
4
∗ When a prisoner arrives at the reception center, a health record is created.
∗ MDOC utilizes an electronic health record (EHR) to record prisoner care.
∗ In addition to an EHR, many prisoners have older health records that are paper based records.
5
The Prisoner Health Record
∗ An important point to remember is that although the Department of Corrections owns the health record, the prisoner owns the information in the health record.
6
Ownership of the Health Record
The Health Record contains:
∗ Medical, surgical, nursing, psychiatric,psychological, dental, optometric, andpodiatric information
∗ Consent for treatment forms
∗ PA252 Hearing packets
∗ Multidisciplinary progress notes
∗ Release of Information Requests
7
Content of the Health Record
The Health Record also contains:
∗ Comprehensive psychiatric evaluations
∗ Assessments (Nursing, AIMS, QMHP Reports, etc)
∗ Treatment plans
∗ Physician/medication orders
∗ Problems lists
8
Content of the Health Record
The following forms remain in paper format:
� Consent forms
� Management Plans (signed original)
� Notice of Intent to Terminate Voluntary Admission
� PA 252 Packets
� Guardianship paperwork
9
Content of the Health Record
When documenting remember to:
∗ Refer to staff only by their titles, do not use names of individual staff members.
∗ Always tell the story without too much or unnecessary information.
∗ Check and double check to make sure you are in the right record before you start your documentation.
∗ Verify what you documented is actually what you wanted to say by reviewing it.
∗ Lock your encounters before exiting the system.
10
Documentation Requirements
Also REMEMBER:
∗ If it is not documented, it did not happen.
∗ Your user sign on is specific to you and it creates an electronic signature. Do not share it.
∗ Documentation should be timely while you still remember the details.
∗ Documentation should be your own. Do not copy and paste another clinicians documentation into yours.
11
Documentation Requirements
Continued ……………
12
Confidentiality of Health
Information
As stated before, an important point to
remember is that although the Department
of Corrections owns the health record, the
prisoner owns the information in the
health record.
∗ Patient care information is confidential and should be made available only to authorized individuals.
13
Confidentiality of Health Information
∗ A prisoner must sign an authorization form to release health information in most cases.
∗ Any request to release health information should be forwarded to the Health Information Manager at your facility.
14
Confidentiality of Health Information
∗ The department can request information from outside care providers by having the prisoner sign an authorization for release.
∗ While MDOC’s health records may contain information from outside sources for clinical purposes, this outside information should not be released to other parties.
15
Outside Requests & Re-disclosure
Make an effort to keep health information confidential.∗ Do not discuss prisoner care in the break/lunch room.∗ Do not share health information near the visitor
areas/bubble.∗ Do not yell “med line” to a specific prisoner.∗ Do not call someone by their diagnosis.∗ Do not post a list of prisoners with health or mental
health issues.∗ Do not leave your computer screen exposed &
unattended while in the health record.
16
Confidentiality of Health Information
Relevant clinical information is defined as: ∗ “Protected health information that is needed to carry out ones
job.”
Relevant clinical information can be shared between clinicians and custody staff.
∗ We can regularly exchange information in segregation through:
∗ Unit Log Book∗ Management Plan ∗ Treatment team meetings
17
Confidentiality of Health Information
This does not mean that we can talk freely with other employees about prisoners protected health information.
∗ Even the warden can only access information if the inmate has signed an authorization for disclosure or if it involves the safety and security of the prison.
18
Confidentiality of Health Information
MDOC policy 03.04.108 Prisoner Health Information specifies that:
∗ All employees, including contractual employees, shall be responsible for maintaining confidentiality of all health information regarding a prisoner. Maintaining confidentiality applies to both the release of documents from a prisoners health record and providing information regarding a prisoners diagnosis, health care, and treatment, whether in writing, electronically or verbally.
19
Confidentiality of Health Information
20
Electronic Information
This is the coversheet we use to fax information.
It should be completed in it’s entirety. When you use the form you have met the intent of the law.
The receiver is liable for maintaining confidentiality.
To protect prisoner health information,
Department policy also specifies that:
∗ When transported with a prisoner, the health record shall be maintained securely and in a confidential manner during the transfer process.
21
Confidentiality of Health Information
22
Transportation Form
When you see this form on a package or a box, you know there is protected health information in the package.
23
Patient Authorization
The CHJ-121 form must be completed beforewritten, electronic, or verbal disclosure of health information.
∗ In addition to Department policy, prisoner health information is also protected under various Federal and State laws and statutes including:
∗ Health Insurance Portability and Accountability Act (HIPAA)
∗ Mental Health Code 330.1750
∗ Public Health Statue
∗ Michigan Compiled Law
24
Confidentiality of Health Information
∗ HIPAA’s purpose is to protect and enhance rights of consumers by providing them greater access to their health information, controlling inappropriate use of that information and provide recourse if medical privacy is compromised.
∗ HIPAA also wants to improve the quality of health care by restoring trust in the health care system and providing nationally uniform protections and confidentiality provisions.
25
Health Insurance Portability and Accountability Act (HIPAA).
Two very important terms and their
definitions under HIPAA that everyone
should be aware of are:
∗ SECURITY – “The ability to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alterations, destruction, or loss”.
∗ PRIVACY – “The right of individuals to keep information about themselves from being disclosed”.
26
HIPAA Terms
Under Mental Health Code 330.1750, Public
Health Statue, and Michigan Compiled Law:
∗ Privileged communications shall not be disclosed in civil, criminal, legislative, or administrative cases or proceedings, or in proceedings preliminary to such cases or proceedings, unless the patient has waived the privilege. In a proceeding prohibiting disclosure of communication made to a psychiatrist or psychologist in connections with the examination, diagnosis, or treatment of a patient; the fact that the patient has been examined or treated or undergone a diagnosis also shall not be disclosed.
27
Laws & Statutes
Under Mental Health Code 330.1750, Public
Health Statue, and Michigan Compiled Law:
∗ Records of the identity, diagnosis, prognosis, or treatment of any patient maintained in connection with the performance of any drug abuse prevention function conducted, regulated, or directly or indirectly assisted by any department or agency of the United States shall be confidential and be disclosed only for the purposes strictly outlined by the Public Health Statue and may only be disclosed with prior written consent of the patient.
28
Laws & Statutescontinued ……..
∗ Remember:∗ You must obtain a written authorization from the
prisoner to release any information verbally.
∗ You must obtain a written authorization from the prisoner to release any information from their health record.
∗ There are penalties if you do not follow these simple rules.
29
Releasing Health Information
∗ Federal statute concerning drug and alcohol treatment:∗ $500 in the case of a first offense, and not more than
$5,000 in the case of each subsequent offense.
∗ Michigan Law: HIV information ∗ Misdemeanor, imprisonment or $5,000, or both
∗ Civil action for actual damages or $1,000, whichever is greater plus costs and reasonable attorney fees.
30
Penalties for Unauthorized Disclosure
∗ Under the Health Insurance Portability and Accountability Act (HIPAA)
� $50,000 and/or imprisonment for not more than a year for where violation is knowingly done.
� $100,000 and/or up to 5 years imprisonment if violation is done under false pretenses.
� $250,000 and/or up to 10 years imprisonment if violation is done with intent to sell, obtain personal gain or malicious harm someone.
31
Penalties for Unauthorized Disclosure continued ………
∗ Under Department policy, a violation of health information confidentiality can also result in:
∗ Disciplinary action,
∗ Job loss,
∗ Attorney General may not defend you.
32
Penalties for Unauthorized Disclosure continued ………..
The MDOC Employee
Handbook also covers
confidentiality of
prisoner information.
33
Confidentiality of Health Information
34
Prisoners know that their health information is privileged, confidential and protected by law.
Prisoners receive a booklet upon admission to Mental Health Services.
35
It is the prisoner’s right to know their rights.
However, information can be withheld and the reasons will be explained to the prisoner.
Should you worry that a prisoner would
sue you regarding their protected health
information?
Yes - Prisoners do sue for disclosure of protected information
36
Yes or No
∗ Beginning on the next page are a real life examples of improper release of protected health information (PHI). These examples should give a better understanding of how something that may seem innocent can cause damage.
∗ Each case also gives us the corrective action to resolve the specific issues by the Office for Civil Rights (OCR).
37
Real life examples
Private Practice Implements Safeguards for Waiting RoomsIssue: Safeguards; Impermissible Uses and Disclosures
∗ A staff member of a medical practice discussed HIV testing procedures with a patient in the waiting room, thereby disclosing PHI to several other individuals. Also, computer screens displaying patient information were easily visible to patients. Among other corrective actions to resolve the specific issues in the case, OCR required the provider to develop and implement policies and procedures regarding appropriate administrative and physical safeguards related to the communication of PHI. The practice trained all staff on the newly developed policies and procedures. In addition, OCR required the practice to reposition its computer monitors to prevent patients from viewing information on the screens, and the practice installed computer monitor privacy screens to prevent impermissible disclosures.
Source: HHS.gov
38
Case Example #1
Pharmacy Chain Institutes New Safeguards for PHI in Pseudoephedrine Log BooksIssue: Safeguards
∗ A grocery store based pharmacy chain maintained pseudoephedrine log books containing protected health information in a manner so that individual protected health information was visible to the public at the pharmacy counter. Initially, the pharmacy chain refused to acknowledge that the log books contained protected health information. OCR issued a written analysis and a demand for compliance. Among other corrective actions to resolve the specific issues in the case, OCR required that the pharmacy chain implement national policies and procedures to safeguard the log books. Moreover, the entity was required to train of all staff on the revised policy. The chain acknowledged that log books contained protected health information and implemented the required changes.
Source: HHS.gov
39
Case Example #2
Pharmacy Chain Revises Process for Disclosures to Law EnforcementIssue: Impermissible Uses and Disclosures
∗ A chain pharmacy disclosed protected health information to municipal law enforcement officials in a manner that did not conform to the provisions of the Privacy Rule. Among other corrective actions to resolve the specific issues in the case, OCR required this chain to revise its national policy regarding law enforcement's access to patient protected health information to comply with the Privacy Rule requirements, including that disclosures of protected health information to law enforcement only be made in response to written requests from law enforcement officials, unless state law requires otherwise. The revised policy was implemented in the chains' stores nationwide.
Source: HHS.gov
40
Case Example #3
State Hospital Sanctions Employees for Disclosing Patient's PHIIssue: Impermissible Disclosure
∗ A nurse and an orderly at a state hospital discussed the HIV/AIDS status of a patient and the patient's spouse within earshot of other patients without making reasonable efforts to prevent the disclosure. Upon learning of the incident, the hospital placed both employees on leave; the orderly resigned his employment shortly thereafter. Among other actions taken to satisfactorily resolve this matter, the hospital took further disciplinary action with the nurse, which included: documenting the employee record with a memo of the incident; one year probation; referral for peer review; and further training on HIPAA Privacy. In addition to corrective action taken under the Privacy Rule, the state attorney general's office entered into a monetary settlement agreement with the patient.
Source: HHS.gov
41
Case Example #4
∗ Releasing health information can be punishable
∗ Don’t discuss health information about prisoners in the visiting or break rooms
∗ Protect computer passwords, files and from others viewing the screen
If a prisoner asks you for protected information, refer the
person to the Health Information Manager.
42
Remember…..
∗ This completes the Confidentiality training course.
∗ In order to receive training credit you will need to complete the Prisoner Rights Post Test with a score of 70% or better.
∗ This test is located on the same page where you started this course. Click on the link titled Confidentiality Post Test and follow the Instructions.
∗ You must attach the course certificate that contains your test score to a CAR-854 to receive credit.
43