Documentation in Acute Care Chapter 5 Accreditation and Regulatory Requirements for Acute Care...

transcript

Documentation in Acute Care

Chapter 5Accreditation and Regulatory Requirements for Acute Care Documentation

Mandatory Requirements for Acute Care• Federal statutes and regulations

• State statues and regulations

• County and municipal ordinances and codes

• State and federal judicial decisions

Legal definitions

• Statute – a piece of legislation written and approved by a state or federal legislature and then signed into law by the president or the state’s governor

• Regulation – a rule established by ad administrative agency of government

Legal definitions – cont’d

• Municipal ordinance/code – a rule established by a local government

• Judicial decision – a ruling handed down by a court to settle a legal dispute.

Voluntary Requirements for Acute Care • Accreditation organizations – JCAHO,

CARF, etc

• Professional certification organizations – AHIMA, AMA, etc

• Standards development organizations – ASTM, HL7, etc

General Legal Requirements for the Acute Care Record• The use of the health records and

confidential healthcare information in legal proceedings

• The form and content of health records and confidential healthcare information

• The ownership and control of health records and confidential healthcare information

Health Records as Legal Documents• The health record is generally considered

a business record, and has been admissible as evidence in legal proceedings

• To be admissible in court, the health record must represent one of the persons involved in the legal proceedings.

Legal requests for records:

• Subpoena

• Subpoena duces tecum

• Court order

Form and Content of Health Records• Regulations are usually developed by the

state administrative agency responsible for licensing hospitals and other healthcare regulations– Records must be maintained– Records are complete and accurate– Public health reporting, i.e. vital statistics,

communicable diseases

Ownership and Control of Health Records• Generally considered the property of the

hospital or healthcare provider that maintains the records.

• Must remain under the facility’s physical control

• Patients have the right to control how the personal information in their health records is used to review, copy, and correct the records when necessary

Other Health Record Control Issues

• Release and disclosure

• Redisclosure

• Retention/destruction

Release and Disclosure of Confidential Health Records• Health Insurance Portability and

Accountability Act (HIPAA) – The patient’s formal consent is not required to

use health information for therapeutic, reimbursement, operational, and reporting purposes.

– Formal consent is required to release or disclose patient information for any other reason.

Redisclosure

• The process of disclosing health record documentation originally created by a different provider.

• Redisclosure guidelines follow the same principles as the release and disclosure guidelines.

Retention of Health Records

• State laws

• Statute of limitations

• Several other records of patient care should be maintained permanently:– Master patient index– Register of births– Register of deaths– Register of surgical procedures

Destruction of Health Records

• Paper documents: burning, shredding, pulping, and pulverizing

• Micrographic film: recycling and pulverizing

• Optical disks: pulverizing

• Electronic documents: magnetic degaussing

• Magnetic tapes: magnetic degaussing

Certificate of Destruction

• Date of destruction• Method of destruction• Description of the record(s) destroyed,

including health record numbers• Statement that the record(s) was

destroyed during the normal course of business

• Signatures of the individuals who authorized and witnessed the destruction

State and Local Licensure Requirement• Developing hospital operating standards

• Issuing licenses to hospitals that meet the standards

• Monitoring hospital compliance with the standard

• Sanctioning hospitals that do not comply with the standards

Medicare and Medicaid

• Established in 1965 by an amendment to the Social Security Act of 1935.

• The Centers for Medicare and Medicaid Services (CMS) administers the Medicare program and the federal portion of the Medicaid program.

• Local Medicaid programs are administered by agencies within individual state governments.

Medicaid Participation

• Voluntary for healthcare professionals and organizations

• Hospitals that choose to participate must apply to the state agency that administers the Medicaid program in their area.

• Annual surveys are conducted by most states to confirm hospital compliance with Medicaid regulations.

Medicare Conditions of Participation• Participation is voluntary, however few

hospitals would be able to survive economically if they did not provide services to Medicare beneficiaries.

• Published under title 42, part 482 of the Code of Federal Regulations.

• Current version became effective, 1/1/2003.

Medicare Conditions of Participation Standards• Address the organization and staffing of

the HIM department.

• Address health record format and retention requirements.

• Describes content requirements for acute care documentation

• Requires hospitals to protect the personal and medical rights of patients.

Medicare Conditions of Participation Standards• Other sections that include documentation

requirements:– Medical Staff– Nursing Services– Radiology Services– Laboratory Services– Discharge Planning– Surgical Services– Anesthesia Services– Nuclear Medicine Services

Deemed Status

• Granted by Medicare to hospitals that are accredited by JCAHO or AOA’s accreditation programs.

• CMS requires that approximately 10% of the hospital’s with deemed status undergo a Medicare validation survey.

Health Insurance Portability and Accountability Act (HIPAA)• Implemented April, 2003

• Apply to healthcare facilities, professionals, health plans, and health information clearinghouses that transmit healthcare information electronically

HIPAA defines health information

• Any information that is created or received by a healthcare provider in relation to:– The past, present, or future physical or mental

health of an individual– The provision of healthcare services to an

individual– The past, present, or future payment for

healthcare services provided to the individual

HIPAA Privacy Standard – A healthcare organization:• Can use or disclose confidential patient

information for purposes related to its own treatment, reimbursement, and healthcare operations.

• Can disclose patient information to another healthcare provider for purposes related to the patient’s treatment.

• Can disclose patient information to another healthcare provider or covered organization for purposes related to reimbursement for services provided to the patient.

HIPAA Privacy Standard – A healthcare organization:• Can disclose patient information to another

covered organization for purposes related to the healthcare operations of the other organization when both organizations have or had a relationship with the individual who is the subject of protected information being requested.

• That is part of an organized healthcare delivery system can disclose protected health information to another organization within the system for purposes related to the healthcare operations of the system.

HIPAA Privacy Standard preempts state laws except when:• An exception is made by the secretary of HHS• A provision in state law is more stringent than

the federal standard• The state law relates to public health

surveillance and reporting• The state law relates to reporting for the purpose

of management or financial audits, program monitoring and evaluation, and licensure or certification of facilities or individuals.

Requirements for Release and Disclosure • Hospital policy must identify the uses and

disclosures for which authorization is required.

• Hospital policy must specify who may authorize disclosure on behalf of an individual patient.

• Hospital policy must provide special protections for psychotherapy notes.

Requirements for Release and Disclosure• Hospital policy must establish limitations on the

use of protected health information for fund-raising and must provide a mechanism that allows individuals to opt out of fund-raising communications.

• Hospital policy must establish the requirements for the deidentification of protected health information before it can be released without the patient’s authorization.

Requirements for Release and Disclosure• Hospital policy must establish a standard to limit

the amount of information used or disclosed to the minimum necessary to accomplish the intended purpose.

• Hospital policy must establish classes of personnel who need access to protected health information, the specific categories of information each class needs, and the conditions under which access is appropriate.

Minimum necessary standard

• Requires the healthcare facility to identify individuals or classes of individuals in its workforce who need access to protected health information.

Authorizations for Disclosure must contain:• A specific and meaningful description of the

information to be used or disclosed• The name or other specific identification of the

person(s) or class of persons authorized to disclose the information

• An expiration date or event that relates to the individual or the purpose of the disclosure

• A statement of the individual’s right to revoke the authorization

Authorizations for Disclosure must contain:• A statement describing the exceptions to the

right of revocation• A description of how the individual may revoke

the authorization• A statement that information disclosed according

to the authorization may be subject to redisclosure by the recipient and so would not longer be protected

• The signature of the individual and the date

Authorization is considered invalid if:• The expiration date or event has already passed• The authorization has not been filled out

completely• The covered party knows that the authorization

has been revoked• The authorization lacks one or more of the

required elements• The authorization is a prohibited type of

authorization or covers more than one request• The covered entity knows that part of all of the

information in the authorization is false

HIPAA Security Standard

• Calls for providers to develop security policies, procedures, contracts, and plans.

• Requires the implementation of physical and technical safeguards to protect confidential health records and information.

Physical safeguards include:

• Environmental safety systems such as fire alarms, smoke detectors, and sprinkler systems

• Surveillance systems and other methods of controlling and monitoring access to the facility

• Media control systems that prevent unauthorized access to computer equipment and work stations

Technical Security Mechanisms and Procedures• Access control technology

• Data authentication

• Audit trails

• Encryption technology

HIPAA Administrative Requirements• Every facility must designate a specific

individual to manage its privacy program

• Every facility must designate a specific to answer requests for privacy information and respond to privacy-related complaints

• Every facility must train its employees and medical staff on the provisions of its privacy and security policies

HIPAA Administrative Requirements – cont’d• Every facility must establish appropriate

administrative, technical, and physical safeguards to protect confidential health information

• Every facility must develop contingency plans that address information system backup, disaster recovery, and emergency operating procedures

• Every facility must establish health record content and clinical documentation policies and procedures

HIPAA Administrative Requirements – cont’d• Every facility must specify policies and

procedures related to privacy notifications, authorizations for disclosure, health record corrections and amendments, disclosure documentation, complaint handling, and overall HIPAA compliance

• Every facility establish the copying fees to be charged for disclosure

Special Protection Requirements

• Records of psychiatric care and psychotherapy

• Records of substance abuse treatment

• Records of HIV/AIDS diagnosis and treatment

• Records that contain genetic information

Psychiatric Care and Psychotherapy Records• Psychiatric records include two separate

records1. Official record – that documents the patient’s

care and treatment

2. Personal record – which documents the clinician’s experience and conversations with the patient

– Release of psychotherapy notes requires a specific authorization

Substance Abuse Treatment Records• The Alcohol Abuse and Alcoholism

Prevention, Treatment, and Rehabilitation Act

• The Drug Abuse Prevention, Treatment, and Rehabilitation Act

• Both passed in 1970, amended in 2000• Apply to programs operated, regulated, or

directly or indirectly funded by the federal government.

Records of HIV/AIDS Diagnosis and Treatment• Many states have HIV/AIDS reporting

requirements and antidiscrimination laws

• HIV Testing– Basically voluntary in US– May be mandatory for specific groups of

employees

Confidentiality Issues related to HIV/AIDS • Consent for testing

• General information on testing

• Reporting of test results

Records that contain Genetic Information• Protected under state health record

regulations

• HIPAA addresses health insurance discrimination based on genetic information

Accreditation Requirements for Acute Care Hospitals• Accreditation – a systematic quality review

process that evaluates the healthcare facility’s performance against preestablished written criteria, or standards.

• JACHO, AOA, CARF, AAAHC, NCQA

Joint Commission on Accreditation of Healthcare Organizations (JCAHO)

• Accredits over 17,000 healthcare organizations in the US

• Primary mission:– To continuously improve the safety and

quality of care provided to the public through the provision of health care accreditation and related services that support performance improvement in health care organizations.

Organizations eligible of JCAHO accreditation:• Acute care hospitals• Critical access

hospitals• Children’s hospitals• Psychiatric hospitals• Rehabilitation

hospitals• Ambulatory care

organizations

• Behavioral health organizations

• Home care agencies• Long-term for skilled

nursing facilities• Healthcare networks• Clinical laboratories

JCAHO’s Shared Visions-New Pathways• Implementation began, January, 2004

• Focuses on systems critical to the safety and quality of patient care, treatment, and services.

• Emphasis in JCAHO accreditation shifted away from triennial survey preparation to continuous improvement philosophy that applies to every area of the facility.

Elements of JCAHO accreditation manual• The standard – a concise statement of the

• The rationale for the standard – explains why achieving the goal in important

• The elements of performance (EPs) – the steps to be followed in meeting the goal

Scoring method applied to EPs

• 0 – Insufficient compliance

• 1 – Partial compliance

• 2 – Satisfactory compliance

• 3 – Not applicable

JCAHO’s Management of Information• Identification of the hospital’s information needs• Structure of the hospital’s information

management system• Processes for capturing, organizing, storing,

retrieving, processing, and analyzing clinical data and information

• Processes for transmitting, reporting, displaying, integrating, and using clinical data and information

• Processes for safeguarding the confidentiality and integrity of clinical data and information

JCAHO Sentinel Event Policy

• “An unexpected occurrence involving death or serious physical or psychological injury, or the risk thereof”

• Hospital’s need processes in place to identify and manage sentinel events

JCAHO Survey Process

• Periodic performance review (PPR) – an organizational self-assessment to be conducted at the halfway point between triennial on-site surveys.

• Followed by a telephone discussion with the hospital’s representative about a plan of action for shortcomings identified in the PPR.

JCAHO Survey Process

• Application is filed as hospital nears the end of its three-year accreditation cycle

• Priority focus process (PFP) – converts presurvey data into information that focuses survey activities, increases consistency in the accreditation process, and customizes the accreditation process to make it specific to the hospital.

PFP Sources of Information

• Core measure data

• Previous survey findings

• Sentinel event data

• Complaints about the hospital submitted to JCAHO

• Data submitted by the hospital

• External, publicly available data

Priority Focus Areas (PFAs)

• Processes, systems and structures that can have a substantial effect on patient care services.

JCAHO on-site survey agenda

• Opening conferences and orientation to the hospital

• Survey planning meeting

• Unit visits guided by priority focus information and patient tracers

• Assessment of the medical staff credentialing process

• Assessment of environments of care

JCAHO on-site survey agenda

• System tracer conferences

• Interviews with staff

• Interviews with hospital leaders

• Assessment with hospital leaders

• Assessment of standards compliance

• Environment-of-care issues resolution

• Exit conference

Tracer Methodology

• An evaluation that follows (traces) the hospital experiences of specific patients.

• Surveyors are able to evaluate ho well the hospital’s processes and departments work with each other.

• Surveyors interview the physicians and staff involved in each patient’s care as well as the patients themselves when possible.

JCAHO Accreditation Decisions

• Accredited

• Provisional accreditation

• Conditional accreditation

• Preliminary denial of accreditation

• Denial of accreditation

• Preliminary accreditation

American Osteopathic Association (AOA)• Primary certification agency for all

osteopathic physicians

• Accreditation agency for all osteopathic medical colleges and many osteopathic healthcare facilities

• Accreditation process initiated in 1945

• Healthcare Facilities Accreditation Program (HFAP)

Healthcare Facilities Accreditation Program accredits:• Laboratories• Ambulatory care

clinics• Ambulatory surgery

centers• Behavioral health and

substance abuse treatment facilities

• Physical rehabilitation facilities

• Acute care hospitals• Critical access

hospitals

Commission on Accreditation of Rehabilitation Facilities (CARF)• Healthcare accreditation programs in the

areas of:– Medical rehabilitation– Behavioral health– Adult day care and assisted living– Employment and community services

CARF Survey Process

• Scheduled in advance

• Opening conference

• Document review

• Interviews with program staff and patients

• Exit interview with organization’s leaders

CARF Accreditation Decision Process• Based on an objective assessment of the

facility’s performance compared to CARF standards.

• Standards Conformance Rating System– 0 Nonconformance– 1 Partial conformance– 2 Conformance– 3 Exemplary conformance

Other accreditation organizations

• Accreditation Association for Ambulatory Healthcare (AAAHC) – establishes standards for outpatient documentation that are similar to acute care documentation practices.

• National Committee for Quality Assurance (NCQA) – a private not-for-profit organization dedicated to improving health quality by conducting assessments of managed care and other healthcare programs in the US.

Corporate Negligence

• Legal doctrine established by a judicial decision in the Darling v. Charleston Community Hospital in 1965.

• The hospital’s governing boards have a “duty to establish mechanisms for the medical staff to evaluate, counsel, and when necessary, take action against an unreasonable risk of harm to a patient arising from the patient’s treatment by a personal physician.”

Credentialing Process

• Verification of the applicant’s undergraduate, medical, and postdoctoral education

• Verification of the applicant’s residency and fellowship training as well as continuing medical education

• Past and current medical staff appointments at other facilities

• Current state licenses to practice medicine

• Current specialty board certifications

• Current drug enforcement administration registration

• Documentation of professional liability insurance

• References and recommendations from the applicant’s professional peers

• Information on the applicant’s health status

• Past and current liability status

• Inquiries to two national databases:– National Practitioner Data Bank (NPDB)– Healthcare Integrity and Protection Data Bank

(HIPDB)

Privileging Process

• Granted by the governing board

• Authorize the practitioner to provide patient services in the hospital but only those service that fall within his/her areas of expertise.

Risk Management

• The process of overseeing the hospital’s internal medical, legal, and administrative operations with the goal of minimizing the hospital’s exposure to liability.

• Liability – the legal responsibility to compensate individuals for injuries and losses sustained as the result of negligence.

Reportable Incident

• An event that is considered to be inconsistent with accepted standards of care.

• Incident report – describes the occurrence, its time, date, and location, the identify of the individual or individuals involved, and the current condition of the individual(s) involved in the incident.

Health Data Standards

• Health care data sets (UHDDS, EMEDS, HEDIS, UACDS)

• Health Informatics Standards – uniform methods for collecting, maintaining, and/or transferring healthcare data among computer information systems

Standards Development Organizations• Design scientifically based models against

which structures, processes, and outcomes can be measured.– American National Standards Institute (ANSI)– United Nations International Standards

Organization (ISO)

Health Informatics Standards

• Vocabulary standards – to establish uniform definitions for clinical terms

• Structure and content standards – to establish clear descriptions of the data elements to be collected

• Transaction and messaging standards – to facilitate electronic data interchange (EDI) between independent computer information system

Health Informatics Standards

• Security standards – to ensure the confidentiality of patient-identifiable health information and to protect it from unauthorized disclosure, alteration, and destruction

• Identifier standards – to establish methods for assigning unique identifiers to individual patients, healthcare professionals, healthcare provider organizations, and healthcare vendors and suppliers

Health Informatics Standards organizations• Health Level Seven (HL7)

• EHR Collaborative

• American Society for Testing and Materials (ASTM)

• SNOMED Clinical Terms (SNOMED CT)

Internal Hospital Policies and Procedures• Policies – general written guidelines that

dictate behavior or direct and constrain decision making within the organization.

• Procedures – written instructions that detail how functions and processes are to be carried out.

General categories of hospital policies• Administration, including HIM

• Medical staff

• Nursing services

• Human resources

• Safety

• Environment of care