This Document Contains Chapters 9 to Appendix B CHAPTER 9 Confidentiality and Informed Consent Curriculum Crosswalk HIA program Domain: Information Protection: Access Disclosure Archival Privacy and Security Sub-domain: Health Law Competency: Identify laws and regulations applicable to health care Curricular considerations: • Health information laws and regulations ○ HIPAA, The Joint Commission, State laws • Health care legal terminology Sub-domain: Data Privacy Confidentiality and Security Competency: Analyze privacy, security and confidentiality policies and procedures for internal and external use and exchange of health information Curricular considerations: • Patient verification and identity management policies • Privacy, confidentiality, security principles, policies, and procedures, federal and state laws HIT program Domain: Information Protection: Access Disclosure Archival Privacy and Security Sub-domain: Health Law Competency: Apply health care legal terminology Curricular consideration: • Health care legal terminology Competency: Identify the use of legal documents Curricular considerations: • Health information/record laws and regulations ○ Consent for treatment, retention, privacy, patient rights, advocacy, health power of attorney, advance directions, DNR Sub-domain: Data Privacy Confidentiality and Security Competency: Apply confidentiality, privacy, and security measures and policies and procedures for internal and external use and exchange to protect electronic health information Curricular considerations: • Internal and external standards, regulations, and initiatives ○ State and federal privacy and security laws • Patient verification ○ Medical identity theft • Data security concepts • Security processes and monitoring Suggested Enrichment Activity Bloom’s Taxonomy level: Comprehension The chapter addresses the concepts of privacy and confidentiality. Ask the students to distinguish between a patient’s right to physical privacy and the right to expect the health care provider to maintain confidentiality of patient information. Answer Key for Review Questions 1. Compare and contrast confidentiality and privacy. Both deal with patient-specific health information. Privacy refers to the right to control information or the right to be left alone. In the health care context, it refers to the right of the patient to control information. Privacy is an inward-looking activity engaged in by the patient. Confidentiality refers to the obligation of the health care provider to protect patient-specific health information. The difference rests with who has what right or obligation. Confidentiality is an outward-looking activity engaged in by the health care provider. 2. What are open record statutes, and which federal law do they most closely follow? They are statutes at the state level that apply to records held by a state agency and apply a presumption of disclosure. These statutes correspond with the Freedom of Information Act (FOIA) on the federal level. 3. What are privacy statutes, and which federal law do they most closely follow? They are statutes at the state level that apply to government record-keeping activity and apply a presumption of confidentiality. These statutes correspond with the Privacy Act of 1974 on the federal level. 4. When does the physician–patient privilege apply, and what is its use? The privilege applies to the introduction of evidence at trial and is used to prevent the forced disclosure or testimony about information obtained by the health care provider during the course of treatment. 5. Describe the difficulties faced by an HIV/AIDS patient whose infected status is disclosed without the patient’s consent. Improper disclosure of HIV/AIDS status may result in adverse effects to the individual, including negative judgments about the individual’s character, friends, and family. 6. In what ways can the scope of the informed consent doctrine be measured? By who can consent to treatment, how much information the health care provider must disclose to the patient, and what situations require informed consent. 7. Define the terms living will and durable power of attorney for health care. A living will is a document that provides the patient’s direction as to medical care in the event the patient becomes incapacitated or unable to make personal decisions. A durable power of attorney for health care is a document that names someone to make health care decisions in the event the patient becomes incapacitated or unable to make personal decisions. 8. What generally defines an emergency situation in the context of informed consent? An emergency situation is present if the patient is unable to give consent, another person authorized to give consent on the patient’s behalf is unavailable, and/or a delay in treatment would likely result in death or serious bodily harm to the patient. 9. What perspectives are used to measure the professional disclosure standard and the reasonable person standard? The perspective of the patient applies to the reasonable patient standard whereas the perspective of the professional applies to the professional disclosure standard. Case Study You are the director of health information services at a medium-size health care facility providing general, emergency, and pediatric care. Because of downsizing and consolidation of managerial functions, you are also responsible for staff education in your facility. Discuss how you would structure and present an in-service program to staff members of various departments that addresses confidentiality policies and procedures of your facility, and the legal bases underlying these policies and procedures. Things to consider This problem assumes that the audience at the in-service program is a mix of the facility’s staff, as opposed to separate in-service programs for emergency services, and so forth. Building on that assumption, the program must be structured to address confidentiality on both a broad basis and regarding those areas of the facility that pose unique confidentiality concerns. In particular, the program must address questions of confidentiality in (1) an emergency room, which by its nature lends itself to eavesdropping, and (2) a pediatric ward, where relatives other than the parents may be seeking information. The legal underpinnings of confidentiality are addressed in constitutional provisions, federal and state statutes, and common law decisions. CHAPTER 10 Access to Health Information Curriculum Crosswalk HIA program Domain: Information Protection: Access Disclosure Archival Privacy and Security Sub-domain: Health Law Competency: Identify laws and regulations applicable to health care Curricular consideration: • Health care legal terminology Sub-domain: Release of Information Competency: Create policies and procedures to manage access and disclosure of personal health information Curricular considerations • Principles for releasing PHI • Required elements of an authorization Competency: Protect electronic health information through confidentiality and security measures, policies, and procedures Curricular consideration: • Audit techniques and principles HIT program Domain: Information Protection: Access Disclosure Archival Privacy and Security Sub-domain: Health Law Competency: Apply health care legal terminology Curricular consideration: • Health care legal terminology Competency: Identify the use of legal documents Curricular considerations: • Health information/record laws and regulations ○ Consent for treatment, retention, privacy, patient rights, advocacy, health power of attorney, advance directives, DNR Competency: Apply legal concepts and principles to the practice of HIM Curricular considerations: • Maintain a legally defensible health record Sub-domain: Data Privacy Confidentiality and Security Competency: Apply confidentiality, privacy and security measures and policies and procedures for internal and external use and exchange to protect electronic health information Curricular considerations: • Internal and external standards, regulations, and initiatives ○ State and federal privacy and security laws • Data security concepts • Security processes and monitoring Sub-domain: Release of Information Competency: Apply policies and procedures surrounding issues of access and disclosure of protected health information Curricular considerations: • Release patient specific data to authorized users • Access and disclosure policies and procedures Suggested Enrichment Activity Bloom’s Taxonomy level: Comprehension Ask the students to search the Internet regarding health record banks. After locating several, ask the students to create a chart outlining details of each bank, such as what level of security assurances and privacy assurances are offered (e.g., encryption, etc.) and what levels of control over PHI are afforded to the patient. Compare the findings detailed on the chart as part of a class discussion. Answer Key for Review Questions 1. What is the difference between confidential and nonconfidential information for purposes of access to patient-specific health information? The difference is the manner in which the information is provided. Confidential information is provided by the patient to the health care provider in the course of their confidential relationship. Nonconfidential information is provided by the patient without restriction, and is generally considered a matter of common knowledge. 2. To what extent do patients possess a right to the information contained in their health record? Explain your answer. The right of access falls within the middle of a continuum of ownership. While the health care provider owns the health record, the patient possesses a right of access to the information contained in the health record. 3. What is the difference between consent and authorization to use patient-specific health information? Consent refers to an agreement by the patient to allow the health care provider to use this information to carry out treatment, payment, and health care operations. Authorization refers to the permission for the health care provider to make specific disclosures not otherwise authorized by law. These specific disclosures do not include treatment, payment, and health care operations. 4. What is the preemption doctrine, and how does it apply to patient-specific health information? This doctrine states that certain matters are of such a national, as opposed to local, nature that federal laws preempt, or take precedence over, state laws. In such circumstances, the federal laws will apply. Under the HIPAA Privacy Rule, there is no preemption per se, so the health information professional must understand both the HIPAA Privacy Rule and any state provisions that are more stringent than HIPAA. 5. What are the minimum elements necessary to constitute a valid release of patient information? Nine elements are required, including: a. The individual’s name and identifying information; b. A specific and meaningful description of the information to be used or disclosed; c. The name or other specific identification of the person or class of persons authorized to make the requested use or disclosure; d. The name or other specific identification of the person or class of persons to whom the disclosure is to be made; e. An expiration date or expiration event that relates to the individual or purpose of the use or disclosure; f. A statement of the individual’s right to revoke the authorization, the exceptions to the right to revoke, and a description of the individual who may revoke the authorization; g. A statement that the information used or disclosed is subject to redisclosure and may lose its protected status; h. The signature and date of the individual; and i. If the authorization is signed by the individual’s personal representative, a description of the representative’s authority to act for the individual. 6. What defects may invalidate a release of patient information form? If the expiration date has passed or the expiration event is known to have occurred; if one of the core elements is missing or incomplete; if the authorization has been known to be revoked; if the authorization violates the compound authorization requirements; or if any information known by the receiver to be false is contained on the form. 7. What is a compound authorization, and when is it permitted? A compound authorization refers to an authorization for use or disclosure of patient-specific health information that is combined with another document. It is permitted in instances of combining both treatment and research, for psychotherapy notes, and in other instances where the health care provider has not conditioned the provision of treatment, payment, eligibility for benefits, or enrollment in a health plan on obtaining the authorization. 8. Who may grant authority to release information? Generally, the patient; a legal guardian or parent on behalf of a minor child; or the executor or administrator of an estate if the patient is deceased. 9. What is a redisclosure notice, and when is its use mandated? This is a statement placing the recipient of health information on notice that the information received may be used only for the stated purposes; that the recipient is barred from redisclosing the information to third parties without the patient’s authorization; and that the information should be destroyed after the stated purpose is fulfilled. The redisclosure notice is mandated when information relating to alcohol or drug abuse patients is released. 10. What limitations to the Federal Privacy Act exist in terms of a patient’s access to his or her own health information? The Federal Privacy Act only applies to facilities operated by the federal government and does not apply to health care facilities that receive federal funds, such as Medicare reimbursement. 11. How does a family member obtain access to a patient’s health information? A patient’s family may have access to a patient’s protected health information under the HIPAA Privacy Rule if the patient agrees, or is given an opportunity to object but does not do so, or if the health care provider can reasonably infer from the circumstances that the patient would not object to the disclosure. Covered entities must treat a patient’s personal representative as the patient for access purposes, absent an indication that the personal representative lacks authority to act on behalf of the patient. When the patient is an unemancipated minor, the parent, legal guardian, or person acting with parental rights may have access to PHI, unless the minor could lawfully obtain health care without parental consent (e.g., health care involving female reproductive rights); the covered entity must follow state law concerning disclosures. Under state law, a valid release of information is required. An exception applies where the family member has been appointed attorney in fact under a durable power of attorney for health care. 12. What is the name of the landmark document in the area of human research ethics? The Belmont Report. 13. What is an institutional review board (IRB) and what does it consider? A group formally designated by an institution to safeguard the rights and welfare of human subjects by reviewing, approving, and monitoring medical research. 14. Define a business associate, and explain how the HIPAA Privacy Rule applies to a business associate. A business associate is one who performs or assists in performing a function or activity involving the use or disclosure of individually identifiable health information on behalf of a covered entity. The HIPAA Privacy Rule is an assurance, manifested through a written agreement, that the business associate will safeguard this information disclosed to it by the covered entity. Provisions of the American Recovery and Reinvestment Act (ARRA) place an obligation on the health care provider to monitor the business associate’s compliance with the HIPAA Privacy Rule. Case Study A You are the director of health information services at a tertiary-care hospital. You and the director of emergency room services are jointly responsible for reporting instances of communicable disease, child abuse, and cancer to the appropriate state authority. You have just completed an audit of your institution’s reporting mechanism and discovered that the reporting requirements are not consistently met. The audit could not definitively establish whether the reporting never occurred or occurred but was not documented in the patient’s health record. Discuss what legal issues are present and what approaches you should take to resolve this problem. Things to consider 1. The law places a burden on the health care provider to report public health threats because the health care provider is on the front line, available to observe the threats firsthand. 2. State law establishing reporting requirements places a mandatory, not optional, burden on the health care provider. Failure to comply with the reporting requirements may subject the health care provider to sanctions and in the instance of reporting injuries caused by deadly weapons, may impede law enforcement efforts. 3. Steps to improve reporting include reexamination and/or revision of documentation and reporting policies. In-service education is in order for those health care providers who document public health threats and those who report the threats to the state’s department of health or similar agency. Increased auditing of the institution’s reporting mechanism should occur until the health information professional is convinced that the reporting requirements are consistently met. Case Study B You are the head of the health information management department at General Hospital. An FBI agent has arrived at your office with a search warrant in hand. He asks to speak with you about the hospital’s health records. How should you respond? Things to consider The first consideration is balancing the duty to cooperate with law enforcement officers with the obligation to the health care providers’ or organization’s legal counsel. If this balance is addressed in a policy of the provider or organization, the health information professional should follow the steps contained in the policy. If no such policy exists or the existing policy is inadequate, the health information professional should notify legal counsel for the provider or organization and seek guidance on what to say and what not to say. Until legal counsel has arrived on the premises, the professional should cooperate with the agent’s request to gather specific records and information while not answering any additional questions. The professional should determine whether the agent wishes to receive the originals or copies of the records in question and act accordingly. CHAPTER 11 Specialized Patient Records Curriculum Crosswalk HIA program Domain: Data Content Structure and Standards Sub-domain: Health Record Content and Documentation Competency: Verify that documentation in the health record supports the diagnosis and reflects the patient’s progress, clinical findings, and discharge status Curricular considerations: • Health record components ○ General requirements for documentation for all record types Competency: Compile organization-wide health record documentation guidelines Curricular considerations: • Standards and regulations for documentation ○ The Joint Commission, CARF, CMS • Health record documentation policies and procedures Competency: Interpret health information standards Curricular considerations: • Health information standards and regulations Domain: Information Protection: Access Disclosure Archival Privacy and Security Sub-domain: Health Law Competency: Identify laws and regulations applicable to health care Curricular consideration: • Health information laws and regulations ○ HIPAA, The Joint Commission, State laws • Health care legal terminology • Centers for Medicare and Medicaid Services (CMS) HIT program Domain: Data Content Structure and Standards Sub-domain: Health Record Content and Documentation Competency: Analyze the documentation in the health record to ensure it supports the diagnosis and reflects the patient’s progress, clinical findings, and discharge status Curricular considerations: • Content of health record • Documentation requirements of the health record Competency: Verify the documentation in the health record is timely, complete, and accurate Curricular considerations: • Documentation requirements of the health record for all record types • Acute, outpatient, LTC, rehab, behavioral health Domain: Information Protection: Access Disclosure Archival Privacy and Security Sub-domain: Health Law Competency: Apply health care legal terminology Curricular consideration: • Health care legal terminology Competency: Identify the use of legal documents Curricular considerations: • Health information/record laws and regulations ○ Consent for treatment, retention, privacy, patient rights, advocacy, health power of attorney, advance directives, DNR Competency: Apply legal concepts and principles to the practice of HIM Curricular considerations: • Maintain a legally defensible health record • Subpoenas, depositions, court orders, warrants Sub-domain: Data Privacy Confidentiality and Security Competency: Apply confidentiality, privacy, and security measures and policies and procedures for internal and external use and exchange to protect electronic health information Curricular considerations: • Internal and external standards, regulations and initiatives ○ State and federal privacy and security laws • Data security concepts • Security processes and monitoring Competency: Apply retention and destruction policies for health information Curricular consideration: • Data storage and retrieval Sub-domain: Release of Information Competency: Apply policies and procedures surrounding issues of access and disclosure of protected health information Curricular considerations: • Release patient specific data to authorized users • Access and disclosure policies and procedures Suggested Enrichment Activity: Bloom’s Taxonomy level: Comprehension Ask the students to trace the development of legal protections for genetic information. This tracing should include protections on both the federal and state levels and examples of these protections. This tracing can be done orally as a class with all members participating, on a discussion board with all members participating, or individually through written form. Answer Key for Review Questions 1. What are the types of specialized patient records covered in this chapter and their distinguishing characteristics? Specialized patient records include treatment for substance abuse or mental illness or in non-acute-care settings, such as the patient’s home. They are distinguished from general health records in that the nature of information presented in the record contains not only truly medical information but also therapeutic mental and emotional information. They also differ in that entries in the record are not only made by professionals who are licensed and certified but also by paraprofessionals, such as teachers. They also differ in that they are subject to stricter confidentiality requirements. 2. Why should substance abuse treatment programs comply with the regulations governing release of patient information? The programs are subject to enforcement mechanisms and criminal penalty in the event of a violation of regulations, a strong consideration for compliance. 3. What would influence a substance abuse program’s decision whether to make additional efforts beyond the governing regulations to safeguard the release of patient information? Because of the sensitive nature of the information involved, the consequences of improper disclosure or disclosure without the notice prohibiting redisclosure come at a greater cost to the patient. 4. Documentation of what types of situations may be present in a mental health or developmental disability context that may not be present in a general health record? Situations may include changes in a patient’s settings (from seclusion to use of restraints, privileges, passes, and discharge), significant legal events (commitment orders, interaction with police), the presence of suicide attempts, or restrictions on patient rights. 5. Why should genetic information be protected from access by the general public? Because of the potential for its misuse by employers, health insurers, and parents in child custody battles. 6. What is the definition of genetic information? Information about an individual or family obtained from a genetic test or an individual’s DNA sample. 7. How does the Health Insurance Portability and Accountability Act (HIPAA) apply to genetic information? HIPAA specifically prohibits genetic information, absent a diagnosis of a condition, from being considered a preexisting condition for health insurance purposes and prohibits health insurers from charging higher premiums because of the existence of genetic information. 8. What are the similarities and differences of voluntary testing, mandatory testing, and anonymous testing? All three types of testing detect HIV infection. Voluntary testing involves the consent of the individual to be tested. Mandatory testing involves the forcing of the individual to be tested, without the individual’s right to refuse. Anonymous testing is a form of voluntary testing, allowing the individual to maintain anonymity by using a unique identifier in lieu of signature on the consent form and name of the vial containing the blood sample. 9. What restrictions apply to the disclosure of a patient’s identity or test result? Confidentiality statutes and ethical guidelines. Case Study You are the director of health information services in a major medical center that maintains both a psychiatric unit and a substance abuse unit in addition to general medical and surgical units. Your facility plans to join a computer network with fifteen hospitals throughout the state, which will allow online access to laboratory data, regardless of which facility performed the lab work. None of the other fifteen facilities offer psychiatric or substance abuse treatment. Identify and discuss the confidentiality issues present with such a network in the light of the statutory, regulatory, and accrediting requirements governing patients treated in these units. Things to consider The general confidentiality principles would apply: Who should have access to what data for what purpose? Should the full lab data be available, or only an abstract of information? How do you track access to the lab data with computer terminals present throughout the network? In addition to the general confidentiality principles, patients treated in psychiatric and substance abuse units are subject to strict confidentiality protections, including restrictions on patient identification. Access to lab data as described in the case study will undoubtedly violate both federal and state law concerning restrictions on patient identification because mere status as a member of the network will not automatically authorize a health care provider at another facility access to otherwise restricted patient information. Under both state and federal regulations governing psychiatric and substance abuse units, the health care provider seeking access to the data would need to demonstrate that he or she plays a role in the patient’s care. CHAPTER 12 Risk Management, Quality Management, and Utilization Management Curriculum Crosswalk HIA program Domain: Informatics, Analytics, and Data Use Sub-domain: Information Integrity and Data Quality Competency: Perform quality assessment including quality management, data quality, and identification of best practices for health information systems Curricular considerations: • Data quality assessment and integrity • Patient and organization safety initiatives Domain: Revenue Management Sub-domain: Revenue Cycle and Reimbursement Competency: Implement processes for revenue cycle management and reporting Curricular consideration: • Utilization and resource management Domain: Compliance Sub-domain: Regulatory Competency: Appraise current laws and standards related to health information initiatives Curricular considerations: • Regulatory and licensure requirements • Patient safety Domain: Leadership Sub-domain: Change Management Competency: Interpret concepts of change management theories, techniques, and leadership Curricular consideration: • Risk exposure HIT program Domain: Revenue Management Sub-domain: Revenue Cycle and Reimbursement Competency: Apply policies and procedures for the use of data required in health care reimbursement Curricular considerations: • Utilization review/management ○ Case management Competency: Evaluate the revenue cycle management processes Curricular considerations: • Utilization review/management ○ Case management Domain: Compliance Sub-domain: Regulatory Competency: Analyze policies and procedures to ensure organizational compliance with regulations and standards Curricular considerations: • Internal and External standards, regulations, and initiatives ○ HIPAA, ARRQA, The Joint Commission, Quality Integrity Organizations, meaningful use • Risk management and patient safety Domain: Leadership Sub-domain: Work Design and Process Improvement Competency: Identify cost-saving and efficient means of achieving work processes and goals Curricular considerations: • Incident reports • Sentinel events Competency: Utilize data for facility-wide outcomes reporting for quality management and performance improvement Curricular consideration: • Shared governance Teaching Exercise Begin the lesson concerning incident reports by asking the students to construct a hypothetical incident report with you together as a class. Review the definition of an incident report found in the textbook, remind the students that what they describe should be clear, concise, and objective, and inform them what method you will use for participation (calling on each student, asking for volunteers, etc.). Using a surface all the students can see (e.g., the chalkboard or a shared online discussion board), scribe information from the students or ask the students to scribe the information themselves. While the incident described in this exercise is hypothetical, strive to make the students describe something that actually has happened or realistically could happen. Make sure they identify the parties involved and provide a description of the facts of the incident itself (time, date, and place of occurrence) along with the condition of the subject of the incident (patient, student, employee, friend, or relative), statements or observations of witnesses, and any responsive action taken. Students may build upon each other’s statements as necessary (e.g., one student identifies the parties involved, another describes the facts of the incident, and so forth). At the end of the exercise, review with the students the completed incident report. Suggested Enrichment Activity Bloom’s Taxonomy level: Analysis, synthesis, and evaluation To give students a more realistic understanding of incident reports, assign them a project to create an incident report based on something that happens in their school, home life, or work environment. Remind the students about the definition of an incident report in the textbook and ask them to translate that definition to their personal lives. For example, instead of a hospital, the organization may be the school or workplace. The students should select an incident that is not a routine matter and could or did result in injury to a person or damage to equipment or property. Instruct them that the incident report they create must be clear, concise, and objective, containing facts describing the incident itself, including the time, date, and place of occurrence, along with the condition of the subject of the incident (student, employee, friend, or relative), statements or observations of witnesses, and any responsive action taken. The formatting of the report is not as important as the content of the report, unless you require use of a particular template for incident reporting. Answer Key for Review Questions 1. What are the general principles of risk management? The general principles are twofold: 1. To identify areas of operational and financial risk or loss to the health care facility, its patients, visitors, and employees; and 2. To implement measures to lessen the effects of unavoidable risks and losses, prevent recurrences of those risks or losses, and cover inevitable losses at the lowest cost. 2. How does a properly documented health record reduce the risk of a health care facility? A properly documented health record benefits the health care facility’s defense in a lawsuit because it can be used to establish what did or did not happen in a particular case and whether the applicable standard of care was met. 3. Compare and contrast the ready availability of a health record in the risk-management context. Ready availability of a health record influences three areas: the use for patient care, access to health information by or on behalf of the patient, and retention of the health record. Failure to make the health record readily available may result in harm to the patient and exposure of the health care facility to liability (use for patient care). Careful management of requests for access to health records reduces the potential for liability due to improper disclosure of health information (access to health information by or on behalf of the patient). Retaining the health record for the minimum period specified under statute and regulation reduces the risk of a lawsuit for negligent loss of records (retention). 4. How does the concept of patient confidentiality relate to the concept of reducing risk? The failure of health care providers to respect confidentiality, combined with greater public awareness of the adverse effects of unauthorized disclosure of health information, impacts risk management through an increased number of lawsuits. 5. What are the advantages of completing an incident report as soon as practicable after an incident? Memories are fresh at the time of the incident, increasing the accuracy of the completed incident report. Additionally, a promptly completed incident report hastens its availability to the health care provider’s attorney, insurance carrier, and quality assurance department for review and evaluation. 6. What is a privilege, and how can it be waived? A privilege is the legal right to keep certain information confidential and protect it from subpoena, discovery, or introduction into evidence at trial. It can be waived if the confidentiality is breached, through either carelessness or deliberate disclosure by the party holding the privilege. 7. Explain the concept of a peer review committee and its duties. Peer review committees are composed of health care professionals who are charged with the responsibility for evaluating, maintaining, and/or monitoring the quality and utilization of health care services. They discharge this responsibility through audit and review of patient information against established guidelines. 8. What is the National Practitioner Data Bank, and how does a health care institution use the data it contains? It is a data bank that houses data concerning malpractice payments, licensure actions, and adverse actions such as the loss of staff privileges of physicians and dentists in all fifty states. This data bank is established pursuant to the Health Care Quality Improvement Act. Health care institutions use this data when determining an application for a position on the medical staff and once every two years for each medical staff member. Case Study You are a health information professional closely involved with risk management at General Hospital, a teaching institution. Beginning this July, the hospital will incorporate presentations by hospital employees into its Grand Rounds series of lectures. You have been asked to present the lecture covering risk management. Compose a presentation addressing the legal aspects of risk management, particularly concentrating on patient record requirements and incident reports. Things to consider Any presentation should include discussion about: 1. The growth and development of risk management in general and as applied to General Hospital. 2. Patient record requirements must address: (a) proper documentation, using examples of a properly documented health record and a poorly documented health record; (b) security concerns, including the active management of the availability of health records; and (c) confidentiality, focusing in particular on the risk of talking about patients in appropriate spots, such as hospital elevators. 3. Incident reports must address (a) what they are, (b) why they are necessary, (c) how to and how not to complete one, (d) how they are used, and (e) how to protect them from discovery. 4. An explanation of the attorney–client privilege in the context of incident reports. CHAPTER 13 Information Systems Curriculum Crosswalk HIA program Domain: Information Protection: Access, Disclosure, Archival Privacy and Security Sub-domain: Health Law Competency: Identify laws and regulations applicable to health care Curricular considerations: • Health information laws and regulations ○ HIPAA, The Joint Commission, State laws • Health care legal terminology • Centers for Medicare and Medicaid Services (CMS) Domain: Informatics, Analytics, and Data Use Sub-domain: Health Information Technologies Competency: Utilize technology for data collection, storage, analysis, and reporting of information Curricular consideration: • Health information archival and retrieval system Competency: Assess systems capabilities to meet regulatory requirements Curricular considerations: • Electronic signatures, data correction, audit logs Competency: Take part in the development of networks, including intranet and Internet applications Curricular considerations: • Communication technologies ○ Network—LANs, WANs, WLANs, VPNs • Internet technologies ○ Intranet, web-based systems, standards, SGML, XML Sub-domain: Information Integrity and Data Quality Competency: Discover threats to data integrity and validity Curricular considerations: • Intrusion detection systems, audit design and principle Competency: Implement policies and procedures to ensure data integrity internal and external to the enterprise Curricular considerations: • Authentication, encryption, password management HIT program Domain: Information Protection: Access, Disclosure, Archival, Privacy, and Security Sub-domain: Health Law Competency: Apply legal concepts and principles to the practice of HIM Curricular considerations: • Maintain a legally defensible health record Sub-domain: Data Privacy, Confidentiality, and Security Competency: Apply confidentiality, privacy, and security measures and policies and procedures for internal and external use and exchange to protect electronic health information Curricular considerations: • Internal and external standards, regulations and initiatives ○ State and federal privacy and security laws • Patient verification • Data security concepts • Security processes and monitoring Competency: Apply system security policies according to departmental and organizational data/information standards Curricular considerations: • Security processes and policies ○ Data/information standards Teaching Exercise Review the section of the text dealing with security issues, particularly as they relate to the risks associated with portable media/devices and off-site access to electronic protected health information (ePHI). Brainstorm with the students instances where a security breach may occur under seemingly innocent circumstances. To get the discussion started, use as an example the employee who brings his or her laptop computer to a coffee shop and excuses himself or herself to use the restroom without taking measures to shield the contents of the laptop screen from passersby. Brainstorm with the students what methods could be used to minimize risks in such a situation. Move to other examples of risk to ePHI offered by the students and brainstorm methods to minimize risk. Answers Key for Review Questions 1. What impact do licensing authorities and accrediting organizations have on a health care provider’s decision to adopt an electronic health record system? Because the federal government has not fully addressed the issues related to an electronic health record, state licensing authorities and accrediting organizations govern how the transformation to an electronic health record will occur. Licensing authorities and accrediting organizations may place requirements and limits upon an electronic health record, including specifications as to creation, storage, and authentication of health information electronically. 2. Define an electronic health record. An electronic health record is defined as an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff. 3. How is authentication represented in an electronic health record? By electronic signature. 4. What is admissibility, and how does it apply to the electronic health record? Admissibility concerns pertinent and proper evidence that may be considered by the judge and/or jury when deciding the issues in a lawsuit. It applies to the electronic health record in the context of submission of a computer printout as evidence in court of patient care. 5. What protections from the physical environment should be in place to protect an electronic health record? Protections such as: temperature and humidity controls; power surge and failure protection devices; fire alarms and storage of magnetic media in fireproof locations and locked areas to prevent theft; use of maintenance documents and logs; computer terminals bolted to desks; and limitations on access to computer terminals and storage areas. 6. What steps should be taken to ensure personnel security in an electronic health record environment? Protections such as: ordinary reference checks; screening for past criminal history, work-related problems, or a high school or college record of computer hacking; and continuing education of staff. 7. How does the business associate rule apply to the electronic health record? Some electronic health records are maintained and/or stored by computer service bureaus. These bureaus are not employees of the health care provider, but rather are subject to business contracts. They qualify as a business associate under the Health Insurance Portability and Accountability Act (HIPAA) and its accompanying regulations. 8. What efforts should the health information professional take to safeguard portable computers and personal digital assistants? The health information professional should establish or improve control over these devices, provide employees with theft awareness instructions, and invest in certain computer accessories designed to make theft less profitable. 9. Discuss the concept of computer sabotage and how the dangers it poses can be minimized. Computer sabotage may take the form of introduction of a computer virus into a computer system or the altering of data by hackers. These dangers can be minimized by considering whether or not to participate in a computer network, busing antivirus software and firewalls, and by limiting the number of access attempts. Case Study General Hospital has determined that within three years, the paper-based health record it currently uses will be replaced with an electronic health record. General Hospital prefers to have a vendor install a computer system that allows for some tailoring to its institutional needs. You are a member of a committee that will evaluate and select the computer system. What legal issues should you raise to the committee and hospital about possible barriers and problems to implementing an electronic health record? Assuming those barriers and problems are resolved, what legal issues should you address with the committee and hospital in the evaluation and selection process? Things to consider Issues of possible barriers that should be raised to the committee include: 1. Does the state licensing authority permit the creation and storage of an electronic health record? 2. Does the state licensing authority specify authentication of a certain type, such as a physician’s written signature? 3. Does the court system governing the health care provider accept a computer printout as evidence in a court case? Issues in the selection process include: 1. Physical security concerns 2. Personnel security concerns, including ongoing educational programs for health care employees 3. HIPAA security concerns 4. Risk-prevention techniques, such as audit trails of in-house use, restrictions on access and use of patient health information by the vendor selling and servicing the computer system, and restrictions on computer networks CHAPTER 14 Health Care Fraud and Abuse Curriculum Crosswalk HIA program Domain: Compliance Sub-domain: Regulatory Competency: Appraise current laws and standards related to health information initiatives Curricular considerations: • Compliance strategies and reporting • Regulatory and licensure requirements • Elements of compliance programs • Patient safety Competency: Determine processes for compliance with current laws and standards related to health information initiatives and revenue cycle Curricular considerations: • Policies and procedures • Non-retaliation policies • Auditing and monitoring Sub-domain: Coding Competency: Construct and maintain processes, policies, and procedures to ensure the accuracy of coded data based on established guidelines Curricular consideration: • Federal compliance guidelines Sub-domain: Fraud surveillance Competency: Determine policies and procedures to monitor abuse or fraudulent trends Curricular consideration: • Fraud detection Domain: Information Protection: Access Disclosure Archival Privacy and Security Sub-domain: Health Law Competency: Identify laws and regulations applicable to health care Curricular considerations: • Health information laws and regulations • HIPAA, The Joint Commission, state laws • Health care legal terminology • Centers for Medicare and Medicaid Services (CMS) Competency: Analyze legal concepts and principles to the practice of HIM Curricular consideration: • Legal principles HIT program Domain: Compliance Sub-domain: Regulatory Competency: Analyze policies and procedures to ensure organizational compliance with regulations and standards Curricular considerations: • Internal and external standards, regulations, and initiatives ○ HIPAA, ARRA, The Joint Commission, Quality Integrity Organizations, meaningful use Competency: Adhere to the legal and regulatory requirements related to health information management Curricular considerations: • Legislative and regulatory process ○ Coding quality monitoring, compliance strategies, and reporting Sub-domain: Fraud surveillance Competency: Identify potential abuse or fraudulent trends through data analysis Curricular considerations: • False Claims Act, • Whistle-blower, STARK, Anti-kickback, unbundling, upcoding • Role of OIG, RAC ○ Fraud/Abuse Domain: Information Protection: Access Disclosure Archival Privacy and Security Sub-domain: Health Law Competency: Apply health care legal terminology Curricular consideration: • Health care legal terminology Competency: Apply legal concepts and principles to the practice of HIM Curricular consideration: • Maintain a legally defensible health record Suggested Enrichment Activity: Bloom’s Taxonomy level: Application and analysis Ask the students to locate on the Web site of the Office of Inspector General of the U.S. Department of Health and Human Services (http://www.oig.hhs.gov/compliance/compliance-guidance/index.asp) various compliance program guidelines. The students should compare similarities and contrast differences between the various program guidelines (e.g., hospital vs. physician offices). Answer Key for Review Questions 1. What forms of fraud and abuse may be present in a health care setting? Forms may include the areas of false claims and billing practices, and the use of kickback schemes. 2. What do the terms upcoding and unbundling mean? Upcoding means to submit a bill for a higher level of reimbursement than actually rendered in order to receive a higher reimbursement. Unbundling means to submit separate bills for each component of a procedure instead of using the proper procedural code for the entire procedure, resulting in a higher reimbursement rate to the health care provider. 3. What is the False Claims Act, and how does it apply to the health care setting? The False Claims Act is used to prosecute individuals and organizations that supply inferior products or cheat the government outright. It applies to the health care setting in the Medicare and Medicaid context, looking at false statements or claims used to achieve reimbursement by the government. 4. Name two remedies the federal government may use in a fraud and abuse case, and explain their application. Civil money penalties may be imposed along with exclusion from participation in Medicare and all other federally financed health care programs. 5. Name the federal law enforcement agencies that share responsibility for prosecuting health care fraud and abuse and explain their role. The Office of the Inspector General (OIG) investigates fraud associated with the Medicare and Medicaid programs. The Postal Inspection Service investigates fraud schemes involving the U.S. mail system. The Defense Criminal Investigative Service (DCIS) investigates fraud schemes committed against the military’s health insurance programs. The FBI works with all of these agencies and also acts on complaints received through calls, letters, visits from the public, or efforts of whistle-blowers. 6. Compare and contrast the approaches to the establishment of a compliance program. All compliance programs ensure effective internal controls promoting adherence to applicable state, local, and federal laws and regulations and the program requirements of federal, state, and private health plans. An ethics-based approach encourages compliance as a form of good behavior and voluntary improvement. A minimum legal requirements approach encourages compliance to avoid or minimize penalties or punishment. 7. What are the benefits to a health care provider that develops an effective compliance program? The health care provider reduces his or her exposure to civil damages and penalties, criminal sanctions, and administrative remedies. Also, the provider achieves a greater ability to assess and improve patient services and create a centralized internal mechanism for distributing information. 8. How does a corporate compliance program differ from a corporate integrity agreement? A corporate compliance program is an internal program/document that is adopted by the health care entity voluntarily. By contrast, a corporate integrity agreement is an external document that is imposed upon the health care entity at the direction of the government. Often, corporate integrity agreements are more stringent and expensive for the health care entity to maintain than a compliance program. Case Study A You are in charge of Anywhere Hospital’s compliance program. As part of the Hospital’s orientation program, you provide an overview of the compliance program to new employees. Outline what information you will include in your presentation. Things to consider You should outline your presentation to include the following points: 1. The concept of compliance has been a feature of health care for decades, with many members of the health care team playing a role. 2. A prominent player of the team for many decades has been the health information professional. 3. Define what is meant by the terms compliance and compliance programs. 4. Explain the two approaches to developing a compliance program (ethics-based and minimum legal requirements approach). Stress that Hospital’s approach is the ethics-based approach. 5. Provide an outline of the elements of Hospital’s program (see Table 14.5 for guidance). 6. Explain what the Federal Trade Commission’s Red Flag Rules are and their interplay with medical identity theft. 7. Provide an example of how not to comply with protecting health information (use the CVS Pharmacies case example in the text). 8. As an option, identify tools Hospital may use to combat fraud (e.g., automated software coding programs). 9. Address the consequences of not complying with Hospital’s compliance program. Case Study B You are the head of the health information management department at General Hospital. An FBI agent has arrived at your office with a search warrant in hand. He asks to speak with you about the Hospital’s health records. How should you respond? Things to consider Among the first considerations is the application of the HIPAA Privacy Rule. Pursuant to this rule, disclosure of protected health information may be made for law enforcement purposes if the covered entity is presented with a court-ordered warrant, as in this case. The HIM director should balance the interests of the hospital with the interest of complying with the FBI’s request. Among the first actions taken, the HIM director should notify the Hospital’s general counsel that the FBI agent has presented a search warrant and seek direction. If no direction is given other than to cooperate with the agent’s request, the HIM should follow HIPAA to provide the data as limited by the terms of the search warrant. CHAPTER 15 Law and Ethics in the Workplace Curriculum Crosswalk HIA program Domain: Information Protection: Access Disclosure Archival Privacy and Security Sub-domain: Health Law Competency: Identify laws and regulations applicable to health care Curricular considerations: • Health care terminology Competency: Analyze legal concepts and principles to the practice of HIM Curricular considerations: • Legal principles Domain: Leadership Sub-domain: Human Resources Management Competency: Ensure compliance with employment laws Curricular considerations: • Employment laws, labor laws ○ Federal and state Sub-domain: Ethics Competency: Create programs and policies that support a culture of diversity Curricular considerations: • Diversity awareness training programs: age, race, sexual orientation, education, work experience, geographic location, disability • Regulations such as ADA, EEOC HIT program Domain: Information Protection: Access Disclosure Archival Privacy and Security Sub-domain: Health Law Competency: Apply health care legal terminology Curricular consideration: • Health care legal terminology Domain: Leadership Sub-domain: Human Resources Management Competency: Interpret compliance with local, state, federal labor regulations Curricular considerations: • Labor/Employment laws Sub-domain: Ethics Competency: Create programs and policies that support a culture of diversity Curricular consideration: • Diversity awareness training programs: age, race, sexual orientation, education, work experience, geographic location, disability. • Regulations such as ADA, EEOC Suggested Enrichment Activity Bloom’s Taxonomy level: Application and analysis Photocopy or make an image of the I-9 form located in Figure 15.1. Ask the students to group into pairs and role-play completing the I-9 form in class. One student should play the prospective employee, the other the prospective employer. Once completed, ask the students to reverse roles and complete the I-9 form. Answer Key for Review Questions 1. How does the employer–employee relationship differ from the employer–independent contractor relationship? The level of control exerted by the employer is the main difference between the two relationships. Under the employer–employee relationship, the employer exercises considerable control over the employee’s means, manner, and method of completing work. By contrast, under the employer–independent contractor relationship, the employer’s control is limited to the results or product of the independent contractor’s work. 2. How can the content of an employers’ handbook affect the employment-at-will doctrine? Some states have concluded that phrases contained in an employer’s handbook may create an implied contract of employment. As such, the implied contract may limit the employer’s right to hire, fire, promote, and demote employees. 3. How do anti-discrimination laws relate to ethics? Anti-discrimination laws are based on the ethical concepts of justice and rights. Justice requires treating all people with fairness, while the concept of rights addresses a just claim or entitlement that others are obliged to respect. Anti-discrimination laws build on both of these concepts by creating standards that require applying fair treatment to all employees plus providing a basis upon which an employee may seek redress in a court of law. 4. What is the most challenging aspect for an employer complying with the ADA, and why? The most challenging aspect is determining the reasonable accommodations for qualified individuals with disabilities. The challenge is trying to balance the reasonable accommodation against the possibility of undue hardship to the employer. 5. What legal protections are afforded at the federal level to protect genetic information? Two federal laws serve to protect genetic information: the Health Insurance Portability and Accountability Act (HIPAA) and the Genetic Information Non-discrimination Act (GINA). An executive order adds protections in the hiring and promotion actions of federal employees in the executive branch. 6. What role do ethics play in workplace protections? Many of the laws addressing workplace protections find their basis in the ethical theory of utilitarianism. Utilitarianism proposes that everyone, including persons, organizations, and society in general, should make choices promoting conditions that would allow an individual to seek the greatest amount of happiness or benefits. Laws offering workplace protections are consistent with utilitarianism because these laws promote conditions that are desirable and bring about good ends for the largest amount of people. 7. What is a workers’ compensation program and who is benefited by it? A workers’ compensation program is a program designed to replace income and provide medical expense to employees who are injured, become ill, or die as a result of their jobs. This program benefits not only employees and their dependents, but also offers protection to employers from being sued for those injuries, illnesses, or deaths that occur on the job and are covered by the workers’ compensation program. Case Study Anywhere Hospital recently experienced negative publicity in the local community because of some unethical actions taken by a few of its employees concerning protected health information. The Hospital subsequently took disciplinary action against those employees. Hospital administration has asked you to serve as part of a task group to address ethical issues in the workplace. The work product your task force produces will be used to prevent recurrence of these unethical actions. What areas will you recommend the task force focus upon? Things to consider Several areas include those addressed in the chapter under the Ethics Application section; these areas may be raised as questions for resolution by the task force. The following questions serve as examples. If the hospital has a code of ethics/conduct, are employees aware of it? If the hospital does not have a code of ethics/conduct, should it develop one? Does the hospital have a compliance program? Are the employees aware of the compliance program and the laws, rules, regulations, and policies that govern their conduct as hospital employees? Do they understand the consequences of their actions in not adhering to the compliance program and the code of ethics/conduct, laws, rules, regulations, and policies? Do they understand the benefit from adhering to the compliance program and the code of ethics/conduct, laws, rules, regulations, and policies? Does the hospital train employees on not only the theories associated with the compliance program and the code of ethics/conduct, laws, rules, regulations, and policies, but on their application? Do the hospital’s procedures align with the compliance program and the code of ethics/conduct, laws, rules, regulations, and policies? Is the issue of ethics interwoven into all hospital policies and procedures? Are employees appraised on questions of ethics? Is there a mechanism for positive reinforcement of ethical behavior? Is there a mechanism to detect unethical behavior at the time of its occurrence or immediately thereafter? Is there a mechanism to deal with the unethical behavior as a personnel matter, as a licensing/credentialing matter, and as a public relations matter? Is there a mechanism in place to review and learn from past mistakes involving ethics? APPENDIX A Legal Scenarios Review each of the scenarios and identify: (a) the parties (plaintiff and defendant); (b) the area of law addressed (e.g., contract, nonintentional tort, etc.); and (c) the legal theory relied upon (e.g., false imprisonment, negligence, etc.). A. Acme Publishers recently published a book about prominent leaders in the southeast region of the United States and included a profile of Mr. T. A. Jefferson. Mr. Jefferson believes that the profile contains false statements and has caused injury to his reputation. Mr. Jefferson decides to sue. Parties: ___ Area of Law: ___ Legal Theory: ___ B. For several years, Molly Ryan and Susan Louis have been riding their horses along Route 100 as a form of recreation. One day they rode their horses past Mr. Avery’s home, which faces Route 100. Mr. Avery ran toward them, swinging his arms and yelling at them to get off of his land. Both Ms. Ryan and Ms. Louis responded that they were on a public road and had every right to be there. Upon hearing this, Mr. Avery became irate and hit Ms. Ryan’s horse in the jaw, causing her to lose control of the horse. As she regained control of the horse, Mr. Avery started throwing rocks at both horses. Both Ms. Ryan and Ms. Louis left the area immediately. Now Ms. Ryan wishes to sue. Parties: ___ Area of Law: ___ Legal Theory: ___ C. As part of a fitness effort, Beth Barnes joined the “All Day Fitness” health club by signing a one-year agreement. While Ms. Barnes was using the rowing machine at the club, the cord snapped and the handle smashed into her mouth. This occurred only one month after she signed the agreement. She suffered severe pain in her mouth and required several surgeries to repair the injury. She no longer attends the health club and has stopped making the monthly payments listed in her agreement. She now wishes to sue. Parties: ___ Area of Law: ___ Legal Theory: ____ D. Two months ago, Esther Burling was sitting in her parked car in a parking lot when a cab from Emerson Cab Co. slammed into her car. Although she was stiff and shaken, she didn’t experience any immediate pain or injury to her body. Her car, however, was totaled. Ms. Burling signed a settlement agreement with Emerson Cab Co.’s insurer, Meridian Insurance Co., demanding and accepting payment of full market value for her car. The settlement agreement contained a clause that released Meridian and Emerson Cab Co. from any liability for future injuries or claims by Ms. Burling. She has determined that the back problems she now suffers from are a result of the accident. Ms. Burling decides to sue. Parties: ___ Area of Law: ___ Legal Theory: ____ E. Karen McGraw has lived on her land for 25 years. A fence separates her lot from her neighbor’s lot immediately to the west. For almost 25 years, she and her neighbor split the costs of any expenses related to the fence. A new neighbor, Chris Turlow, has moved into the lot following the death of Ms. McGraw’s longtime neighbor. Ms. McGraw contacted Mr. Turlow about the need to build a new fence, but Mr. Turlow never committed to sharing the expenses. Ms. McGraw went ahead and replaced the fence at her own expense. Mr. Turlow has refused Ms. McGraw’s request to reimburse her for half of the fence bill. Ms. McGraw now wishes to sue. Parties: ___ Area of Law: ___ Legal Theory: ____ Legal Scenarios Answer Key Review each of the scenarios and identify: (a) the parties (plaintiff and defendant); (b) the area of law addressed (e.g., contract, nonintentional tort, etc.); and (c) the legal theory relied upon (e.g., false imprisonment, negligence, etc.). A. Acme Publishers recently published a book about prominent leaders in the southeast region of the United States and included a profile of Mr. T. A. Jefferson. Mr. Jefferson believes that the profile contains false statements and has caused injury to his reputation. Mr. Jefferson decides to sue. Parties: Jefferson (Plaintiff), Acme Publishers(Defendant) Area of Law: Intentional Legal Theory: Defamation (this is libel because it involves printed material). Case citation: Bello v. Random House, 422 S.W.2d 339 (Mo. 1967). B. For several years, Molly Ryan and Susan Louis have been riding their horses along Route 100 as a form of recreation. One day they rode their horses past Mr. Avery’s home, which faces Route 100. Mr. Avery ran toward them, swinging his arms and yelling at them to get off of his land. Both Ms. Ryan and Ms. Louis responded that they were on a public road and had every right to be there. Upon hearing this, Mr. Avery became irate and hit Ms. Ryan’s horse in the jaw, causing her to lose control of the horse. As she regained control of the horse, Mr. Avery started throwing rocks at both horses. Both Ms. Ryan and Ms. Louis left the area immediately. Now Ms. Ryan wishes to sue. Parties: Ryan (Plaintiff), Avery (Defendant) Area of Law: Intentional tort Legal Theory: Assault (no need to show actual injury to allege assault, only fear of injury). Case citation: Van Eaton v. Thon, 764 S.W.2d 674. C. As part of a fitness effort, Beth Barnes joined the “All Day Fitness” health club by signing a one-year agreement. While Ms. Barnes was using the rowing machine at the club, the cord snapped and the handle smashed into her mouth. This occurred only one month after she signed the agreement. She suffered severe pain in her mouth and required several surgeries to repair the injury. She no longer attends the health club and has stopped making the monthly payments listed in her agreement. She now wishes to sue. Parties: Barnes (Plaintiff), All Day Fitness (Defendant) Area of Law: Contract and nonintentional Legal Theory: Breach of contract (express contract she should no longer be bound by because the equipment was not in working order) and negligence (breach of the duty of care to maintain equipment in working order). Case citation: Alack v. Vic Tanny, 923 S.W.2d 330 (Mo. Banc 1999). D. Two months ago, Esther Burling was sitting in her parked car in a parking lot when a cab from Emerson Cab Co. slammed into her car. Although she was stiff and shaken, she didn’t experience any immediate pain or injury to her body. Her car, however, was totaled. Ms. Burling signed a settlement agreement with Emerson Cab Co.’s insurer, Meridian Insurance Co., demanding and accepting payment of full market value for her car. The settlement agreement contained a clause that released Meridian and Emerson Cab Co. from any liability for future injuries or claims by Ms. Burling. She has determined that the back problems she now suffers from are a result of the accident. Ms. Burling decides to sue. Parties: Burling (Plaintiff), Meridian Insurance Co. (Defendant) Area of Law: Contract Legal Theory: Breach of contract (law allows freedom to contract, even if the contract is a bad deal for Burling). Case citation: Sanger v. Yellow Cab Co., 486 S.W.2d 477 (Mo. Banc 1972). Students may suggest a negligence theory, relying upon the cab slamming into Ms. Burling’s car. This theory will not succeed because Burling signed a release of her claims. E. Karen McGraw has lived on her land for 25 years. A fence separates her lot from her neighbor’s lot immediately to the west. For almost 25 years, she and her neighbor split the costs of any expenses related to the fence. A new neighbor, Chris Turlow, has moved into the lot following the death of Ms. McGraw’s longtime neighbor. Ms. McGraw contacted Mr. Turlow about the need to build a new fence, but Mr. Turlow never committed to sharing the expenses. Ms. McGraw went ahead and replaced the fence at her own expense. Mr. Turlow has refused Ms. McGraw’s request to reimburse her for half of the fence bill. Ms. McGraw now wishes to sue. Parties: McGraw (Plaintiff), Turlow (Defendant) Area of Law: Contract Legal Theory: Breach of contract (explanation of express vs. implied contracts is warranted). Case citation: Dailing v. Hall 1 S.W.3d 490. APPENDIX B Ethical Scenarios For each of the following scenarios, apply the steps listed in Table 6.2 of the text, Steps in Ethical Decision Making. A. You are a member of a group planning your neighborhood’s annual block party. You are charged with creating a flyer describing the party and distributing it, by mail or door-to-door for those neighbors who are unwilling to share an e-mail address. You have over thirty neighbors who will need a flyer. You don’t have a copy machine and you will bear the expense of copying the flyer yourself. At your office, there is no security key on the copy machine nor is there a counter that keeps track of the number of copies made by department. You are tempted to make the copies you need using the company copy machine. Your company has a strict policy requiring use of office equipment for business purposes only. What should you do? B. You are employed in the Human Resources Department at Anywhere Hospital. Your good friend Kim is applying for a position with Hospital. Kim asks you for advice on how to prepare for an interview. You have access to the interview questions asked of all candidates and know that if Kim had access to the questions, she would be well prepared for an interview. What should you do? C. You work in Quality Control. Your department receives new computer equipment as part of a cyclical maintenance plan. Once a year, your department inventories the existing computer equipment that is in working order but is no longer needed and identifies the equipment as excess property. Excess computers are donated to a local elementary school. This year, your department has identified ten computers and peripheral accessories as excess property ready for donation. You are asked to deliver the excess property to the elementary school. In viewing the excess property, you note that the equipment is newer than the equipment you have at your home. You are tempted to switch out your home computer equipment with some of the excess property and then deliver the equipment to a local elementary school. What should you do? Solution Manual for Legal and Ethical Aspects of Health Information Management Dana C. McWay 9781285867380
Download
Close
Close
