Syllabus

Master of Science in Health Informatics

HIN 625 – Health Information Legislation, Compliance, Privacy and Security – Spring B 2017

Credits - 3

Description

This course will explore legislation and regulation relating to health informatics. The course will examine the major laws and agency regulations governing healthcare technology, data collection, management, and privacy, as well as the security standards required for healthcare and health-related organizations. Students will explore the intent behind, and ethical dimensions of, health informatics regulatory frameworks, using case studies of recent health information applications, security breaches, and challenges to interoperability. This course will also look ahead to the impact of future Health IT regulations.

Materials

Required

Brodnik, M. P. (2012). Fundamentals of law for health informatics and information management. Chicago, IL: American Health Information Management Association. ISBN: 978-1584260738

Murphy, S. (2015). Healthcare Information Security and Privacy 1st edition. McGraw-Hill/Osborne. ISBN: 978-0071831796 (print version) or 978-0071831826 (e-book version)

Learning Objectives and Outcomes

Program Outcomes addressed by this course:

  • Understand the complex system of legal and regulatory compliance that governs the healthcare system

Course Outcomes

  • Restate the foundations of the American legal systems as it pertains to healthcare, healthcare technology and data
  • Critique privacy standards in organizations, including HIPAA and HITECH
  • Defend the the legal standards of a legal medical record
  • Analyze the security of health information in a healthcare organization
  • Plan for a response to a cybercrime attack
  • Evaluate the use of healthcare data and technology against current applicable legislation and regulations

Assignments

 

Weekly Discussion Posts – Each week there will be a discussion board that addresses a topic within the current module. For each discussion board, you must submit an original post and respond to at least 2 posts from your colleagues.

Weekly Assignments – (Case studies, annotated bibliography) during weeks 1 through 5

Research Paper – due week 7

Course Schedule at a Glance 

Week Topics Readings, Videos, and Assignments Dates
1

Introduction to the Fundamentals of Law for Health Informatics

The Legal System in the United States

Brodnik Ch. 1, 2, 3, 4, & 5

Discussion Forum 

Case Study

3/1/2017 – 3/8/2017

2

Consent and Release of Information

Brodnik Ch.  7, 12

Discussion Forum 

Case Studies

3/8/2017 – 3/15/2017
3

Legal Health Record

Brodnik Ch. 8

Discussion Forum #3

Case Study

Annotated Bibliography

3/15/2017 – 3/22/2017
4

 

Corporate Compliance/Medical Staff Compliance

Brodnik Ch. 15, 16

Discussion Forum #4 

Case Study

3/22/2017 – 3/29/2017
5

HIPAA Privacy and Security Rules

Brodnik Ch. 9, 10, 11

Discussion Forum #5

Case Study

 3/29/2017 – 4/5/2017
6

Information Risk and Management

Murphy & Seymour Ch. 4, 5, & 6

Discussion Forum #6 

4/5/2017 – 4/12/2017  
7

Information Rights vs. Protection

Murphy & Seymour Ch. 7 & 8

Discussion Forum #7

Research Paper due

4/12/2017 – 4/19/2017
8

Cybersecurity Management

Murphy & Seymour Ch. 9, 10 & 11

Discussion Forum #8

4/19/2017 – 4/23/2017

Grading Policy

Your grade in this course will be determined by the following criteria:

Grade Breakdown

Assessment ItemPossible PointsPercent of Total Grade
Weekly Assignments, weeks 1, 2, 4, 511 points each44%
Weekly Assignments week 3 (2 short assignments)6 points each12%
Discussion Posts 3 points per discussion24%
Research Paper20 points20%
Total100 points100%

Grade Scale

Grade Points Grade Point Average (GPA)
A 94 – 100% 4.00
A- 90 – 93% 3.75
B+ 87 – 89% 3.50
B 84 – 86% 3.00
B- 80 – 83% 2.75
C+ 77 – 79% 2.50
C 74 – 76% 2.00
C- 70 – 73% 1.75
D 64 – 69% 1.00
F 00 – 63% 0.00

Schedule

Detailed Course Schedule

Week 1 – Introduction to the Fundamentals of Law and our Legal System for Health Informatics

Weekly Learning Outcomes:

  • Discuss health record and data ownership
  • Analyze various options to mitigate malpractice

Readings

Video:

Discussion Prompt:

Who owns the patient health record and who controls the use of the information within the record? How does digital and mobile health complicate this? Think about a time when you (or someone you know) requested a copy of your health record. What format was it in — paper or digital? Please provide a short narrative about that experience.

Case Study Assignment (Read the case study and answer the questions that follow):

 A patient has filed a $3 million medical malpractice lawsuit against St. Patrick Hospital. In light of the patient’s litigious background and the facts of the case, hospital administration is adamant that the hospital is not liable. The administration has instructed its legal counsel to proceed toward trial where it may be absolved of liability.

1.   What source of law is the patient’s lawsuit likely to be based on?

2.   Is the hospital’s decision to proceed toward trial a wise one? (Defend your position.)

3.   What other options does the hospital have? Explain.

4.   Besides the financial resources required to legally defend itself, what non-monetary factors must the hospital take into consideration when deciding to proceed toward trial? Explain.

5.   What risks does the hospital assume when it takes a case to trial? Explain.

6.   Is it the hospital’s or legal counsel’s decision whether to try the case or settle? What decision-making authority does the hospital’s insurance company have?

 

Week 2 – Consent and Release of Information

Weekly Learning Outcomes:

  • Discuss laws regarding release of information and consent
  • Analyze scenarios for possible HIPAA violations 

Reading

  • Brodnik, chapters 7 & 12

Discussion Prompt:

Describe situations in which state laws may permit a minor to consent to treatment without an adult’s consent. Explain the rationale for such laws. What are the laws in your state? Discuss the pros and cons of such laws.

Case Studies (Read the case studies and answer the questions that follow):

Celebrity Disclosure – A well-known pop star, Britney Spears, was admitted to Los Angeles’ Cedars-Sinai Medical Center for psychiatric evaluation as part of a child-custody dispute with ex-husband Kevin Federline, who temporarily had sole legal and physical custody of the couple’s children. Dr. Phil McGraw, a well-known talk show host and friend of the family, visited Spears in the hospital on January 7th without Spears’ consent. McGraw subsequently released a statement were he said: “meeting with Britney and some of her family members this morning in her room at Cedars leaves me convinced more than ever that she is in dire need of both medical and psychological intervention. She was released moments before my arrival and was packing when I entered the room. We visited for about an hour before I walked with her to her car. I am very concerned for her.” (Harris 2008)     

1.   Did Dr. Phil have the right to visit Ms. Spears? Did he have the right to make the statement he did about her condition?

2.   What access or disclosure problems do you see with this situation?

3.   What are some of the issues that surface with this case as related to public figures or celebrities as well as patients with behavioral healthcare issues?

Source: Harris, C. “Dr. Phil Defends Visit To Britney Spears As A Favor To Family.” MTV News, January 7, 2008. http://www.mtv.com/news/articles/1579099/20080107/spears_britney.jhtml

 

Employee Unlawful Access to Hospital Records – A former UCLA Health System employee became the first person in the nation to be sentenced to federal prison for violating HIPAA. Huping Zhou, 47, of Los Angeles, was sentenced to four months in prison on April 27 after pleading guilty in January to four misdemeanor counts of accessing and reading the confidential medical records of his supervisors and high-profile celebrities, according to the US Attorney’s Office for the Central District of California. Zhou was also fined $2,000. In 2003, Zhou, who was a licensed cardiothoracic surgeon in China before immigrating to the United States, was employed as a researcher with the UCLA School of Medicine. On October 29, 2003, Zhou received notice that UCLA intended to dismiss him for job performance reasons unrelated to the illegal access of medical records. That night, Zhou accessed and read his immediate supervisor’s medical records as well as those of other coworkers. Over the next three weeks, Zhou abused his access to the organization’s electronic health record system to view the medical records of celebrities and high-profile patients, including Drew Barrymore, Arnold Schwarzenegger, Tom Hanks, and Leonardo DiCaprio. According to court documents, Zhou accessed the UCLA record system 323 times during the three-week period. In the plea agreement, Zhou admitted he obtained and read patient health information on four specific occasions—with no legitimate reason, medical or otherwise—after he was terminated from his job. Zhou did not improperly use or attempt to sell any of the information he illegally accessed, according to the press release. In January Zhou’s attorney Edward Robinson was quoted in the UCLA student newspaper saying Zhou did not know that accessing the records was a federal crime.

1.   As a member of the UCLA workforce, would Zhou have a legitimate right to view patient records in his normal course of employment?

2.   In managing access and disclosure of PHI how do you think UCLA discovered Zhou’s infractions?

Source: AHIMA. “Californian Sentenced to Prison for HIPAA Violation.” August 29, 2010. http://journal.ahima.org/2010/04/29/californian-sentenced-to-prison-for-hipaa-violation/

 

Week 3 –  Legal Health Record

Weekly Learning Outcomes:

  • Discuss the implications of printing legal medical records
  • Identify procedures for ensuring consistency in legal records
  • Compile and annotate literature about medical record regulations

Readings

  • Brodnik, chapter 8

Discussion Prompt:

Care providers (nurses, doctors, therapists) often print information from the record to assist in the care of healthcare consumers. Please discuss why this is an issue? Consider both pros and cons in your post. 

Case Study (Read the case study and answer the question that follows):

The director of health information management, as the custodian of medical records, is having a great deal of difficulty responding to subpoenas for patient records. The facility is in the midst of converting from a paper-based to an electronic patient record. Some information is on paper (such as consents), some information is scanned immediately following discharge (such as nurses’ notes), some information is automatically (COLD) fed into the EHR system (such as transcription reports) and some information resides only within electronic systems (such as lab results and physician orders). The process of finding and identifying the various parts of the patient’s record from the various sources is time-consuming and there is concern about insuring the same response (that is, that the legal health record is produced) each time a record is requested. An attorney requested a record, followed by an additional request. What he received from the organization the first time was substantially different from what he received the second time. When the attorney deposed the custodian, many questions were raised about how record requests were handled. Questions were also raised about daily operational processes including how the patient’s legal health record was compiled in response to a subpoena, and if the resulting report was the true and complete record for the patient.

1.   What steps should the director take to ensure that responses to subpoenas consistently result in the true and complete health record of a patient?

Annotated Bibliography

Using articles from the AHIMA Body of Knowledge, find at least 5 articles about documentation principles and record retention. Articles should be no more than 3 years old. Compile an annotated bibliography of the resources you have found. Submit your annotated bibliography along with the keywords you used to find the articles.

The following resources can help you learn how to create an annotated bibliography:

https://www.bethel.edu/library/research/apa-annobib-sixth.pdf

https://owl.english.purdue.edu/owl/resource/614/01/

 

Week 4 – Corporate Compliance/Medical staff Compliance

Weekly Learning Outcomes:

  • Hypothesize the underlying reasons for health care fraud
  • Analyze non-compliance in billing procedures to determine potential ramifications

Readings

Reference:

Discussion Prompt:

Why do you think that health care fraud and abuse is such a significant problem? Explain the rationale for your belief.

Case Study (Read the case study and answer the questions that follow):

Dr. Pearson has recently been hired into the Central City Internal Medicine Group as its fifth physician. He has recently completed his residency and is eager to enter private practice. Dr. Pearson is introduced to Meredith and Dawn, two members of the billing staff for the practice. Unbeknownst to Dr. Pearson, Meredith financially assists the practice in several ways. She bills procedures by using individual codes instead of comprehensive codes, she has decided to bill Dr. Pearson’s services under the Medicare number of Dr. Craig (another Central City physician) until Dr. Pearson’s credentialing process has been completed, and habitually submits a claim more than once if she isn’t sure whether or not it has already been submitted.

1.   Name the types of fraudulent billing that Meredith is conducting.

2.   Could Meredith be held liable for these activities?

3.   Is Dr. Pearson subject to liability although he doesn’t know Meredith is conducting these activities?

4.   Once Meredith’s activities are discovered, how should her conduct be addressed by her employer, Central City Internal Medicine?

5.   What should Central City do to ensure these types of problems don’t occur in the future?

 

Week 5 – HIPAA Privacy and Security Rules

Weekly Learning Outcomes:

  • Discuss how HIPAA affects the ability of consumers to access their healthcare records
  • Analyze healthcare scenario in order to assess whether HIPAA policies are being followed

Readings

  • Brodnik, chapters 9, 10 & 11

Videos:

Discussion Prompt:

This week you watched a series of short videos entitled Your Health Information, Your Rights which were designed for healthcare consumers. You have read and thought a lot about healthcare records from the perspective of healthcare providers, but it is important to consider them from the perspective of consumers as well. Please comment on something that jumped out at you from the videos. Was there anything in the videos that surprised you?

Case Study (Read the case study and answer the question that follows):

The following case study (Rinehart-Thompson) at hypothetical St. John Hospital illustrates numerous issues that the HIPAA privacy rule presents and which HIPAA-covered entities must address on a daily basis. As you conclude Chapter 9 and the HIPAA privacy rule requirements, use this case study to identify the issue(s) presented on each date, determining how each situation should be handled in order to comply with the HIPAA privacy rule.

From May 26-30, Mary Jones was hospitalized in St. John Hospital, located in Johnson County, with depression and a drug overdose (documented by the physician as possible suicide attempt). She also had Type I diabetes and a previous above-knee amputation of the right leg, with prosthesis. During her hospital stay, she had several sessions with her psychiatrist, Dr. Bridges.

On July 18, Ms. Jones contacted the HIM Department at St. John Hospital to request a copy of her medical records from her May hospital admission. The chart was copied for her by ReadyChart, the record-copying service utilized by St. John Hospital.

On August 7, Ms. Jones returned to the HIM Department at St. John Hospital, extremely upset that her May records indicated a possible suicide attempt. She wanted Dr. Bridges to change the incorrect records to reflect that the overdose was accidental. Dr. Bridges refused, stating that Ms. Jones didn’t know what she was talking about.

On September 14, Ms. Jones was readmitted to St. John Hospital with an infection of the prosthetic site. She was treated with an antibiotic regimen.

On October 5, St. John Hospital received a call from Mercy Hospital. Ms. Jones was in the emergency department there, with a severe infection of her prosthetic site. The nurse in the Mercy Hospital emergency department asked for faxed copies of medical records from Ms. Jones’ September admission at St. John, as she was being prepared for immediate surgery.

On October 15, Ms. Jones decided to go to another psychiatrist. She called St. John Hospital HIM Department and asked that her medical records from her May hospital admission be mailed to Dr. Lyon, as she has an appointment scheduled with him this coming January. Ms. Jones stated that she had also changed jobs in September, and her new health insurer was Liberty Life and Health.

On October 30, Ms. Jones requested a copy of her medical records from her September admission. The new HIM manager in charge of correspondence, Don Day, stated that he was aware of a state statute that prohibited the release of medical records to patients without prior written approval of their attending physician. This has not been the practice at St. John Hospital. Mr. Day was concerned about the hospital’s longstanding violation of state law. He suggested that correspondence requests (in which records would be released directly to patients) be suspended until the state law could be researched further.

On November 10, Ms. Jones received a brochure and samples from Comfort Healthcare, a pharmaceutical company that manufactures ointment for patients with prostheses. Ms. Jones called the St. John Hospital registration desk to complain. Jessica Carter, a candystriper, took Ms. Jones’ call.

On November 12, Liberty Life and Health submitted a request to Dr. Lyon’s office for copies of Ms. Jones’ medical records from her May St. John Hospital admission and from Dr. Lyon’s office.

On November 17, A case worker from the Johnson County Children’s Services called the HIM Department at St. John and requested Ms. Jones’ medical records from her May hospitalization. Children’s Services had received a complaint that Ms. Jones had an “episode” on May 26 and there was concern that her children were being subjected to ongoing abuse. As a result, it was initiating an investigation.

On November 20, the physical therapy department at St. John Hospital is performing a correlational study to determine the effects of two different types of treatment that the physical therapy department has used with its above-knee amputation patients during the past two years. Ms. Jones received treatment from the St. John physical therapy department during her September admission.

On November 21, Dr. King, an orthopedic surgeon, presented a seminar to the state association of orthopedic surgeons on above-knee amputation techniques. He had performed Ms. Jones’ procedure one year ago, and he showed slides that compared her condition before the procedure, immediately after, six months later, and one year later.

1.  Based on the HIPAA privacy rule issues discussed in Chapter 9, identify the issue or issues presented on each date in the above case study.

 

Week 6 – Information Risk and Management

Weekly Learning Outcomes:

  • Discuss the rise of ransomware attacks on healthcare
  • Examine the current state of cyber crime in healthcare to determine possible solutions

Readings

  • Murphy & Seymour, chapters 4, 5 & 6

Discussion Prompt:

With ransomware attacks on the rise, each healthcare organization must consider how they will deal with these attacks. Please offer your thoughts both for and against paying for healthcare data that is held ransom.

Research Paper:

You should begin work on your research paper this week (week 6). You will turn in the paper next week (week 7). The description of the research paper is found under week 7.

 

Week 7 – Information Rights vs. Protection

Weekly Learning Outcomes:

  • Discuss 
  • Conduct a risk analysis to determine areas of vulnerability

Readings

  • Murphy & Seymour, chapters 7 & 8

Discussion Prompt:

Most states now have Health Information Exchange systems. The systems are either set-up and “opt-in” or “opt-out”. Determine what your state does (or what a neighboring state does). Do you know if your personal data is shared in your state? Discuss your thoughts and opinions about the ethics of this. Pay particular attention to the “tricky” areas of underage consent, mental health services, and HIV status.

Research Paper:

Please review the current media coverage of the the cybersecurity/hacking epidemic and consider potential resolution options. Your paper should include: 

  1. A survey of the current state of affairs in the US. This should include, but not be limited to:
    • an explanation of cyberattacks
    • a brief summary of the most recent media coverage around the attacks
    • a review of the government’s input into the crisis
  2. A review of potential solutions to this problem

Students are encouraged to dig into any strategy that might work – even if not widely applied today. Consider both technology and policy approaches. Paper details: 5-7 pages with at least 5 references. Please use at least two academic journals references and the other three or more can be any combination of industry articles/website, mainstream media (examples: New York Times, CNN, PBS, NPR) or other resources.  Follow APA guidelines.

Week 8 – Cybersecurity Management

Weekly Learning Outcomes:

  • Reflect on Security Risk Analysis tool to evaluate its usefulness
  • Conduct a risk analysis to determine areas of vulnerability

Readings

  • Murphy & Seymour, chapters 9, 10 & 11

Discussion Prompt:

In this week’s reading you considered how other parts of the world think about the privacy of healthcare data. Please discuss the different ways healthcare information is managed and the pros/cons to the different processes. Along with countries mentioned in your textbook, please research and find one more country (preferably a “third-world” or poverty stricken location) and consider how that country may see privacy of healthcare information differently.

Student Resources

Online Student Support

Your Student Support Specialist is a resource for you. Please don't hesitate to contact them for assistance, including, but not limited to course planning, current problems or issues in a course, technology concerns, or personal emergencies.

Questions? Visit the Student Support Health Informatics page

APA Style Guide

UNE Libraries:

UNE Student Academic Success Center

The Student Academic Success Center (SASC) offers a range of services to support your academic achievement, including tutoring, writing support, test prep and studying strategies, learning style consultations, and many online resources. To make an appointment for tutoring, writing support, or a learning specialist consultation, go to une.tutortrac.com. To access our online resources, including links, guides, and video tutorials, please visit:

Accommodations

Any student who would like to request, or ask any questions regarding, academic adjustments or accommodations must contact the Student Access Center at (207) 221-4438 or pcstudentaccess@une.edu. Student Access Center staff will evaluate the student's documentation and determine eligibility of accommodation(s) through the Student Access Center registration procedure.

Online Peer Support

Togetherall is a 24/7 communication and emotional support platform monitored by trained clinicians. It’s a safe place online to get things off your chest, have conversations, express yourself creatively, and learn how to manage your mental health. If sharing isn’t your thing, Togetherall has other tools and courses to help you look after yourself with plenty of resources to explore. Whether you’re struggling to cope, feeling low, or just need a place to talk, Togetherall can help you explore your feelings in a safe supportive environment. You can join Togetherall using your UNE email address.

Information Technology Services (ITS)

Students should notify their Student Support Specialist and instructor in the event of a problem relating to a course. This notification should occur promptly and proactively to support timely resolution.

ITS Contact: Toll-Free Help Desk 24 hours/7 days per week at 1-877-518-4673.

Career Ready Program

The College of Professional Studies supports its online students and alumni in their career journey!

The Career Ready Program provides tools and resources to help students explore and hone in on their career goals, search for jobs, create and improve professional documents, build professional network, learn interview skills, grow as a professional, and more. Come back often, at any time, as you move through your journey from career readiness as a student to career growth, satisfaction, and success as alumni.

Policies

Technology Requirements

Please review the technical requirements for UNE Online Graduate Programs: Technical Requirements

Turnitin Originality Check and Plagiarism Detection Tool

The College of Professional Studies uses Turnitin to help deter plagiarism and to foster the proper attribution of sources. Turnitin provides comparative reports for submitted assignments that reflect similarities in other written works. This can include, but is not limited to, previously submitted assignments, internet articles, research journals, and academic databases.

Make sure to cite your sources appropriately as well as use your own words in synthesizing information from published literature. Webinars and workshops, included early in your coursework, will help guide best practices in APA citation and academic writing.

You can learn more about Turnitin in the guide on how to navigate your Similarity Report.

Information Technology Services (ITS)

ITS Contact: Toll Free Help Desk 24 hours/7 days per week at 1-877-518-4673

Course Evaluation Policy

Course surveys are one of the most important tools that University of New England uses for evaluating the quality of your education, and for providing meaningful feedback to instructors on their teaching. In order to assure that the feedback is both comprehensive and precise, we need to receive it from each student for each course. Evaluation access is distributed via UNE email at the beginning of the last week of the course.

Late Policy

Assignments: Late assignments will be accepted up to 3 days late; however, there is a 10% grade reduction (from the total points) for the late submission. After three days the assignment will not be accepted.

Discussion posts: If the initial post is submitted late, but still within the discussion board week, there will be a 10% grade reduction from the total discussion grade (e.g., a 3 point discussion will be reduced by 0.3 points). Any posts submitted after the end of the Discussion Board week will not be graded.

Please make every effort ahead of time to contact your instructor and your student support specialist if you are not able to meet an assignment deadline. Arrangements for extenuating circumstances may be considered by faculty.

Attendance Policy

8 week: Students taking online graduate courses through the College of Professional Studies will be administratively dropped for non-participation if a graded assignment/discussion post is not submitted before Sunday at 11:59 pm ET of the first week of the term. Reinstatement is at the purview of the Dean's Office.

16 week: Students taking online graduate courses through the College of Professional Studies will be administratively dropped for non-participation if a graded assignment/discussion post is not submitted before Friday at 11:59 pm ET of the second week of the term. Reinstatement is at the purview of the Dean's Office.

Student Handbook Online - Policies and Procedures

The policies contained within this document apply to all students in the College of Professional Studies. It is each student's responsibility to know the contents of this handbook.

UNE Online Student Handbook

UNE Course Withdrawal

Please contact your student support specialist if you are considering dropping or withdrawing from a course. The last day to drop for 100% tuition refund is the 2nd day of the course. Financial Aid charges may still apply. Students using Financial Aid should contact the Financial Aid Office prior to withdrawing from a course.

Academic Integrity

The University of New England values academic integrity in all aspects of the educational experience. Academic dishonesty in any form undermines this standard and devalues the original contributions of others. It is the responsibility of all members of the University community to actively uphold the integrity of the academy; failure to act, for any reason, is not acceptable. For information about plagiarism and academic misconduct, please visit UNE Plagiarism Policies.

Academic dishonesty includes, but is not limited to the following:

  1. Cheating, copying, or the offering or receiving of unauthorized assistance or information.
  2. Fabrication or falsification of data, results, or sources for papers or reports.
  3. Action which destroys or alters the work of another student.
  4. Multiple submissions of the same paper or report for assignments in more than one course without permission of each instructor.
  5. Plagiarism, the appropriation of records, research, materials, ideas, or the language of other persons or writers and the submission of them as one's own.

Charges of academic dishonesty will be reviewed by the Program Director. Penalties for students found responsible for violations may depend upon the seriousness and circumstances of the violation, the degree of premeditation involved, and/or the student’s previous record of violations. Appeal of a decision may be made to the Dean whose decision will be final. Student appeals will take place through the grievance process outlined in the student handbook.