Syllabus

Schedule

Course learning modules are divided into weeks. Each week starts on Wednesday at 12:00 am Eastern Time (ET) and closes on Wednesday at 11:59 pm ET, with the exception of Week 8, which ends on Sunday. All assignments must be submitted by 11:59 pm ET on the due date.

Course Schedule at a Glance

Learning Modules	Topics	Assignments and Due Dates
Week 1 6/27 – 7/4	Introduction to the Fundamentals of Law for Health Informatics The Legal System in the United States	Discussion – Initial post by Sunday 7/1, responses by Wednesday 7/4 Case Study – Wednesday 7/4
Week 2 7/4 – 7/11	Consent and Release of Information	Discussion – Initial post by Sunday 7/8, responses by Wednesday 7/11 Case Study – Wednesday 7/11
Week 3 7/11 – 7/18	Legal Health Record	Discussion – Initial post by Sunday 7/15, responses by Wednesday 7/18 Case Study – Wednesday 7/18
Week 4 7/18 – 7/25	Corporate Compliance/Medical Staff Compliance	Discussion – Initial post by Sunday 7/22, responses by Wednesday 7/25 Case Study – Wednesday 7/25
Week 5 7/25 – 8/1	HIPAA Privacy and Security Rules	Discussion – Initial post by Sunday 7/29, responses by Wednesday 8/1 Case Study – Wednesday 8/1
Week 6 8/1 – 8/8	Information Risk and Management	Discussion Forum – Initial post by Sunday 8/5, responses by Wednesday 8/8
Week 7 8/8 – 8/15	Information Rights vs. Protection	Discussion – Initial post by Sunday 8/12, responses by Wednesday 8/15 Research Paper – Wednesday 8/15
Week 8 8/15 – 8/19	Cybersecurity Management	Discussion – Initial post by Friday 8/17, responses by Sunday 8/19

Weekly Course Schedule

Week 1 — Introduction to the Fundamentals of Law and our Legal System for Health Informatics

Learning Outcomes:

• Discuss health record and data ownership
• Analyze various options to mitigate malpractice

Readings:

• Brodnik, chapters 1 – 5
• HeathIT.gov Website: Protecting Your Privacy & Security (https://www.healthit.gov/patients-families/your-health-information-privacy)
• Website to accompany the video found below: Get My Health Data (https://getmyhealthdata.org/about-us/)

Video:

• National Partnership for Women & Families. (2016, Feb 26). Get My Health Data. [Video File]. Retrieved from https://www.youtube.com/watch?v=n5bsLCZZsCs

Assignments:

Discussion Prompt: Who owns the patient health record and who controls the use of the information within the record? How does digital and mobile health complicate this? Think about a time when you (or someone you know) requested a copy of your health record. What format was it in — paper or digital? Please provide a short narrative about that experience.

Case Study Assignment (Read the case study and answer the questions that follow. Use APA formatting.):

A patient has filed a $3 million medical malpractice lawsuit against St. Patrick Hospital. In light of the patient’s litigious background and the facts of the case, hospital administration is adamant that the hospital is not liable. The administration has instructed its legal counsel to proceed toward trial where it may be absolved of liability.

1. What source of law is the patient’s lawsuit likely to be based on?

2. Is the hospital’s decision to proceed toward trial a wise one? (Defend your position.)

3. What other options does the hospital have? Explain.

4. Besides the financial resources required to legally defend itself, what non-monetary factors must the hospital take into consideration when deciding to proceed toward trial? Explain.

5. What risks does the hospital assume when it takes a case to trial? Explain.

6. Is it the hospital’s or legal counsel’s decision whether to try the case or settle? What decision-making authority does the hospital’s insurance company have?

Week 2 — Consent and Release of Information

Learning Outcomes:

• Discuss laws regarding release of information and consent
• Analyze scenarios for possible HIPAA violations

Reading:

• Brodnik, chapters 7 & 12

Assignments:

Discussion Question: Describe situations in which state laws may permit a minor to consent to treatment without an adult’s consent. Explain the rationale for such laws. What are the laws in your state? Discuss the pros and cons of such laws.

Case Study (Read the case study and answer the questions that follow. Use APA formatting.):

Employee Unlawful Access to Hospital Records – A former UCLA Health System employee became the first person in the nation to be sentenced to federal prison for violating HIPAA. Huping Zhou, 47, of Los Angeles, was sentenced to four months in prison on April 27 after pleading guilty in January to four misdemeanor counts of accessing and reading the confidential medical records of his supervisors and high-profile celebrities, according to the US Attorney’s Office for the Central District of California. Zhou was also fined $2,000. In 2003, Zhou, who was a licensed cardiothoracic surgeon in China before immigrating to the United States, was employed as a researcher with the UCLA School of Medicine. On October 29, 2003, Zhou received notice that UCLA intended to dismiss him for job performance reasons unrelated to the illegal access to medical records. That night, Zhou accessed and read his immediate supervisor’s medical records as well as those of other co-workers. Over the next three weeks, Zhou abused his access to the organization’s electronic health record system to view the medical records of celebrities and high-profile patients, including Drew Barrymore, Arnold Schwarzenegger, Tom Hanks, and Leonardo DiCaprio. According to court documents, Zhou accessed the UCLA record system 323 times during the three-week period. In the plea agreement, Zhou admitted he obtained and read patient health information on four specific occasions—with no legitimate reason, medical or otherwise—after he was terminated from his job. Zhou did not improperly use or attempt to sell any of the information he illegally accessed, according to the press release. In January Zhou’s attorney Edward Robinson was quoted in the UCLA student newspaper saying Zhou did not know that accessing the records was a federal crime.

1. As a member of the UCLA workforce, would Zhou have a legitimate right to view patient records in his normal course of employment?

2. In managing access and disclosure of PHI how do you think UCLA discovered Zhou’s infractions?

Source: AHIMA. “Californian Sentenced to Prison for HIPAA Violation.” August 29, 2010. http://journal.ahima.org/2010/04/29/californian-sentenced-to-prison-for-hipaa-violation/

Week 3 — Legal Health Record

Learning Outcomes:

• Discuss the implications of printing legal medical records
• Identify procedures for ensuring consistency in legal records
• Compile and annotate literature about medical record regulations

Readings:

• Brodnik, chapter 8

Assignment:

Discussion Question: Care providers (nurses, doctors, therapists) often print information from the record to assist in the care of healthcare consumers. Please discuss why this is an issue? Consider both pros and cons in your post.

Case Study (Read the case study and answer the question that follows.Use APA formatting.):

The director of health information management, as the custodian of medical records, is having a great deal of difficulty responding to subpoenas for patient records. The facility is in the midst of converting from a paper-based to an electronic patient record. Some information is on paper (such as consents), some information is scanned immediately following discharge (such as nurses’ notes), some information is automatically (COLD) fed into the EHR system (such as transcription reports) and some information resides only within electronic systems (such as lab results and physician orders). The process of finding and identifying the various parts of the patient’s record from the various sources is time-consuming and there is concern about ensuring the same response (that is, that the legal health record is produced) each time a record is requested. An attorney requested a record, followed by an additional request. What he received from the organization the first time was substantially different from what he received the second time. When the attorney deposed the custodian, many questions were raised about how record requests were handled. Questions were also raised about daily operational processes including how the patient’s legal health record was compiled in response to a subpoena, and if the resulting report was the true and complete record for the patient.

1. What steps should the director take to ensure that responses to subpoenas consistently result in the true and complete health record of a patient?

Week 4 — Corporate Compliance/Medical staff Compliance

Learning Outcomes:

• Hypothesize the underlying reasons for health care fraud
• Analyze non-compliance in billing procedures to determine potential ramifications

Readings:

• Brodnik, chapters 15 & 16
• Sheehy, A. (2015). RAC program requires major changes for improved transparency Modern Healthcare. Retrieved from http://www.modernhealthcare.com/article/20150609/NEWS/150609894/rac-program-requires-major-changes-for-improved-transparency

Reference:

• US Department of Health and Human Services. (n.d.). Office of Inspector General Retrieved from http://oig.hhs.gov/

Assignments:

Discussion Question: Why do you think that health care fraud and abuse is such a significant problem? Explain the rationale for your belief.

Case Study (Read the case study and answer the questions that follow.Use APA formatting.):

Dr. Pearson has recently been hired into the Central City Internal Medicine Group as its fifth physician. He has recently completed his residency and is eager to enter private practice. Dr. Pearson is introduced to Meredith and Dawn, two members of the billing staff for the practice. Unbeknownst to Dr. Pearson, Meredith financially assists the practice in several ways. She bills procedures by using individual codes instead of comprehensive codes, she has decided to bill Dr. Pearson’s services under the Medicare number of Dr. Craig (another Central City physician) until Dr. Pearson’s credentialing process has been completed, and habitually submits a claim more than once if she isn’t sure whether or not it has already been submitted.

1. Name the types of fraudulent billing that Meredith is conducting.

2. Could Meredith be held liable for these activities?

3. Is Dr. Pearson subject to liability although he doesn’t know Meredith is conducting these activities?

4. Once Meredith’s activities are discovered, how should her conduct be addressed by her employer, Central City Internal Medicine?

5. What should Central City do to ensure these types of problems don’t occur in the future?

Week 5 — HIPAA Privacy and Security Rules

Learning Outcomes:

• Discuss how HIPAA affects the ability of consumers to access their healthcare records
• Analyze healthcare scenario in order to assess whether HIPAA policies are being followed

Readings:

• Brodnik, chapters 9, 10 & 11

Videos:

• Part 1 – Office of the National Coordinator for Health IT. (2016, June 3) Your Health Information, Your Rights Retrieved from https://www.youtube.com/watch?v=3WsRzlutBQk
• Part 2 – Office of the National Coordinator for Health IT. (2016, June 3) Your Health Information, Your Rights Retrieved from https://www.youtube.com/watch?v=y1BOc9HN0TA
• Part 3 – Office of the National Coordinator for Health IT. (2016, June 3) Your Health Information, Your Rights Retrieved from https://www.youtube.com/watch?v=bonloqeOrAg

Assignments:

Discussion Question: This week you watched a series of short videos entitled Your Health Information, Your Rights which were designed for healthcare consumers. You have read and thought a lot about healthcare records from the perspective of healthcare providers, but it is important to consider them from the perspective of consumers as well. Please comment on something that jumped out at you from the videos. Was there anything in the videos that surprised you?

Case Study (Read the case study and answer the question that follows.Use APA formatting.):

The following case study (Rinehart-Thompson) at hypothetical St. John Hospital illustrates numerous issues that the HIPAA privacy rule presents and which HIPAA-covered entities must address on a daily basis. As you conclude Chapter 9 and the HIPAA privacy rule requirements, use this case study to identify the issue(s) presented on each date, determining how each situation should be handled in order to comply with the HIPAA privacy rule.

From May 26-30, Mary Jones was hospitalized in St. John Hospital, located in Johnson County, with depression and a drug overdose (documented by the physician as a possible suicide attempt). She also had Type I diabetes and a previous above-knee amputation of the right leg, with a prosthesis. During her hospital stay, she had several sessions with her psychiatrist, Dr. Bridges.

On July 18, Ms. Jones contacted the HIM Department at St. John Hospital to request a copy of her medical records from her May hospital admission. The chart was copied for her by ReadyChart, the record-copying service utilized by St. John Hospital.

On August 7, Ms. Jones returned to the HIM Department at St. John Hospital, extremely upset that her May records indicated a possible suicide attempt. She wanted Dr. Bridges to change the incorrect records to reflect that the overdose was accidental. Dr. Bridges refused, stating that Ms. Jones didn’t know what she was talking about.

On September 14, Ms. Jones was readmitted to St. John Hospital with an infection of the prosthetic site. She was treated with an antibiotic regimen.

On October 5, St. John Hospital received a call from Mercy Hospital. Ms. Jones was in the emergency department there, with a severe infection of her prosthetic site. The nurse in the Mercy Hospital emergency department asked for faxed copies of medical records from Ms. Jones’ September admission at St. John, as she was being prepared for immediate surgery.

On October 15, Ms. Jones decided to go to another psychiatrist. She called St. John Hospital HIM Department and asked that her medical records from her May hospital admission be mailed to Dr. Lyon, as she has an appointment scheduled with him this coming January. Ms. Jones stated that she had also changed jobs in September, and her new health insurer was Liberty Life and Health.

On October 30, Ms. Jones requested a copy of her medical records from her September admission. The new HIM manager in charge of correspondence, Don Day, stated that he was aware of a state statute that prohibited the release of medical records to patients without the prior written approval of their attending physician. This has not been the practice at St. John Hospital. Mr. Day was concerned about the hospital’s longstanding violation of state law. He suggested that correspondence requests (in which records would be released directly to patients) be suspended until the state law could be researched further.

On November 10, Ms. Jones received a brochure and samples from Comfort Healthcare, a pharmaceutical company that manufactures ointment for patients with prostheses. Ms. Jones called the St. John Hospital registration desk to complain. Jessica Carter, a candy striper, took Ms. Jones’ call.

On November 12, Liberty Life and Health submitted a request to Dr. Lyon’s office for copies of Ms. Jones’ medical records from her May St. John Hospital admission and from Dr. Lyon’s office.

On November 17, A caseworker from the Johnson County Children’s Services called the HIM Department at St. John and requested Ms. Jones’ medical records from her May hospitalization. Children’s Services had received a complaint that Ms. Jones had an “episode” on May 26 and there was concern that her children were being subjected to ongoing abuse. As a result, it was initiating an investigation.

On November 20, the physical therapy department at St. John Hospital is performing a correlational study to determine the effects of two different types of treatment that the physical therapy department has used with its above-knee amputation patients during the past two years. Ms. Jones received treatment from the St. John physical therapy department during her September admission.

On November 21, Dr. King, an orthopedic surgeon, presented a seminar to the state association of orthopedic surgeons on above-knee amputation techniques. He had performed Ms. Jones’ procedure one year ago, and he showed slides that compared her condition before the procedure, immediately after, six months later, and one year later.

1. Based on the HIPAA privacy rule issues discussed in Chapter 9, identify the issue or issues presented on each date in the above case study.

Week 6 — Information Risk and Management

Learning Outcomes:

• Discuss the rise of ransomware attacks on healthcare
• Examine the current state of cybercrime in healthcare to determine possible solutions

Readings:

• Murphy, chapters 4, 5 & 6

Assignments:

Discussion Question: With ransomware attacks on the rise, each healthcare organization must consider how they will deal with these attacks. Please offer your thoughts both for and against paying for healthcare data that is held ransom.

Preview of week 7, Research Paper: You should begin work on your research paper this week (week 6). You will turn in the paper next week (week 7). The description of the research paper is found under week 7.

Week 7 — Information Rights vs. Protection

Learning Outcomes:

• Contemplate the ethical issues around the sharing of health data by state-level exchange systems
• Conduct a risk analysis to determine areas of vulnerability

Readings:

• Murphy, chapters 7 & 8

Assignments:

Discussion Question: Most states now have Health Information Exchange systems. The systems are either set-up as “opt-in” or “opt-out”. Determine what your state does (or what a neighboring state does). Do you know if your personal data is shared in your state? Discuss your thoughts and opinions about the ethics of this. Pay particular attention to the “tricky” areas of underage consent, mental health services, and HIV status.

Research Paper: Please review the current media coverage of the cybersecurity/hacking epidemic and consider potential resolution options. Your paper should include:

1. A survey of the current state of affairs in the US. This should include, but not be limited to:
   • -Explanation of cyber attacks
   • -Brief summary of the most recent media coverage around the attacks
   • -A review of the government’s input into the crisis
2. A review of potential solutions to this problem

Students are encouraged to dig into any strategy that might work – even if not widely applied today. Consider both technology and policy approaches. Submission Requirements: 5-7 pages with at least 5 references. Please use at least two academic journals references and the other three or more can be any combination of industry articles/website, mainstream media (examples: New York Times, CNN, PBS, NPR) or other resources. Follow APA guidelines.

Week 8 — Cybersecurity Management

Learning Outcomes:

• Reflect on Security Risk Analysis tool to evaluate its usefulness
• Conduct a risk analysis to determine areas of vulnerability

Readings:

• Murphy, chapters 9, 10 & 11

Assignment:

Discussion Question: In this week’s reading, you considered how other parts of the world think about the privacy of healthcare data. Please discuss the different ways healthcare information is managed and the pros/cons to the different processes. Along with countries mentioned in your textbook, please research and find one more country (preferably a “third-world” or poverty-stricken location) and consider how that country may see privacy of healthcare information differently.

Student Resources

Online Student Support

Your Student Support Specialist is a resource for you. Please don't hesitate to contact them for assistance, including, but not limited to course planning, current problems or issues in a course, technology concerns, or personal emergencies.

Questions? Visit the Student Support Health Informatics page

APA Style Guide

• https://www.apastyle.org

UNE Libraries:

• Library Access for all students: Your library login ID and password are the same as the ones you use to log into Blackboard/Brightspace.
• MSIN Databases: https://library.une.edu/library-materials/find/research-by-subject/health-informatics/
• Library Tutorial: Find an article
• Library Questions: Ask a librarian or phone library staff at (207) 602-2361 or (207) 221-4330.

UNE Student Academic Success Center

The Student Academic Success Center (SASC) offers a range of services to support your academic achievement, including tutoring, writing support, test prep and studying strategies, learning style consultations, and many online resources. To make an appointment for tutoring, writing support, or a learning specialist consultation, go to une.tutortrac.com. To access our online resources, including links, guides, and video tutorials, please visit:

• UNE Student Academic Success Center

Accommodations

Any student who would like to request, or ask any questions regarding, academic adjustments or accommodations must contact the Student Access Center at (207) 221-4438 or pcstudentaccess@une.edu. Student Access Center staff will evaluate the student's documentation and determine eligibility of accommodation(s) through the Student Access Center registration procedure.

Policies

Technology Requirements

Please review the technical requirements for UNE Online Graduate Programs: Technical Requirements

Turnitin Originality Check and Plagiarism Detection Tool

The College of Professional Studies uses Turnitin to help deter plagiarism and to foster the proper attribution of sources. Turnitin provides comparative reports for submitted assignments that reflect similarities in other written works. This can include, but is not limited to, previously submitted assignments, internet articles, research journals, and academic databases.

Make sure to cite your sources appropriately as well as use your own words in synthesizing information from published literature. Webinars and workshops, included early in your coursework, will help guide best practices in APA citation and academic writing.

You can learn more about Turnitin in the Turnitin Student quick start guide.

Information Technology Services (ITS)

ITS Contact: Toll Free Help Desk 24 hours/7 days per week at 1-877-518-4673

Course Evaluation Policy

Course surveys are one of the most important tools that University of New England uses for evaluating the quality of your education, and for providing meaningful feedback to instructors on their teaching. In order to assure that the feedback is both comprehensive and precise, we need to receive it from each student for each course. Evaluation access is distributed via UNE email at the beginning of the last week of the course.

Attendance Policy

Online students are required to submit a graded assignment/discussion prior to Sunday evening at 11:59 pm ET of the first week of the term. If a student does not submit a posting to the graded assignment/discussion prior to Sunday evening at 11:59 pm ET, the student will be automatically dropped from the course for non-participation. Review the full attendance policy.

Late Policy

Assignments: Late assignments will be accepted up to 3 days late; however, there is a 10% grade reduction (from the total points) for the late submission. After three days the assignment will not be accepted.

Discussion posts: If the initial post is submitted late, but still within the discussion board week, there will be a 10% grade reduction from the total discussion grade (e.g., a 3 point discussion will be reduced by 0.3 points). Any posts submitted after the end of the Discussion Board week will not be graded.

Please make every effort ahead of time to contact your instructor and your student support specialist if you are not able to meet an assignment deadline. Arrangements for extenuating circumstances may be considered by faculty.

Student Handbook Online - Policies and Procedures

The policies contained within this document apply to all students in the College of Graduate and Professional Studies. It is each student's responsibility to know the contents of this handbook.

UNE Online Student Handbook

UNE Course Withdrawal

Please contact your student support specialist if you are considering dropping or withdrawing from a course. The last day to drop for 100% tuition refund is the 2nd day of the course. Financial Aid charges may still apply. Students using Financial Aid should contact the Financial Aid Office prior to withdrawing from a course.

Academic Integrity

The University of New England values academic integrity in all aspects of the educational experience. Academic dishonesty in any form undermines this standard and devalues the original contributions of others. It is the responsibility of all members of the University community to actively uphold the integrity of the academy; failure to act, for any reason, is not acceptable. For information about plagiarism and academic misconduct, please visit UNE Plagiarism Policies.

Academic dishonesty includes, but is not limited to the following:

1. Cheating, copying, or the offering or receiving of unauthorized assistance or information.
2. Fabrication or falsification of data, results, or sources for papers or reports.
3. Action which destroys or alters the work of another student.
4. Multiple submissions of the same paper or report for assignments in more than one course without permission of each instructor.
5. Plagiarism, the appropriation of records, research, materials, ideas, or the language of other persons or writers and the submission of them as one's own.

Charges of academic dishonesty will be reviewed by the Program Director. Penalties for students found responsible for violations may depend upon the seriousness and circumstances of the violation, the degree of premeditation involved, and/or the student’s previous record of violations.  Appeal of a decision may be made to the Dean whose decision will be final.  Student appeals will take place through the grievance process outlined in the student handbook.