Syllabus

Schedule

Detailed Course Schedule

Week 1 – Introduction to the Fundamentals of Law and our Legal System for Health Informatics

Weekly Learning Outcomes:

• Discuss health record and data ownership
• Analyze various options to mitigate malpractice

Readings:

• Brodnik, chapters 1 – 5
• Protecting Your Privacy & Security
• Get My Health Data

Video:

• Get My Health Data

Discussion Prompt:

Who owns the patient health record and who controls the use of the information within the record? How does digital and mobile health complicate this? Think about a time when you (or someone you know) requested a copy of your health record. What format was it in — paper or digital? Please provide a short narrative about that experience.

Case Study Assignment (Read the case study and answer the questions that follow):

A patient has filed a $3 million medical malpractice lawsuit against St. Patrick Hospital. In light of the patient’s litigious background and the facts of the case, hospital administration is adamant that it is not liable. It has instructed its legal counsel to proceed toward trial where it may be absolved of liability.

1. What source of law is the patient’s lawsuit likely to be based on?

2. Is the hospital’s decision to proceed toward trial a wise one? (Defend your position.)

3. What other options does the hospital have? Explain.

4. Besides the financial resources required to legally defend itself, what non-monetary factors must the hospital take into consideration when deciding to proceed toward trial? Explain.

5. What risks does the hospital assume when it takes a case to trial? Explain.

6. Is it the hospital’s or legal counsel’s decision whether to try the case or settle? What decision-making authority does the hospital’s insurance company have?

 

Week 2 – Consent and Release of Information

Weekly Learning Outcomes:

• Discuss laws regarding release of information and consent
• Analyze scenarios for possible HIPAA violations

Reading:

• Brodnik, chapters 7 & 12

Discussion Prompt:

Describe situations in which state laws may permit a minor to consent to treatment without an adult’s consent. Explain the rationale for such laws. What are the laws in your state? Discuss the pros and cons of such laws.

Case Studies (Read the case studies and answer the questions that follow):

Celebrity Disclosure – A well-known pop star, Britney Spears, was admitted to Los Angeles’ Cedars-Sinai Medical Center for psychiatric evaluation as part of a child-custody dispute with ex-husband Kevin Federline, who temporarily had sole legal and physical custody of the couple’s children. Dr. Phil McGraw, a well-known talk show host and friend of the family, visited Spears in the hospital on January 7th without Spears’ consent. McGraw subsequently released a statement were he said: “meeting with Britney and some of her family members this morning in her room at Cedars leaves me convinced more than ever that she is in dire need of both medical and psychological intervention. She was released moments before my arrival and was packing when I entered the room. We visited for about an hour before I walked with her to her car. I am very concerned for her.” (Harris 2008)

1. Did Dr. Phil have the right to visit Ms. Spears? Did he have the right to make the statement he did about her condition?

2. What access or disclosure problems do you see with this situation?

3. What are some of the issues that surface with this case as related to public figures or celebrities as well as patients with behavioral healthcare issues?

Source: Harris, C. “Dr. Phil Defends Visit To Britney Spears As A Favor To Family.” MTV News, January 7, 2008. http://www.mtv.com/news/articles/1579099/20080107/spears_britney.jhtml

 

Employee Unlawful Access to Hospital Records – A former UCLA Health System employee became the first person in the nation to be sentenced to federal prison for violating HIPAA. Huping Zhou, 47, of Los Angeles, was sentenced to four months in prison on April 27 after pleading guilty in January to four misdemeanor counts of accessing and reading the confidential medical records of his supervisors and high-profile celebrities, according to the US Attorney’s Office for the Central District of California. Zhou was also fined $2,000. In 2003, Zhou, who was a licensed cardiothoracic surgeon in China before immigrating to the United States, was employed as a researcher with the UCLA School of Medicine. On October 29, 2003, Zhou received notice that UCLA intended to dismiss him for job performance reasons unrelated to the illegal access of medical records. That night, Zhou accessed and read his immediate supervisor’s medical records as well as those of other coworkers. Over the next three weeks, Zhou abused his access to the organization’s electronic health record system to view the medical records of celebrities and high-profile patients, including Drew Barrymore, Arnold Schwarzenegger, Tom Hanks, and Leonardo DiCaprio. According to court documents, Zhou accessed the UCLA record system 323 times during the three-week period. In the plea agreement, Zhou admitted he obtained and read patient health information on four specific occasions—with no legitimate reason, medical or otherwise—after he was terminated from his job. Zhou did not improperly use or attempt to sell any of the information he illegally accessed, according to the press release. In January Zhou’s attorney Edward Robinson was quoted in the UCLA student newspaper saying Zhou did not know that accessing the records was a federal crime.

1. As a member of the UCLA workforce, would Zhou have a legitimate right to view patient records in his normal course of employment?

2. In managing access and disclosure of PHI how do you think UCLA discovered Zhou’s infractions?

Source: AHIMA. “Californian Sentenced to Prison for HIPAA Violation.” August 29, 2010. http://journal.ahima.org/2010/04/29/californian-sentenced-to-prison-for-hipaa-violation/

 

Week 3 – Legal Health Record

Weekly Learning Outcomes:

• Discuss the implications of printing legal medical records
• Identify procedures for ensuring consistency in legal records
• Compile and annotate literature about medical record regulations

Readings:

• Brodnik, chapter 8

Discussion Prompt:

Care providers (nurses, doctors, therapists) often print information from the record to assist in the care of healthcare consumers. Please discuss why this is an issue? Consider both pros and cons in your post.

Case Study (Read the case study and answer the question that follows):

The director of health information management, as the custodian of medical records, is having a great deal of difficulty responding to subpoenas for patient records. The facility is in the midst of converting from a paper-based to an electronic patient record. Some information is on paper (such as consents), some information is scanned immediately following discharge (such as nurses’ notes), some information is automatically (COLD) fed into the EHR system (such as transcription reports) and some information resides only within electronic systems (such as lab results and physician orders). The process of finding and identifying the various parts of the patient’s record from the various sources is time-consuming and there is concern about insuring the same response (that is, that the legal health record is produced) each time a record is requested. An attorney requested a record, followed by an additional request. What he received from the organization the first time was substantially different from what he received the second time. When the attorney deposed the custodian, many questions were raised about how record requests were handled. Questions were also raised about daily operational processes including how the patient’s legal health record was compiled in response to a subpoena, and if the resulting report was the true and complete record for the patient.

1. What steps should the director take to ensure that responses to subpoenas consistently result in the true and complete health record of a patient?

Annotated Bibliography

Using articles from the AHIMA Body of Knowledge, find at least 5 articles about documentation principles and record retention. Compile an annotated bibliography of the resources you have found. Submit your annotated bibliography along with the keywords you used to find the articles.

The following resources can help you learn how to create an annotated bibliography:

https://www.bethel.edu/library/research/apa-annobib-sixth.pdf

https://owl.english.purdue.edu/owl/resource/614/01/

 

Week 4 – Corporate Compliance/Medical staff Compliance

Weekly Learning Outcomes:

• Hypothesize the underlying reasons for health care fraud
• Analyze non-compliance in billing procedures to determine potential ramifications

Readings:

• Brodnik, chapters 15 & 16
• RAC program requires major changes for improved transparency

Reference:

• Office of Inspector General

Discussion Prompt:

Why do you think that health care fraud and abuse is such a significant problem? Explain the rationale for your belief.

Case Study (Read the case study and answer the questions that follow):

Dr. Pearson has recently been hired into the Central City Internal Medicine Group as its fifth physician. He has recently completed his residency and is eager to enter private practice. Dr. Pearson is introduced to Meredith and Dawn, two members of the billing staff for the practice. Unbeknownst to Dr. Pearson, Meredith financially assists the practice in several ways. She bills procedures by using individual codes instead of comprehensive codes, she has decided to bill Dr. Pearson’s services under the Medicare number of Dr. Craig (another Central City physician) until Dr. Pearson’s credentialing process has been completed, and habitually submits a claim more than once if she isn’t sure whether or not it has already been submitted.

1. Name the types of fraudulent billing that Meredith is conducting.

2. Could Meredith be held liable for these activities?

3. Is Dr. Pearson subject to liability although he doesn’t know Meredith is conducting these activities?

4. Once Meredith’s activities are discovered, how should her conduct be addressed by her employer, Central City Internal Medicine?

5. What should Central City do to ensure these types of problems don’t occur in the future?

 

Week 5 – HIPAA Privacy and Security Rules

Weekly Learning Outcomes:

• Discuss how HIPAA affects the ability of consumers to access their healthcare records
• Analyze healthcare scenario in order to assess whether HIPAA policies are being followed

Readings:

• Brodnik, chapters 9, 10 & 11

Videos:

• Your Health Information, Your Rights, part 1
• Your Health Information, Your Rights, part 2
• Your Health Information, Your Rights, part 3

Discussion Prompt:

This week you watched a series of short videos entitled Your Health Information, Your Rights which were designed for healthcare consumers. You have read and thought a lot about healthcare records from the perspective of healthcare providers, but it is important to consider them from the perspective of consumers as well. Please comment on something that jumped out at you from the videos. Was there anything in the videos that surprised you?

Case Study (Read the case study and answer the question that follows):

The following case study (Rinehart-Thompson) at hypothetical St. John Hospital illustrates numerous issues that the HIPAA privacy rule presents and which HIPAA-covered entities must address on a daily basis. As you conclude Chapter 9 and the HIPAA privacy rule requirements, use this case study to identify the issue(s) presented on each date, determining how each situation should be handled in order to comply with the HIPAA privacy rule.

From May 26-30, Mary Jones was hospitalized in St. John Hospital, located in Johnson County, with depression and a drug overdose (documented by the physician as possible suicide attempt). She also had Type I diabetes and a previous above-knee amputation of the right leg, with prosthesis. During her hospital stay, she had several sessions with her psychiatrist, Dr. Bridges.

On July 18, Ms. Jones contacted the HIM Department at St. John Hospital to request a copy of her medical records from her May hospital admission. The chart was copied for her by ReadyChart, the record-copying service utilized by St. John Hospital.

On August 7, Ms. Jones returned to the HIM Department at St. John Hospital, extremely upset that her May records indicated a possible suicide attempt. She wanted Dr. Bridges to change the incorrect records to reflect that the overdose was accidental. Dr. Bridges refused, stating that Ms. Jones didn’t know what she was talking about.

On September 14, Ms. Jones was readmitted to St. John Hospital with an infection of the prosthetic site. She was treated with an antibiotic regimen.

On October 5, St. John Hospital received a call from Mercy Hospital. Ms. Jones was in the emergency department there, with a severe infection of her prosthetic site. The nurse in the Mercy Hospital emergency department asked for faxed copies of medical records from Ms. Jones’ September admission at St. John, as she was being prepared for immediate surgery.

On October 15, Ms. Jones decided to go to another psychiatrist. She called St. John Hospital HIM Department and asked that her medical records from her May hospital admission be mailed to Dr. Lyon, as she has an appointment scheduled with him this coming January. Ms. Jones stated that she had also changed jobs in September, and her new health insurer was Liberty Life and Health.

On October 30, Ms. Jones requested a copy of her medical records from her September admission. The new HIM manager in charge of correspondence, Don Day, stated that he was aware of a state statute that prohibited the release of medical records to patients without prior written approval of their attending physician. This has not been the practice at St. John Hospital. Mr. Day was concerned about the hospital’s longstanding violation of state law. He suggested that correspondence requests (in which records would be released directly to patients) be suspended until the state law could be researched further.

On November 10, Ms. Jones received a brochure and samples from Comfort Healthcare, a pharmaceutical company that manufactures ointment for patients with prostheses. Ms. Jones called the St. John Hospital registration desk to complain. Jessica Carter, a candystriper, took Ms. Jones’ call.

On November 12, Liberty Life and Health submitted a request to Dr. Lyon’s office for copies of Ms. Jones’ medical records from her May St. John Hospital admission and from Dr. Lyon’s office.

On November 17, A case worker from the Johnson County Children’s Services called the HIM Department at St. John and requested Ms. Jones’ medical records from her May hospitalization. Children’s Services had received a complaint that Ms. Jones had an “episode” on May 26 and there was concern that her children were being subjected to ongoing abuse. As a result, it was initiating an investigation.

On November 20, the physical therapy department at St. John Hospital is performing a correlational study to determine the effects of two different types of treatment that the physical therapy department has used with its above-knee amputation patients during the past two years. Ms. Jones received treatment from the St. John physical therapy department during her September admission.

On November 21, Dr. King, an orthopedic surgeon, presented a seminar to the state association of orthopedic surgeons on above-knee amputation techniques. He had performed Ms. Jones’ procedure one year ago, and he showed slides that compared her condition before the procedure, immediately after, six months later, and one year later.

1. Based on the HIPAA privacy rule issues discussed in Chapter 9, identify the issue or issues presented on each date in the above case study.

 

Week 6 – Information Risk and Management

Weekly Learning Outcomes:

• Discuss the rise of ransomware attacks on healthcare
• Examine the current state of cyber crime in healthcare to determine possible solutions

Readings:

• Murphy & Seymour, chapters 4, 5 & 6

Discussion Prompt:

With ransomware attacks on the rise, each healthcare organization must consider how they will deal with these attacks. Please offer your thoughts both for and against paying for healthcare data that is held ransom.

Research Paper:

Please review the current media coverage of the the cybersecurity/hacking epidemic and consider potential resolution options. Your paper should include:

1. A survey of the current state of affairs in the US. This should include, but not be limited to:
   • an explanation of cyberattacks
   • a brief summary of the most recent media coverage around the attacks
   • a review of the government’s input into the crisis
2. A review of potential solutions to this problem

Students are encouraged to dig into any strategy that might work – even if not widely applied today. Consider both technology and policy approaches. Paper details: 5-7 pages with at least 5 references. Please use at least two academic journals references and the other three or more can be any combination of industry articles/website, mainstream media (examples: New York Times, CNN, PBS, NPR) or other resources

Week 7 – Information Rights vs. Protection

Weekly Learning Outcomes:

• Discuss
• Conduct a risk analysis to determine areas of vulnerability

Readings:

• Murphy & Seymour, chapters 7 & 8

Discussion Prompt:

Most states now have Health Information Exchange systems. The systems are either set-up and “opt-in” or “opt-out”. Determine what your state does (or what a neighboring state does). Do you know if your personal data is shared in your state? Discuss your thoughts and opinions about the ethics of this. Pay particular attention to the “tricky” areas of underage consent, mental health services, and HIV status.

Risk Analysis Assignment, part 1:

Conducting a risk analysis is the first step in identifying and implementing safeguards to protect assets in any organization. In healthcare, protecting assets includes protecting patient information. You will use the SRA Tool which was designed to help healthcare organizations conduct a risk analysis; the tool will ask you a series of questions about procedures at your place of employment. If it is not possible for you to conduct the risk analysis at your place of employment, create a fictitious situation and answer the questions for that fictitious place.

This is a large project that will require you to work on it during both this week and next. This week please review the information below and download the tool (you will have two technology options and one paper option). No matter which version of the tool you are using, make sure that you understand this week how it works.

Steps for this week:

• Read the Guide on Risk Analysis
• Watch the Security 101: Security Risk Analysis video
• Download the SRA Tool (Instructions below)
• Begin to answer the questions from the tool (plan to answer at least 1/3 of the questions this week)

Instructions for downloading the SRA Tool:

• Go to SRA Tool webpage.
• If you have a Windows machine or an IPad, download the appropriate tool from the right hand side of the page. You may also wish to download the user guide which is found below those two versions of the tool.
• If you have a Mac computer, it would be best if you can get hold of either a Windows machine or an Ipad for this assignment. If can’t do that, then you will have to use the text version of the tool. To do so, scroll to the bottom of the SRA Tool webpage and then download all 3 of the Safeguard tools (Administrative Safeguards, Technical Safeguards, Physical Safeguards). You should save these “safeguard” tools as doc files onto your computer. You will then be able to type into them. Save your work periodically as you proceed.

Week 8 – Cybersecurity Management

Weekly Learning Outcomes:

• Reflect on Security Risk Analysis tool to evaluate its usefulness
• Conduct a risk analysis to determine areas of vulnerability

Readings:

• Murphy & Seymour, chapters 9, 10 & 11

Discussion Prompt:

Please post a reflection on your experience with the Security Analysis tool. What is your reaction to it? Were you able to use the online version of the tool or did you have to use the document version? What about it did you find most surprising/user friendly/cumbersome/helpful/tedious? Do you think this tool would be helpful to organizations? Why or Why not?

Risk Analysis Assignment, part 2:

This week you will finish the risk analysis that you began in week 7. First, finish answering all the questions. Then

If you used the online tool:

• Run a report to see your results. The report button is at the bottom right of the SRA tool.
• Please create both a graph and a pdf of your assessment.
• Save the pdf document.
• Take a screenshot of the graphical data.
• Submit both the pdf and the screenshot.

If you used the saved documents on your Mac:

• Write a short overview of the results.
• Submit all three of the saved documents and your overview.

Student Resources

Online Student Support

Your Student Support Specialist is a resource for you. Please don't hesitate to contact them for assistance, including, but not limited to course planning, current problems or issues in a course, technology concerns, or personal emergencies.

Questions? Visit the Student Support Health Informatics page

APA Style Guide

• https://www.apastyle.org

UNE Libraries:

• Library Access for all students: Your library login ID and password are the same as the ones you use to log into Blackboard/Brightspace.
• MSIN Databases: https://library.une.edu/library-materials/find/research-by-subject/health-informatics/
• Library Tutorial: Find an article
• Library Questions: Ask a librarian or phone library staff at (207) 602-2361 or (207) 221-4330.

UNE Student Academic Success Center

The Student Academic Success Center (SASC) offers a range of services to support your academic achievement, including tutoring, writing support, test prep and studying strategies, learning style consultations, and many online resources. To make an appointment for tutoring, writing support, or a learning specialist consultation, go to une.tutortrac.com. To access our online resources, including links, guides, and video tutorials, please visit:

• UNE Student Academic Success Center

Accommodations

Any student who would like to request, or ask any questions regarding, academic adjustments or accommodations must contact the Student Access Center at (207) 221-4438 or pcstudentaccess@une.edu. Student Access Center staff will evaluate the student's documentation and determine eligibility of accommodation(s) through the Student Access Center registration procedure.

Policies

Technology Requirements

Please review the technical requirements for UNE Online Graduate Programs: Technical Requirements

Turnitin Originality Check and Plagiarism Detection Tool

The College of Professional Studies uses Turnitin to help deter plagiarism and to foster the proper attribution of sources. Turnitin provides comparative reports for submitted assignments that reflect similarities in other written works. This can include, but is not limited to, previously submitted assignments, internet articles, research journals, and academic databases.

Make sure to cite your sources appropriately as well as use your own words in synthesizing information from published literature. Webinars and workshops, included early in your coursework, will help guide best practices in APA citation and academic writing.

You can learn more about Turnitin in the Turnitin Student quick start guide.

Information Technology Services (ITS)

ITS Contact: Toll Free Help Desk 24 hours/7 days per week at 1-877-518-4673

Course Evaluation Policy

Course surveys are one of the most important tools that University of New England uses for evaluating the quality of your education, and for providing meaningful feedback to instructors on their teaching. In order to assure that the feedback is both comprehensive and precise, we need to receive it from each student for each course. Evaluation access is distributed via UNE email at the beginning of the last week of the course.