Individually complete the matrix. Complete the HIT audit compliance evaluation matrix. Support your answers with solid reasons based on legal requirements and penalties.
Use only classroom materials to complete the matrix. This would include the textbooks, web links, and the Classroom law library.1. Stuart Showalter; Stuart Showalte
Resources below..PLEASE ONLY USE THESE FOR ASSIGNMENT
The Law of Healthcare Administration, Ninth Edition
http://ezproxy.umgc.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=nlebk&AN=2361947&site=eds-live&scope=site&profile=edsebook
Ch. 9 Health Information Management, pp. 327-358
2. Frankie Perry; Frankie Perry
The Tracks We Leave: Ethics and Management Dilemmas in Healthcare, Third Edition
http://ezproxy.umgc.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=nlebk&AN=2344970&site=eds-live&scope=site&profile=edsebook
- Security 101: Security Risk Analysis https://www.youtube.com/watch?v=hNUBMLVr9z4&t=6s (Note: The meaningful use program incentives are now part of Promoting Interoperability standards)
Review:
- HIPAA Compliance Checklist 2021 https://www.hipaajournal.com/hipaa-compliance-checklist/
- Office of the National Coordinator (ONC) Health Information Technology (HIT) Guide to Privacy and Security of Electronic Health Information (EHI) https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
- 2021 Medicare Promoting Interoperability Program: Certified Electronic Health Record Technology Fact Sheet https://www.cms.gov/files/document/2021-cehrt-fact-sheet.pdf
- Cybersecurity Quick Response Checklist https://www.hhs.gov/sites/default/files/cyber-attack-checklist-06-2017.pdf
- The Scope of Discovery http://www.learningcivilprocedure.com/forms/sample12.pdf?v=1
Week 6 and 7: Health Information Technology
Additional Resources
Medical Records in Health Care
o
o
o
o
o
o
o
o
o
Maryland Department of Health For Your Information: Medical Records
https://health.maryland.gov/mbpme/Pages/records.aspx
Maryland Code Confidentiality of Medical Records
https://law.justia.com/codes/maryland/2015/article-ghg/title-4/subtitle-3/
Code of Maryland Regulations (COMAR) Retention and Disposal of Medical
Records and Protected Health Information
http://mdrules.elaws.us/comar/10.01.16
State Medical Record Retention Laws
https://www.healthit.gov/sites/default/files/appa7-1.pdf
AHIMA Federal Record Retention Requirements
https://library.ahima.org/PB/RetentionDestruction#.YH-NNOhKiUk
CMS Complying with Medical Record Documentation Requirements Complying
With Medical Record Documentation Requirements (cms.gov)
CMS Medical Record Retention and Media Formats for Medical Records se1022
(aihc-assn.org)
ONC HIT What information does an electronic health record (I) contain?
https://www.healthit.gov/faq/what-information-does-electronic-health-record-Icontain
AHIMA Legal I Policy Template https://library.ahima.org/PdfView?oid=71541
Medical Record in Court
o
o
o
o
o
o
o
Shah, R. A Step-by-Step Guide for Responding to Medical Record Subpoenas
(Aug. 11, 2020) https://www.magmutual.com/learning/article/step-step-guideresponding-medical-record-subpoenas/
Hoover, J., et. al. Physicians Must Be Cautious When Responding to a Subpoena
or Request for Medical Records http://www.burr.com/wpcontent/uploads/2016/09/ARTICLE_MASA_Responding-to-a-subpoena-formedical-records.pdf
HIPAA, Court orders and Subpoenas https://www.hhs.gov/hipaa/forindividuals/court-orders-subpoenas/index.html
Federal Rules of Civil Procedure (FRCP) Rule 26
https://www.law.cornell.edu/rules/frcp/rule_26
Federal Rules of Evidence FRE Rule 502
https://www.law.cornell.edu/rules/fre/rule_502
Maryland Discovery Rules https://www.peoples-law.org/maryland-circuit-courtdiscovery
Maryland 2-402 Scope of Discovery
https://govt.westlaw.com/mdc/Document/N5E7640909CEA11DB9BCF9DAC283
45A2A?originationContext=document&transitionType=StatuteNavigator&need
ToInjectTerms=False&viewType=FullText&contextData=%28sc.Default%29
o
502D Court Order/502E 502E Waiver by Agreement
https://www.law.cornell.edu/rules/fre/rule_502
o
Preparing for E-discovery before litigation checklist Preparing for E-discovery
Before Litigation Checklist – Kelley Drye & Warren LLP
E-Discovery Checklist Manifesto https://ediscovery.aceds.org/hubfs/202055_ACEDS%20eDiscovery%20Checklist%20Manifesto.pdf
ESI Playbook
https://www.grsm.com/Templates/media/files/pdf/IADC%20ESI%20Playbook.pd
f
Good New 33-Point e-Discovery Checklist from Miami https://ediscoveryteam.com/2017/10/01/good-new-33-point-e-discovery-checklist-frommiami/
Three Important Hospital Actions Concerning Incident Report
Discovery https://katten.com/files/542900_medical_law_perspectives_callahan.p
df
Litigation Holds – The Triggers and Consequences for Failing to Preserve
Evidence https://www.tandllaw.com/blog/litigation-holds-the-triggers-andconsequences-for-failing-to-preserve-evidence/
What to do when you receive a “litigation hold” notice
https://www.washington.edu/admin/ago/litigationhold.pdf
o
o
o
o
o
o
Health Care Quality Improvement Act (HCQIA), Patient Safety and Quality Improvement Act (PSQIA)
and peer review immunity
o
o
o
o
Peer Review Survival Kit: Is your peer review process safe? https://www.amaassn.org/system/files/2019-11/i19-peer-review-survival-kit.pdf
HCQIA miscellaneous provisions
https://www.law.cornell.edu/uscode/text/42/11137
Lawson, R. et. al. Credentialing and Peer Review of Health Care Providers: The
Process and Protections (April 19,
2012) https://www.ccsb.com/pdf/Publications/Health%20Care/Credentialing_and
_Peer_Review_of_Healthcare_providers.pdf
Patient Safety and Quality Improvement Act (PSQIA) – HHS Guidance
Regarding Patient Safety Work Product and Provider’s External Obligations
https://www.pso.ahrq.gov/sites/default/files/wysiwyg/guidance-pswp-providerobligations.pdf
HIPAA Resources for Special Situations
o
o
Sample Business Associate Contract Provisions https://www.hhs.gov/hipaa/forprofessionals/covered-entities/sample-business-associate-agreementprovisions/index.html
Model Notice of Privacy Practices (NPP) https://www.hhs.gov/hipaa/forprofessionals/privacy/guidance/model-notices-privacy-practices/index.html
o
o
o
o
o
o
o
o
o
o
o
o
HIPAA Emergency Situations: Preparedness, Planning and Response
https://www.hhs.gov/hipaa/for-professionals/special-topics/emergencypreparedness/index.html
HIPAA Related to Mental and Behavioral Health, including Opioid Overdose
https://www.hhs.gov/hipaa/for-professionals/special-topics/mentalhealth/index.html
HIPAA, Psychotherapy Notes, and Other Mental Health Records (Jan. 29, 2020)
https://www.jdsupra.com/legalnews/hipaa-psychotherapy-notes-and-other-42359/
State Laws Requiring Authorization to Disclose Mental Health Information for
Treatment, Payment, or Health care operations
https://www.healthit.gov/sites/default/files/State%20Mental%20Health%20Laws
%20Map%202%20Authorization%20Required%209-30-16_Final.pdf
Health Information Privacy Enforcement Examples Involving HIV/AIDS
https://www.hhs.gov/civil-rights/for-providers/complianceenforcement/examples/aids/cases/index.html
Resources for Mobile Health Apps Developers https://www.hhs.gov/hipaa/forprofessionals/special-topics/health-apps/index.html
HIPAA Right to an Accounting of Disclosures https://www.hhs.gov/hipaa/forprofessionals/faq/right-to-an-accounting-of-disclosures/index.html
HIPAA and E-mail use https://www.hhs.gov/hipaa/forprofessionals/faq/570/does-hipaa-permit-health-care-providers-to-use-email-todiscuss-health-issues-withpatients/index.html#:~:text=Yes.,%C2%A7%20164.530(c).
Is Texting in Violation of HIPAA? HIPAA Journal
Joint Commission: Update: Texting Orders The Joint Commission publishes an
update on Texting Orders | Mobile Heartbeat
Wrongful disclosure of individually identifiable information
https://www.govinfo.gov/content/pkg/USCODE-2010-title42/pdf/USCODE2010-title42-chap7-subchapXI-partC-sec1320d-7.pdf
HIPAA Enforcement Process https://www.hhs.gov/hipaa/forprofessionals/compliance-enforcement/enforcement-process/index.html
HIPAA Privacy
o
Summary of the HIPAA privacy rule https://www.hhs.gov/hipaa/forprofessionals/privacy/laws-regulations/index.html
HIPAA Security and Risk Assessment
o
o
Summary of the HIPAA Security Rule https://www.hhs.gov/hipaa/forprofessionals/security/laws-regulations/index.html
Security Risk Assessment (SRA) Tool https://www.healthit.gov/topic/privacysecurity-and-hipaa/security-risk-assessment-tool
o
o
o
o
o
o
o
HHS Guidance on Risk Analysis Requirements under the HIPAA Security Rule
https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityru
le/rafinalguidancepdf.pdf
Health IT Privacy and Security Resources for Providers (Includes Tools and
templates, Education and Training, Patient Communication tools, HIPAA
guidance, and Other Federal and state privacy and security resources
https://www.healthit.gov/topic/privacy-security-and-hipaa/health-it-privacy-andsecurity-resources-providers
National Institute of Standards and Technology (NIST) HIPAA Security Content
Automation Protocol – HIPAA Security Rule Toolkit and User Guide
https://csrc.nist.gov/projects/security-content-automation-protocol/hipaa
HHS Guidance to Render Unsecured Protected Health Information Unusable,
Unreadable, or Indecipherable to Unauthorized Individuals
https://www.hhs.gov/hipaa/for-professionals/breachnotification/guidance/index.html
Top ten myths of Security Risk Analysis (SRA)
https://www.healthit.gov/topic/privacy-security-and-hipaa/top-10-myths-securityrisk-analysis
HIPAA Compliance Checklist 2021. HIPAA Journal.
Data Encryption 101: A Guide to Data Security Best Practices
https://preyproject.com/blog/en/data-encryption-101/
HIPAA Breach Notification
o
Breach Notification Rule https://www.hhs.gov/hipaa/for-professionals/breachnotification/index.html
Cybersecurity
o
o
o
Cyberattack Quick Response https://www.hhs.gov/sites/default/files/cyber-attackquick-response-infographic.gif
HHS Fact Sheet: Ransomware and HIPAA OCR Fact Sheet: Ransomware and
HIPAA | AHA
Cybersecurity in Healthcare Cybersecurity in Healthcare | HIMSS
Health Information Technology Certification/Promoting Interoperability
o
o
o
Quality Payment Program (QPP) Overview Merit-based Incentive Payment
System (MIPS) Overview – QPP (cms.gov)
Office of the National Coordinator (ONC) Health Information Technology (HIT)
Certification Program Overview
https://www.healthit.gov/sites/default/files/PUBLICHealthITCertificationProgram
Overview.pdf
Office of the National Coordinator (ONC) Health Information Technology (HIT)
2015 Edition https://www.healthit.gov/topic/certification-ehrs/2015-edition
o
o
o
o
o
o
o
Office of the National Coordinator (ONC) Health Information Technology (HIT)
2015 Standards Hub https://www.healthit.gov/topic/certification/2015-standardshub
Office of the National Coordinator (ONC) Health Information Technology (HIT)
Conditions and Maintenance of Certification
https://www.healthit.gov/topic/certification-ehrs/conditions-maintenancecertification
Office of the National Coordinator (ONC) Health Information Technology (HIT)
Certification Standards and
Regulations https://www.healthit.gov/topic/certification-ehrs/certificationstandards-and-regulations
Condition of Certification: Information Blocking Fact Sheet
https://www.healthit.gov/sites/default/files/page/202102/ConditionOfCertification_IB_FactSheet.pdf
Office of the National Coordinator (ONC) Health IT
Resources https://www.healthit.gov/topic/health-it-resources
Office of the National Coordinator (ONC) Health IT Playbook
https://www.healthit.gov/playbook/
CMS Promoting Interoperability Programs https://www.cms.gov/Regulationsand-Guidance/Legislation/EHRIncentivePrograms
CMS Quality Payment Program (QPP)
o
o
o
CMS 2021 Program Requirements for Medicare
https://www.cms.gov/regulations-guidance/promoting-interoperability/2021program-requirements
CMS Quality Payment Program (QPP) Merit-based Incentive Payment System
(MIPS) 2021 Quality Requirements https://qpp.cms.gov/mips/qualityrequirements
Alternative Payment Model (APM) https://qpp.cms.gov/apms/overview
Patient Portals and access to Electronic Health Information (EHI)
o
o
o
o
What is a patient portal? https://www.healthit.gov/faq/what-patientportal#:~:text=A%20patient%20portal%20is%20a,Recent%20doctor%20visits
Dendere, R. et. al. Patient Portals Facilitating Engagement with Inpatient
Electronic Medical Records: A Systematic Review. Journal of Medical Internet
Research. Apr. 21(4)
(2019) https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6482406/
21st Century Cures Act https://www.congress.gov/bill/114th-congress/housebill/34/
HHS Final Rule: 21st Century Cures Act: Interoperability, Information Blocking
and the ONC Health IT Certification Program
https://www.federalregister.gov/documents/2020/05/01/2020-07419/21st-centurycures-act-interoperability-information-blocking-and-the-onc-health-it-certification
o
Empowering Patients in the U.S. Healthcare system
https://www.healthit.gov/curesrule/final-rule-policy/empowering-patients-ushealth-care-system
EU General Data Protection Regulation (GDPR)
o
o
o
o
Does GDPR Regulate Clinical Care Delivery by US Health Care Providers? The
National Law Review (Feb. 18, 2018)
https://www.natlawreview.com/article/does-gdpr-regulate-clinical-care-deliveryus-health-careproviders#:~:text=Unlike%20the%20HIPAA%20Privacy%20Rule,Data%20or%2
0to%20have%20another
Dowd, E. EU Data Privacy Rule GDPR Impacts US Health IT Infrastructure.
Infrastructure. (May 25, 2018) https://hitinfrastructure.com/news/eu-dataprivacy-rule-gdpr-impacts-us-health-it-infrastructure
GDPR https://gdpr-info.eu/
Complete guide to GDPR compliance https://gdpr.eu/
Medical Identity Theft
o
o
o
o
o
FTC Medical Identity Theft https://www.consumer.ftc.gov/articles/0171-medicalidentity-theft
FTC Medical Identity Theft: FAQS for Health Care Providers and Health Plans
Medical Identity Theft: FAQs for Health Care Providers and Health Plans |
Federal Trade Commission (ftc.gov)
FTC Red Flags Rule https://www.ftc.gov/tips-advice/business-center/privacy-andsecurity/red-flags-rule
FTC Fighting Identity Theft with the red flags rule: a how-to guide of
business https://www.ftc.gov/tips-advice/business-center/guidance/fightingidentity-theft-red-flags-rule-how-guide-business
False Claims Act https://www.justice.gov/civil/false-claims-act
Health Information Technology (HIT) Compliance
o
o
Rudolph, H. Technology and Compliance: The Relationship between Technology
and Compliance https://compliancecosmos.org/relationship-between-technologyandcompliance#:~:text=Technology%20helps%20streamline%20the%20formal,cond
ucting%20analyses%20and%20facilitating%20prioritization.&text=Visual%20re
presentation%20of%20the%20outcomes,engaging%20tool%20for%20complianc
e%20teams.
National Council of Nonprofits – Conflict of interest
Policyhttps://www.councilofnonprofits.org/tools-resources/conflicts-of-interest
o
o
ONC HIT Information Security Policy Template (See word resource document)
https://www.healthit.gov/resource/information-security-policy-template
Privacy and Compliance Policies Privacy and Compliance Policies – Patient
Advocate Foundation