HIM3600 Legal and Ethical Aspects of Health Information Final Exam:
Instructions: Review each question and provide your response in paragraph form in a separate Word document.Make sure the question number and your response are together.Partial credit will be given.The exam is due at the end of Module 5.
1. A 35-year-old woman was in ABC Hospital psychiatric ward last week after trying to commit suicide.She was released today and wants her complete medical record.As the HIM Manager how do you respond?
2.Shirley Denton has written to request an amendment to her PHI from Bon Voyage Hospital, stating that incorrect information is present on the document in question.The document is an incident report from Bon Voyage Hospital, which was erroneously placed in Ms. Denton’s health record.The covered entity declines to grant her request based on which privacy rule provision?
3. Dr. Smith, a member of the medical staff, asks to see the medical records of his adult daughter who was hospitalized in your institution for a tonsillectomy at age 16. The daughter is now 25.Dr. Jones was the patient’s physician. As the health information manager, how do you respond to this request?
4. St. Joseph’s Hospital has a psychiatric service on the sixth floor of the hospital.A 31-year-old male has come to the HIM department and requested to see a copy of his medical record.He has told your clerk he was a patient of Dr. Schmidt, a psychiatrist, and was on the sixth floor of St. Joseph’s for the last two months.These records are not psychotherapy notes.What would be the best course of action for you to take, as the HIM director?
5. A competent adult female has a diagnosis of ovarian cancer and while on the operating table suffers a stroke and is in a coma. Her son would like to access her health records from a clinic she recently visited for pain in her right arm. The patient is married and lives with her husband and two grown children. According to the Uniform Health-Care Decision Act (UHCDA) who is the logical person to request and sign an authorization to access the woman’s health records from the clinic?
6. What protection does HIPAA provide regarding access and disclosure of health information?
7. As an HIT you are reviewing the health record for data quality audit and notice that a particular physician consistently obliterates information in the record when he makes a mistake.You are asked to review the proper process for handling an incorrect entry made in a patient record with this physician.What steps would take to prevent this from happening in the future?
8. You walk down the halls of the medical unit of your facility.The equipment for documenting in the CPR hangs outside the patient’s room.You notice one computer screen is on and a patient’s information is on the screen.What are your concerns about this situation and what steps would you take to resolve it?
9. You play golf with Dr. Stewart and several other friends.Dr. Stewart is concerned about one patient and starts to tell you about some of the patient’s problems. The doctor even mentions the patient’s name.To be consistent with applicable ethics, rules, regulations and laws, what should you do?
10.The following case appeared in the Office for Civil Rights website (http://www.hhs.gov/ocr) describing a well-known Midwestern medical clinic that was subsequently investigated by the OCR.
An employee inappropriately accesses PHI affecting potentially 1,740 individuals.The category of the breach as reported to the OCR was Unauthorized Access/Disclosure.Following the breach, the clinic conducted an investigation, terminated the employee, and re-educated its employees regarding its policies on patient privacy and access to PHI. They also enhanced their supervision and monitoring of employee’s access activity and notified the patients they reasonably believed had been affected and offered them identify theft protection services at no cost.They also, as required by the rule, placed the breach notice on their website and in the local newspaper as the breach affected over 500 individuals.
What security safeguards should be in place to prevent a breach such as this?