Ethical health informatics challenges and opportunities [3rd edition] 9781284053708, 9781284053715, 1284053717

Professional values and the code of ethics -- Ethical decision-making guidelines and tools -- Privacy and confidentialit

2,449 127 6MB

English Pages 1 v [802] Year 2017

Report DMCA / Copyright

DOWNLOAD FILE

Polecaj historie

Ethical health informatics challenges and opportunities [3rd edition]
 9781284053708, 9781284053715, 1284053717

Table of contents :
Professional values and the code of ethics --
Ethical decision-making guidelines and tools --
Privacy and confidentiality --
Data analytics --
Compliance, fraud, and abuse --
Coding --
Quality management --
Research and decision support --
Public health --
Longitudinal coordinated care --
Clinical care : end of life --
Electronic health records --
Information security --
Information technology and biomedical instrumentation --
Information governance and management --
Integrated delivery systems --
Digital health : health information technology and information exchange --
Genetic information --
Adoption information --
Substance abuse, behavioral health and sexual information --
Digital health technologies for consumers, patients and caregivers --
Management and leadership --
Entrepreneurship --
Vendor management --
Advocacy.

Citation preview

THIRD EDITION

Ethical Health Informatics

Challenges and Opportunities

Laurinda Beebe Harman, PhD, RHIA, FAHIMA Associate Professor Emeritus Department of Health Information Management College of Public Health Temple University Philadelphia, Pennsylvania

Frances H. Cornelius, PhD, MSN, RN-BC, CNE Professor and Chair MSN Advanced Practice Role Department & Complementary and Integrative Health Programs Coordinator of Clinical Nursing Informatics Education College of Nursing and Health Professions Drexel University Philadelphia, Pennsylvania

World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 [email protected] www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to [email protected]. Copyright © 2017 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Ethical Health Informatics: Challenges and Opportunities, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product. There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious, but are used for instructional purposes only. This publication is designed to provide accurate and authoritative information in regard to the Subject Matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the service of a competent professional person should be sought. Production Credits VP, Executive Publisher: David D. Cella Publisher: Michael Brown Associate Editor: Nicholas Alakel Associate Production Editor: Rebekah Linga Senior Marketing Manager: Sophie Fleck Teague Manufacturing and Inventory Control Supervisor:   Amy Bacus

Composition: S4Carlisle Publishing Services Cover Design: Kristin E. Parker Rights & Media Research Coordinator: Mary Flatley Media Development Editor: Shannon Sheehan Cover Image: © kentoh/Shutterstock Printing and Binding: Edwards Brothers Malloy Cover Printing: Edwards Brothers Malloy

Library of Congress Cataloging-in-Publication Data Ethical challenges in the management of health information     Ethical health informatics : challenges and opportunities / [edited by] Laurinda Beebe Harman and Frances H. Cornelius. -Third edition.        p. ; cm.   Preceded by: Ethical challenges in the management of health information / [edited by ] Laurinda Beebe Harman. 2nd edition. 2006.   Includes bibliographical references and index.   ISBN 978-1-284-05370-8 (paper.)   I. Harman, Laurinda B., editor. II. Cornelius, Frances H, editor. III. Title.   [DNLM: 1.  Medical Informatics--ethics. 2.  Health Information Management--ethics.  W 26.5]   R118.2   174'.2--dc23                                                             2015017068 6048 Printed in the United States of America 19 18 17 16 15 10 9 8 7 6 5 4 3 2 1

We dedicate this book to Our parents and first ethical teachers Paul William and Gloria Virginia Scott Sugg Frank and Gabriela Haider Our caring and compassionate ethical husbands Gilbert Lee Hoffer John Lynn Cornelius Our Families Dorette Eirene Welk and Charleen Rene Szabo Gabriele Haider, Ryan A. Cornelius, and Janis E. Cornelius

Our colleagues and students who have informed our professional practice and challenged us to achieve excellence

© kentoh/Shutterstock

Contents

Contributors xxvii Foreword xxxi Preface xxxiii Acknowledgments xxxvii

SECTION I

Professional Ethics

1

Chapter 1

Professional Values and the Code of Ethics

3

Laurinda B. Harman, PhD, RHIA, FAHIMA Virginia L. Mullen, RHIA Frances H. Cornelius, PhD, MSN, RN-BC, CNE Learning Objectives 3 Introduction 3 Ethical Dilemmas for the HIM Professional 4 4 Coding and Financial Reimbursement Accreditation and Regulation 4 Vendors and Software Applications 5 Sensitive Information 5 Research 5 The Health Information System: Then and Now 5 The Healthcare System 5 Healthcare Documentation 6 Access to Information 6 Release of Information 7 Coding and Reimbursement 8 Technology 8 Role of the HIM Professional 8 HIM Profession and Ethical Pledge 11 Professional Codes of Ethics 12 AHIMA Code of Ethics 12 Preamble 12

v

vi

Contents Patients and the Healthcare Team 15 Employer 16 Public Interest 17 Professional Associations and Peers 17 Accountability to the AHIMA Code of Ethics 18 Policy and Procedure 19 Ethical Tools 19 Consequences of Unethical Behavior 19 American Nurses Association Code of Ethics 20 Principles of Medical Ethics for Physicians 21 Shared Professional Values 22 Interprofessional Collaboration Competencies 22 Values for Interprofessional Practice 22 24 Building an Ethical Health Information System Conclusion 27 Key Terms 28 Chapter Summary 28 References 29 Appendix 1-A: 1957 Code of Ethics for the Practice of Medical Record Science

32

Appendix 1-B: 1998 American Health Information Management Association Code of Ethics 33 Preamble 33 Appendix 1-C: 2011 American Health Information Management Association Code of Ethics 34 Preamble 34 Purpose of the American Health Information Management Association Code of Ethics 34 34 The Code of Ethics and How to Interpret the Code of Ethics 34 Principles and Guidelines The Use of the Code 39 Code of Ethics 2011 Ethical Principles 40 Resources 40 Appendix 1-D: Common Values of Health Care Regulators Values of Health Care Professionals

41 41

Appendix 1-E: Ethical Challenges Chapter Abstracts Professional Ethics Chapter 1: Professional Values and the Code of Ethics Chapter 2: Ethical Decision-Making Guidelines and Tools Chapter 3: Privacy and Confidentiality Uses of Information Chapter 4: Data Analytics Chapter 5: Compliance, Fraud, and Abuse Chapter 6: Coding Chapter 7: Quality Management Chapter 8: Research and Decision Support Chapter 9: Public Health Chapter 10: Longitudinal Coordinated Care Chapter 11: Clinical Care: End of Life

42 42 42 42 42 43 43 43 43 44 44 44 44 45

Contents



Electronic Health Information Chapter 12: Electronic Health Records Chapter 13: Information Security Chapter 14: Information Technology and Biomedical Instrumentation Chapter 15: Information Governance and Management Chapter 16: Integrated Delivery Systems Chapter 17: Digital Health: Health Information Technology and Information Exchange Sensitive Health Information Chapter 18: Genetic Information Chapter 19: Adoption Chapter 20: Substance Abuse, Behavioral Health, and Sexual Information Consumer and Professional Informatics Chapter 21: Digital Health Technologies for Consumers, Patients, and Caregivers Chapter 22: Management and Leadership Chapter 23: Entrepreneurship Chapter 24: Vendor Management Chapter 25: Advocacy Chapter 26: Future Challenges and Opportunities

Chapter 2

Ethical Decision-Making Guidelines and Tools

vii 45 45 45 46 46 47 47 48 48 48 48 49 49 49 49 49 50 50

51

Jacqueline J. Glover, PhD Learning Objectives 51 Introduction 51 Scenario 2-A: Decision Making for an Adolescent 51 52 What Is an Ethical Issue? Why Do Ethical Issues Need to Be Addressed? 52 But You Can’t Teach Ethics, Can You? 53 The Process of Ethical Decision Making 53 Justification in Ethical Reasoning: How Do You Know What Is Best? 57 57 Classic Ethical Theories Utilitarianism 58 Deontological Theory 58 Applying Multiple Theories 58 Current Ethical Approaches 59 Analysis of Principles 59 Analysis of Rights 59 Ethics of Care 60 Virtue-Based Ethics 60 The Bioethicist’s Toolbox 60 Moral Distress 62 Scenario 2-B: Access by Adolescents to Patient Portals 62 Ethics Resources 63 Conclusion 63 Key Terms 63 Chapter Summary 63 References 64 Blank Ethical Decision-Making Matrix

66

viii

Contents Ethical Decision-Making Matrices 67 Scenario 2-A: Decision Making for an Adolescent 67 Scenario 2-B: Access by Adolescents to Patient Portals 70

Chapter 3

Privacy and Confidentiality

75

Laurie A. Rinehart-Thompson, JD, RHIA, CHP, FAHIMA Laurinda B. Harman, PhD, RHIA, FAHIMA Learning Objectives 75 Introduction 75 Scenario 3-A: Family and Friends: Should I Tell? 75 Scenario 3-B: Share Information on Facebook? 76 Protecting Health Information 77 Privacy and Confidentiality 78 Release of Information 78 The HIPAA Privacy Rule 79 79 History of Privacy Laws 79 HIPAA Privacy Rule Framework Requirements for Patient Authorization 80 Use and Disclosure 81 Patient Authorization Required 81 82 Patient Authorization Not Required Blanket Authorizations 83 Breaches 83 Patient Concerns 84 Medical Identity Theft 84 85 Electronic Health Records and Mobile Devices Social Media 85 Professional Concerns 86 Ethical Challenges 86 Conclusion 87 Key Terms 87 Chapter Summary 88 References 88 Ethical Decision-Making Matrices Scenario 3-A: Family and Friends: Should I Tell? Scenario 3-B: Share Information on Facebook?

89 89 91

SECTION II

Uses of Information

93

Chapter 4

Data Analytics

95

Billie Anderson, PhD J. Michael Hardin, PhD Learning Objectives Introduction The Role of Data Analytics in Health Care Medical Data and the Data Collection Process Structured and Unstructured Data Current State of Medical Data Collection

95 95 95 97 97 99

Contents



ix

Paper-Based Medical Records 99 Hybrid Medical Records 100 Electronic Medical Records 101 Ethical Dilemmas Associated with Big Data and Data Analytics 102 Scenario 4-A: Readmission Predictive Model Project, Part 1: Right Skills? 103 Scenario 4-B: Readmission Predictive Model Project, Part 2: Impact of Bad Data 104 Value of Model Assumptions 105 Data Altruism 106 Big Data Analysis Techniques Used to Analyze Medical Data 108 Big Data Analysis 108 Traditional Data Analysis 109 Predictive Analytics 109 109 Supervised and Unsupervised Analyses Conclusion 112 Key Terms 112 Chapter Summary 112 References 113 Ethical Decision-Making Matrices Scenario 4-A: Readmission Predictive Model Project, Part 1: Right Skills? Scenario 4-B: Readmission Predictive Model Project, Part 2: Impact of Bad Data

Chapter 5

Compliance, Fraud, and Abuse

115 115 117

119

Laurie A. Rinehart-Thompson, JD, RHIA, CHP, FAHIMA Learning Objectives 119 Introduction 119 Scenario 5-A: Documentation Does Not Justify Billed Procedure 119 121 Regulations that Guide HIM Professionals False Claims Act 121 Qui Tam Statutes 122 Voluntary Disclosure Protocol 123 124 Anti-kickback Statute Anti-referral Statutes: Stark I and II 124 “Safe Harbors” and Stark Exceptions 125 Mail and Wire Fraud 125 HIPAA Regulations 125 HIPAA Administrative Simplification Standards 126 Security Standards 126 Privacy Standards 126 Enforcement Programs 127 False Claims Penalties 127 Roles for HIM Professionals 127 Compliance Programs to Prevent Fraudulent Behaviors 128 Dilemmas in Practice 129 Scenario 5-B: Accepting Money for Information 130 Fraudulent Documentation Practices 130 Scenario 5-C: Retrospective Documentation to Avoid Suspension 130 Retrospective Medical Record Analysis 132

x

Contents Scenario 5-D: Coder Assigns Code Without Physician Documentation 132 Coding Turnaround Time 133 Conclusion 133 Key Terms 133 Chapter Summary 134 References 135 Ethical Decision-Making Matrices Scenario 5-A: Documentation Does Not Justify Billed Procedure Scenario 5-B: Accepting Money for Information Scenario 5-C: Retrospective Documentation to Avoid Suspension Scenario 5-D: Coder Assigns Code Without Physician Documentation

Chapter 6

Coding

136 136 138 140 142

145

Linda Holtzman, MHA, RHIA, CCS, CCS-P, CPC, COC Rosalind Holtzman, RN, BA, BSN Learning Objectives 145 Introduction 145 Scenario 6-A: Blood Loss Anemia 145 146 Coding Systems The Function of Coding 147 Legal Foundation and Framework for Ethical Coding 148 Aortography 148 Scenario 6-B: Thoracic Aortogram 148 149 Coding and Payment Elements 149 Fraud and Abuse Ethical Foundations and Ethical Standards 150 AHIMA Code of Ethics 151 AHIMA Standards of Ethical Coding 151 152 Coding and Payment Elements Sources for Coding Direction 154 Mandated Sources 154 Coding Sources 154 Credible Sources 154 Main Ethical Challenges 155 Scenario 6-C: Revise the Analysis? 155 Upcoding 156 Unbundling 157 Evading Medical Necessity Requirements 158 Making a Decision and Making Your Case 159 Conclusion 162 Key Terms 162 Chapter Summary 162 References 163 Appendix 6-A: American Health Information Management Association  Code of Ethics 164 Preamble 164 Purpose of the American Health Information Management Association Code of Ethics 164

Contents



xi

The Code of Ethics and How to Interpret the Code of Ethics 165 Principles and Guidelines 165 The Use of the Code 169 Code of Ethics 2011 Ethical Principles 170 Resources 170 Appendix 6-B: American Health Information Management Association  Standards of Ethical Coding 171 Introduction 171 Standards of Ethical Coding 171 Resources 172 How to Interpret the Standards of Ethical Coding 172 Ethical Decision-Making Matrices 177 Scenario 6-A: Blood Loss Anemia 177 Scenario 6-B: Thoracic Aortogram 179 Scenario 6-C: Revise the Analysis? 181

Chapter 7

Quality Management

183

Patrice L. Spath, MA, RHIT Fameka B. Leonard, RN, MSN Learning Objectives 183 Introduction 183 Scenario 7-A: Inaccurate Publicly Reported Performance Data 183 183 Quality Management Milestones that Created QM Ethical Questions 185 Transitions Bring Ethical Challenges 187 Scenario 7-B: Audit Results Indicate Inappropriate Health Care 187 Ethical Issues Facing QM Professionals 187 188 Scenario 7-C: Reporting Hospital-Acquired Conditions 189 Ethical Standards Affecting QM Activities Quality and Professional Ethics 189 Code of Ethics 190 Organizational Values 191 Scenario 7-D: Disclosure of an Unanticipated Outcome 191 Personal Convictions 192 Moral Courage 193 Scenario 7-E: Failure to Check Physician’s Licensure Status 193 Making Ethical Decisions 193 QM Situations Raising Ethical Questions 194 Enabling Ethical Conduct 195 Role of the Profession 195 196 Role of the Employer Conclusion 196 Key Terms 197 Chapter Summary 197 References 197 Ethical Decision-Making Matrices Scenario 7-A: Inaccurate Performance Data Reported to the Public Scenario 7-B: Audit Results Indicate Inappropriate Health Care Scenario 7-C: Reporting Hospital-Acquired Conditions

200 200 202 204

xii

Contents Scenario 7-D: Disclosure of an Unanticipated Outcome Scenario 7-E: Failure to Check Physician’s Licensure Status

Chapter 8

Research and Decision Support

206 208

211

Susan White, PhD, RHIA, CHDA J. Michael Hardin, PhD Learning Objectives 211 Introduction 211 Scenario 8-A: Designing a Survey to Bias the Results 212 Scenario 8-B: The Impact of Sample Selection Bias 212 Roles of the RS and DSS 213 Ethical Responsibilities of the RS and DSS 215 Ensuring Data Integrity and Confidentiality 215 Data Acquisition and Integrity 217 218 Privacy and Confidentiality 219 Data from External Sources Data Reporting 219 Data Access 220 Human Subject Research 221 221 Internal Review Board Research Versus Clinical Record 224 Medical Record Data in Retrospective Studies 225 Maintaining and Enhancing Professional Competence 226 Conclusion 226 226 Key Terms Chapter Summary 226 References 227 Ethical Decision-Making Matrices Scenario 8-A: Designing a Survey to Bias the Results Scenario 8-B: The Impact of Sample Selection Bias

Chapter 9

Public Health and Informatics

229 229 231

233

Babette J. Neuberger, JD, MPH Eric S. Swirsky, JD, MA Learning Objectives 233 Introduction 233 Scenario 9-A: Gun Control and Reporting Mental Health Status 233 Public Health Information: An Overview 236 The Evolution of Public Health and Government Access to Private Medical Information 237 State Use of Protected Heath Information: Sexually Transmitted Disease Contact Tracing and Partner Notification 242 Ethical Challenges in Public Health 245 When the Public’s Right to Know Conflicts with the Individual’s Right to Privacy 245 An Antecedent Issue: The Duty to Decide 246 Making a Reasoned Decision 247 Autonomy 247

Contents



xiii

Nonmaleficence 248 Beneficence 249 Justice 250 Utility 251 Globalization and Attendant Ethical Challenges 253 Opportunities and Ethical Challenges of Social Media 255 The HIM Professional’s Role and Responsibility as an Advocate 258 A Reciprocal Duty Owed to Society 258 Superior Knowledge 259 An Unambiguous Duty to Protect Patient Privacy 259 Resources for Advocacy 259 Scenario 9-B: Conflicting Personal and Public Duties 260 Making a Reasoned Decision 261 261 Analyzing the Ethical Conflict Conclusion 262 Key Terms 262 Chapter Summary 262 References 263 Ethical Decision-Making Matrices Scenario 9-A: Gun Control and Reporting Mental Health Status Scenario 9-B: Conflicting Personal and Public Duties

Chapter 10

Longitudinal Coordinated Care

266 266 268

271

Ida Critelli Schick, PhD, LFACHE Learning Objectives 271 Introduction 271 The Ever-Changing Healthcare Scene 271 271 Two Significant Initiatives Healthy People Initiative 271 Healthcare Improvement Initiative 272 Key Stakeholders in Health Care 272 Population Health 273 274 The Focus on Patient-Centered Care Changes in the Medical Care System 275 Formation of Accountable Care Organizations 275 Critical Cultural Changes in ACOs 275 Health Care in Transition 276 Patient-Centered Medical Homes 276 Longitudinal Care 278 Complex Care Management 282 Exploring the Ethical Dimensions of PCMH and Longitudinal Care 285 Ethical Principles 285 Respect for Autonomy 285 Application of Respect for Autonomy: Enhancing and Expanding Informed Consent in PCMH and Longitudinal Care 285 Beneficence (Do Good) and Nonmaleficence (Do No Harm) 286 Justice 287 A Decision-Making Methodology in Ethics 287 Ethical Challenges and Issues 287

xiv

Contents Challenges for Boards and Administrators 288 Scenario 10-A: Competing Stakeholder Agendas in a Community ACO 288 Longitudinal Care Coordination 289 Scenario 10-B: Patient Transfer 289 Conclusion 290 Key Terms 290 Chapter Summary 290 References 291 Ethical Decision-Making Matrices Scenario 10-A: Competing Stakeholder Agendas in a Community ACO Scenario 10-B: Patient Transfer

Chapter 11

Clinical Care: End-of-Life

293 293 295

297

Deepak Mandi, MD Michael A. Silverman, MD, MPH James F. Tischler, MD Adam G. Golden, MD, MBA Learning Objectives 297 Introduction 297 Scenario 11-A: Bad News 297 298 Autonomy and Beneficence Are Physicians Getting the Right Message Out to Patients? 298 Physician Bias and Equity: A Systems Issue 299 Scenario 11-B: Treatment Choices 299 Information Across a Healthcare Continuum 300 300 Treatment Goals and Beneficence 301 Scenario 11-C: Advance Care Planning Advance Care Planning: An Opportunity 301 The Meaning of Terminal 302 Scenario 11-D: Palliative Care 302 303 Managing Pain Palliative Care 303 Emerging Issues 303 Physician-Assisted Suicide 303 Euthanasia 304 Is Withholding or Withdrawing Life-Sustaining Treatment Euthanasia? 304 Conclusion 304 Key Terms 304 304 Chapter Summary References 305 Ethical Decision-Making Matrices Scenario 11-A: Bad News Scenario 11-B: Treatment Choices Scenario 11-C: Advance Care Planning Scenario 11-D: Palliative Care

307 307 309 311 313

Contents



xv

SECTION III

Electronic Health Information

315

Chapter 12

Electronic Health Records

317

Mary Alice Hanken, PhD, CHPS, RHIA Gretchen Murphy, MEd, RHIA, FAHIMA Learning Objectives 317 Introduction 317 Scenario 12-A: Patient Record Integrity and Access 317 EHR Systems: Functions and Expected Features 318 EHR Definitions 319 EHR Benefits and Functionality 320 Health Data Uses 321 EHR Systems in the Twenty-First Century 323 325 EHR Technology and Ethical Issues 325 Patient Privacy Data Quality 327 Patient Interest 327 Organizational Values 328 328 Making Ethical Decisions Ethical Issues in Implementation 328 Patient Record Integrity and Access 328 Additional Ethical Issues in Implementation Planning 329 Clinical Care Process 329 330 Data Correction and Editing Process System Problems 330 Health Information Access Capabilities 331 Scenario 12-B: Parent Access to Child’s Health Information 331 331 Expanded Use of Health Information 332 Infrastructure Strengths and Weaknesses New Opportunities for Vendors and Healthcare Organizations 332 Scenario 12-C: Differences When Linking EHR Systems 333 User Access 336 Security Practices 336 Data Quality/Integrity 337 Confidentiality Agreements 337 338 Notifying Patients About Information Practices Audit Trails and Email 338 Conclusion 338 Key Terms 338 Chapter Summary 338 References 339 Ethical Decision-Making Matrices Scenario 12-A: Patient Record Integrity and Access Scenario 12-B: Parent Access to Child’s Health Information Scenario 12-C: Differences When Linking EHR Systems

341 341 343 345

xvi

Contents

Chapter 13

Information Security

347

Karen Czirr, MS, RHIA, CHP Emily West, RHIA Learning Objectives 347 Introduction 347 Scenario 13-A: A Curious Human Resource Employee 348 The Healthcare Information Revolution 349 The Role of the CIO 350 Access and Information Security 351 351 Privacy, Confidentiality, Disclosure, and Need to Know Privacy-Related Security 352 353 Confidentiality, Integrity, Availability Sanctions 353 353 Establishing a Security Baseline Policies and Procedures 353 Need to Know and Data Sharing 354 356 Access Control Unique User Identification 356 Scenario 13-B: Failure to Log Out of the System 358 Audit Trails 358 359 Workstation Use and Security 359 The Internet, Email, and E-Health Conducting a Risk Analysis 360 Identifying Vulnerabilities 360 Scenario 13-C: Storing Data on a Laptop Computer 360 Interoperability 361 362 Patient Notification and Informed Consent Conclusion 362 Key Terms 362 Chapter Summary 363 References 363 Ethical Decision-Making Matrices Scenario 13-A: A Curious Human Resource Employee Scenario 13-B: Failure to Log Out of the System Scenario 13-C: Storing Data on a Laptop Computer

Chapter 14

Information Technology and Biomedical Instrumentation

365 365 367 369

371

Susan H. Fenton, PhD, RHIA, FAHIMA Frances H. Cornelius, PhD, MSN, RN-BC, CNE Learning Objectives 371 Introduction 371 Biomedical Instrumentation and Interoperability 372 Scenario 14-A: Lack of Interoperability 373 Medical Device Interoperability Defined 374 The Need for Interoperability 375 Codes of Ethics 376

Contents



xvii

Ethical Issues for Interface Development 377 Interface Development and Biomedical Device Integration 378 Functional Medical Device Interoperability 379 Scenario 14-B: Data Interface Decisions 379 Consultant’s Perspective 379 Information Gathering 379 Key Considerations 380 Benefits of Functional Device Interoperability 381 Prioritizing Device Integration 381 A Collaborative Approach to Decision Making 382 Scenario 14-C: Data Interface Quality 383 Conclusion 384 Key Terms 384 384 Chapter Summary References 385 Ethical Decision-Making Matrices Scenario 14-A: Lack of Interoperability Scenario 14-B: Data Interface Decisions Scenario 14-C: Data Interface Quality

Chapter 15

Information Governance and Management

387 387 389 391

393

Linda L. Kloss, MA, RHIA, FAHIMA Learning Objectives 393 Introduction 393 Scenario 15-A: Stewardship Literacy for Community Health Improvement 394 Governance of Health Information 395 Defining Information Governance 395 Defining Data and Other Dimensions of Governance 396 Governance as Ethical Stewardship 397 399 Healthcare Organizations and Stewardship 400 Scenario 15-B: Managing Patient Identification as Master Data Organizing for Governance 402 Scenario 15-C: Big Data Analytics and Stewardship 403 Contemporary Health Information Management 404 Enterprise Information Management Domains 405 Organizing for EIM 406 Scenario 15-D: EHR Integrity Management 407 Conclusion 408 Key Terms 408 Chapter Summary 408 References 409 Ethical Decision-Making Matrices 410 Scenario 15-A: Stewardship Literacy for Community Health Improvement 410 412 Scenario 15-B: Managing Patient Identification as Master Data Scenario 15-C: Big Data Analytics and Stewardship 414 Scenario 15-D: EHR Integrity Management 416

xviii

Contents

Chapter 16

Integrated Delivery Systems

419

Brenda Olson, MEd, RHIA, CHP Karen Gallagher Grant, RHIA, CHP Learning Objectives 419 Introduction 419 Scenario 16-A: Scheduling Clerk Has Access to All Clinical Information 419 Privacy and Security Issues 422 Models for the Integrated Delivery System 425 Data Quality Issues 426 426 Scenario 16-B: Vulnerabilities in the Electronic Health Record Management of Patient Identity Management Systems 428 429 Scenario 16-C: Inconsistencies in the Patient Identity Management System Required Skills for HIM Professionals 430 Conclusion 430 Key Terms 431 Chapter Summary 431 References 431 Appendix 16-A: Sample Access Policy Ethical Decision-Making Matrices Scenario 16-A: Scheduling Clerk Has Access to All Clinical Information Scenario 16-B: Vulnerabilities in the Electronic Health Record Scenario 16-C: Inconsistencies in the Patient Identity Management System

Chapter 17

Digital Health: Information Technology and Information Exchange

433 435 435 437 439

441

Meryl Bloomrosen, MBA, MBI, RHIA, FAHIMA Learning Objectives 441 Introduction 441 Goals and Objectives 442 443 Health Information Technology and Health Information Exchange Health Information Exchange 443 Data and Information Governance 444 Evolving Roles, Responsibilities, and Challenges 445 Background and History of Public- and Private-Sector Activities 445 Public Sector 445 Private Sector 452 Mobile Health 454 Ethical Challenges 454 Scenario 17-A: Health Informatics and Information Management (HIIM) Professionals’ Role 456 Conclusion 457 Key Terms 458 Chapter Summary 458 References and Resources 459 Ethical Decision-Making Matrices Scenario 17-A: Health Informatics and Information Management (HIIM) Professionals’ Role

464 464

Contents



xix

SECTION IV

Management of Sensitive Health Information

467

Chapter 18

Genetic Information

469

Sharon F. Terry, MA Learning Objectives 469 Introduction 469 Scenario 18-A: Genetic Privacy 469 Genetic and Genomic Information 470 Genetic Information in the Clinical Context 471 Translational Science’s Implications for the Management of Genomic Information 471 Privacy and Confidentiality of Genetic Information 472 474 Research Setting 475 Legislation Regarding Genetic Information Genetic Information Nondiscrimination Act (GINA) 475 State Legislative Protections Related to Genetics 476 Ethical and Social Issues Related to Genetics 476 477 Access to Genetic Services and Health Disparities Whole Genome and Exome Sequencing 478 Right to Know, Not to Know, and Incidental Findings 478 Conclusion 479 Key Terms 479 480 Chapter Summary References 481 Appendix 18-A: Legislative Acts Relevant to Genetic Testing Ethical Decision-Making Matrices Scenario 18-A: Genetic Privacy

Chapter 19

Adoption Information

484 485 485

487

Martha L. Jones, PhD, LSW Learning Objectives 487 487 Introduction Scenario 19-A: Seeking Information Many Years Later 487 Historical and Emerging Ethical Issues 489 Adoption and Assisted Reproductive Technology (ART) 492 Ethical Issues for HIM Professionals 494 Adoptive Parents Seek Information on Their Adopted Child 494 Scenario 19-B: An Adoptee Seeks Information on Her Biological Family 495 Scenario 19-C: A Birth Mother Seeks Information on Her Biological Son 496 498 Future Issues Conclusion 500 Key Terms 500 Chapter Summary 500 References 501 Ethical Decision-Making Matrices Scenario 19-A: Seeking Information Many Years Later Scenario 19-B: An Adoptee Seeks Information on Her Biological Family Scenario 19-C: A Birth Mother Seeks Information on Her Biological Son

502 502 504 506

xx

Contents

Chapter 20

Substance Abuse, Behavioral Health, and Sexual Information

509

Laurie A. Rinehart-Thompson, JD, RHIA, CHP, FAHIMA Sharon J. Randolph, JD, RHIA Learning Objectives 509 Introduction 509 Scenario 20-A: The Arrest Warrant: Is This Person in Your Facility? 510 Substance Abuse Treatment, Health Information, and the Law 511 Ethical Challenges in Behavioral Health and Substance Abuse Treatment 511 513 Law Enforcement Requests P­ atient-Identifying Information Scenario 20-B: Safety of a Citizen Versus Privacy of a Patient 514 Law Enforcement Requests Patient Information for Public Safety Reasons 515 516 Scenario 20-C: Patient Confesses to a Psychiatrist A Behavioral Health Patient Confesses to a Staff Member That 517 He Has Committed a Crime Scenario 20-D: Patient Confesses to the Nurse’s Aide 517 Protecting Information About a Patient’s Admission to a Behavioral 518 Health Unit of a General Hospital Scenario 20-E: Verifying Admission Can Violate Privacy 519 Requests for Information on Sexually Transmitted Diseases (STDs) 520 Scenario 20-F: A Prisoner Who May Have AIDS 520 521 Requests About Employees and Children 521 Scenario 20-G: Workers’ Compensation Case Employees 522 Children 522 522 Scenario 20-H: Children’s Protective Services Conclusion 523 524 Key Terms Chapter Summary 524 References 525 Ethical Decision-Making Matrices Scenario 20-A: The Arrest Warrant: Is This Person in Your Facility? Scenario 20-B: Safety of a Citizen Versus Privacy of a Patient Scenario 20-C: Patient Confesses to a Psychiatrist Scenario 20-D: Patient Confesses to the Nurse’s Aide Scenario 20-E: Verifying Admission Can Violate Privacy Scenario 20-F: A Prisoner Who May Have AIDS Scenario 20-G: Workers’ Compensation Case Scenario 20-H: Children’s Protective Services

526 526 528 530 532 534 536 538 540

SECTION V

Consumer and Professional Informatics

543

Chapter 21

Digital Health Technologies for Consumers, Patients, and Caregivers

545

Cynthia Baur, PhD Mary Jo Deering, PhD Learning Objectives

545

Contents



xxi

Introduction 545 Scenario 21-A: Plain Language and Health Information Privacy Policies 545 The HIM Professional and Consumer, Patient, and Caregiver Digital Health Technologies 547 Consumer, Patient, and Caregiver Digital Health Technologies 548 Benefits and Risks of Digital Health Technologies 550 Special Considerations for Privacy and Security Management in Digital Health Technologies 551 Patient Portals and Their Special Significance for HIM Professionals 552 Data Access 552 Receiving Patient-Generated Information 552 Secure Messaging 552 Interactive Tools 552 552 Links to Authoritative Information National Policy Related to Digital Health Technology for Consumers, Patients, and Caregivers 553 Information Access and the HIM Professional 554 Ethical Issues Related to Consumer, Patient, and Caregiver Digital Technology Access 555 Scenario 21-B: Ensuring Privacy Protections for Digital Health Technologies 556 Emerging Issues 558 Conclusion 559 560 Key Terms 560 Chapter Summary References 560 Ethical Decision-Making Matrices 563 Scenario 21-A: Plain Language and Health Information Privacy Policies 563 Scenario 21-B: Ensuring Privacy Protections for Digital Health Technologies 565

Chapter 22

Management and Leadership

567

Cathy A. Flite, MEd, RHIA, FAHIMA Merida L. Johns, PhD, RHIA Learning Objectives Introduction Scenario 22-A: Lateness and Absenteeism Moral Development and Moral Awareness Stages of Moral Development Ethic of Caring Moral Awareness Scenario 22-B: Concerns in Telecommuting Scenario 22-C: Failure to Document Poor Work Performance for a Friendly Employee Moral Muteness Orientation of New Employees Scenario 22-D: Avoiding the Employee Who Will Be Fired Ethical Organizational Leadership: Beyond a Mission Statement and Code of Ethics Ethical Frameworks for Diversity Management The Ethical Leader: Doing the Right Thing

567 567 567 569 570 573 574 574 576 578 578 580 581 582 583

xxii

Contents Conclusion 584 Key Terms 584 Chapter Summary 585 References 585 Ethical Decision-Making Matrices Scenario 22-A.1: Lateness and Absenteeism—Fire the Employee Scenario 22-A.2: Lateness and Absenteeism—Don’t Fire the Employee Scenario 22-B: Concerns in Telecommuting Scenario 22-C: Failure to Document Poor Work Performance for a Friendly Employee Scenario 22-D: Avoiding the Employee Who Will Be Fired

Chapter 23

Entrepreneurship

587 587 589 591 593 595

597

Marie Gardenier, MBA, RHIA, CHPS Keith Olenik, MA, RHIA, CHP Learning Objectives 597 Introduction 597 Scenario 23-A: Competing Constituencies 597 599 Entrepreneurship in Health Information Management Defining the Entrepreneur 600 Entrepreneur versus Intrapreneur 601 Function-Based Issues for the Consultant 602 Rights of the Independent Contractor 602 603 The Expert Role 604 Delivering a Difficult Message Advice Not Taken 604 Conflicts of Interest 605 The Collaborative Role 605 Scapegoating 606 607 Special Opportunities for the Consultant to Act as Moral Voice Relationship-Based Issues for the Independent Contractor 607 Social Isolation 608 Business Ethics: Concepts and Principles 609 Contracts 610 Advertising 611 The Profit Motive 612 613 Corporate Responsibility The Case for Ethics in Business 613 The Intersection of Ethics and HIM Entrepreneurship 614 Scenario 23-B: Negotiating Contracts 616 Negotiating Contracts 616 Scenario 23-C: Unrealistic Client Expectations 617 Scenario 23-D: Discovering Sensitive Information About a Client, Competitor, or Colleague 618 Learning Sensitive Information About a Client, Competitor, or Colleague 619 Managing Client Relationships 620 Conclusion 621 Key Terms 621 Chapter Summary 621

Contents



xxiii

References 622 Ethical Decision-Making Matrices 623 Scenario 23-A: Competing Constituencies 623 Scenario 23-B: Negotiating Contracts 625 Scenario 23-C: Unrealistic Client Expectations 627 Scenario 23-D: Discovering Sensitive Information About a Client, Competitor, or Colleague 629

Chapter 24

Vendor Management

631

Keith Olenik, MA, RHIA, CHP Learning Objectives 631 Introduction 631 Scenario 24-A: Vendor Request 631 632 Vendor Relations Sales Ethics 632 Scenario 24-B: Vendors as Friends 633 Scenario 24-C: Gifts 634 Prevention of Ethical Problems 636 636 Scenario 24-D: Preferred Vendors 637 Requests for Proposals Introduction 637 Directions 637 Standard Text 638 638 Statement of Work Social Responsibility 639 Ethical Considerations for the RFP Process 639 Scenario 24-E: Negotiating 639 Negotiation 640 642 Enhancement of Vendor Relationships Ethical Behavior 642 Scenario 24-F: Unethical Behavior 643 Conclusion 644 Key Terms 644 Chapter Summary 645 References 645

Chapter 25

Appendix 24-A: Sample Gifts Policy

647

Appendix 24-B: Sample Conflict of Interest Policy Ethical Decision-Making Matrices Scenario 24-A: Vendor Request Scenario 24-B: Vendors as Friends Scenario 24-C: Gifts Scenario 24-D: Preferred Vendors Scenario 24-E: Negotiating Scenario 24-F: Unethical Behavior

649 654 654 655 656 657 659 660

Advocacy

661

Susan Helbig, MA, RHIA Learning Objectives

661

xxiv

Contents Introduction 661 Scenario 25-A: Violating the Privacy of a Prominent Citizen 661 Advocacy: The Choice of Ethics in Action 662 Advocating for Patients 663 Patient Rights 664 Supporting Patients Who Advocate 664 Health Information: Individual Patient and Collective Patient Stories 665 Advocating for Peers 667 Scenario 25-B: Compassion in Action for an Alcoholic Peer 667 Advocating for Staff 669 Scenario 25-C: Cockroaches in the HIM Department 669 Scenario 25-D: Unfair Treatment of Part-Time Workers 670 Advocating for the Healthcare Organization 672 672 Scenario 25-E: Small Print on a Consent Form Scenario 25-F: The Data Warehouse Wants to Sell Patient Information 673 Advocating for the Larger Community and Society 674 Advocating for One’s Self 675 Conclusion 675 675 Key Terms Chapter Summary 676 References 676 Appendix 25-A: Example of Organizational Engagement in Societal Advocacy

677

Appendix 25-B: Precepts of Effective HIM Advocacy Ethical Decision-Making Matrices Scenario 25-A: Violating the Privacy of a Prominent Citizen Scenario 25-B: Compassion in Action for an Alcoholic Peer Scenario 25-C: Cockroaches in the HIM Department Scenario 25-D: Unfair Treatment of Part-Time Workers Scenario 25-E: Small Print on a Consent Form Scenario 25-F: The Data Warehouse Wants to Sell Patient Information

678 679 679 681 683 685 687 689

SECTION VI

Looking to the Future

691

Chapter 26

Future Challenges and Opportunities

693

Frances H. Cornelius, PhD, MSN, RN-BC, CNE Laurinda B. Harman, PhD, RHIA, FAHIMA Virginia L. Mullen, RHIA Learning Objectives 693 Introduction 693 Uses of Information 694 Clinical Care 694 Substance Abuse, Behavioral Health, and Sexual Information 694 Longitudinal Coordinated Care 695 End of Life 695 Family Decisions 695 Adoption 695 Genetics 695



Contents

xxv

Data Analysis 696 Quality Management 696 Research and Decision Support 696 Data Analytics 697 Information Governance and Management 697 Public Health 697 Professional Roles 698 Management and Leadership 698 Entrepreneurship and Intrapreneurship 698 Vendor Management 698 Advocacy 699 Emerging Trends 699 Technology Explosion 699 702 Digital Health: Health Information Technology and Information Exchange Digital Health Technologies for Consumers, Patients, and Caregivers 702 Electronic Health Records 703 Integrated Delivery Systems 703 Biomedical Instrumentation and Interoperability 703 704 Growth for Healthcare Expenditures Growth for HIT 705 Challenges 707 Clinical and Legal 707 707 Privacy and Confidentiality 707 Coding, Fraud, and Abuse Legal System Changes 708 Technology 708 Information Security 708 Cyberintelligence and Cybersecurity 709 709 Security Breaches Interoperability, Terminology, and Standards 711 Big Data/Data Analytics 712 Surveillance 713 Cloud Computing 713 Opportunities 714 715 Interdisciplinary Education Interdisciplinary Collaboration 716 Ethics as Standard of Practice 718 Conclusion 719 Key Terms 719 Chapter Summary 720 References 722

Glossary 725 Index 741

© kentoh/Shutterstock

Contributors

Billie Anderson, PhD Associate Professor of Business Data Analytics Department of Marketing College of Business Ferris State University Big Rapids, Michigan

College of Nursing and Health Professions Drexel University Philadelphia, Pennsylvania

Cynthia Baur, PhD Senior Advisor for Health Literacy and Senior Official for the Plain Writing Act Office of the Associate Director for Communication Centers for Disease Control and Prevention Atlanta, Georgia Meryl Bloomrosen, MBA, MBI, RHIA, FAHIMA Senior Vice President Policy, Advocacy and Research Asthma and Allergy Foundation of America Landover, Maryland

Karen C. Czirr, MS, RHIA, CHP Health Information Technology Program Coordinator Department of Allied Health Gateway Community & Technical College Covington, Kentucky Mary Jo Deering, PhD President Deering Health Associates Bethesda, Maryland Susan H. Fenton, PhD, RHIA, FAHIMA Associate Dean for Academic Affairs Principal Investigator, Gulf Coast Regional Extension Center UTHealth School of Biomedical Informatics Houston, Texas

Melanie S. Brodnik, PhD, RHIA, FAHIMA Associate Professor Emeritus Health Information Management and Systems School of Health and Rehabilitation Sciences The Ohio State University Columbus, Ohio Frances H. Cornelius, PhD, MSN, RN-BC, CNE Professor and Chair MSN Advanced Practice Role Department & Complementary and Integrative Health Programs Coordinator of Clinical Nursing Informatics Education

Cathy A. Flite, MEd, RHIA, FAHIMA Assistant Professor and Interim Chair Department of Health Services Administration & Policy College of Public Health Temple University Philadelphia, Pennsylvania Marie Gardenier, RHIA, CHPS, PMP Enterprise EHR Program Manager Einstein Healthcare Network Philadelphia, Pennsylvania

xxvii

xxviii Contributors Jacqueline J. Glover, PhD Professor Department of Pediatrics Center for Bioethics and Humanities University of Colorado Anschutz Medical Campus Fulginiti Pavilion for Bioethics and Humanities Aurora, Colorado Adam G. Golden, MD, MBA Associate Professor Department of Internal Medicine University of Central Florida College of Medicine Associate Chief of Staff, Geriatrics & Extended Care Orlando VA Medical Center Orlando, Florida Karen Gallagher Grant, RHIA, CHP Chief Operating Officer Medical Record Associates, LLC Quincy, Massachusetts Mary Alice Hanken, PhD, RHIA, CHPS Senior Lecturer Health Informatics and Health Information Management Master's and Baccalaureate Programs in Health Services Department School of Public Health University of Washington Seattle, Washington Quality Manager Sound Mental Health Seattle, Washington J. Michael Hardin, PhD Provost and Vice President for Academic Affairs Samford University Birmingham, Alabama Laurinda B. Harman, PhD, RHIA, FAHIMA Associate Professor Emeritus Department of Health Information Management College of Public Health Temple University Philadelphia, Pennsylvania

Susan Helbig, MA, RHIA Affiliate Faculty Health Informatics and Health Information Management Programs School of Public Health University of Washington Seattle, Washington Linda Holtzman, MHA, RHIA, CCS, CCS-P, CPC, COC President Clarity Coding Marlton, New Jersey Rosalind A. Holtzman, RN, BSN, BA Senior Consultant Clarity Coding Marlton, New Jersey Merida L. Johns, PhD, RHIA Founder and President The Monarch Center for Women's Leadership Development Woodstock, Illinois Martha L. Jones, PhD, LSW President Common Sense Adoption Services Camp Hill, Pennsylvania Linda L. Kloss, MA, RHIA, FAHIMA Founder and President Kloss Strategic Advisors, Ltd. Sister Bay, Wisconsin Fameka Leonard, RN, MSN Administrative Director, Quality Management Department of Quality & Patient Safety University of Alabama Hospital Birmingham, Alabama Deepak Mandi, MD Chief of Staff VA West Palm Beach Medical Center West Palm Beach, Florida Virginia L. Mullen, RHIA Retired Executive Director, Patient Safety and Reliability Loma Linda University Medical Center Loma Linda, California

Contributors

Gretchen Murphy, MEd, RHIA, FAHIMA Director and Senior Lecturer Master of Health Informatics and Health Information Management Programs Health Services Department School of Public Health University of Washington Seattle, Washington Babette J. Neuberger, JD, MPH Clinical Associate Professor and Associate Dean for Academic Affairs School of Public Health University of Illinois at Chicago Chicago, Ilinios Keith Olenik, MA, RHIA, CHP Principal The Olenik Consulting Group, LLC Chicago, Ilinios Brenda S. Olson, MEd, CHP, RHIA Vice President for Health Information Management/Privacy Officer Great Plains Health Alliance, Inc. Phillipsburg, Kansas Sharon J. Randolph, JD, RHIA Manager, Transition Management Clinical Revenue Integrity Confer Health Solutions Frisco, Texas Laurie A. Rinehart-Thompson, JD, RHIA, CHP, FAHIMA Associate Professor and Interim Director Health Information Management and Systems School of Health and Rehabilitation Sciences The Ohio State University Columbus, Ohio Ida Critelli Schick, PhD, MS, LFACHE Professor Emeritus Retired Chair of the Department of Health Services Administration and Director of the MHSA Program Department of Health Services Administration College of Social Sciences, Health and Education Xavier University Cincinnati, Ohio

xxix

Michael A. Silverman MD, MPH, CMD Service Chief Geriatrics and Extended Care and Hospice VA Medical Center West Palm Beach, Florida Patrice L. Spath, MA, RHIT Healthcare Quality Specialist Brown-Spath & Associates Forest Grove, Oregon Adjunct Assistant Professor Department of Health Services Administration University of Alabama, Birmingham Birmingham, Alabama Eric S. Swirsky, JD, MA Clinical Assistant Professor Department of Biomedical and Health Information Sciences College of Applied Health Sciences University of Illinois at Chicago Chicago, Illinios Sharon F. Terry, MA President and CEO Genetic Alliance Washington, DC James F. Tischler, MD Physician Clinical Reviewer National Imaging Associates West Chester, Pennsylvania Emily L. West, RHIA Director Health Information Services Doylestown Hospital Doylestown, Pennsylvania Susan E. White, PhD, RHIA, CHDA Associate Professor, Clinical Health and Rehabilitation Sciences Health Information Management and Systems Division School of Health and Rehabilitation Sciences The Ohio State University Columbus, Ohio

© kentoh/Shutterstock

Foreword

Ethical Health Informatics: Challenges and Opportunities presents an informed discourse on many issues arising from the proliferation of information technology and biotechnology in the delivery and funding of health care in the United States. Ten years have passed since the second publication of this book, and in that timeframe the social and ethical concerns confronting society have expanded. Mapping of the human genome, homeland security, terrorism, bioterrorism, natural disasters, patient safety, medication errors, medical identity theft, hacking of data systems, and accessibility of health care for all have resulted in an increased reliance on information technology to process the massive amounts of data generated by these concerns. However, information technology appears to be both the answer and a potential problem for many ethical challenges concerning the privacy, confidentiality, security, and safety of patient and provider and government electronic information systems. The societal changes taking place as a result of the above concerns are especially relevant to those individuals who generate healthcare data (doctors, nurses, health practitioners) and those individuals who manage information and technology (health information management and informatics professionals). Today’s challenges require vigilance concerning the right and wrong uses of patient information and appropriate and inappropriate access to it from a much broader perspective than in the past. This requires

professionals to assume the ethical responsibility not only to manage, but to protect patient-related data and information resources in whatever form it is contained (paper or electronic), and at whatever site it may be maintained. These challenges have been eloquently brought to light in the third edition. The book has been expanded to include updated chapters in the areas of professional ethics, uses of information, electronic health records, sensitive information, and consumer and professional informatics. Five new chapters have been added on important topics related to data analytics, information governance, longitudinal health care, information technology and biomedical instrumentation, and future trends and roles healthcare professionals may encounter in the ethical handling of healthcare data and information. An excellent cadre of authors has been brought together to provide an overview and assessment of the ethical issues raised by the increased demands for tertiary and secondary data and information. The authors provide indepth theoretical and practical discussions on a variety of ethical issues. They address theories and models of ethical practice, along with ethical case scenarios related to selected practice venues. Overall, there are 80 case scenarios to consider along with an eight-step decision-­ making matrix. The matrix is a wonderful learning tool because it guides the reader in understanding the complexity of problem solving and ethical decision making.

xxxi

xxxii Foreword The book is an excellent resource for healthcare professionals in a variety of disciplines, such as clinical medicine, administration, public health, health information management, informatics, and ethics. This book provides standards of conduct and ethical practice, thus introducing the student to the basic ethical principles and values of whatever discipline they represent. For faculty, the book serves as a foundation for debate and discussion that will help weave the ethical fiber of tomorrow’s practitioners throughout the educational program. For the practitioner, it offers a confirmation of the standards of conduct and ethical uniformity of practice that supports the practitioner’s resolve to address ethical issues in a proactive, effective manner. The practicality of the book makes it attractive to all who are drawn into the professional responsibility of generating, using, or managing health information in an ethical manner.

As the healthcare industry continues to adjust to the requirements of the Affordable Healthcare Act (Obamacare), new delivery modes, cost containment, electronic health record systems, the sharing of information between systems, and the use of data for business and clinical analytics, there will be a need to address the ethical handling of healthcare data and information. I am pleased that Ethical Health Informatics: ­Challenges and Opportunities provides the reader with an awareness and solid foundation for understanding the principles and values so important for the ethical practice of managing healthcare data and information. Melanie S. Brodnik, PhD, RHIA, FAHIMA Associate Professor Emeritus Health Information Management & Systems The Ohio State University Columbus, Ohio

© kentoh/Shutterstock

Preface

There are two characteristics of this book that make it unique: the content which focuses on the intersection of health informatics and ethics and the use of a decision-making matrix to analyze issues surrounding the appropriate use of health information. The textbook describes the ethical challenges and opportunities that arise from the growing use of data and information in healthcare. Legal and legislative aspects surrounding the ethics of managing data and information are interwoven throughout the book which serves as a resource for teachers, students and practitioners. This textbook is written to reflect a commitment to interdisciplinary collaboration because many of the ethical issues discussed are not limited to just one healthcare discipline. Overall, the textbook is designed to assist health informatics and information management professionals as well as physicians, nurses, social workers, public health professionals, healthcare administrators, health care professionals, such as, physical, occupational and respiratory therapists, and other related disciplines. This textbook will assist professionals who establish standards for ethical competency and those who want to improve their ethical decision-making skills. The preface will answer the following questions. ■■ ■■ ■■

Who are the authors? How are the chapters organized? What students will benefit from reading this book?

■■

■■ ■■

What is the decision-making matrix and why is it important? How can teachers use this book? What is the unique value of this book?

Who are the authors? The authors include faculty, deans, healthcare professionals from universities and governmental agencies and consultants with degrees and credentials across the continuum of healthcare and health informatics. Each author has identified ethical issues reflective of their experience with the topic along with one or more scenarios to illustrate the issue under discussion.

How are the chapters organized? This book is divided into six sections: Professional Ethics; Uses of Information; Electronic Health Information; Management of Sensitive Health Information; Consumer and Professional Informatics; and Looking to the Future. Chapters from the 2nd edition were updated and five new chapters were written for this edition, as noted below. I. Professional Ethics 1. Professional Values and the Code of Ethics 2. Ethical Decision-Making Guidelines and Tools 3. Privacy and Confidentiality

xxxiii

xxxiv Preface II. Uses of Information 4. Data Analytics (NEW ) Examines the challenges presented by the vast amount of data available, based on advances in technology. Data analysts must consciously attend to the ethical considerations associated with the management of big data. 5. Compliance, Fraud, and Abuse 6. Coding 7. Quality Management 8. Research and Decision Support 9. Public Health and Informatics 10. Longitudinal Coordinated Care (NEW ) Describes the implications of a significant change in health care as the patient becomes a member of the care team across the continuum of the healthcare system. Patient-centered medical homes, longitudinal care and complex care management are explored. 11. Clinical Care: End of Life. III. Electronic Health Information 12. Electronic Health Records 13. Information Security 14. Information Technology and Biomedical Instrumentation (NEW ) Describes the burgeoning growth of information technology and the increasing adoption of biomedical instrumentation. 15. Information Governance and Management (NEW ) Clarifies how effective stewardship (responsible handling of information) and governance (ground rules for execution of the information) advances ethical information management. 16. Integrated Delivery Systems 17. Digital Health: Health Information Technology and Information Exchange IV. Sensitive Information 18. Genetic Information 19. Adoption Information 20. Substance Abuse, Behavioral Health and Sexual Information

V. Consumer and Professional Informatics 21. Digital Health Technologies for Consumers, Patients and Caregivers 22. Management and Leadership 23. Entrepreneurship 24. Vendor Management 25. Advocacy VI. Looking to the Future 26. Future Challenges and Opportunities (NEW ) Focuses on potential future professional roles and emerging trends, driven by the explosion of information technology in the healthcare and health information systems and examines how we can educate ourselves and future generations to be prepared to meet these challenges and respond to the opportunities.

What students will benefit from reading this book? Students enrolled in associate, baccalaureate, masters and doctoral programs in many healthcare related disciplines, including health informatics, health information management, medicine, nursing, healthcare professions, public health, healthcare administration, business and information technology.

What is the decision-making matrix and why is it important? Ethical issues do not allow the luxury of the right answer based exclusively on laws, standards, or rules. To facilitate ethical decisionmaking, a matrix has been developed to help readers evaluate and resolve problems based on an understanding of values, professional obligations and multidisciplinary perspectives. The matrix facilitates a more expansive view of a problem and the options for making an ethical decision. Jacqueline Glover’s chapter, Ethical DecisionMaking Guidelines and Tools, includes an ethical

Preface xxxv



SCENARIO 

What is the problem to be solved?

Steps

Information

1. What is the question? 2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN

4. What are the values?

Patient:

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

Family:

STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue.

TO BE GATHERED

HIM Professional(s): Healthcare professional(s): Administrators: Society: Others, as appropriate:

5. What are my options? 6. What should I do? 7. What justifies my choice?

JUSTIFIED

NOT JUSTIFIED

8. How can I prevent this problem?

decision-making process, which is presented in the matrix. The textbook includes 80 scenarios which have been analyzed using this matrix. The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time. If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different

decision—just be sure to follow all the steps of the matrix.

How can teachers use this book? Ethical decision-making cannot be based on the perspective of one individual. The content in the chapters and the process for analyzing the scenarios, using the matrix, requires team discussions. This textbook can be utilized acrossthe-curriculum, in conjunction with all of the courses in the professional program. For example, when teaching quality management, faculty can have students read the information on quality management from books, periodicals,

xxxvi Preface websites and other resources and have the students read the chapter on quality management in this book. Students can be taught the professional content and then discuss the ethical implications of the decisions that must be made. Ethics can be interwoven into all courses so that it can become a standard of practice. This approach can be used for many courses to reinforce and integrate ethical considerations in content areas such as data analytics, clinical decision-making, electronic health record systems (EHRS), information security and management and leadership, to name a few of the courses in professional academic programs. Ethical scenarios can be coordinated with other case studies and learning activities to help students understand how ethics is interwoven in all areas of practice and they can build competencies in the process of exploring the ethical dimensions of professional practice. This textbook can be used in professional courses as noted above and/or in a ­discipline-specific or multidisciplinary ethics course. Small group discussions: Most ethics classes combine lecture/didactic with small group discussions. Ethical decisions are analyzed and discussed, using ethical tools and critical thinking. If there are students from multiple academic programs, mix the students up into various groups so that multiple perspectives (personal and professional) can be heard. Understanding the diversity of obligations, values and obligations are essential in the ethical decision-­making process. If it is a multidisciplinary course, faculty members from several disciplines can lead the small group discussions. Faculty may also want to reach out to alumni and other practitioners in the area to lead these small group discussions. Small group or homework assignments: Have the students create the decision-making matrix making equally compelling counterarguments or a decision that is different than what is

presented in the chapter. For example, if the matrix indicates that information should not be shared on Facebook, the students can decide to make a different decision—as long as they use the 8-step matrix to evaluate the problem and decide what to do.

What is the unique value of this book? All who work within healthcare and information systems must utilize and combine their technical, professional, and ethical expertise. The management of health information increasingly requires decisions that cannot be made only by applying rules, regulations, accreditation standards or legal mandates. Everyone working in roles that support healthcare and health information will need to make ethical decisions. Students and professionals should consistently expand ethical decision-making skills. Understanding the language and tools of ethics, the values embedded in the various professions and applying knowledge in support of ethical decisions is a rewarding endeavor. If someone learns the ethical language and principles and how to use the decision-­m aking matrix, the identification and defense of multiple perspectives and options for ethical ­decision-making is possible. The chapters in this book should generate many energized discussions. Ethical decisionmaking requires courage. Read the chapters, discuss the content in groups and celebrate the joy and power of ethical decision-making. Laurinda B. Harman PhD, RHIA, FAHIMA Temple University Frances H. Cornelius PhD, MSN, RN-BC, CNE Drexel University

© kentoh/Shutterstock

Acknowledgments

I want to especially thank Gilbert Lee Hoffer, my precious husband. We share the values of gratitude for the gifts of life, the importance of joy and celebration with family and friends, and most important, laughter and love. Two courageous, compassionate, and intelligent teachers guided my learning about health information and ethics. Louise Huttsell taught me to be passionate about medical records, to always remember the sacredness of the information and to be competent when analyzing, presenting, or releasing health information. Jackie Glover taught me the importance of ethics in my personal and professional life. She is my friend and mentor. I had the opportunity to work with excellent authors who had the courage to describe the ethical issues for their area of expertise. I was honored to work with these authors, and I thank them for their scholarly and innovative contributions. In addition to my parents and sisters, I couldn’t sustain life without the support of my brother-in-law, Francis Joseph Welk, and my nephews and their families—Paul Joseph, Courtney, and Ryan; John David, Karen, Sebastian, Sara, and Lilith; Jeffrey Scott, Kim, Brady, and Ethan and Gil’s children and their partners,

Aaron and Deborah, Ada, Sophia and Kim. Their love and hugs energize my soul. Friends and their families celebrate life with me: Sandy and John Bailey; Melanie and Martyn ­Brodnik; Theresa Duff, Dawn Ferguson; Barbara and Ed Fuller; Merida and Russell Johns; Barbara and Gerald Hrycko; Anita, Lea and Mia ­Jensen; Gwen Kennedy; Alfred and Elana Michenzi; Lisa, Vince and Elisabeth Morton; B ­ ernard ­Slosberg and Mary Chor; Jane Wietsma and Scott ­Gudgeon; Sally Williams; parishioners at St. Paul’s; Thanksgiving holiday friends and many relatives in the Sugg, Scott and Hoffer families. My colleagues and friends Melanie Brodnik, Cathy Flite, Lisa Morton, and Virginia Mullen are always there for guidance Charlie and Edie Seashore have left this life and are my spiritual mentors. Charlie taught me to “think purple!” Mike Brown, my publisher, was always available for my questions, and I absolutely trust his advice. He has been my publisher for all three editions of Ethical Challenges, and he encouraged me to edit this third edition, even though I was “retired.” Nicholas Alakel, Rebekah Linga, and Joyce Ippolito guided the words on the page and the production of the book.

xxxvii

Laurinda Beebe Harman

xxxviii  Acknowledgments We are all students and teachers. Today’s dynamic environment requires that of us all. The very nature of contemporary society and the information explosion necessitates that we continually adjust our understanding of the world around us. I wish to take a moment to acknowledge those teachers, mentors, colleagues and students who have contributed to my ethical growth and development and served as the foundational bricks and mortar to help me construct and reinforce my moral fortitude. Without your influence and support, this book would not have been possible. For me, this book presents an in-depth exploration of important ethical challenges encountered in healthcare and asks some tough, thought provoking questions. Thought provoking questions can spark us think in new and exciting ways. Dr. Elizebeth Smythe (2004) articulates the value of stimulating focused thinking in the following quote: The very nature of being human means that we cannot not-think. Every person sitting in the classroom will be thinking about something (what others are wearing, how long till lunch, what happened

yesterday). Thoughts will always run around our minds, infuse our emotions, and provoke our bodies. We seek thoughts and thoughts seek us. There will be excitement, concern, bewilderment and clarity, perhaps all in the same experience. The charge is not to ‘make thinking happen’ for that is beyond our abilities. The teacher, however, has the chance to capture the focus of the think and invest the thinking time in a quest worthy of thought. Thinking can infuse everything with fresh passion, with bold questions, with radical insights. And it can be as simple as stopping to listen, as simple as asking the right question at the right time (p. 331). You have instilled in me the courage to ask those difficult questions and encourage others to do the same. Thank you. Frances H. Cornelius Smythe, E. A. (2004) Thinking, Nurse Education Today, Volume 24, Issue 4, May 2004, Pages 326–332. doi:10.1016/j.nedt.2004.02.008

SECTION I

© kentoh/Shutterstock

Professional Ethics

Section I clarifies the importance of ethical expertise when managing health information. Chapter 1 (Professional Values and the Code of Ethics) identifies values and obligations of the health information management (HIM) professional and those who work on behalf of patients, including healthcare providers, information technology and business professionals, administrators, and executive officers. A review of the codes of ethics for health information management professionals, nurses, and physicians identifies shared values and obligations that can serve as a foundation for building an ethical health information system that supports interdisciplinary collaboration. Chapter  2 (­ Ethical Decision-Making Guidelines and Tools) describes ethical theories, principles, and tools that are important when making ethical decisions. This chapter introduces a framework

for an ethical decision-making process that can help HIM and other healthcare professionals make decisions and justify a course of action. This decision-making matrix is used for the analysis of all the scenarios in this book. Ethical ­scenarios: “Decision Making for an Adolescent” and “Access by Adolescents to Patient P ­ ortals.” Chapter 3 (Privacy and ­Confidentiality) ­discusses the primary ethical obligation of protecting patient p ­ rivacy and confidentiality in an era of increasing demands for access to health information, medical identity theft, and increasing use of social media. Related issues raised by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the 2009 Health Information Technology for Economic and ­Clinical Health (HITECH) are explored. Ethical scenarios: “Family and Friends: Should I Tell?” and “Share Information on Facebook?”

CHAPTER 1

Professional Values and the Code of Ethics © kentoh/Shutterstock

Laurinda B. Harman, PhD, RHIA, FAHIMA Virginia L. Mullen, RHIA Frances H. Cornelius, PhD, MSN, RN-BC, CNE

Learning Objectives

Introduction

After completing this chapter, the reader should be able to:

This chapter describes the importance of ethics for the health information management (HIM) professional and those who work on behalf of patients, including healthcare providers, information technology and business professionals, administrators, and executive officers. Ethical challenges and opportunities for improvement are discussed in the context of ethical decision-making guidelines; privacy and confidentiality; data analytics; compliance, fraud and abuse; coding; quality ­management; research and ­decision support; public health;  longitudinal care; clinical care at the end of life; electronic health records; information security; ­information technology and biomedical instrumentation; information governance and m ­ anagement; integrated delivery systems; digital health related to health information technology and information exchange; genetic information; adoption information; substance abuse, behavioral health and sexual information; digital health for consumers, patients, and caregivers; management and leadership; entrepreneurs; vendor management; advocacy; and future information systems. There is an exploration of the ethical issues that surface in the paper-based, electronic health record systems (EHRS) and hybrid (paper and electronic), all of which are currently operational in the health information

■■

■■

■■

■■

■■

■■

Understand the roles, professional values, and ethical obligations of health information management (HIM) and healthcare professionals, including healthcare providers; chief executive, information, or operations officers; vendors; information technology and data analytics experts; researchers; and public health professionals. Appreciate the complexities for the protection of patient privacy and confidential information across the continuum of the healthcare and health information systems. Describe ethical challenges and opportunities for healthcare information systems. Understand the importance of the professional American Health Information Management Association (AHIMA) Code of Ethics and the values that are embedded in other Codes, with a focus on HIM and nursing. Identify changes in the information and healthcare systems that have resulted in ethical issues. Appreciate the importance of the intersection of professional discipline expertise and ethics.

3

4

Chapter 1   Professional Values and the Code of Ethics

system. Based on a review of several professional codes of ethics, the chapter presents values and obligations that are shared. A framework for building an ethical health information system that supports interdisciplinary collaboration is presented. The summary includes a discussion of the importance of the intersection of ­professional discipline and ethical expertise.

fully functional EHRS, with direct input and output from multiple electronic applications. Below are just a few of the ethical issues that can surface in the health information system.

Coding and Financial Reimbursement ■■

Ethical Dilemmas for the HIM Professional The healthcare environment is complex, constantly changing, and involves many people who have both shared and competing professional obligations and values. The current healthcare environment creates ethical perplexities, and making ethical decisions requires courage. An employee could lose a job, be harassed as a “whistleblower,” and create conflicts with other employees and managers for wanting to do or not to do something outside of the norms of practice. The health information system supports the needs of patients, healthcare professionals, administrators, financial systems, the community, and those involved in research and education, and the system is in transition. Some consist of handwritten notes, and some are designed as highly sophisticated electronic health record systems (Amatayakul, 2013). Hybrid systems have both handwritten and electronic documentation. A patient’s medical record, whether handwritten or electronic, is the primary communication tool for the entire healthcare team. Documentation in the record allows those taking care of patients to review what they or others have done or are thinking about doing on behalf of a patient. As a communication tool, it is both science involving facts (test results or vital signs) and art involving interpretation and the application of a professional perspective (progress notes, consultations, or differential diagnoses). The busy health information management (HIM) professional must be able to quickly, yet carefully, assess complex ethical situations. Some of these issues are more likely to surface in paperbased systems, and others in hybrid systems or a

■■

■■

A physician allows a signature stamp to be used by nurses and clinical unit assistants to complete paper-based medical records, which is in clear violation of the hospital’s rules and regulations. The medical staff leaders and hospital administrators know that this is happening, but the HIM professional is told to “look the other way” because quick completion helps with the billing process and the hospital needs the money. The chief financial officer (CFO) allows documentation in the medical record that does not support the bill that has been generated. In a paper-based system, there is a pattern by the physicians to do the documentation retrospectively (sometimes weeks or months after the patient has been discharged), which means that the documentation is of questionable accuracy. The coder is asked to upcode, which will result in a bill for a higher level of care than what was actually provided, inappropriate higher payment, and inflated clinical data, and to unbundle service codes so that each procedure or service is billed separately, resulting in inappropriate higher payment to the hospital (Chapters 5 and 6).

Accreditation and Regulation ■■

■■

An HIM student at a small facility observes the following: incomplete medical records were placed in a rental truck in the parking lot during an accreditation survey, and a board of trustees member called, asked for, and was given patient information about a local politician. The number of delinquent medical records far exceeds the percentage allowed by accreditation standards. The chief executive officer (CEO) has made it very clear that the reported number should not exceed



The Health Information System: Then and Now

■■

■■

the allowed delinquency rate, and that the HIM professional will be fired if the correct number is reported. A surgeon begins the dictation of an operative report with “Please type the date of dictation to be the same as the date of the surgery.” The surgeon makes this request to ensure compliance with accreditation standards and hospital policy; however, the report was dictated one week after the operation. Regulatory required quality-audit data are not favorable to the facility, and are administratively and politically unpopular. It has been made clear that the job of the quality management director is in jeopardy if the true outcomes are disclosed.

Vendors and Software Applications ■■

■■

■■

A request for proposal (RFP) will be sent to several vendors in a few months. One of the vendors who will be submitting a proposal offers an expensive gift that is needed by the department, and the director of the department is also offered a trip to the corporate headquarters, which is across the country in San Diego. New software has not been fully tested and has proven to be unreliable, yet the chief information officer (CIO) is demanding implementation of the new system. Dictated histories, physicals, and discharge summaries are being outsourced through telecommunication to a foreign country for transcription. The contract has no guarantees for language and medical terminology expertise, patient privacy, and employee competencies. The original vendor outsourced the contract to another vendor, without notifying the hospital. The hospital finds out about these transactions when an employee from the foreign country calls and says, “I won’t release your reports until I get a raise.”

Sensitive Information ■■

The insurance company requests patient information in order to pay for an appendectomy. A copy of the history and physical

■■

5

is requested, and this documentation contains sensitive information related to a psychiatric disorder and alcohol abuse, which did not affect the appendectomy. A patient’s genetic information is released in response to a valid request. The information is then used to discriminate against the patient with regard to employment and health insurance.

Research ■■

A principal investigator (PI) of a major research project is also a practicing physician. This researcher has gained access to clinical patient information that is not part of the research study and wants to place research outcomes in the patient’s medical record and the clinical database for the hospital. The patients are not being contacted for their authorization for release of the information in either of these instances.

The HIM professional is responsible for the system that supports documentation on behalf of patients. The general public trusts that the system will protect their privacy. That trust requires careful consideration of both professional and ethical expertise for all members of the healthcare team. Their duty to patients requires trust and adherence to ethical standards.

The Health Information System: Then and Now An overview of the health information system— past and present—will help to frame some of the ethical issues. This section includes a review of the U.S. healthcare system, documentation practices, access and security, coding and reimbursement, and the use of technology as the changes have influenced health information and healthcare systems.

The Healthcare System In the past, most health care was rendered in the patient’s home, and the physician made “house calls” or performed examinations in a small private physician’s office. With this type

Chapter 1   Professional Values and the Code of Ethics

6

of personalized service, lawsuits were extremely rare. A transition occurred in the 1940s that shifted care almost exclusively into hospitals, multi-physician offices, or nursing homes. Separate medical records were compiled over the span of a patient’s life, from birth to death, and were maintained in the various locations where they were generated; however, these records were not linked in any way. A patient could not be guaranteed that important information would be available for a particular provider from the various locations. A common example was that physician’s office documentation was rarely available if the patient was hospitalized. Patients were admitted to the hospital even if they were not necessarily ill. A physician could admit a patient for an annual physical examination (which could take a week and the patient was not ill, just getting tests) or other diagnostic workup, such as, an upper gastrointestinal test (UGI). A stay in the hospital was routinely several days in length, regardless of the problem. Today, care is rendered increasingly in nonacute settings, such as psychiatric, substance abuse, and physical rehabilitation units; longterm care facilities; and ambulatory settings, such as urgent care, ambulatory surgery, and emergency centers, and care can now again be provided in patients’ homes. Patients admitted to a hospital are extremely ill and cannot be treated at a lower level of care, resulting in the length of stay being carefully monitored by hospitals, insurance companies, and the government. Patients increasingly pursue litigation against providers of care, healthcare facilities, and vendors who provide products and services.

■■ ■■ ■■ ■■

Education of healthcare professionals Research Public health monitoring Planning and marketing of healthcare services

Core health information management issues include what information should be collected, how it should be stored, who should have access to it and under what conditions, and how and why it should be given to others. The protection of patient privacy is central to all of these decisions. These core issues exist in every documentation system. The system must have policies and procedures to assure the accurate, timely, and complete recording of information in order to provide patient information to many stakeholders, including for clinical care, coding, quality management, and financial decision-making. Retrospective documentation is viewed as a failure of the system. Today, hybrid systems exist in many healthcare settings, as the integration of electronic systems with paper documentation creates a mixed document that can create confusion about the location of clinical documentation. As vendor applications are developed and government programs encourage implementation, the transition to electronic systems will accelerate. The fully electronic system is realtime, interactive, and efficient. It provides for a dynamic documentation and retrieval process that supports patient care, maximizes revenues, and increases patient safety. The quality of the information is key to providing information that supports access, costs, and quality of care. Such information also supports strategic planning, marketing, and staffing functions and aids in the evaluation of healthcare services.

Healthcare Documentation Although the primary purpose of healthcare documentation is patient care, this information is also used for the following purposes (Cofer, 1994): ■■

■■

■■

Review of the appropriateness, adequacy, and quality of care Financial reimbursement for the care provided Legal protection for patients, providers of care, and healthcare facilities

Access to Information In a paper-based system, all medical records were handwritten and considered a repository of information. These records were rarely accessed by anyone, except for follow-up care or research. For inpatient admissions, the discharge summary and final diagnoses could be finished several weeks or months after discharge, and the completed medical record was often put into a “permanent file” in a basement or some other

remote storage area and rarely seen again. The bill was submitted when the medical record was complete—that is, all forms and signatures were in the record. This could take months. The security of medical records in the early years was facilitated by the physical location of the medical records department, which was often in the basement, due to the weight of the paper records. The hospital was reimbursed for the bill that was submitted, so there was no incentive for improving the documentation completion process. Patients rarely, if ever, looked at their medical records. In fact, most were unaware of the extent of the documentation that was collected on their behalf. If a patient wanted to review his or her own medical record, the physician authorized the review, and it was done in the presence of the credentialed medical record or other healthcare professional.

Release of Information Release of information from a patient’s medical record was initiated when a valid request and authorization signed by the patient was received. The information released was based on a “need-to-know” criterion. In a paper-based system, the medical record was abstracted by a medical record professional based on the information wanted. For example, if surgery had been performed, the HIM professional reviewed the medical record and confirmed the diagnosis, the procedure, the pathology report results, and the admission and discharge dates. Insurance companies were given enough information so that they could legitimately pay the bill, but information was never given beyond what was needed or appropriate. Technological advances introduced copying into the release-of-information process—an innovation at the time that radically changed the need-to-know criterion for releasing information. Instead of requiring the credentialed HIM professional to review and abstract a medical record and give the requester what was wanted and appropriate, most healthcare organizations began to copy portions of the record, such as the history and physical, discharge summary, operative report, laboratory results, and

The Health Information System: Then and Now

7

other documentation related to the diagnosis or procedure performed. Now, insurance companies and other requesters get detailed clinical information beyond the need-to-know criterion. They often receive not only information to process a claim, but also additional information that can violate patient privacy. For example, the history and physical includes family and social information (behaviors, risk factors, genetic conditions) that may have nothing to do with the surgery performed or care rendered and may be used in discriminatory ways in employment and insurance. Today, insurance companies can have patients sign an authorization upon enrollment for release of information for all future care and do not get an authorization for each event (Chapter 3). The amount of information being collected, the number of requesters, and the amount and types of information being released all challenge the HIM professional’s ability to protect patient privacy. HIM professionals serve many different requesters who seek access to health information, and they must constantly balance patients’ ­privacy rights and confidentiality with demands for access. Patients are often unaware that their personal medical information has been released. Release of information is often beyond the control of the HIM professional when other people, such as nurses or residents, provide information to patients and/or family members, often without proper authorizations. Health information management professionals do not treat patients, and healthcare professionals should not release information. These are not interchangeable competencies, but others often release information without contacting an HIM professional. Potential invasions of privacy also exist when information is given to a legitimate requestor, who in turn releases the information to others without following the proper laws, rules, and regulations for release. Today, many stakeholders seek information about patients, and the HIM system is the information hub of the healthcare system. The validity and quality of the health information are under scrutiny by government and insurance agencies. Informed consumers access the Internet and patient portals for diagnoses, pharmaceutical information, surgical options, and other

8

Chapter 1   Professional Values and the Code of Ethics

information that will facilitate their healthcare decision making. Patients place value on the information compiled in their medical records and on their privacy. With the increasing use of EHRS, patients are able to receive either paper or electronic copies of their medical information, in some cases at the end of an office visit. Patients are increasingly getting upset about the many stakeholders who are gaining access to their health information.

Coding and Reimbursement Coding of diagnoses and procedures was previously performed to support medical education, statistics, and clinical research but not for financial reimbursement. Reimbursement was based on the actual cost of care, and there were limited consequences for overspending. Reimbursement was almost exclusively based on fee for service, and hospitals and physicians were reimbursed for what they said it cost them to provide the care— that is, the usual, customary, and reasonable costs so there was no incentive to control costs. Today, coded data are used for financial reimbursement, which has created pressure on coders to expedite the coding process to within a few days of discharge. Inpatient reimbursement is based on the patient’s illness and or procedure, his or her co-morbid conditions, and other situations that occur during the patient’s stay, and on the resources used, not the characteristics of the hospital or the medical staff. In the past, a hospital with residents would get more money for the appendectomy than the community hospital without residents. Today, the healthcare system consists of a myriad of financing mechanisms, provider types, fee schedules, and reimbursement methodologies. Healthcare funding and reimbursement methodologies are major items on the health policy agenda for federal, state, and local governments. There is increased importance regarding the funding of care for the uninsured, those with high-cost diagnoses and with longterm disabilities or chronic c­ onditions—all in the context of diminishing funds for health care (Shi & Singh, 2015). In addition, there is increased scrutiny for detecting fraud and abuse by healthcare providers.

Technology For many years, the most advanced technology used was the duplicating machines for the release of information requests. Today, the EHRS must facilitate simultaneous, multiple access to information for clinical and administrative purposes. Although some health information is still handwritten, paper documentation is no longer the primary means of communication, as most health information systems have at least some electronic applications. The EHRS can capture documentation in real time, such as electronic laboratory data, and can include documents and information from other sources (e.g., hospitalization at another facility, diagnostic data from ambulatory clinics, and consultations from providers in many different settings). Table 1-1 shows a brief summary of the characteristics of the paper-based medical records in comparison with the electronic health record system for inpatient hospitalizations.

Role of the HIM Professional The HIM professional needs to be able to read and understand all the documentation in the information system in order to make decisions about coding, release of information, quality management, and other activities. Graduates of accredited HIM programs are professionals and need to have an educational background in anatomy and physiology, biostatistics, medical terminology, microbiology, pathophysiology, pharmacology, quality, risk management, and other related subjects in order to support the information needs of many stakeholders. Whereas some healthcare providers can focus expertise on one body system, the HIM professional is held accountable for understanding and interpreting health information across the full spectrum of body systems, diagnoses, and procedures (CAHIIM 2015). Health information can consist of large databases that provide overall statistics of populations, but it also includes individual patients’ sacred stories with information shared that must be protected and secured, no matter the setting in which it is collected and/or stored. Each member of the clinical team adds



Role of the HIM Professional

9

TABLE 1-1  Paper-Based Medical Record Versus Electronic Health Record System

Access by providers

Paper-Based Medical Record

Electronic Health Record System

Rare, except for follow-up care or research

Multiple, simultaneous access by many stakeholders and reviewers

One person at a time could review the documentation Repository (storage) of information with retrospective documentation, based on weekly or monthly visits by physicians Access by patients

Rare; most patients unaware of the medical record Must be authorized by physician Review done in presence of HIM or other healthcare professional

Completion of medical record after discharge

One month to two years

Patients review and get copies of their medical record, through paper-copying processes or electronic patient portals Patients maintain a personal health record (PHR), consisting of clinical documentation based on healthcare visits and Internet downloads for diagnostic and preventive information Documentation is completed and scanned at discharge or within a few days to a few months Electronic systems facilitate direct input of completed information

Availability and legibility

Lost records common Delays in care experienced due to unavailability of information Filing backlogs for laboratory, radiology, consultation, operative, and other types of reports Often illegible

Reimbursement

Whatever it cost: usual, customary, and reasonable costs

Records are immediately available due to scanning and other electronic storage technology, including the electronic health record system Some paper documents scanned into the system can still be illegible Electronic templates are always legible Based on formulas, such as Diagnosis Related Groups (DRGs) for Medicare and Medicaid Government denies payment for some services Financial incentives and sanctions

Government involvement

Medicare and Medicaid Affordable Care Act

additional information to complete a story that defines an individual. Currently, HIM professionals are responsible for designing and maintaining the systems that facilitate the collection, use, and dissemination of health and medical information. They have expertise in the complexity of the healthcare delivery system; clinical medicine; information technology, electronic health records, and database management; clinical vocabularies; coding

Involved with passing legislation that requires documentation and review processes.

and classification systems; policies, rules, and regulations of multiple healthcare delivery sites; quality, financial, and human resource management; and the legal aspects of health information systems, including the laws and regulations governing the release of health information to healthcare providers, researchers, educators, third-party payers, and regulatory and accrediting agencies (Commission on ­Accreditation for Health Informatics and Information

10

Chapter 1   Professional Values and the Code of Ethics

Management Education [CAHIIM], 2015; ­ bdelhak & ­H arman, 2000, 2013a, 2013b; A H anken, 2015; Rinehar t-Thompson  & ­ Harman, 2006). To fulfill their work responsibilities, HIM professionals must demonstrate ­“behavior that reflects integrity, supports objectivity, and ­fosters trust in professional activities” (­ Huffman, 1972, p. 126). Several characteristics are common to all professionals (Spinello, 1997), and professionals within the healthcare system are slated as such. First, professionals undergo extensive and specific training to master a complex body of knowledge and must have the ability to apply that knowledge. In this respect, HIM professionals are similar to nurses, social workers, occupational and physical therapists, and health services administrators. Another common characteristic of professionals is the importance of the contribution that they make to society through the services they provide. The value of these services is frequently recognized through licensing, registration, or certification requirements that prohibit entry into the profession unless certain qualifications are met. The services provided by HIM professionals with regard to information stewardship, access oversight, and the maintenance of the security and confidentiality of information are meaningful contributions to ­society-at-large and are recognized through a national certification process. Professional designation also provides for lifetime learning and continuing education. In order to continue with the certification, HIM professionals are required to earn continuing education credit in specified areas on a biannual basis for each earned credential, such as Registered Health Information Administrator (RHIA), Registered Health Information Technician (RHIT), or Clinical Coding Specialist (CCS). Those with multiple credentials must meet the requirements for each credential. Professional discipline expertise, though necessary, is insufficient expertise for the complex dilemmas faced by HIM professionals today. It is imperative that HIM professionals also understand ethical principles and the American Health Information Management Association (AHIMA) Code of Ethics to guide their actions. Autonomy over judgment in the work environment is another common characteristic of

professionals. Because of their expertise, the opinions and judgments of professionals are highly sought after. Professionals, by their designation, are allowed a significant amount of autonomy in making decisions and exercising judgment, and they are held to a high standard of ethical behavior. To fulfill their work responsibilities, HIM professionals must demonstrate “behavior that reflects integrity, supports objectivity, and fosters trust in professional activities” (Huffman, 1972, p. 126). An understanding of ethics is essential when confronting problems at work. As noted by Glover: “Ethics is the formal process of intentionally and critically analyzing, with clarity and consistency, the basis for one’s moral judgments. It is important for HIM and healthcare professionals to engage in this process, because they are accountable for their actions as professionals, not just personally, as individuals. Ethical reasoning is necessary to resolve the potential tensions between personal values and professional values and among professional values . . . [An ethical decision making model and an understanding of ethical theories and approaches] can help HIM professionals identify ethical issues, work with other members of the team to identify and analyze choices, decide on a course of action and justify that choice.” Glover presents two scenarios and ethical decision-making matrices (Glover, Chapter  2): the importance of ethical decision making for an adolescent, and access by adolescents to patient portals. Ethical challenges and dilemmas happen in all aspects of the health information systems and for all those who work on behalf of patients, including health information, healthcare and information technology, and business professionals. An understanding of the ethical foundations of a profession, based on the professional Code of Ethics, is critical to ensure that healthcare and the information system continues to be trusted to support quality information and safety for all persons.

HIM Profession and Ethical Pledge

HIM Profession and Ethical Pledge The HIM profession emerged in the late 1920s when the American College of Surgeons required the review of medical records generated by those seeking admittance to the organization. At that time, medical records were inadequate and could not support initiatives for standardization and residency approval. The Clinical Congress of the American College of Surgeons devoted their entire session in 1928 to the medical record and invited medical record workers from the United States and Canada to attend the conference. Grace Whiting Myers, librarian emeritus of Massachusetts General Hospital, organized the activities for the conference and was appointed as the first president of the Association of Record Librarians of North America (ARLNA) (Huffman, 1963). This conference elevated the standards for medical records by addressing the content, availability, and preservation of the medical record. The responsibility to protect privacy was clearly defined in the 1934 pledge of the American Association of Medical Record Librarians (AAMRL). This pledge was written and read by Grace Whiting Myers at the first annual professional association meeting in Boston: I pledge myself to give out no information from any clinical record placed in my charge, or from any other source to any person whatsoever, except upon order from the chief executive officer of the institution which I may be serving. (Huffman, 1972, p. 135) Reprinted with permission from the American Health Information Management Association. Copyright © 2015 by the American Health Information Management Association. All rights reserved. No part of this may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association.

This is a clear ethical obligation: Do not give any patient information to anyone, except as authorized. The pledge was expanded in 1935 when the association’s emblem was approved,

11

and some statements were added to reinforce the importance of ethical conduct. The amended 1935 pledge incorporated the following standards for conduct (Huffman, 1972, p. 136): RECOGNIZING that the ­AMERICAN A S S O C I AT I O N O F M E D I C A L RECORD LIBRARIANS seeks to develop and enforce the highest standards of work among its members, I hereby pledge myself, as a condition of membership, to conduct myself in accordance with all its principles and regulations. IN PARTICULAR, I pledge myself to pursue the practice of my profession in a spirit of unselfishness, and of loyalty to the Association and to the institution which I am called to serve; to bear always in mind a keen realization of my responsibility; to seek constantly a wider knowledge of my profession through serious study, through instruction by competent approved teachers, throughout interchange of opinion among associates, and by attendance at meetings of this and of allied associations; to regard scrupulously the interests and rights of my fellow-members, and to seek counsel among them when in doubt of my own judgment. MOREOVER, I pledge myself to give out no information concerning a patient from any clinical record placed in my charge, or from any other source, to any person whatsoever, except upon order from the chief executive officer of the institution which I may be serving; and to avoid all commercialization of my work. FINALLY, I pledge myself to cooperate in advancing and extending by every lawful means within my power, the influence of the A ­ MERICAN ASSOCIATION OF MEDICAL RECORD LIBRARIANS. Source: Pledge reprinted courtesy of ­American Health Information Management Association, Chicago, Illinois.

This 1934 pledge statement with the code of conduct formed the basis of a more formalized

12

Chapter 1   Professional Values and the Code of Ethics

structure of a code of ethics, and the first code of ethics was published in 1957 (Appendix 1-A).

Professional Codes of Ethics Most professions are regulated by a set of behavioral standards commonly called a code of ethics or code of conduct. Although each has elements that are specifically related to their specialty (e.g., nurses, physicians, HIM professionals), there are common themes and values. Healthcare professionals share values, including accountability, advancement, advocacy, autonomy in decision making, collaboration, ­commitment, compassion, competency (both individual and ­p rofessional), protection of ­privacy and ­confidentiality, continuing education, ­d edication, ­educational development, honesty, honor, human dignity, human relationship, integrity, justice, importance of mentoring, ­precision and accuracy in caring, respect, responsibility, security of information, service, sympathy, trust, truth, worthiness, and wholeness. These values help to define a profession’s roles and ethical duties. That, ­coupled with the reality that no profession within the contemporary healthcare arena practices in isolation, underscores the need to acknowledge shared values and beliefs and interdisciplinary collaboration. In today’s complex healthcare environment, it is incumbent that all members of the healthcare team, both clinical and nonclinical, be obligated to work collaboratively as an interdisciplinary team to achieve a desired outcome. Each member of the team brings a valued perspective that ultimately focuses on the protection of privacy and confidentiality, quality, and patient safety. It is in this collaborative environment that the public, from individual patients to entire communities, is able to maintain trust in the healthcare and information systems. Nonclinical professionals have the obligation to maintain the public’s trust through their understanding of these core values, whether or not there are professional codes of ethics that they follow.

AHIMA Code of Ethics As early as 1934, the American Association of Medical Record Librarians (AAMRL) recorded

a pledge that defined a code of conduct. The first official code of ethics was passed in 1957 by the AAMRL House of Delegates. Most codes evolve over time due to changes in the healthcare environment, as well as cultural and historical dynamics. Several revisions to the codes have been approved by the American Health Information Management Association (AHIMA) House of Delegates (HOD) over the years, including 1977, 1988, 1998, 2004, and 2011. Three of these codes are included in the appendix so that you can see the changes in language over the years [see Appendixes 1-A (1957), 1-B (1998), and 1-C (2011)]. As noted by Flite & Harman (2013), the Code is developed within the context of the healthcare environment and world events. Consider the examples given in Table 1-2. Since the profession’s inception, HIM professionals have had a clear, definitive ethical obligation to protect patient privacy and have been a strong ethical voice for the correct course of action as they have assigned the correct diagnostic and procedural codes based on the care that was rendered, released information on behalf of patients, and reliably and accurately reported data secured from the information system. In today’s complex healthcare environment, the HIM professional cannot function without a clear understanding of ethical principles within an ethical decision-making context. The following preamble is taken directly from the 2011 AHIMA Code (AHIMA, 2011).

Preamble The ethical obligations of the health information management (HIM) professional include the safeguarding of privacy and security of health information; disclosure of health information; development, use, and maintenance of health information systems and health information; and ensuring the accessibility and integrity of health information. Healthcare consumers are increasingly concerned about security and the potential loss of privacy and the inability to control how their personal health information is used and disclosed. Core health information issues include what



Professional Codes of Ethics

13

TABLE 1-2  Historical Environment of the AHIMA Codes of Ethics Year

Environment and Events

1930s

The 1930s were marked by the Depression, unemployment, and a lack of healthcare coverage. This period ushered in the beginning of insurance, marked by the beginning of private (prepaid hospital) insurance by Blue Cross. The Social Security Act of 1935 was passed without a health insurance component.

1950s–1960s

The healthcare industry advanced with computerization in billing functions and advancement in health technology, such as the introduction of the pacemaker in 1952, the introduction of the heart-lung machine in 1953, and the first successful kidney transplant in 1954.a Ultrasound scanning was pioneered in Scotland; the Asian flu pandemic caused more than one million deaths worldwide.b The first nuclear reactor plant opened in Pennsylvania, exposing people to the risk of radiation and making people vulnerable to manufactured forces beyond their control. Individuals could control purchases, such as a home, food, or gas, but they could not control the forces of politics, nature, or technology. As globalization progressed and communication technologies allowed people to become more aware of what was happening to others on an immediate basis, pressure increased to protect potentially vulnerable individuals in the health information system through the ways information was collected, used, and disseminated.

1970s

Cost containment in health care became a focus. The federal Health Maintenance Organization (HMO) Act of 1973 was passed to encourage employers to develop and seek HMO initiatives. The first baby conceived through assisted reproductive technology (in vitro fertilization) was born in England. Sweden became the first nation to ban aerosol sprays that were thought to damage earth’s protective ozone layer. Britain launched the Motability program to provide cars for disabled people.c

1980s

The 1980s were a time of regulation and deregulation as the federal government increased regulation on health reimbursement. The implementation of diagnosis-related groups (DRGs) in 1983 changed the nature and importance of the medical record professional’s role in a highly regulated government environment. The first laser eye surgery was performed in the United States. Crack (a derivative of cocaine) became available to the public. The antidepressant Prozac was introduced and quickly became the market leader for treating depression. Computer viruses started to surface.d

1990s

Beginning in 1994, a series of Physicians at Teaching Hospitals (PATH) audits were conducted by the federal government to investigate improper billing by teaching hospitals and physicians. In December 1995, the University of Pennsylvania settled for $30 million with the Department of Justice for questionable billing practices. Major privacy and security legislation, the Health Insurance Portability and Accountability Act (HIPAA), was enacted in 1996. The Institute of Medicine report To Err Is Human: Building a Safer Health System was released in 1999.

2004

In 2003, the government implemented the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA).

2009–2011

In 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act, part of American Recovery and Reinvestment Act of 2009 (ARRA), included provisions to advance the use of health information technology by including privacy, security, and electronic health record incentives.

Data from Flite, C. A., & Harman, L. B. (2013, Winter). Code of ethics: Principles for ethical leadership. Perspectives in Health Information. Chicago, IL: AHIMA. a Garber, K. M. “Eight Decades of Health Care: Hospitals & Health Networks: 80th Anniversary. The 1980s.” Hospitals & Health Networks 81, no. 7 (2007): 12–15. b

The People History. “The Year 1957 from the People History.” Available at http://www.thepeoplehistory.com/1957.html (accessed March 11, 2012). c

The People History. “The Year 1977 from the People History.” Available at http://www.thepeoplehistory.com/1977.html (accessed March 11, 2012). d

The People History. “The Year 1988 from the People History.” Available at http://www.thepeoplehistory.com/1988.html (accessed March 11, 2012).

14

Chapter 1   Professional Values and the Code of Ethics information should be collected; how the information should be handled, who should have access to the information, under what conditions the information should be disclosed, how the information is retained and when it is no longer needed, and how is it disposed of in a confidential manner. All of the core health information issues are performed in compliance with state and federal regulations, and employer policies and procedures. Ethical obligations are central to the professional’s responsibility, regardless of the employment site or the method of collection, storage, and security of health information. In addition, sensitive

information (e.g., genetic Chapter 18), adoption (Chapter 19), drug, alcohol, sexual, and behavioral information (Chapter 20) requires special attention to prevent misuse of the information. In the world of business and interactions with consumers, expertise in the protection of the information is required. Ethical obligations are central to the professional’s responsibility, regardless of the employment site or the method of collection, storage, and security of health information. The 2011 AHIMA Code of Ethics (App­ endix  1-C) incorporates values, principles, and professional standards that acknowledge the

EXHIBIT 1-1  AHIMA 2011 Ethical Principles CODE OF ETHICS 2011 ETHICAL PRINCIPLES Ethical Principles: The following ethical principles are based on the core values of the American Health Information Management Association and apply to all AHIMA members and certificants. A health information management professional shall: 1. Advocate, uphold, and defend the individual’s right to privacy and the doctrine of confidentiality in the use and disclosure of information. 2. Put service and the health and welfare of persons before self-interest and conduct oneself in the practice of the profession so as to bring honor to oneself, their peers, and to the health information management profession. 3. Preserve, protect, and secure personal health information in any form or medium and hold in the highest regards health information and other information of a confidential nature obtained in an official capacity, taking into account the applicable statutes and regulations. 4. Refuse to participate in or conceal unethical practices or procedures and report such practices. 5. Advance health information management knowledge and practice through continuing education, research, publications, and presentations. 6. Recruit and mentor students, peers and colleagues to develop and strengthen professional workforce. 7. Represent the profession to the public in a positive manner. 8. Perform honorably health information management association responsibilities, either appointed or elected, and preserve the confidentiality of any privileged information made known in any official capacity. 9. State truthfully and accurately one’s credentials, professional education, and experiences. 10. Facilitate interdisciplinary collaboration in situations supporting health information practice. 11. Respect the inherent dignity and worth of every person. Reprinted with permission from the American Health Information Management Association. Copyright © 2011 by the American Health Information Management Association. All rights reserved. No part of this may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association. Adapted with permission from the Code of Ethics of the National Association of Social Workers.



Professional Codes of Ethics

importance of the many parties that are served by the HIM professional: patients and the healthcare team, the public interest, the employer, the professional association, and the individual HIM professional. These values should be revisited often and used when the HIM professional is confronted with difficult ethical choices because the values embedded in the Code will assist with decision making. Based on a review of the Codes over the years, the primary ethical obligations include the following (Harman, 2001, 2006).

Patients and the Healthcare Team Regardless of the employment site (e.g., acute care hospital, long-term care facility, physician’s office, research organization, government agency, law firm, pharmaceutical company, vendor, etc.), the patient must be the focus of the services provided. The HIM professional has the primary responsibility to protect the patient’s privacy and confidential information. The values, as identified in the Code over the years, support this ethical imperative: ■■

■■

Provide service. The primary role of the HIM professional is to provide service to others with regard to clinical information. Core values include placing service and the honor of the profession before personal advantage, and the health and welfare of patients before personal and financial interests. Those served include patients, providers of care, administrators, researchers, insurers and government agencies, vendors, and others who have a legitimate need to access information from the clinical information system. In the early years of the profession, the patient was almost exclusively the focus of the decisions made. Now, of course, many stakeholders have an interest in accessing information, and the competing interests can be in direct conflict with the protection of privacy. In today’s work environment, these requesters must be considered, but the HIM professional cannot abdicate the core responsibilities of protecting the patient’s privacy and providing service. Protect medical and social information. It is increasingly apparent that the health information system contains not only

■■

■■

■■

■■

15

health and medical information, but also social information that requires special attention. Requests for health and medical information of a patient come from multiple entities. Although an individual may not want an employer to know that a cholecystectomy was performed, that information would pale in comparison to some of the social and family history information, such as smoking, drinking, hobbies, genetic conditions, or health of family members. The protection of social and risk-factor information, including genetic information, requires constant diligence, as discrimination against certain groups can occur. Promote confidentiality. The responsibility to protect confidential information includes teaching others about this core principle. It is not sufficient for HIM professionals to value confidentiality. The responsibility transcends personal commitment and requires that others, including other members of the healthcare team and the many stakeholders who gain access to patient information, fully understand “right and wrong” in this arena. Preserve and secure health information. Privileged health information that is accessed in the capacity of work must be held in absolute confidence. As EHRS become more prevalent and access to records increases, the need for information security increases. In addition, there are numerous databases, detailed secondary records, registries, and quality and regulatory information that must also be protected. Promote the quality and advancement of health care. Education of the HIM professional has always included clinical medicine, pharmacology, biostatistics, and quality improvement methodologies. HIM professionals must be able to read and interpret all clinical information and work with all members of the healthcare team to constantly improve the healthcare system. HIM professionals must support research that will improve quality of care. Report data with integrity and accuracy. This is an extremely important focus for HIM professionals. Although they cannot conceal unethical practice and must

16

■■

Chapter 1   Professional Values and the Code of Ethics report unethical behavior on the part of others, HIM professionals cannot assume the right to make determinations in professional areas outside the scope of HIM practice. The reporting of potential clinical wrongdoing rests with clinical personnel. Such personnel are better able to judge the quality or appropriateness of the care or services rendered. The HIM professional’s responsibility is to provide accurate data for review and investigation. If a physician is found to be incompetent through audit results (documentation of drug abuse, repeated missed diagnoses or misinterpretation of test results, or other similar outcomes), the data must be reported accurately and with integrity. If the information is ignored, the HIM professional should continue to report the findings, sometimes again and again. This responsibility requires engaging core values of truth telling and courage. Promote interdisciplinary cooperation and collaboration. The HIM professional works with all members of the healthcare and administrative teams. The HIM professional respects and understands the responsibilities of these individuals and facilitates collaboration and objective documentation practices that will improve care and services that are rendered. This responsibility includes respecting the dignity of all individuals.

■■

■■

Employer Today, HIM professionals work in various settings in and outside traditional healthcare environments. The Code’s language ensures that the HIM professional’s values related to an employer help to keep an upstanding professional reputation. Some responsibilities include: ■■

Demonstrate loyalty to the employer. HIM professionals will show respect for the employer by following policies, rules, and regulations, unless they are illegal or unethical. Demonstrating loyalty to the employer by honorably discharging duties and responsibilities is an essential ethical

■■

behavior. HIM professionals change jobs for various and sundry reasons; however, the professional’s ethical duty includes telling the employer in advance of the transition. If it becomes necessary to leave an employer, this responsibility includes giving notice of the impending resignation. It is unethical to abandon a job given the responsibilities to the many people who depend on the HIM professional. This is more important today than ever, given the mobility of our society and the shortage of HIM professionals. Protect committee deliberations. Professional medical staff and health service committees are the mechanism by which the problems related to patient care, organizational policies, procedures, and risks are discussed and resolved. The results of these deliberations must be kept private. Comply with laws, regulations, and policies. The HIM professional must know and comply with all of the laws, rules, regulations, and other standards that affect the health information system, including federal, state, and local laws; accrediting and licensing standards; and employer policies and procedures. Compliance is a necessary but insufficient guideline for ethical behavior. An action can be legal but not ethical. For example, a small employer group could ask for a printout of pharmaceutical costs. Although no patient names would be revealed, the employer might be able to quickly determine who has AIDS or cancer or some other major disease that would require high pharmaceutical costs. Legally, the employer may be entitled to this information. Ethically, however, this action could violate patient privacy. If the laws, regulations, and policies are not in the best interests of the patients, the HIM professional should become an advocate for changing them. Recognize the authority and power of the HIM position. Both the authority and the power to protect and secure health information are given to HIM professionals. They must act to prevent inappropriate access to health information that would be detrimental to patients and others.



Professional Codes of Ethics

■■

This authority and power must be taken very seriously, and the entrusted duties and responsibilities require conscientious attention. Accept compensation only in relationship to responsibilities. Monetary compensation in the workplace should be what is customary and lawful for the services rendered. The HIM professional should consider this ethical tenet when confronted with an invitation for unlawful compensation. Some people or organizations may want access to information collected about a patient, a physician, or other healthcare provider. They may even be willing to pay for that information. It would be unethical behavior for the HIM professional to receive money in exchange for such information.

■■

Public Interest HIM professionals must act in the public’s best interest. Often, the public does not know that HIM professionals are on their team, but these professionals must constantly work on the public’s behalf. Responsibilities related to the public include the following: ■■

■■

Advocate for change. Today’s HIM professional must lead initiatives to change laws, rules, and regulations that do not protect patient privacy and confidentiality. Advocacy includes actions to protect patients, the healthcare team, the organization, the professional association, peers, and oneself. State and national policy and advocacy activities support this ethical obligation. Refuse to participate in or to conceal unethical practices. The sacred stories involving patients and those who provided the care are embedded in a health information system—the decisions that helped, the decisions that harmed, random consequences, and acts of nature. HIM professionals, given their responsibility to review the documentation for accuracy and completeness, are held accountable to notice the trends and potential problems in relationship to a care provider, a diagnosis, a

17

procedure, or any other similar categorization. HIM professionals must behave in an ethical manner and do what is right, not what is easy; certainly they must not do anything that would harm another. They cannot conceal the illegal, incompetent, or unethical behaviors of individuals or organizations. Report violations of practice standards to the proper authorities. Once a violation of practice standards has been identified (through quality audits or other data-collection process), the results must be reported—but only to the proper authorities. Violations can include those related to external standards, employer policies and procedures, or professional practice standards. For example, quality assurance or other audit results may indicate that an individual physician, institution, insurer, or other agency is doing something inappropriate, such as discriminating against employees due to clinical information. The HIM professional’s responsibility includes bringing the potential or actual problem to the attention of those responsible for the delivery and assessment of care and services.

Professional Associations and Peers Another important constituent for any HIM professional is the professional organizations that they are members of, including AHIMA. The HIM professional should do the following: ■■

■■

Be honest. Truth and accuracy are core ethical principles. HIM professionals must always be truthful in reporting their credentials, degrees, certifications, and work experiences. Truth and accuracy also include honest disclosure of duality of interests, such as working for a healthcare facility and a vendor. In these two capacities, proprietary information may become available that would place one employer in jeopardy in relationship to the second. Such dualities must be disclosed. Bring honor to oneself, peers, and the profession. The professional conduct of the HIM professional should bring honor

18

■■

■■

■■

■■

Chapter 1   Professional Values and the Code of Ethics to oneself and those served. The health and welfare of the patients should come before all personal or financial interests. Commit to continuing education and lifelong learning. HIM professionals are expected to be lifelong learners, ensuring expertise and application of current knowledge. The HIM professional must be committed to maximizing personal competence as well as contributing to the improvement of the quality of the services rendered. Health information management is a practice-oriented career, and advanced graduate degrees and research are required to improve professional contributions. The Code requires action and commitment to degree attainment, continuing education, currency with the professional literature, self-assessment, the design of personal educational programs, and dialogue with peers about solutions to problems. Competency through self-improvement is an important directive that ensures the continuance of the profession. Discharge association duties honorably. HIM professionals can volunteer for local, state, national, and international association positions or be appointed or elected to them. Just as clinical information must be protected, the information learned in an official capacity while working on behalf of the professional associations must also be protected. Sometimes “secrets” are discovered at these levels, and it is important to protect this information. Strengthen professional membership. All HIM professionals are responsible for recruiting and training the next generation of professionals. Professional practice standards require constant recruitment of new students into the profession so that existing professionals can share their expertise and help to continue the profession by mentoring the next generation. Represent the profession to the public. This standard requires education of the public regarding the HIM professional’s role and responsibilities. If the public or other members of the healthcare team are confused about what HIM professionals do on their behalf, HIM professionals should accept some responsibility for this

■■

confusion. The association’s mission, guiding principles, and values must be supported when dealing with the public and the teams. Promote and participate in research. HIM professionals do not have a long-standing tradition of professional practice research; rather, they have mostly assisted other members of the healthcare team with clinical research. As professionals acquire advanced degrees, more specific health information research is being conducted. Like all researchers, HIM professionals should act with integrity and avoid conflicts of interest.

Accountability to the AHIMA Code of Ethics Upon being awarded any of the various credentials authorized by AHIMA, the HIM professional agrees to follow the principles and values from the Code of Ethics and to base all professional actions and decisions on those principles and values. Even if federal or state laws did not require the protection of patient privacy, the HIM professional would be responsible for protecting it according to the AHIMA Code of Ethics (LaTour, Eichenwald-Maki, & Oachs, 2013; Flite & Harman, 2013). As with any professional Code of Ethics, there must be a system in place that promotes accountability to all persons commanded by the Code. Any code is a dynamic document that can, in some cases, be interpreted to reflect the reader’s value system. When a code is not upheld to its highest standards, it is weakened and creates the ability for a professional to operate outside the professional standards. Codes specify a duty that each professional act in an ethical manner at all times and to report any activity outside the limits of the Code. These values and the method of accountability provide that the professional values will continue to foster the highest standards. Since its founding, AHIMA has maintained that strict adherence to the Code of Ethics provides a foundation for the highest values as it relates to confidentiality, privacy, security, data integrity, and quality information to each of its constituents. The AHIMA Code of Ethics is supplanted by companion documents for coding and clinical documentation professionals that are used to

provide more specificity on ethical behaviors for these specialties. In the current environment, these two specialty areas are targeted for potential fraud and abuse, and there is a need for ethical behaviors. These standards are modeled in language and design after the AHIMA Code of Ethics. The Standards of Ethical Coding and the Standards for Clinical Documentation Improvement are used in conjunction with the AHIMA Code, but provide needed specificity in these areas (AHIMA, 2008; AHIMA, 2010). AHIMA has encouraged its members to remain vigilant to areas where the Code is not being followed and provides the membership with an avenue to report suspected violations to the Code. Those potential violations are reported to the Professional Ethics Committee (PEC). The committee’s charge is to improve members’ and certificants’ professional position by developing and maintaining high ethical standards through education, training, and use of the ethics violation review process. Potential violations to the Code can be received from employers, consumers, regulatory agencies, and general sources of information, such as newspaper articles. The PEC helps to preserve the relevance and applicability of the Code of Ethics by continued review and revision based on the changing environment. The PEC is recognized by AHIMA with membership appointed by the elected president of the association. Its composition consists of AHIMA members and others with interest and expertise in ethical issues. The PEC is supported by AHIMA with administrative management and technical support. The committee meets on a regular basis and can be called together on an ad hoc basis for issues that require immediate attention.

Policy and Procedure The AHIMA policy and procedure for the PEC (Appendix 1-D) is posted on the AHIMA website (AHIMA.org), where it describes the process and provides a standardized form (Appendix 1-E) by which constituents can report potential violations of the Code. Because the policy is located on the general website, it is open to anyone who accesses the site, thus showing a strong sense of transparency in the process and the ability for anyone, even the general public, to report cases of potential misconduct. The policy also provides

Professional Codes of Ethics

19

for internal initiated investigations based on information gleaned from other sources, such as print and video mediums or reports on related websites (“AHIMA Advantage,” 2013). The policy and procedure spells out the duties and responsibilities of PEC members and processes for reporting, investigation, privacy, appeals, and potential consequences of identified violations. It also describes the interaction with the Commission on Accreditation for Health Informatics and Information Management Education (CAHIIM), whose mission is to establish and enforce quality accreditation standards for educational programs.

Ethical Tools Though not specified in the policy and procedure, the PEC is also charged with providing information and teaching opportunities relating to the Code. One tool located on the AHIMA website is a Code of Ethics Self-Assessment, and all credentialed members are expected to complete this review. It is available on the general website and can be used to assess the knowledge and understanding of the Code. Additionally, 10 case studies have been developed to assist with this assessment. The case studies intend to help AHIMA members, credentialed HIM professionals, students, and others learn how to examine and resolve ethical issues they may confront in their own organizations. In addition, ethical questions/quizzes have been inserted into the Journal of the American Health Information Management Association (JAHIMA) (Burton, 2014; “AHIMA Advantage,” 2012a, 2012b). The quizzes describe changes to the Code in addition to case scenarios dealing with ethical situations and potential solutions. Each of these tools provides additional educational opportunities for both members and non-members to use the Code as a basis for decision-making.

Consequences of Unethical Behavior No code of ethics can be successful without the use of consequences arising from noncompliance. Although deliberations and specific cases from the PEC are confidential, general themes of cases and consequences emerge. There are cases where members have forged or misused an

20

Chapter 1   Professional Values and the Code of Ethics

AHIMA credential and membership was either suspended for a time or revoked. A few cases have been brought forth against faculty members from an accredited HIM program and the outcomes of these cases have varied depending on the case. In addition, there are many questions and concerns regarding coding and clinical documentation compliance and issues that require the use of the AHIMA Standards for Ethical Coding and the AHIMA Ethical Standards for Clinical Documentation Improvement Professionals. The PEC’s deliberations and actions are important to the profession and the professional, as they are another means to engender public trust.

American Nurses Association Code of Ethics The ethical values identified for the HIM profession coincide with those of nursing. Nursing also embraces the values that protect patients’ privacy and confidential information, ensuring that the information is accurate and available in a timely manner to ensure quality care and optimal patient outcomes. In addition, core nursing values include human dignity, integrity,

autonomy, altruism, and social justice (Butts & Rich, 2015; Fahrenwald, Bassett, Tschetter, ­Carson, White, & Winterboer, 2005). In a worldwide context, the nursing profession shares common ethical values that also mandate protection of human dignity and respect for patients (International Council of Nurses, 2006; Butts & Rich, 2015). Key themes that have been noted include “human dignity, privacy, justice, autonomy in decision making, precision and accuracy in caring, commitment, human relationship, sympathy, honesty, and individual and professional competency” (Shahriari, Mohammadi, Abbaszadeh, & Bahrami, 2013, p. 1). These values seem universal, but it is important to note that sociocultural factors may influence how terms are defined and put into practice. In the United States, the American Nurses Association’s (ANA) Code of Ethics for Nurses “establishes the ethical standards for the profession and provides a guide for nurses to use in ethical analysis and decision-making” (ANA, 2014, p. vii). This provides a non-negotiable foundation for nursing action that is the basis for nursing practice across all settings. These broad provisions are listed in Exhibit 1-2.

EXHIBIT 1-2  Nursing Code of Ethics Provision 1  The nurse practices with compassion and respect for the inherent dignity, worth, and unique attributes of every person. Provision 2  The nurse’s primary commitment is to the patient, whether an individual, family, group, community, or population. Provision 3 The nurse promotes, advocates for, and protects the rights, health, and safety of the patient. Provision 4  The nurse has the authority, accountability, and responsibility for nursing practice; makes decisions; and takes action consistent with the obligation to promote health and to provide optimal care. Provision 5  The nurse owes the same duties to self as to others, including the responsibility to promote health and safety, preserve wholeness of character and integrity, maintain competence, and continue personal and professional growth. Provision 6  The nurse, through individual and collective effort, establishes, maintains, and improves the ethical environment of the work setting and conditions of employment that are conducive to safe, quality health care. Provision 7  The nurse, in all roles and settings, advances the profession through research and scholarly inquiry, professional standards development, and the generation of both nursing and health policy. Provision 8  The nurse collaborates with other health professionals and the public to protect human rights, promote health diplomacy, and reduce health disparities. Provision 9  The profession of nursing, collectively through its professional organizations, must articulate nursing values, maintain the integrity of the profession, and integrate principles of social justice into nursing and health policy. Reprinted from American Nurses Association. (2014). Code of Ethics for Nurses with Interpretive Statements. The American Nurses Association, Inc.



Professional Codes of Ethics

Within the Nursing Code of Ethics, Provisions 1, 3, and 6 specifically address ethical standards that relate to the issues likely encountered when dealing with health information technology (HIT). Within the Nursing Code of Ethics, Provisions 1, 3, and 6 specifically address ethical standards that relate to the issues likely encountered when dealing with HIT which are shared across disciplines. Upon review, it is evident that there are commonalities across disciplines. Provision 1 of the Nursing Code of Ethics specifically advocates for the individual’s right to selfdetermination—a key value shared with the HIM professional. Provision 3 outlines the nurse’s responsibility to ensure the protection of patients’ rights, health, and safety—particularly focusing on the right to privacy and confidentiality, creation of a culture of safety, and the responsibility to act on questionable practice. Provision 6 indicates that it is the nurse’s responsibility to work individually

21

and collaboratively to create, maintain, and improve the ethical environment in which care is being delivered. Nurses and the HIM professional have many shared values that can serve as a starting point to support interdisciplinary collaboration.

Principles of Medical Ethics for Physicians In 2001, the American Medical Association (AMA) updated and adopted the revised Principles of Medical Ethics. These principles e­ stablish the AMA’s standards of conduct that define the essentials of honorable behavior for the physician (Exhibit 1-3). As with the Nursing Code of Ethics, these standards demonstrate a commitment to ethical values similar to those of the HIM professional, particularly the respect for human dignity and rights, the safeguarding of patient confidences and privacy, and making relevant information available to patients, colleagues, and the public.

EXHIBIT 1-3  American Medical Association Principles of Medical Ethics I. A physician shall be dedicated to providing competent medical care, with compassion and respect for human dignity and rights. II. A physician shall uphold the standards of professionalism, be honest in all professional interactions, and strive to report physicians deficient in character or competence, or engaging in fraud or deception, to appropriate entities. III. A physician shall respect the law and also recognize a responsibility to seek changes in those requirements which are contrary to the best interests of the patient. IV. A physician shall respect the rights of patients, colleagues, and other health professionals, and shall safeguard patient confidences and privacy within the constraints of the law. V. A physician shall continue to study, apply, and advance scientific knowledge, maintain a commitment to medical education, make relevant information available to patients, colleagues, and the public, obtain consultation, and use the talents of other health professionals when indicated. VI. A physician shall, in the provision of appropriate patient care, except in emergencies, be free to choose whom to serve, with whom to associate, and the environment in which to provide medical care. VII. A physician shall recognize a responsibility to participate in activities contributing to the improvement of the community and the betterment of public health. VIII. A physician shall, while caring for a patient, regard responsibility to the patient as paramount. IX. A physician shall support access to medical care for all people. Reprinted from American Medical Association. (2001). Code of Medical Ethics, Available from http://www.ama-assn.org/go/code. Copyright 1995–2015 American Medical Association. All rights reserved.

22

Chapter 1   Professional Values and the Code of Ethics

These ethical principles are deeply embedded within the medical profession and clearly correlate with those of the HIM. The American Medical Association’s Principles of Medical Ethics include a shared respect for human dignity and rights, and espouse the responsibility to safeguard patient confidences and privacy and to work collaboratively with other professions. These shared values provide a strong foundation for collaboration in today’s complex healthcare environment and will be further discussed in the next section.

Shared Professional Values Similar to professional codes of ethics, there are commonalities across disciplines in their professional values as well. There are shared ethical values of the HIM professional, physician, and nurse that are important for interprofessional and interdisciplinary collaboration competencies. When reviewing the codes for HIM professionals, nurses, and physicians, there are values with direct commonality. These include collaboration, confidentiality, continuing education, integrity, respect, and trust. Although each code stands alone, these common values show that interaction and collaboration among different professions are based on an ethical framework that underlies their duties and responsibilities to their constituent. The common ethical values taken from these codes are listed in Table 1-3. The text is drawn, with slight adaptations, from the respective professional Codes of Ethics.

Interprofessional Collaboration Competencies There is growing interest in and value placed upon interprofessional collaboration. Healthcare organizations are recognizing that interprofessional teams that can work collaboratively can improve the value of health care through integrated and coordinated processes that lead to improved patient outcomes (Mitchell, Wynia, Golden, McNellis, Okun, Webb, Rohrbach, & Von Kohorn, 2012).

The terms “interprofessional” and “interdisciplinary” are frequently confused, which is not surprising because they are often used interchangeably. To clarify these two terms, it is first important to understand the difference between “profession” and “discipline.” Generally, a profession is described as a “vocation requiring specialized knowledge and skills, and often long and intensive academic preparation. Professions are generally autonomous and self-­regulated.” (Oregon Health & Science University, n.d., p. 1). For example, physicians and nurses are professionals that are self-regulated. A discipline is a specialized field of study or branch of knowledge, and a profession can have multiple disciplines. For example, in health care, both nursing and medicine have disciplines within specialty areas such as obstetrics, pediatrics, and gerontology (Alberto & Herth, 2009; Oregon Health & Science University, n.d.). In 2011, the Interprofessional Education Collaborative Expert Panel (IECEP), composed of representatives from the American Association of Colleges of Nursing (AACN), the American Association of Colleges of Osteopathic Medicine (AACOM), the American Association of Colleges of Pharmacy (AACP), the American Dental Education Association (ADEA), the Association of American Medical Colleges (AAMC), and the Association of Schools of Public Health (ASPH), issued a report supporting interprofessional education to facilitate this important shift in the practice setting. The panel identified four domains of professional competency, and these are relevant for discussions of key stakeholders’ perspectives (Exhibit 1-4).

Values for Interprofessional Practice Of particular relevance is Competency Domain 1: Values/Ethics for Interprofessional Practice, which sets the expectation that healthcare professionals “work with individuals of other professions to maintain a climate of mutual respect and shared values” (IECEP, p. 19). The specific values and competencies are presented in Exhibit 1-5. The panel underscored the importance of these shared values in the following statement:



Shared Professional Values

23

TABLE 1-3  Common Ethical Values from Professional Codes of Ethics Value

HIM Professionals

Physicians

Nurses

Collaboration

Facilitate interdisciplinary collaboration in situations supporting health information practice.

Use the talents of other health professionals when indicated.

Collaborate with other health professionals.

Confidentiality

Advocate, uphold, and defend the individual’s right to privacy and the doctrine of confidentiality; preserve, protect, and secure personal health information in any form or medium and hold in the highest regard health information and other information of a confidential nature obtained in an official capacity, taking into account the applicable statutes and regulations.

Safeguard patient confidences and privacy within the constraints of the law.

Advocate for and protect the rights, health, and safety of the patient.

Continuing education

Advance health information management knowledge and practice through continuing education, research, publications, and presentations.

Continue to study, apply, and advance scientific knowledge; maintain a commitment to medical education; make relevant information available to patients, colleagues, and the public; obtain consultation; and use the talents of other health professionals when indicated.

Advance the profession through research and scholarly inquiry, professional standards development, and the generation of both nursing and health policy.

Integrity

Refuse to participate in or conceal unethical practices or procedures and report such practices.

Uphold the standards of professionalism, are honest in all professional interactions, and strive to report physicians deficient in character or competence, or engaging in fraud or deception, to appropriate entities.

Establish, maintain, and improve the ethical environment of the work setting; maintain the integrity of the profession.

Respect

Respect the inherent dignity and worth of every person.

Show respect for human dignity and rights.

Show respect for the inherent dignity, worth, and unique attributes of every person.

Trust

Put service and the health and welfare of persons before self-interest and conduct oneself in the practice of the profession so as to bring honor to oneself, peers, and to the health information management profession.

Participate in activities contributing to the improvement of the community and the betterment of public health; regard responsibility to the patient as paramount (support access to care for all people).

Have a primary commitment to the patient, whether an individual, family, group, community, or population.

Interprofessional values and related ethics are an important, new part of crafting a professional identity, one that is both professional and interprofessional in nature. These values and ethics are patient centered with a community/population orientation, grounded in a sense of shared

purpose to support the common good in health care, and ref lect a shared commitment to creating safer, more efficient, and more effective systems of care. They build on a separate, profession-specific, core competency in patient-­centeredness. (IECEP, 2011, p. 17)

24

Chapter 1   Professional Values and the Code of Ethics

EXHIBIT 1-4  Interprofessional Collaborative Practice Competency Domains Competency Domain 1: Values/Ethics for Interprofessional Practice Competency Domain 2: Roles/Responsibilities Competency Domain 3: Interprofessional Communication Competency Domain 4: Teams and Teamwork Reprinted from Interprofessional Education Collaborative Expert Panel. (2011). Core competencies for interprofessional collaborative practice: Report of an expert panel. Washington, D.C.: Interprofessional Education Collaborative. p. 16.

The nature of health care and the patientcentered focus sets the stage for shared professional values. In 2006, the Chief Executives of the Regulatory Bodies in the United Kingdom put forth a statement that clearly articulated these shared values (Exhibit 1-6). With the focus on improving patient outcomes via interprofessional healthcare teams,

there is more interest in identifying those factors that contribute to success. ­M itchell et al. (2012), adding to work done by the Interprofessional Education Collaborative Expert Panel in 2011, identified five personal values that characterize the most effective members of high-functioning teams in health care (Exhibit 1-7). Springboarding off these identified personal values, the Principles of Team-Based Health Care were formulated (Exhibit 1-8).

Building an Ethical Health Information System The following are suggestions for incorporating the values and professional practice standards from the Code into your professional life and work environment (Harman & Mullen, 2006). 1. Further your education. Build ethicsrelated courses into your professional plans for continuing education, when taking on new roles and as an ongoing process for a

EXHIBIT 1-5  Interprofessional Collaborative Practice Competency Domain 1: Values/Ethics for Interprofessional Practicel General Competency Statement: Work with individuals of other professions to maintain a climate of mutual respect and shared values. Specific Values/Ethics Competencies: I. Place the interests of patients and populations at the center of interprofessional health care delivery. II. Respect the dignity and privacy of patients while maintaining confidentiality in the delivery of team-based care. III. Embrace the cultural diversity and individual differences that characterize patients, populations, and the health care team. IV. Respect the unique cultures, values, roles/responsibilities, and expertise of other health professions. V. Work in cooperation with those who receive care, those who provide care, and others who contribute to or support the delivery of prevention and health services. VI. Develop a trusting relationship with patients, families, and other team members (CIHC, 2010). VII. Demonstrate high standards of ethical conduct and quality of care in one’s contributions to team-based care. VIII. Manage ethical dilemmas specific to interprofessional patient/population centered care situations. IX. Act with honesty and integrity in relationships with patients, families, and other team members. X. Maintain competence in one’s own profession appropriate to scope. Reprinted from Interprofessional Education Collaborative Expert Panel. (2011). Core competencies for interprofessional collaborative practice: Report of an expert panel. Washington, D.C.: Interprofessional Education Collaborative, p. 19.



Building an Ethical Health Information System

EXHIBIT 1-6  Common Values Statement by the Chief Executives Group of the Health Care Regulators on Professional Values (as Agreed by the Chief Executives of the Regulatory Bodies in 2006) VALUES OF HEALTH CARE PROFESSIONALS All health care professionals are personally accountable for their actions and must be able to explain and justify their decisions. Health care professionals work in many different types of practice. They all have a duty to protect and promote the needs of their patients and clients. To do this they must: Be Open with Patients and Clients and Show Respect for Their Dignity, Individuality and Privacy: ■■ Listen to patients and clients; ■■ Keep information about patients and clients confidential; ■■ Make sure their beliefs and values do not prejudice their patients’ or clients’ care. Respect Patients’ and Clients’ Right to Be Involved in Decisions about Their Treatment and Health Care: ■■ Provide information about patients’ and clients’ conditions and treatment options in a way they can understand; ■■ Obtain appropriate consent before investigating conditions and providing treatment; ■■ Ensure that patients have easy access to their health records. Justify Public Trust and Confidence by Being Honest and Trustworthy: ■■ Act with integrity and never abuse their professional standing; ■■ Never ask for, nor accept any inducement, gift, hospitality or referral which may affect, or be seen to affect, their judgment; ■■ Recommend the use of particular products or services only on the basis of clinical judgment and not commercial gain; ■■ Declare any personal interests to those who may be affected. Provide a Good Standard of Practice and Care: ■■ Recognize and work within the limits of their knowledge, skills and experience; ■■ Maintain and improve their professional knowledge, skills and performance; ■■ Make records promptly and include all relevant information in a clear and legible form. Act Quickly to Protect Patients, Clients and Colleagues from Risk of Harm: ■■ If either their own, or another health care worker’s conduct, health or performance may place patients, clients or colleagues at risk; ■■ If there are risks of infection or other dangers in the environment. Co-operate with Colleagues from Their Own and Other Professions: ■■ Respect and encourage the skills and contributions which others bring to the care of patients and clients; ■■ Within their work environment, support professional colleagues in developing professional knowledge, skills and performance; ■■ Not require colleagues to take on responsibilities that are beyond their level of knowledge, skills and experience. Reprinted from Chief Executives of the Regulatory Bodies (2006) Common Values Statement by the Chief Executives Group of the Health Care Regulators on professional values, Available from https://www.professionalstandards.org.uk/docs/scrutiny-quality/common-values-statement.pdf?sfvrsn=0

25

26

Chapter 1   Professional Values and the Code of Ethics

EXHIBIT 1-7  Personal Values of Most Effective Members of High-Functioning Teams Honesty: Team members put a high value on effective communication within the team, including transparency about aims, ­decisions, uncertainty, and mistakes. Honesty is critical to continued improvement and for maintaining the mutual trust necessary for a high-functioning team. Discipline: Team members carry out their roles and responsibilities with discipline, even when it seems inconvenient. At the same time, team members are disciplined in seeking out and sharing new information to improve individual and team functioning, even when doing so may be uncomfortable. Such discipline allows teams to develop and stick to their standards and protocols even as they seek ways to improve. Creativity: Team members are excited by the possibility of tackling new or emerging problems creatively. They see even errors and unanticipated bad outcomes as potential opportunities to learn and improve. Humility: Team members recognize differences in training but do not believe that one type of training or perspective is uniformly superior to the training of others. They also recognize that they are human and will make mistakes. Hence, a key value of working in a team is that fellow team members can rely on each other to help recognize and avert failures, regardless of where they are in the hierarchy. Curiosity: Team members are dedicated to reflecting upon the lessons learned in the course of their daily activities and using those insights for continuous improvement of their own work and the functioning of the team. Reproduced from Mitchell, P., Wynia, M., Golden, R., McNellis, B., Okun, S., Webb, C. E., Rohrbach, V. and Von Kohorn, I. (2012) Core principles & values of effective team-based health care. Discussion Paper, Institute of Medicine, Washington, DC. www.iom.edu/tbc. p. 5. Reproduced with permission by The National Academy of Sciences, Courtesy of National Academies Press, Washington, D.C.

EXHIBIT 1-8  Principles of Team-Based Health Care Shared goals: The team—including the patient and, where appropriate, family members or other sup-port persons—works to establish shared goals that reflect patient and family priorities, and can be clearly articulated, understood, and supported by all team members. Clear roles: There are clear expectations for each team member’s functions, responsibilities, and accountabilities, which optimize the team’s efficiency and often make it possible for the team to take ad-vantage of division of labor, thereby accomplishing more than the sum of its parts. Mutual trust: Team members earn each other’s trust, creating strong norms of reciprocity and greater opportunities for shared achievement. Effective communication: The team prioritizes and continuously refines its communication skills. It has consistent channels for candid and complete communication, which are accessed and used by all team members across all settings. Measurable processes and outcomes: The team agrees on and implements reliable and timely feedback on successes and failures in both the functioning of the team and achievement of the team’s goals. These are used to track and improve performance immediately and over time. Mitchell, P., Wynia, M., Golden, R., McNellis, B., Okun, S., Webb, C. E., Rohrbach, V. and Von Kohorn, I. (2012). Core principles & values of effective team-based health care. Discussion Paper, Institute of Medicine, Washington, DC. www.iom.edu/tbc. p. 6. Reproduced with permission by The National Academy of Sciences, Courtesy of National Academies Press, Washington, D.C.

Conclusion continuing role at work. Develop a lifelong learning plan regardless of the degrees or credentials that you currently hold. Ethical actions include: ■■ Know and understand the professional Code of Ethics and how it specifically affects your professional area of expertise. Understand ethical principles and values to guide your decision-making. ■■ Understand your personal values and how these influence decisions, given that values are deeply embedded in the decision-making process. ■■ Understand the need to draw on both professional discipline and ethical expertise when making decisions. ■■ Include ethical sessions in your continuing education program. 2. Consult with the ethics committee. Do not just limit the participation of ­ethicists and the ethics committee to official ­institutional review board (IRB) (researchbased) problems. Over the years, there have been many ethical issues related to research (Harman & Nielson,  2008). Although ­facility-wide ethics committees typically deal with clinical bioethical decisions, members of these committees are experts who are well positioned to help create the arguments and counterarguments for HIM issues such as releasing information, sharing data in relational databases, dealing with fraud and abuse issues, and analyzing issues related to problems with computerized software and security. HIM professionals are encouraged to take such issues to the ethics committees and to colleagues for consultation. The full clinical team must be involved in resolving such issues; otherwise, the solitary voice of the HIM professional will not be powerful enough to adequately protect patient privacy and confidentiality. If you feel uncomfortable about a decision, it most likely has an ethical component. In that case, you need advice and should get it. 3. Change the organizational culture. Help to change the organizational structure,

27

systems, policies, and procedures if they do not support ethical behavior and ensure patient privacy. Comply with laws, rules, and regulations, but not at the expense of ethical behavior. Organizational integrity is needed to enable professionals to be ethical. If there is disagreement between what is legal and what is ethical, work with colleagues to make the necessary changes in the system. Be an advocate for patients, the healthcare teams, and those who work on their behalf, either in direct patient care or through administrative responsibilities. 4. Be a role model. Students and practitioners need to understand and use ethical principles and values in their work environment. Clinical practice experiences are chosen so that students can interact with good role models. It is important to both “talk and walk” ethics. Students learn to incorporate the professional values they observe in others facing difficult decisions. Demonstrate integrity and be a role model for students by teaching them the complexities of the issues—not only the rules and regulations, but also the range of choices that must be considered. Be honorable at all times. Help the next generation of professionals learn to have courage in the face of ethical dilemmas. There is no greater gift to those who represent the future of the profession.

Conclusion There are many who work in the health information and healthcare systems, including healthcare providers; chief executive, information, or operations officers; business professionals; vendors; information technology and data analytics experts; researchers; public health professionals; and many others. In addition to their own professional expertise, these experts must understand the roles, professional values, and ethical obligations of the health information management professional. The complex challenges related to documentation and access to and use of information do not allow the luxury

28

Chapter 1   Professional Values and the Code of Ethics

of the “right answer” based exclusively on laws and required standards, even if precedence has been set. There are many stakeholders who must know what happens to the documentation once it is entered into a medical record or EHRS, and they must become much more public in their role as protectors of privacy and confidentiality. The question of patient access to information, and the ethical implications, must also be considered (Harman, Miller, Moore, & Winkelstein, 2013). The protection of privacy and confidentiality and the assurance of secure systems must be honored. In order to ensure and maintain the public trust regarding privacy, confidentiality, and quality care, there must be an understanding of the ethical foundations of the various professions. The challenges encountered require interdisciplinary collaboration, an understanding of professional values, and an ethical decision-making process. All teams will be supported by the professional values embedded in the various codes of ethics. The codes of ethics need to be included and integrated throughout the educational process for those who work on behalf of patients in both clinical and nonclinical roles. We can no longer afford to be educated and to work in isolated professional silos. Every professional must be comfortable with asking ethical questions within the context of the clinical and health information systems and challenge others to do the same. HIM professionals, nurses, physicians, and information technology experts, as well as others, need to examine and live by the current Code of Ethics, using it as a decision-making framework to guide the professional’s decisions and actions. Interdisciplinary team members must act as organizational change agents, leading initiatives to support systems that guarantee compliance with the laws and principles for privacy and confidentiality. These professionals should be leaders who are technically competent, innovative, energetic, courageous, and able to envision future challenges and opportunities for improvement. HIM professionals, care providers, administrators, health information technology specialists, business professionals, ethicists, lawyers, policy makers, accreditation

agencies, and patients must work together to establish ethical standards and hold all accountable to meet those standards. This will require respectful interdisciplinary collaboration. As the visionary founders of the HIM profession recognized in 1928, those who work in the health information system must have information management expertise, have courage, and be ethical. The founders of the HIM profession recognized the importance of protecting patient privacy, competency, integrity, truth-telling, trust, compassion, dedication to others, and courage in carrying out responsibilities. These values are more important now than ever before.

KEY TERMS AHIMA Code of Ethics Appropriateness Collaboration Disclose Disclosure Ethical decision-making Health information management (HIM) professional Health maintenance organization (HMO) Interprofessional collaboration Profession Professional Trust Values

CHAPTER SUMMARY ■■

■■

■■

HIM and healthcare professionals must have both professional discipline and ethical expertise due to the complexity of the issues they face in contemporary healthcare and regulatory environments, documentation requirements, access and release of information requirements, coding and reimbursement systems, and technology. Professionals have many constituents, including patients and the entire healthcare team, the employer, the public, oneself, and professional associations. The professional’s obligations to patients and the healthcare team are to provide service, to protect medical and social

References 29

■■

■■

■■

■■

■■

■■

information, to promote confidentiality, to promote the quality and advancement of health care, to stay within the scope of responsibility, to refrain from passing clinical judgment, and to promote interdisciplinary cooperation and collaboration. The professional’s obligations to the employer are to demonstrate loyalty to the employer; to protect committee deliberations; to comply with laws, regulations, and policies; to recognize authority and power; and to accept compensation only in relationship to one’s responsibilities. The professional’s obligations to the public interest are to advocate for change, to refuse to participate in or conceal unethical practices, and to report violations of practice standards to the proper authorities. The professional’s obligations to him- or herself and to the professional association are to be honest; to bring honor to oneself, one’s peers, and the profession; to commit to continuing education and lifelong learning; to discharge association duties honorably; to strengthen professional membership; to represent the profession to the public; and to promote and participate in research. Building an ethical health information system requires furthering one’s education, consulting with ethics committees, changing the organizational culture to support ethical behaviors, being a role model for others, and asking ethical questions and challenging others to do the same. Codes of ethics are necessary to promote critical thinking and values-based decision making. They provide a general framework for professional behavior and guidance to be followed in difficult situations. Codes of ethics and supporting review processes are valuable if they also provide consequences for not following ethical tenets and if there are mechanisms to report unethical behavior. The current complex healthcare system demands that all professionals, clinical and nonclinical, work to breakdown the siloed nature that exists. Codes of ethics with shared values and beliefs can help

■■

to foster interprofessional collaboration in the design and operations of healthcare systems. Educational programs at an institution of higher learning or within a healthcare system can prioritize these approaches, and local entities/facilities can adopt team-approached practices. Appendix 1-G provides brief summaries of Chapters 1 through 26. The reader will be able to review the Appendix and find detailed information and scenarios on each subject.

REFERENCES Abdelhak, M., & Hanken, M. A. (2015). Health information: Management of a strategic resource (5th ed.). Philadelphia, PA: Saunders. AHIMA Advantage. Welcome to AHIMA membership (2012a, February). 16(1) pp 7, 9. AHIMA Advantage. Celebrate National Ethics Awareness Month with quiz (2012b, April). 16(2) p 18. AHIMA Advantage. Learn more about AHIMA Code of Ethics (2013, August). 18(4) p 4. AHIMA Alberto, J., & Herth, K. (2009). Interprofessional collaboration within faculty roles: Teaching, service, and research. OJIN: The Online Journal of Issues in Nursing, 14(2). Amatayakul, M. K. (2013). Electronic health records: A  practical guide for professionals and organizations (5th ed.). Chicago, IL: AHIMA Press. American Health Information Management Association [AHIMA]. (1957). [Code of Ethics for the Practice of Medical Record Science]. Chicago, IL: Author. American Health Information Management Association [AHIMA]. (1998). [American Health Information Management Association Code of Ethics and Bylaws]. Chicago, IL: Author. American Health Information Management Association [AHIMA]. (2008). Standards of Ethical Coding. Chicago, IL: Author. American Health Information Management Association [AHIMA]. (2010). Standards for clinical documentation improvement. Chicago, IL: Author. American Health Information Management Association [AHIMA]. (2011). 2011 American Health Information Management Association code of ethics. Chicago, IL: Author. American Medical Association. (2001). Code of medical ethics. Available from http://www.ama-assn.org/go/ code. American Nurses Association. (2014). Code of ethics for nurses with interpretive statements. American Nurses Association.Silver Spring, MD.

30

Chapter 1   Professional Values and the Code of Ethics

Butts, J. B. & Rich, K. L. (2015) Nursing ethics across the curriculum and into practice 4th Ed, Jones & Bartlett, Sudbury, MA. Burton, B. (2014). How to lead your organization in compliance, ethics, and customer service. Journal of AHIMA, 85(8), 22–25. Chief Executives of the Regulatory Bodies. (2006). Common values statement by the Chief Executives Group of the Health Care Regulators on professional values. Available from https://www.professionalstandards. org.uk/docs/scrutiny-quality/common-valuesstatement-.pdf?sfvrsn=0. Cofer, J. (Ed.). (1994). Health information management (10th ed.). Chicago, IL: Physicians’ Record Company. Commission on Accreditation for Health Informatics and Information Management Education [CAHIIM]. (2015). CAHIIM accreditation standards. Available from http://www.cahiim.org/accredstnds. html. Fahrenwald, N. L., Bassett, S. D., Tschetter, L., ­Carson,  P.  P., White, L., & Winterboer, V. J. (2005). Teaching core nursing values. Journal of Professional Nursing, 21(1), 46–51. Flite, C. A., & Harman, L. B. (2013, Winter). Code of ethics: Principles for ethical leadership. Perspectives in Health Information. Chicago, IL: AHIMA. Glover, J. J. (2015). Ethical decision-making guidelines and tools. Chapter 2 in L. B. Harman and F.  ­C ornelius (Eds.), Ethical health informatics: ­Challenges and opportunities (3rd ed.). Burlington, MA: Jones & Bartlett Learning. Harman, L. B. (2000). Confronting ethical dilemmas on the job: An HIM professional’s guide. Journal of the American Health Information Management Association, 71(5), 45–49. Harman, L. B. (2001). Professional values and the Code of Ethics. Chapter 1 in L. B. Harman (Ed.), Ethical issues in the management of health information. Gaithersburg, MD: Aspen. Harman, L. B. (Ed.). (2006). Ethical challenges in the management of health information (2nd ed.). Sudbury, MA: Jones & Bartlett. Harman, L. B. (2013a). Ethical issues in health information management. Chapter 13 in K. M. LaTour, S. Eichenwald-Maki, & P. K. Oachs (Eds.). Health information management: Concepts, principles, and practice (4th ed.). Chicago: AHIMA. Harman, L. B. (2013b). Ethical issues in health information management. Chapter 12 in N. B. Sayles (Ed.), Health information management technology: An applied approach (4th ed.) Chicago, IL: AHIMA. Harman, L. B., Flite, C. A., & Bond, K. (2012). Electronic health records: Privacy, confidentiality, and security. American Medical Association Journal of Ethics, 14(9), 712–719.

Harman, L. B., Miller, S. T., Moore, G. R., & Winkelstein, P. (2013). Providers: Ethically obligated to give easier access to records? Medical Ethics Advisor, February, 22–23. Harman, L. B., & Mullen, V. L. (2006). Professional values and the Code of Ethics. Chapter 1 in L. B. H ­ arman (Ed.), Ethical challenges in the management of health information (2nd ed.). Sudbury, MA: Jones & Bartlett. Harman, L. B. & Nielsen, C. S. (2008). Research and ­ethics. In E. Layman & V. Watzlaf (Eds.), Health informatics research methods: Principles and practice (pp. 333–393). Chicago, IL: AHIMA. Huffman, E. K. (1963). Manual for medical record librarians (5th ed.). Berwyn, IL: Physicians’ Record Company. Huffman, E. K. (1972). Manual for medical record librarians (6th ed.). Chicago, IL: Physicians’ Record Company. International Council of Nurses (2006) The ICN code of ethics for nurses, ICN, Geneva, Switzerland. Available from http://www.dsr.dk/ser/documents/icncode_ english.pdf Interprofessional Education Collaborative Expert Panel [IECEP]. (2011). Core competencies for interprofessional collaborative practice: Report of an expert panel. Washington, DC: Interprofessional Education Collaborative. Kohorn, I. (2012). Core Principles and values of effective team-based health care. Discussion Paper, Institute of Medicine, Washington, DC. Available from www .iom.edu/tbc. LaTour, K. M., & Eichenwald-Maki, S., & Oachs, P. K. (Eds.). (2013). Health information management: ­Concept, principles, and practice (4th ed.). Chicago, IL: AHIMA. Mitchell, P., Wynia, M., Golden, R., McNellis, B., Okun,  S., Webb, C. E., Rohrbach, V., & Von Kohorn, I. (2012, October). Core principles and values of effective team-based health care. Discussion Paper, Institute of Medicine, Washington, DC. Available from http://www.iom.edu/tbc. Oregon Health & Science University. (n.d.). OHSU interprofessional initiative glossary. Available from http://www.ohsu.edu/xd/education/studentservices/about-us/provost/upload/OHSU-IPEGlossary.pdf. Rinehart-Thompson, L. A., & Harman, L. B. (2006). ­Privacy and confidentiality. Chapter 3 in L. B. ­Harman (Ed.), Ethical challenges in the management of health information (2nd ed.). Sudbury, MA: Jones & Bartlett. Shahriari, M., Mohammadi, E., Abbaszadeh, A., & ­Bahrami, M. (2013). Nursing ethical values and definitions: A literature review. Iranian Journal of Nursing Midwifery Research, 18(1), 1–8. Shi, L., & Singh, D. A. (2015). Delivering health care in America: A systems approach (6th ed.). Burlington, MA: Jones & Bartlett Learning.

References 31 Spinello, R. A. (1997). Case studies in information and computer ethics. Upper Saddle River, NJ: Prentice Hall. Additional Resources American Health Information Management Association [AHIMA] Foundation. (n.d.). Transforming Health Information Workforce: Reality 2016. Available from http://library.ahima.org/ American Health Information Management Association [AHIMA]. (2009, October). Take action to educate and expand the health information management (HIM) professional workforce [position statement]. Available from http://library.ahima.org/ American Health Information Management Association [AHIMA]. (2013). Healthcare reimbursement toolkit. Available from http://library.ahima.org/ American Health Information Management Association [AHIMA]. (2014, February). Enabling consumer and patient engagement with health information. Journal of AHIMA, 88(2), 56–59. Bielby, J. A. (2013, July). Coding with integrity: Top coding tips from AHIMA experts. Journal of AHIMA, 84(7), 28–32. Butler, M. (2014, July). Reinventing CDI: Organizations relaunching and reworking data integrity efforts, and coding roles, with clinical documentation improvement programs. Journal of AHIMA, 85(7), 24–27. Celebrate National Ethics Awareness Month with quiz. (2012, April). AHIMA Advantage, 16(2), 18.

Gordon, L. T. (2012, September 26). [AHIMA letter to Secretary Sebelius and Attorney General Holder concerning EM coding in electronic health records.] Available https://library.ahima.org Learn more about AHIMA Code of Ethics. (2013, August). AHIMA Advantage, 18(4), 4. Protecting high-stakes PHI: DS4P healthcare standards enhance the privacy of sensitive data. (2014, April). Journal of AHIMA, 85(4), 30–34. Web Pages ACDIS Code of Ethics: Available at http://www.hcpro .com/acdis/code_or_ethics.cfmAHIMA Code of ­Ethics. Available at http://www.ahima.org/about/ ethicscode.aspx. AHIMA’s position statement on Quality Health Data and Information. Available at http://ahima.org/dc/ positions. AHIMA’s position statement on Data Stewardship. Available at http://ahima.org/dc/positions AHIMA standards of ethical coding. Available at http://library.ahima.org/epedio/groups/public/ documents/ahima/bok1_040394.hcsp. Association of Clinical Documentation Improvement Specialists [ACDIS] Code of Ethics. Available at http://www.hcpro.com/acdis/code_ or_ethics.cfm.

APPENDIX 1-A

1957 Code of Ethics for the Practice of Medical Record Science

[Note: Gender-neutral language was not used in the 1950s, so the male pronoun should be read as “he or she.”] As a member of one of the paramedical professions he shall: 1. Place service before material gain, the honor of the profession before personal advantage, the health and welfare of patients above all personal and financial interests, and conduct himself in the practice of this profession so as to bring honor to himself, his associates, and to the medical record profession. 2. Preserve and protect the medical records in his custody and hold inviolate the privileged contents of the records and any other information of a confidential nature obtained in his official capacity, taking due account of the applicable statutes and of regulations and policies of his employer. 3. Serve his employer loyally, honorably discharging the duties and responsibilities entrusted to him, and give due consideration to the nature of these responsibilities in giving his employer notice of intent to resign his position. 4. Refuse to participate in or conceal unethical practices or procedures. 5. Report to the proper authorities but disclose to no one else any evidence of conduct or practice revealed in the medical records in his custody that indicates possible violation of established rules and regulations of the employer or of professional practice. 6. Preserve the confidential nature of professional determinations made by the staff committee which he serves.

7. Accept only those fees that are customary and lawful in the area for services rendered in his official capacity. 8. Avoid encroachment on the professional responsibilities of the medical and other paramedical professions, and under no circumstances assume or give the appearance of assuming the right to make determinations in professional areas outside the scope of his assigned responsibilities. 9. Strive to advance the knowledge and practice of medical record science, including continued self-improvement in order to contribute to the best possible medical care. 10. Participate appropriately in developing and strengthening professional manpower and in representing the profession to the public. 11. Discharge honorably the responsibilities of any Association post to which appointed or elected, and preserve the confidentiality of any privileged information made known to him in his official capacity. 12. State truthfully and accurately his credentials, professional education, and experiences in any official transaction with the American Association of Medical Record Librarians and with any employer or prospective employer. Reprinted with permission from the American Health Information Management Association. Copyright © 1957 by the American Health Information Management Association. All rights reserved. No part of this may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association.

APPENDIX 1-B

1998 American Health Information Management Association Code of Ethics

Preamble  This Code of Ethics sets forth ethical principles for the health information management profession. Members of this profession are responsible for maintaining and promoting ethical practices. This Code of Ethics, adopted by the American Health Information Management Association, shall be binding on health information management professionals who are members of the Association and all individuals who hold an AHIMA credential.  I. Health information management professionals respect the rights and dignity of all individuals. II. Health information management professionals comply with all laws, regulations, and standards governing the practice of health information management. III. Health information management professionals strive for professional excellence through self-assessment and continuing education. IV. Health information management professionals truthfully and accurately represent their professional credentials, education, and experience. V. Health information management professionals adhere to the vision, mission, and values of the Association.

VI. Health information management professionals promote and protect the confidentiality and security of health records and health information. VII. Health information management professionals strive to provide accurate and timely information. VIII. Health information management professionals promote high standards for health information management practice, education, and research. IX. Health information management professionals act with integrity and avoid conf licts of interest in the performance of their professional and AHIMA responsibilities. Revised & adopted by AHIMA House of ­Delegates—October 4, 1998. Reprinted with permission from the American Health Information Management Association. Copyright © 1999 by the American Health Information Management Association. All rights reserved. No part of this may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association.

APPENDIX 1-C

2011 American Health Information Management Association Code of Ethics Preamble The ethical obligations of the health information management (HIM) professional include the safeguarding of privacy and security of health information; disclosure of health information; development, use, and maintenance of health information systems and health information; and ensuring the accessibility and integrity of health information. Healthcare consumers are increasingly concerned about security and the potential loss of privacy and the inability to control how their personal health information is used and disclosed. Core health information issues include what information should be collected; how the information should be handled, who should have access to the information, under what conditions the information should be disclosed, how the information is retained and when it is no longer needed, and how is it disposed of in a confidential manner. All of the core health information issues are performed in compliance with state and federal regulations, and employer policies and procedures. Ethical obligations are central to the professional's responsibility, regardless of the employment site or the method of collection, storage, and security of health information. In addition, sensitive information (e.g., genetic, adoption, drug, alcohol, sexual, health, and behavioral information) requires special attention to prevent misuse. In the world of business and interactions with consumers, expertise in the protection of the information is required.

Purpose of the American Health Information Management Association Code of Ethics The HIM professional has an obligation to demonstrate actions that reflect values, ethical principles, and ethical guidelines. The American

Health Information Management Association (AHIMA) Code of Ethics sets forth these values and principles to guide conduct. (See also  AHIMA Vision, Mission, Values) The code is relevant to all AHIMA members and CCHIIM credentialed HIM professionals [hereafter referred to as certificants], regardless of their professional functions, the settings in which they work, or the populations they serve. These purposes strengthen the HIM professional’s efforts to improve overall quality of healthcare. The AHIMA Code of Ethics serves seven purposes: ■■ ■■

■■

■■

■■

■■

■■

Promotes high standards of HIM practice. Identifies core values on which the HIM mission is based. Summarizes broad ethical principles that reflect the profession's core values. Establishes a set of ethical principles to be used to guide decision-making and actions. Establishes a framework for professional behavior and responsibilities when professional obligations conflict or ethical uncertainties arise. Provides ethical principles by which the general public can hold the HIM professional accountable. Mentors practitioners new to the field to HIM’s mission, values, and ethical principles.

The code includes principles and guidelines that are both enforceable and aspirational. The extent to which each principle is enforceable is a matter of professional judgment to be exercised by those responsible for reviewing alleged violations of ethical principles.

The Code of Ethics and How to Interpret the Code of Ethics Principles and Guidelines The following ethical principles are based on the core values of the American Health Information



The Code of Ethics and How to Interpret the Code of Ethics

Management Association and apply to all AHIMA members and certificants. Guidelines included for each ethical principle are a noninclusive list of behaviors and situations that can help to clarify the principle. They are not meant to be a comprehensive list of all situations that can occur.











I. Advocate, uphold, and defend the individual's right to privacy and the doctrine of confidentiality in the use and disclosure of information. A health information management professional shall: 1.1. Safeguard all confidential patient information to include, but not limited to, personal, health, financial, genetic, and outcome information. 1.2. Engage in social and political action that supports the protection of privacy and confidentiality, and be aware of the impact of the political arena on the health information issues for the healthcare industry. 1.3. Advocate for changes in policy and legislation to ensure protection of privacy and confidentiality, compliance, and other issues that surface as advocacy issues and facilitate informed participation by the public on these issues. 1.4. Protect the confidentiality of all information obtained in the course of professional service. Disclose only information that is directly relevant or necessary to achieve the purpose of disclosure. Release information only with valid authorization from a patient or a person legally authorized to consent on behalf of a patient or as authorized by federal or state regulations. The minimum necessary standard is essential when releasing health information for disclosure activities. 1.5. Promote the obligation to respect privacy by respecting confidential information shared among colleagues, while responding to requests from the legal profession, the media, or other nonhealthcare related individuals, during presentations or teaching and in situations that could cause harm to persons.













35

1.6. Respond promptly and appropriately to patient requests to exercise their privacy rights (e.g., access, amendments, restriction, confidential communication, etc.). Answer truthfully all patients’ questions concerning their rights to review and annotate their personal biomedical data and seek to facilitate patients’ legitimate right to exercise those rights. II. Put service and the health and welfare of persons before self-interest and conduct oneself in the practice of the profession so as to bring honor to oneself, peers, and to the health information management profession. A health information management professional shall: 2.1. Act with integrity, behave in a trustworthy manner, elevate service to others above self-interest, and promote high standards of practice in every setting. 2.2. Be aware of the profession's mission, values, and ethical principles, and practice in a manner consistent with them by acting honestly and responsibly. 2.3. Anticipate, clarify, and avoid any conflict of interest, to all parties concerned, when dealing with consumers, consulting with competitors, in providing services requiring potentially conflicting roles (for example, finding out information about one facility that would help a competitor), or serving the Association in a volunteer capacity. The conflicting roles or responsibilities must be clarified and appropriate action taken to minimize any conflict of interest. 2.4. Ensure that the working environment is consistent and encourages compliance with the AHIMA Code of Ethics, taking reasonable steps to eliminate any conditions in their organizations that violate, interfere with, or discourage compliance with the code. 2.5. Take responsibility and credit, including authorship credit, only for work they actually perform or to which they

36

Chapter 1   Professional Values and the Code of Ethics

contribute. Honestly acknowledge the work of and the contributions made by others verbally or written, such as in publication. A health information management professional shall not: 2.6. Permit one’s private conduct to interfere with the ability to fulfill one’s professional responsibilities. 2.7. Take unfair advantage of any professional relationship or exploit others to further one’s own personal, religious, political, or business interests. III. Preserve, protect, and secure personal health information in any form or medium and hold in the highest regards health information and other information of a confidential nature obtained in an official capacity, taking into account the applicable statutes and regulations. A health information management professional shall: 3.1. Safeguard the privacy and security of written and electronic health information and other sensitive information. Take reasonable steps to ensure that health information is stored securely and that patients' data is not available to others who are not authorized to have access. Prevent inappropriate disclosure of individually identifiable information. 3.2. Take precautions to ensure and maintain the confidentiality of information transmitted, transferred, or disposed of in the event of termination, incapacitation, or death of a healthcare provider to other parties through the use of any media. 3.3. Inform recipients of the limitations and risks associated with providing services via electronic or social media (e.g., computer, telephone, fax, radio, and television). IV. Refuse to participate in or conceal unethical practices or procedures and report such practices. A health information management professional shall: 4.1. Act in a professional and ethical manner at all times.















4.2. Take adequate measures to discourage, prevent, expose, and correct the unethical conduct of colleagues. If needed, utilize the  Professional Ethics Committee Policies and Procedures for potential ethics complaints. 4.3. Be knowledgeable about established policies and procedures for handling concerns about colleagues' unethical behavior. These include policies and procedures created by AHIMA, licensing and regulatory bodies, employers, supervisors, agencies, and other professional organizations. 4.4. Seek resolution if there is a belief that a colleague has acted unethically or if there is a belief of incompetence or impairment by discussing one’s concerns with the colleague when feasible and when such discussion is likely to be productive. 4.5. Consult with a colleague when feasible and assist the colleague in taking remedial action when there is direct knowledge of a health information management colleague's incompetence or impairment. 4.6. Take action through appropriate formal channels, such as contacting an accreditation or regulatory body and/ or the AHIMA Professional Ethics Committee if needed. 4.7. Cooperate with lawful authorities as appropriate. A health information management professional shall not: 4.8. Participate in, condone, or be associated with dishonesty, fraud and abuse, or deception. A non-inclusive list of examples includes: ■■ Allowing patterns of optimizing or minimizing documentation and/or coding to impact payment ■■ Assigning codes without physician documentation ■■ Coding when documentation does not justify the diagnoses or procedures that have been billed ■■ Coding an inappropriate level of service



The Code of Ethics and How to Interpret the Code of Ethics Miscoding to avoid conflict with others ■■ Engaging in negligent coding practices ■■ Hiding or ignoring review outcomes, such as performance data ■■ Failing to report licensure status for a physician through the appropriate channels ■■ Recording inaccurate data for accreditation purposes ■■ Allowing inappropriate access to genetic, adoption, health, or behavioral health information ■■ Misusing sensitive information about a competitor ■■ Violating the privacy of individuals Refer to the AHIMA Standards for Ethical Coding for additional guidance. 4.9. Engage in any relationships with a patient where there is a risk of exploitation or potential harm to the patient. V. Advance health information management knowledge and practice through continuing education, research, publications, and presentations. A health information management professional shall: 5.1. Develop and enhance continually professional expertise, knowledge, and skills (including appropriate education, research, training, consultation, and supervision). Contribute to the knowledge base of health information management and share one’s knowledge related to practice, research, and ethics. 5.2. Base practice decisions on recognized knowledge, including empirically based knowledge relevant to health information management and health information management ethics. 5.3. Contribute time and professional expertise to activities that promote respect for the value, integrity, and competence of the health information management profession. These activities may include teaching, research, consultation, service, legislative ■■









37

testimony, advocacy, presentations in the community, and participation in professional organizations. 5.4. Engage in evaluation and research that ensures the confidentiality of participants and of the data obtained from them by following guidelines developed for the participants in consultation with appropriate institutional review boards. 5.5. Report evaluation and research findings accurately and take steps to correct any errors later found in published data using standard publication methods. 5.6. Design or conduct evaluation or research that is in conformance with applicable federal or state laws. 5.7. Take reasonable steps to provide or arrange for continuing education and staff development, addressing current knowledge and emerging developments related to health information management practice and ethics. VI. Recruit and mentor students, staff, peers, and colleagues to develop and strengthen professional workforce. A health information management professional shall: 6.1. Provide directed practice opportunities for students. 6.2. Be a mentor for students, peers, and new health information management professionals to develop and strengthen skills. 6.3. Be responsible for setting clear, appropriate, and culturally sensitive boundaries for students, staff, peers, colleagues, and members within professional organizations. 6.4. Evaluate students’ performance in a manner that is fair and respectful when functioning as educators or clinical internship supervisors. 6.5. Evaluate staff’s performance in a manner that is fair and respectful when functioning in a supervisory capacity. 6.6. Serve an active role in developing HIM faculty or actively recruiting HIM professionals.

38

Chapter 1   Professional Values and the Code of Ethics

A health information management professional shall not: 6.7. Engage in any relationships with a person (e.g. students, staff, peers, or colleagues) where there is a risk of exploitation or potential harm to that other person. VII. Represent the profession to the public in a positive manner. A health information management professional shall: 7.1. Be an advocate for the profession in all settings and participate in activities that promote and explain the mission, values, and principles of the profession to the public. VIII. Perform honorably health information management association responsibilities, either appointed or elected, and preserve the confidentiality of any privileged information made known in any official capacity. A health information management professional shall: 8.1. Perform responsibly all duties as assigned by the professional association operating within the bylaws and policies and procedures of the association and any pertinent laws. 8.2. Uphold the decisions made by the association. 8.3. Speak on behalf of the health information management profession and association, only while serving in the role, accurately representing the official and authorized positions of the association. 8.4. Disclose any real or perceived conflicts of interest. 8.5. Relinquish association information upon ending appointed or elected responsibilities. 8.6. Resign from an association position if unable to perform the assigned responsibilities with competence. 8.7. Avoid lending the prestige of the association to advance or appear to advance the private interests of others by endorsing any product or service in return for remuneration. Avoid endorsing products or services of a

third party, for-profit entity that competes with AHIMA products and services. Care should  also  be exercised in endorsing any other products and services. IX. State truthfully and accurately one’s credentials, professional education, and experiences. A health information management professional shall: 9.1. Make clear distinctions between statements made and actions engaged in as a private individual and as a representative of the health information management profession, a professional health information association, or one’s employer. 9.2. Claim and ensure that representation to patients, agencies, and the public of professional qualifications, credentials, education, competence, affiliations, services provided, training, certification, consultation received, supervised experience, and other relevant professional experience are accurate. 9.3. Claim only those relevant professional credentials actually possessed and correct any inaccuracies occurring regarding credentials. 9.4. Report only those continuing education units actually earned for the recertification cycle and correct any inaccuracies occurring regarding CEUs. X. Facilitate interdisciplinary collaboration in situations supporting health information practice. A health information management professional shall: 10.1. Participate in and contribute to decisions that affect the well-being of patients by drawing on the perspectives, values, and experiences of those involved in decisions related to patients. 10.2. Facilitate interdisciplinary collaboration in situations supporting health information practice. 10.3. Establish clearly professional and ethical obligations of the

interdisciplinary team as a whole and of its individual members. 10.4. Foster trust among group members and adjust behavior in order to establish relationships with teams. XI. Respect the inherent dignity and worth of every person. A health information management professional shall: 11.1. Treat each person in a respectful fashion, being mindful of individual differences and cultural and ethnic diversity. 11.2. Promote the value of self-determination for each individual. 11.3. Value all kinds and classes of people equitably, deal effectively with all races, cultures, disabilities, ages and genders. 11.4. Ensure all voices are listened to and respected.

The Use of the Code Violation of principles in this code does not automatically imply legal liability or violation of the law. Such determination can only be made in the context of legal and judicial proceedings. Alleged violations of the code would be subject to a peer review process. Such processes are generally separate from legal or administrative procedures and insulated from legal review or proceedings to allow the profession to counsel and discipline its own members although in some situations, violations of the code would constitute unlawful conduct subject to legal process. Guidelines for ethical and unethical behavior are provided in this code. The terms “shall and shall not” are used as a basis for setting high ­standards for behavior. This does not imply that everyone “shall or shall not” do everything that is listed. This concept is true for the entire code. If someone does the stated activities, ethical behavior is the standard. The guidelines are not a comprehensive list. For example, the statement “safeguard all confidential patient information to include, but not limited to, personal, health, financial, genetic and outcome information” can also be interpreted as “shall not fail to safeguard all confidential patient information

The Use of the Code

39

to include personal, health, financial, genetic, and outcome information.” A code of ethics cannot guarantee ethical behavior. Moreover, a code of ethics cannot resolve all ethical issues or disputes or capture the richness and complexity involved in striving to make responsible choices within a moral community. Rather, a code of ethics sets forth values and ethical principles, and offers ethical guidelines to which an HIM professional can aspire and by which actions can be judged. Ethical behaviors result from a personal commitment to engage in ethical practice. Professional responsibilities often require an individual to move beyond personal values. For example, an individual might demonstrate behaviors that are based on the values of honesty, providing service to others, or demonstrating loyalty. In addition to these, professional values might require promoting confidentiality, facilitating interdisciplinary collaboration, and refusing to participate or conceal unethical practices. Professional values could require a more comprehensive set of values than what an individual needs to be an ethical agent in one’s own personal life. The AHIMA Code of Ethics is to be used by AHIMA members and certificants, consumers, agencies, organizations, and bodies (such as licensing and regulatory boards, insurance providers, courts of law, government agencies, and other professional groups) that choose to adopt it or use it as a frame of reference. The AHIMA Code of Ethics reflects the commitment of all to uphold the profession's values and to act ethically. Individuals of good character who discern moral questions and, in good faith, seek to make reliable ethical judgments, must apply ethical principles. The code does not provide a set of rules that prescribe how to act in all situations. Specific applications of the code must take into account the context in which it is being considered and the possibility of conflicts among the code's values, principles, and guidelines. Ethical responsibilities flow from all human relationships, from the personal and familial to the social and professional. Further, the AHIMA Code of Ethics does not specify which values, principles, and guidelines are the most important and ought to outweigh others in instances when they conflict.

40

Chapter 1   Professional Values and the Code of Ethics

Code of Ethics 2011 Ethical Principles Ethical Principles: The following ethical principles are based on the core values of the American Health Information Management Association and apply to all AHIMA members and certificants. A health information management professional shall: 1. Advocate, uphold, and defend the individual’s right to privacy and the doctrine of confidentiality in the use and disclosure of information. 2. Put service and the health and welfare of persons before self-interest and conduct oneself in the practice of the profession so as to bring honor to oneself, their peers, and to the health information management profession. 3. Preserve, protect, and secure personal health information in any form or medium and hold in the highest regards health information and other information of a confidential nature obtained in an official capacity, taking into account the applicable statutes and regulations. 4. Refuse to participate in or conceal unethical practices or procedures and report such practices. 5. Advance health information management knowledge and practice through continuing education, research, publications, and presentations. 6. Recruit and mentor students, peers and colleagues to develop and strengthen professional workforce. 7. Represent the profession to the public in a positive manner.

8. Perform honorably health information management association responsibilities, either appointed or elected, and preserve the confidentiality of any privileged information made known in any official capacity. 9. State truthfully and accurately one’s credentials, professional education, and experiences. 10. Facilitate interdisciplinary collaboration in situations supporting health information practice. 11. Respect the inherent dignity and worth of every person. Reprinted with permission from the American Health Information Management Association. Copyright © 2011 by the American Health Information Management Association. All rights reserved. No part of this may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association. Adapted with permission from the Code of Ethics of the National Association of Social Workers.

RESOURCES National Association of Social Workers. Code of Ethics. 1999. Available online on the NASW web site. AHIMA. Code of Ethics, 1957, 1977, 1988, 1998, and 2004. Available from http://library.ahima.org/ AHIMA. Standards for Ethical Coding. 2008. Available in the AHIMA Body of Knowledge. Available from http://library.ahima.org/ Harman, L.B., ed. Ethical Challenges in the Management of Health Information, 2nd ed. Sudbury, MA: Jones and Bartlett, 2006. McWay, D.C. Legal and Ethical Aspects of Health Information Management, 3rd ed. Clifton Park, NY: Cengage Learning, 2010. Revised & adopted by AHIMA House of Delegates— (October 2, 2011)

APPENDIX 1-D

Common Values of Health Care Regulators

Common Values Statement by the Chief Executives Group of the Health Care Regulators on professional values (as agreed by the Chief Executives of the Regulatory Bodies in 2006)

Values of Health Care Professionals All health care professionals are personally accountable for their actions and must be able to explain and justify their decisions. Health care professionals work in many different types of practice. They all have a duty to protect and promote the needs of their patients and clients. To do this they must: Be open with patients and clients and show respect for their dignity, individuality and privacy: ■■ ■■

■■

Listen to patients and clients; Keep information about patients and clients confidential; Make sure their beliefs and values do not prejudice their patients’ or clients’ care.

Respect patients’ and clients’ right to be involved in decisions about their treatment and health care: ■■

■■

■■

Provide information about patients’ and clients’ conditions and treatment options in a way they can understand; Obtain appropriate consent before investigating conditions and providing treatment; Ensure that patients have easy access to their health records.

Justify public trust and confidence by being honest and trustworthy: ■■

■■

Act with integrity and never abuse their professional standing; Never ask for, nor accept any inducement, gift, hospitality or referral which may affect, or be seen to affect, their judgment;

■■

■■

Recommend the use of particular products or services only on the basis of clinical judgment and not commercial gain; Declare any personal interests to those who may be affected.

Provide a good standard of practice and care: ■■

■■

■■

Recognize and work within the limits of their knowledge, skills and experience; Maintain and improve their professional knowledge, skills and performance; Make records promptly and include all relevant information in a clear and legible form.

Act quickly to protect patients, clients and colleagues from risk of harm: ■■

■■

If either their own, or another health care worker’s conduct, health or performance may place patients, clients or colleagues at risk; If there are risks of infection or other dangers in the environment.

Co-operate with colleagues from their own and other professions: ■■

■■

■■

Respect and encourage the skills and contributions which others bring to the care of patients and clients; Within their work environment, support professional colleagues in developing professional knowledge, skills and performance; Not require colleagues to take on responsibilities that are beyond their level of knowledge, skills and experience.

Reprinted from Chief Executives of the Regulatory Bodies (2006) Common Values Statement by the Chief Executives Group of the Health Care Regulators on professional values, Available from https://www .professionalstandards.org.uk/docs/scrutiny-quality/ common-values-statement-.pdf?sfvrsn=0

APPENDIX 1-E

Ethical Challenges Chapter Abstracts

There are many ethical challenges and opportunities for improvement for the health information system. The chapter abstracts for these issues gives readers a general overview of the ethical issues that we face today as well as some that are emerging and will be problematic in the future.

Professional Ethics Chapter 1: Professional Values and the Code of Ethics This chapter describes the importance of ethics for the health information management (HIM) professional and those who work on behalf of patients, including health care providers, information technology and business professionals, administrators, and executive officers. Ethical challenges and opportunities for improvement are discussed in the context of ethical decisionmaking. There is an exploration of the ethical issues that surface in the paper-based, hybrid, and electronic health record systems (EHRS) and hybrid (paper and electronic), all of which are currently operational in the health information system. Based on a review of several professional codes of ethics, the chapter presents values and obligations that are shared. A framework for building an ethical health information system that supports interdisciplinary collaboration is presented. There is a discussion of the importance of the intersection of professional discipline and ethical expertise.

Chapter 2: Ethical Decision-Making Guidelines and Tools Ethics is the formal process of intentionally and critically analyzing, with clarity and consistency, the basis for one’s moral judgments. It is important for HIM professionals to engage in this

process, because they are accountable for their actions as professionals, not just personally, but as individuals. Ethical reasoning is necessary to resolve the potential tensions between personal values and professional values and among professional values. This chapter presents a model for ethical decision making and outlines ethical theories and approaches that can help HIM professionals identify ethical issues, work with other members of the team to identify and analyze choices, decide on a course of action. and justify that choice (Glover, J. L.). Two scenarios and ethical decision-making matrices are presented: “Decision Making for an Adolescent”; “Access by Adolescents to Patient Portals.”

Chapter 3: Privacy and Confidentiality Privacy is the right to be let alone or the right to decide what information is released to others. Confidential information is compiled during the course of caring for a patient and must be protected by providers of care, HIM professionals, and all others who have legitimate access to information. This chapter explores the primary ethical obligation of the HIM professional to protect the privacy of information compiled in a health information system. The complexity of balancing privacy and confidentiality against the need to respond to legitimate requests for information is discussed, particularly in light of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule and changes per the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act. Authorization requirements are also discussed. Both patient and professional concerns about privacy and confidentiality are identified, with a focus on medical identity theft, the use of electronic health records and mobile devices, and social media challenges (Rinehart-Thompson, L. & Harman, L. B.). Two

scenarios and ethical decision-making matrices are presented: “Family and Friends: Should I Tell?”; “Share Information on Facebook?”

Uses of Information The uses of health information are increasing in complexity and raise ethical issues for data analytics; compliance, fraud, and abuse; coding; quality management; research and decision support; public health; longitudinal coordinated care; and clinical care at the end of life.

Chapter 4: Data Analytics Advances in technology have enabled the medical community to generate and capture more data than ever before. The availability of healthcare data can improve patient health and outcomes, help prevent and detect diseases, and diagnose diseases with more accuracy. It is important to have data analysts that can effectively and reliably analyze this tremendous amount of health data so that healthcare providers make the best decisions for the patients they treat. Much of the data generated comes from a patient’s medical record. This chapter explains current practices of data collection and management of health information and how that can inform care delivery particularly as the medical record transitions into the EMR. The value of EMRs as a primary source of data for the EHR and the big data housed within will be discussed. The ethical issues that surround EMRs and EHRs are also examined (Anderson,  B. &­ Hardin, J. M.). Two scenarios and ethical decision-­making matrices are presented: “Readmission Predictive Model Project, Part 1: Right Skills?”; “Readmission Predictive Model Project, Part 2: Impact of Bad Data.”

Chapter 5: Compliance, Fraud, and Abuse The HIM professional is a key player in the process that begins with the delivery of care to a patient and leads to the submission of a bill for reimbursement for services provided. One of the HIM professional’s major responsibilities is facilitating the collection of appropriate

Uses of Information

43

information needed to properly assign the correct clinical classification codes to the care provided. This process and responsibility sounds straightforward, but through either dishonest motivations to collect more money than properly owed or sloppy procedures and failure to accept responsibility for staying current and informed, the HIM professional can become involved in, and responsible for, submission of a false claim. The penalties are real and expensive and can include prison. The HIM professional must have knowledge of the applicable guidelines and an appreciation and understanding of the requisite compliance programs for hospitals, physicians, home health agencies, long-term care facilities, laboratories, and third-party payers. This chapter outlines the laws, penalties, and preventive programs that an HIM professional should be familiar with (Rinehart-Thompson, L. A.). Four scenarios and ethical decision-making matrices are presented: “Documentation Does Not Justify Billed Procedure”; “Accepting Money for Information”; “Retrospective Documentation to Avoid Suspension”; “Coder Assigns Code Without Physician’s Documentation.”

Chapter 6: Coding Given the competing demands and interests of the many stakeholders in health care, ethical issues are inherent in coding. Regardless of their place of practice, coders must anticipate assessing and responding to ethically challenging situations, whether related to documentation, workplace pressures, cases of outright fraud and abuse, or other quandaries. Guided by and in accordance with applicable legal mandates, professional standards and ethical codes, reputable sources for coding guidelines, and their own personal and professional integrity, coders need to be able to determine, justify, and defend the most appropriate course of action, cognizant of the potential consequences. This chapter cites key coding mandates, guidelines, and directives that inform ethical decision making, illustrates a variety of ethical challenges coders may encounter, and offers a guided approach to resolving them (Holtzman, L. & Holtzman, R.). Three scenarios and ethical decision-making

44

Chapter 1   Professional Values and the Code of Ethics

matrices are presented: “Blood Loss Anemia”; “Thoracic Aortogram”; “Revise the Analysis?”

Chapter 7: Quality Management Today’s rapidly changing healthcare environment is creating new ethical issues for healthcare professionals who have quality management responsibilities. Rising costs, scarce resources, the hierarchical nature of healthcare organizations, and conflicting values are introducing both challenges and opportunities into the workplace. This chapter draws on current literature and case studies depicting typical ethical dilemmas faced by healthcare professionals involved in quality management activities. The scenarios and the standards for ethical decision making explored in this chapter are intended to help professionals sort out the ethical issues that they may have to deal with during the performance of quality management activities (Spath, P. L. & Leonard, F. B.). Five scenarios and ethical decisionmaking matrices are presented: “Inaccurate Publicly Reported Performance Data”; “Audit Results Indicate Inappropriate Health Care”; “Reporting Hospital-Acquired Conditions”; “Disclosure of an Unanticipated Outcome”; “Failure to Check Physician’s Licensure Status.”

Chapter 8: Research and Decision Support The roles of research specialists (RSs) and decision support specialists (DSSs) are intimately related to the use of various information technologies that gather and store data and perform sophisticated analyses. These roles are sometimes imbedded in job titles such as health data analyst or data quality manager. The incorporation of new technologies to support the work of these specialists, particularly growth of electronic health records, makes it easy to track individuals, identify their characteristics, and pinpoint their preferences, inclinations, and medical conditions. Furthermore, the massive increase of information collection, storage, and retrieval associated with new technologies and industry demands for more information introduces a greater likelihood of data integrity concerns. RSs and DSSs have always been challenged in their work by

ethical considerations with regard to informational privacy and data integrity. The purpose of this chapter is to discuss how these ethical considerations have expanded and what new challenges face these professionals given the current advances in the use of information technologies (White, S. & Hardin, J. M.). Two scenarios and ethical decision-­making matrices are presented: “Designing a Survey to Bias the Results”; “The Impact of Sample Selection Bias.”

Chapter 9: Public Health Government access to, and use of, patient information is critical for protecting the public’s health. At the same time, it raises ethical challenges to doctor–patient confidentiality and respect for the individual’s privacy. This chapter explores the use of patient data to assess and protect the health of the population at local, state, national, and international levels. It raises the difficult question of when the government’s need to know should prevail over the interests of the individual and his or her desire to keep personal information solely within the ­provider– patient relationship. A theoretical framework is provided for addressing difficult policy choices about when patient information ought to be reported to health authorities. The chapter also explores emerging issues in global health and the use of social media in public health activities(Neuberger, B. J. & Swirsky, E. S.). Two scenarios and ethical decision-making matrices are presented: “Gun Control and Reporting Mental Health Status”; “Conflicting Personal and Public Duties.”

Chapter 10: Longitudinal Coordinated Care A most significant change is occurring in health care: the patient is now at the center not only as a patient but also, more importantly, as a person and as a member of the care team. In fact, there is a new emphasis on the care team itself as one that changes in response to the needs and expectations of the patient. The shift to integrated care over the continuum has been named “longitudinal care.” This chapter will explore the ethical issues in longitudinal care. However, in order to do that, the chapter will begin with

a discussion of the changes in health care leading to the shift to longitudinal care and the elements necessary to sustain the transformation. This will be followed by an introduction to patient-centered medical homes, longitudinal care, and its subgroup, complex care management. Finally, ethical considerations and some of the ethical issues that may occur in longitudinal care will be analyzed (Schick, I.C.). Two scenarios and ethical decision-making matrices are presented: “Competing Stakeholder Agendas in a Community ACO”; “Patient Transfer.”

Chapter 11: Clinical Care: End of Life Dying a “good death” is a universal need. However, achieving this goal can be elusive. Advances in medical care have added years to the life expectancy of individuals with advanced chronic and terminal illnesses. However, many A ­ mericans continue to have difficult ­experiences caring for a dying family member or a dear friend (IOM, 2014). Efforts to make informed treatment decisions may be complicated by significant frailty, hearing and vision loss, and cognitive impairment. In addition values, cultural beliefs, family dynamics, and life experiences add to the complexities of end-oflife discussions. This chapter presents the role of information exchange in scenarios commonly encountered among older adults with advanced illnesses. These scenarios reveal the challenges healthcare providers face as they address endof-life topics in an effort to support their patients across a fragmented healthcare continuum (Mandi, D., Silverman, M.A., Tischler, J.F., Golden, A. G.). Four scenarios and ethical decision-making matrices are presented: “Bad News”; “Treatment Choices”; “Advance Care Planning”; “Palliative Care.”

Electronic Health Information Electronic health information supports or is supported by: electronic health records, information security, information technology and biomedical instrumentation, information governance and management, integrated delivery systems, and digital health (health information technology and information exchange).

Electronic Health Information

45

Chapter 12: Electronic Health Records The increasing implementation of EHR systems and the increasing sophistication of these systems have raised new ethical issues with regard to the potential for compromising data integrity and confidentiality for the sake of greater business efficiency, better system performance, or more convenient and timely access to data. Although EHR systems include security features, technological solutions alone are not adequate to protect the integrity and confidentiality of patient information. This chapter presents ethical dilemmas typically raised during system planning, when working with alliance partners to link organizations’ EHRs, and following the implementation of EHR systems. This chapter explores how these dilemmas can be addressed by HIM professionals (Hanken, M. A. & Murphy, G.). Three scenarios and ethical decision-making matrices are presented: “Patient Record Integrity and Access”; “Parent Access to Child’s Health Information”; “Differences When Linking EHR Systems.”

Chapter 13: Information Security Traditionally, the security of paper-based systems consisted of a repository of information typically stored in the basement or at an offsite location where access was limited to one person at a time, and was controlled by mechanisms like doors, locks, identification cards, and tedious sign-out procedures for authorized users. Unauthorized access to patient information triggered no alerts, nor was it known what information had been viewed. (Harman, Flite & Bond, p712). Paper-based systems, flawed by filing backlogs; lost records; and illegible ­handwriting caused delays in care due to unavailability of crucial information. Today, however, healthcare organizations create, transmit, maintain, and store information electronically. The movement toward health information exchanges (HIEs) and a Nationwide Health Information Network (NwHIN) have led to more confidential patient information being transmitted electronically. This explosion of available information and the technology utilized to ensure confidentiality and security

46

Chapter 1   Professional Values and the Code of Ethics

presents challenges. EHRS, the Internet, email, personal health records (PHR), and social media must all be secure in the information system. Although security standards are not new to health care, the adoption of the Health Insurance Portability and Accountability Act of 1996 and the recent updates to HIPAA regulations under the Health Information Technology for Economic and Clinical Health of 2009 have introduced a host of security mandates that pertain to the electronic protection of protected health information (PHI). This chapter will focus on security standards and provide a framework for establishing a viable healthcare security program. The ethical issues and good business practices facing HIM and IT professionals as they strive to deal with security will be addressed (Czirr, K. & West, E.). Three scenarios and ethical decision-making matrices are presented: “A Curious Human Resource Employee”; “Failure to Log Off of the System”; “Storing Data on a Laptop Computer.”

Chapter 14: Information Technology and Biomedical Instrumentation Development and implementation of health information technology (HIT) such as electronic health records (EHRs) and the use of biomedical instrumentation in healthcare organizations is a multidisciplinary undertaking. The various professionals involved will have differing opinions and needs. Because health informatics (HI) and information management (HIM) professionals have a major role in this development and implementation, they must decide how to resolve conflicting requests from stakeholders in ways that conform to various professional codes of ethics, are compatible with established standards, and meet the needs of their organization. As the drive for meaningful use intensifies, interoperability of biomedical instrumentation moves to the forefront as key stakeholders begin to see the immense potential that full integration can bring to health care. With this, however, comes a myriad of challenges. This chapter explores typical conflicts among stakeholders, offers possible solutions to such conflicts, and presents a collaborative model for making decisions by integrating input and reconciling

conflicting interests (Fenton, S. H. & Cornelius, F.H.). Three scenarios and ethical decision-making matrices are presented: “Lack of Interoperability”; “Data Interface Decisions”; “Data Interface Quality.”

Chapter 15: Information Governance and Management Health care is rapidly replacing paper medical records with electronic health record systems and other types of information and communications technologies. These technologies are impacting every aspect of healthcare delivery, including how patients interact with providers. In addition, digital patient data are aggregated for population health and a range of other important uses. Despite rapid adoption of technologies and exploitation of digital data, the foundations for effective stewardship and governance of digital healthcare information are generally underdeveloped. Stewardship is an ethic relating to the responsible handling of information, and governance sets forth the ground rules for execution of this responsibility. In the absence of deliberate stewardship and clear ground rules, information assets are vulnerable to inappropriate, even unethical practices and their value is diminished. Health information management practice, too, is profoundly altered by technology, yet the best practices of traditional medical record management have yet to be fully adapted to the new world of health information management. Beyond the rapid advances of the healthcare system, patient-generated information about health and wellness is emerging as a major lever for change. With smartphones and wearable sensors, people are using apps to monitor activity levels, heart rate, stress, and sleep patterns. When linked with location and other data, this personal information offers great potential for gaining a better understanding of the important impact of social determinants on health. At present there is no stewardship infrastructure or ground rules for safeguarding personal health data that is beyond the scope of existing privacy and security laws and regulations. The focus on governance of data and information has increased across all information-intensive

industries paralleling the adoption of information and communications technologies. Formal governance and well-adapted management practices are essential for ethical stewardship of healthcare information. This chapter explores these challenges and opportunities, illustrates the range of ethical questions they raise, and offers insights about how organizations are approaching these imperatives to mitigate unintended consequences (Kloss, L.  L.) Four scenarios and ethical decision-­making ­matrices are presented: “Stewardship Literacy for Community Health Improvement”; “­Managing Patient Identification as Master Data”; “Big Data Analytics and Stewardship”; “EHR ­Integrity Management.”

Chapter 16: Integrated Delivery Systems HIM professionals must deal with complex issues related to their responsibilities for ensuring the security of electronic information and the privacy and quality of patient information. For HIM professionals working in an integrated delivery system (IDS), the complexities of these issues are multiplied. Privacy, security, and data quality policies and procedures must be developed and monitored for the IDS as a whole. In addition, individual entities may have their own policies and regulations. HIM professionals need to balance the needs of the IDS with the autonomous needs of the individual healthcare entities. Due to the business drivers in the healthcare environment, it is difficult to find a hospital or provider that is not in the process of joining an integrated delivery system. Although this is due to many reasons, financially it is difficult for providers to remain solo with the regulations associated with compliance, electronic records, and insurance. This chapter explores the special issues that HIM professionals must consider in carrying out their responsibilities within an IDS and the skills that such tasks require (Olson, B. & Grant, K. G.). Three scenarios and ethical decision-making matrices are presented: “Scheduling Clerk Has Access to Clinical Information”; “Vulnerabilities in the Electronic Health Record”; “Inconsistencies in the Patient Identity Management System.”

Electronic Health Information

47

Chapter 17: Digital Health: Health Information Technology and Information Exchange Health information technology has been identified as essential for improvements in health and the healthcare system to make the system safer and more efficient. Such HIT systems include: EHRs, PHRs, mobile health (mHealth), telehealth, telemedicine, patient portals, electronic prescribing (eRX), HIE, computerized provider order entry (CPOE), and clinical decision support (CDS). CPOE entails the provider’s use of computer assistance to directly enter medication orders from a computer or mobile device. The order is also documented or captured in a digital, structured, and computable format for use in improving safety and organization. CDS provides clinicians, staff, patients, or other individuals with knowledge and person-specific information, intelligently filtered or presented at appropriate times, to enhance health and health care. CDS encompasses a variety of tools to enhance decision-making in the clinical workflow. These tools include computerized alerts and reminders to care providers and patients, clinical guidelines, condition-specific order sets, focused patient data reports and summaries, documentation templates, diagnostic support, and contextually relevant reference information. These systems are widely seen as central to controlling costs, increasing efficiency, reducing errors, and improving quality. Many stakeholders, including clinicians, providers, patients, and consumers, researchers, educators, academicians, regulators, entrepreneurs, policy makers, and health informatics and information management professionals are critical to the ongoing success of these efforts. More widespread adoption of HIT and HIE will help ensure that health and healthcare decisions are based on timely, relevant, accurate, and complete data and information. Stakeholders need to closely examine and monitor potential ethical implications that will arise from the continued implementation of HIT and HIE along with the diverse and widespread uses and users of health data and information (Bloomrosen, M.). One scenario and ethical decision-making matrices is presented: “Health Informatics and Information Management (HIIM) Professionals’ Role.”

48

Chapter 1   Professional Values and the Code of Ethics

Sensitive Health Information The management of sensitive health information requires special attention, given the availability of genetic information; adoption information; and substance abuse, behavioral health, and sexual information.

Chapter 18: Genetic Information As now defined by law, genetic information includes the genetic testing results of an individual and individual’s family members, as well as family health history. Genetic information can be used to diagnose disease, make treatment decisions, and take preventive measures against conditions for which one has increased risk. As the uses of genetic information increase, so does the importance of managing that information properly. Rapid advances in genetic research and the emerging applications for clinical practice have heightened public sensitivity about who will have access to genetic information and how it will be used. This chapter discusses the management of genetic information in the clinical realm, as well as the federal and state laws that address privacy and confidentiality with regard to genetic information. It also describes special considerations related to the emerging fields of translational science and precision medicine. It discusses the responsibility of HIM professionals with regard to this information. One scenario and ethical decision-making matrices is presented: “Genetic Privacy.”

Chapter 19: Adoption Adoption is an arena in which traditional assumptions regarding access to health information among relatives are being reconsidered. Previous reliance on legal secrecy in these relationships has been challenged as more importance is placed on the right of individuals to know their biological heritage. Furthermore, families in which children are not biologically related to one or either parent are increasingly being created through the use of assisted reproductive technologies (ART). The legal, ethical, and research experience with adoption provides

a framework from which to confront the emerging issues for children and families created in these nontraditional ways. HIM professionals will be increasingly confronted with issues related to access to medical information, and adoption provides a useful framework for considering them (Jones, M. L.) Three scenarios and ethical decision-making matrices are presented: “Seeking Information Many Years Later”; “An Adoptee Seeks Information on Her Biological Family”; “A Birth Mother Seeks Information on Her Biological Son.”

Chapter 20: Substance Abuse, Behavioral Health, and Sexual Information Certain health information, such as information about substance abuse and treatment, mental illnesses (also referred to as psychiatric illnesses) (e.g., schizophrenia or bipolar disease), and sexually transmitted diseases (e.g., venereal disease, HIV/AIDS), is highly sensitive and therefore receives special legal protections because its disclosure can have unfortunate legal, stigmatic, and discriminatory consequences. The AHIMA Code of Ethics (2011, Principles 1, 3 and 11) emphasizes this principle by identifying substance abuse, behavioral health, and sexual information as sensitive information that requires special attention to prevent misuse. However, this same information that requires special protection may also be requested for law enforcement purposes or for the protection of others. HIM professionals working in the behavioral health and substance abuse/treatment fields, or with information pertaining to sexually transmitted diseases (including HIV/ AIDS), are likely to encounter ethical challenges above and beyond those experienced by individuals working in other healthcare settings. This chapter describes several difficult situations that HIM professionals may face and explores the legal and ethical aspects of those situations (Rinehart-Thompson, L. A. & Randolph, S.J.). Eight scenarios and ethical decision-making matrices are presented: “The Arrest Warrant: Is This Person in Your Facility?”; “Safety of a Citizen Versus Privacy of a Patient”; “Patient Confesses to a Psychiatrist”; “Patient Confesses to the Nurse’s Aide”; “Verifying Admission Can

Violate Privacy”; “A Prisoner Who May Have AIDS”; “Workers’ Compensation Case”; “Children’s Protective Services.”

Consumer and Professional Informatics Consumer and professional informatics involves digital health technologies for consumers, patients, and caregivers; management and leadership; entrepreneurship; vendor management; and advocacy.

Chapter 21: Digital Health Technologies for Consumers, Patients, and Caregivers Digital health technologies support consumers, patients, and caregivers in many health information and management activities that will change in form and function over time. These technologies currently enable searching for health information and advice, monitoring various aspects of health in real time, accessing personal health data from providers, creating and maintaining personal health records, and conducting virtual consultations with care providers. As helpful as these activities can be, they also represent a shift in the interaction among HIM and other professionals, and where and how these interactions will occur. Therefore, the use of digital health technologies raises a number of ethical issues for HIM professionals because of their increasingly frequent and direct interactions with consumers, patients, and caregivers as partners in health information management. HIM professionals inside and outside the healthcare delivery system may be called on to facilitate and navigate uncharted territory in health information access and management as healthcare organizations develop their digital health capacities and technology companies offer tools directly to the public. This chapter explores several of the ethical issues raised by digital health technologies (Baur, C. & Deering, M. J.). Two scenarios and ethical decision-making matrices are presented: “Plain Language and Health Information Privacy Policies”; “Ensuring Privacy Protections for Digital Health Technologies.”

Consumer and Professional Informatics

49

Chapter 22: Management and Leadership This chapter explores ethical issues facing HIM professionals and discusses the importance of moral awareness, rationalization, socialization, moral muteness, and the consequences of ethical failures. This chapter will explore stages of moral development as a guide for managerial decision making and review several reasons why ethical management decisions are not always congruent with organizational policy. This chapter focuses on the professional values that challenge managers to increase moral awareness and nurture an ethical work environment (Flite, C. A. & Johns, M. L.). Five scenarios and ethical decisionmaking matrices are presented: “Lateness and Absenteeism—Fire the Employee”; “Lateness and Absenteeism—Do Not Fire the Employee”; “Telecommuting”; “Avoiding an Employee Who Will Be Fired”; “Failure to Document Poor Work Performance for a Friendly Employee.”

Chapter 23: Entrepreneurship Entrepreneurship (taking advantage of market opportunities to develop a business) and intrapreneurship (applies the style of new business development within an established company) are growing trends among HIM professionals. Although both offer exciting opportunities, they also involve unique ethical challenges. To deal with these challenges, HIM professionals need to know about business ethics as well as the code of ethics for the HIM profession. This chapter describes ethical dilemmas typically encountered in consulting and contracting and discusses principles and practice standards by which they may be resolved (Gardenier, M. & Olenik, K.). Four scenarios and ethical decision-making matrices are presented: “Competing Constituencies”; “Negotiating Contracts”; “Unrealistic Client Expectations”; “Discovering Sensitive Information About a Client, Competitor, or Colleague.”

Chapter 24: Vendor Management Vendors perform important roles in their relationship with HIM professionals. Both the vendor and the HIM professional may contribute to the success or failure of these crucial business relationships.

50

Chapter 1   Professional Values and the Code of Ethics

In order to communicate effectively with vendors, HIM professionals must recognize common ethical dilemmas. This chapter will describe skills needed to communicate with vendors as well as how to select vendors, manage vendor relationships, create requests for proposals (RFPs), and negotiate contracts and monitor contracts, if unethical practices surface after the contract has been signed (Olenik, K). Six scenarios and ethical decisionmaking matrices are presented: “Vendor Request”; “Vendors as Friends”; “Gifts”; “Preferred Vendors”; “Negotiating”; “Unethical Behavior.”

Chapter 25: Advocacy Advocacy is ethics in action—choosing to take a stand for and speak out for the rights or needs of a person, group, organization, or community. All healthcare workers have many opportunities to advocate for patients, peers, the staff with whom they work or supervise, the organization for which they work, themselves, and the larger community and society in which they live. Health information advocacy involves tensions and risks, and it can produce benefits both personally and professionally as well as for all those involved (Helbig, S.). Six scenarios and ethical decision-making matrices are presented: “Violating the Privacy of a Prominent Citizen”; “Compassion in Action for an Alcoholic Peer”; “Cockroaches in the HIM Department”; “Unfair Treatment of Part-Time Workers”; “Small Print on a Consent Form”; “The Data Warehouse Wants to Sell Patient Information.”

Chapter 26: Future Challenges and Opportunities This chapter explores the future challenges and opportunities that health information

management (HIM), health information technology (HIT), all healthcare professionals, public health and business professionals may encounter. The uses of information are reviewed, including for clinical care (substance abuse, behavioral health and sexual information, longitudinal coordinated care) and end of life, family decisions (adoption and genetics), and data analysis (quality management, research and decision support, data analytics, information governance and management, and public health). Potential future professional roles are examined for management and leadership, entrepreneurship and intrapreneurship, vendor management, and advocacy. Emerging trends are explored, including technology explosion; digital health; health information technology and information exchange; digital health technologies for consumers, patients, and caregivers; electronic health records; integrated delivery systems; biomedical instrumentation and interoperability; growth for healthcare expenditures; and growth for health information technology. This section concludes with an exploration of the challenges and opportunities that are likely in the future. The challenges relate to the changes and responses needed for the clinical and legal systems; privacy and confidentiality; coding, fraud, and abuse; technology; information security; cyberintelligence and cybersecurity; security breaches; interoperability, terminology and standards; big data/data analytics; surveillance; and cloud computing (Cornelius, F. H., Harman, L. B. & Mullen, V. L.). Opportunities include interdisciplinary education, interdisciplinary collaboration, and incorporating ethics as a standard of practice. Strategies to prepare current and future generations of health information, healthcare, and business professionals are discussed.

CHAPTER 2

Ethical Decision-Making Guidelines and Tools © kentoh/Shutterstock

Jacqueline J. Glover, PhD

Learning Objectives

Scenario 2-A  Decision Making for an Adolescent

After completing this chapter, the reader should be able to: ■■ ■■

■■

■■

Define ethics. Identify the importance of studying ethics for the health information management (HIM) professional. Identify ethical concepts, including relevant values, principles, virtues, approaches, and theories. Apply a process of ethical decision making to HIM scenarios.

MT is a 16-year-old young man with terminal brain cancer. At the age of 10 he was diagnosed with acute leukemia. After three years of intense treatment, MT was in remission. After two years of remission, during which he was doing very well in school and loved playing soccer, MT began having severe headaches. Unfortunately, his magnetic resonance imaging (MRI) scan showed a large mass requiring immediate workup. The tissue biopsy of the intracranial mass showed a uniformly fatal tumor, likely related to his previous leukemia treatment. No additional intervention was recommended by the team, and they wanted to refer him to hospice. MT’s parents had heard stories in the media about unprecedented recovery of children with terminal diagnoses. A  national search of experimental protocols for brain tumors revealed two centers that were considering starting aggressive surgical approaches to this devastating diagnosis, but no active studies were open at this time. MT’s parents were thinking about moving him to a different cancer center for another experimental treatment. A close friend of theirs had been successfully treated there after everyone else said nothing more could be done.

Introduction Ethics is the formal process of intentionally and critically analyzing, with clarity and consistency, the basis for one’s moral judgments. It is important for HIM professionals to engage in this process, because they are accountable for their actions as professionals, not just personally as individuals. Ethical reasoning is necessary to resolve the potential tensions between personal values and professional values and among professional values. This chapter presents a model for ethical decision making and outlines ethical theories and approaches that can help HIM professionals identify ethical issues, work with other members of the team to identify and analyze choices, decide on a course of action, and justify that choice.

(continued )

51

52

Chapter 2   Ethical Decision-Making Guidelines and Tools

MT’s parents did not want him to know he was dying. They insisted on full code status. They forbid the nurses and resident physicians to tell him anything unless the parents were in the room, and they did not allow any conversation about his terminal condition and their recommendations. When asked by staff, MT seemed to agree with his parents’ decisions in the past. Recently, however, he began to initiate conversations with the night nurse on the rare occasions when his parents were not in his room. One night MT was particularly agitated and asked to speak to a favorite resident physician who happened to be on call and his nurse, and without his parents present. This was a surprising request from MT; his parents were very upset, but they complied and left the room. MT shared with the resident physician and the nurse that he just accessed his health information from the patient portal that he and his parents signed up for a long time ago, and was upset to learn the name of his new diagnosis, glioblastoma multiforme (GBM). Through an online search he discovered the extremely poor prognosis. He asked the resident physician directly, “Am I dying?” The nurse and resident physician had grown close to MT and wondered what they should do.

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter.

What Is an Ethical Issue? An ethical issue is one that involves the core values of practice. The case set forth in Scenario 2-A raises ethical issues in that the core values of respect for patient autonomy, truth telling, benefiting, not harming, and integrity are in conflict with the values of respect for family decision making and a different interpretation of what counts as a benefit or a harm. You know you have an ethical issue when such core values are at stake. Often, your emotions are the first to alert you that something may be wrong. Many people become upset when faced with the potential for not disclosing the truth or going against patient or family wishes.

Why Do Ethical Issues Need to Be Addressed? Many people may want to answer questions of professional ethics according to their own personal morality. They may believe that the issue in Scenario 2-A can be easily resolved according to their own personal upbringing and beliefs. They think, “My parents taught me to always tell the truth,” or “My parents taught me that family is important and you should listen to your parents.” But is that type of thinking really sufficient? Notice that the two belief systems are in tension. How do you resolve the tension? Resolving the tensions among values depends on the more formal mechanism of ethics. Personal morality and ethics differ. Most of the time, people do not distinguish between morality and ethics; they just use the words interchangeably. But when a distinction is made, it is often as follows: Morality refers to your own personal moral choices based on your upbringing, faith traditions, and experiences; ethics refers to the formal process of intentionally and critically analyzing the basis for your moral judgments for clarity and consistency. Because of the potential tension between personal values and professional values, and because of the potential for tensions among professional values, we need ethics to help resolve such tensions. Ethics provides a formal way to step back from the tension, search for reasons to support one choice over another, and apply this reasoning in future situations. This process of stepping back to formally analyze values is important, because you are accountable for your actions as a professional, not just personally. Patients, other professionals, and the general public do not know about your personal moral values. But they do have expectations for your professional conduct. Standards arise from the trust that the public places in you. They expect you to be able to act professionally—even, or perhaps especially, when difficult ethical issues are involved. You have to uphold that trust, and, at the heart of it, that is why you must study ethics.



The Process of Ethical Decision Making

53

But You Can’t Teach Ethics, Can You?

The Process of Ethical Decision Making

Two major objections are commonly given to the study of ethics. First, many people claim that their character is already formed, and that the study of ethics is not going to change their behavior if they are inclined not to do the right thing. Second, many people argue that there is no ethical content to teach. There is no knowledge of right and wrong that everyone accepts. Ethics is a matter of opinion, and everyone is entitled to his or her own opinion. Regarding the first objection, the goal of a course in ethics is not to make you a good person. Rather, it is to enable you to make reliable moral judgments as a professional. Regarding the second argument, as professionals, we expect not just opinions, but judgments backed up by good reasoning. When making clinical judgments, healthcare professionals must offer support for their choices and be able to apply that reasoning in similar situations. The same is true when making moral judgments. An ethics curriculum has three parts:

Various models for ethical decision making are available in the literature, but all share some basic components or steps (Purtilo, 2005; Lo, 2000; Benjamin & Curtis, 2010; Davis, Fowler, & Aroskar, 2010; Jonsen, Siegler, & Winslade, 2006). You should use an ethical decision-­ making process to ensure that you make reliable moral judgments in your professional practice. We will demonstrate the decision-making process by applying it to Scenario 2-A. See the end of the chapter for the complete matrix. The first step of the ethical decision-making process is to ask, “What is the ethical question?” In Scenario 2-A, the ethical question is, “Should the nurse and the resident physician disclose MT’s prognosis?” There is a second ethical question that will be discussed as Scenario 2-B further in this chapter, “What EMR access should be given to adolescents?” In identifying the ethical questions, the HIM professional needs to look for the “shoulds.” These “shoulds” are the normative questions (i.e., what should or ought to happen according to norms or standards), as opposed to descriptive questions (i.e., what actually does happen). However, the HIM professional needs to be aware of different kinds of “shoulds.” For example, there are the clinical “shoulds”: in this case, what treatments should be available to MT for his GBM according to evidence-based practice guidelines and the knowledge and judgment of clinicians? In Scenario 2-B, what flexibility should the current EMR platform have for differential access? Should it allow adolescents access to some information and their parents to different information? And at what age? There also are the legal “shoulds” that help you identify the state and federal laws about what decisions adolescents are allowed to make legally (mature and emancipated minor statutes; decision making for birth control, pregnancy care, and abortion; treatment for sexually transmitted infections; substance use disorders and other mental illnesses) and federal and state rules for the confidentiality of certain information,

1. Knowledge. The HIM professional needs to be aware of standards of ethical conduct as expressed in the American Health Information Management Association (AHIMA) Code of Ethics and have knowledge of ethical principles and concepts. 2. Development. The moral maturity of the HIM professional needs to be modeled and nurtured. Even if someone’s character is formed, it needs reinforcement and application in professional settings. The faculty is responsible for identifying core values and character traits of professionals. This means identifying and reinforcing praiseworthy behavior in practice and applying appropriate sanctions if good character and judgment are not guiding appropriate professional conduct. 3. Skills. HIM professionals need practice in identifying ethical issues and applying a process of ethical decision making to ethical issues that arise in the practice of HIM.

54

Chapter 2   Ethical Decision-Making Guidelines and Tools

even from parents (English, Bass, Boyle, Eshragh, 2010). Note that the law and ethics differ. First, ethics is more fundamental. We can always ask, from an ethical standpoint: “Is this a good law, or should I conscientiously disobey it or work to change the law?” Second, even though the law does have some moral content, it is a kind of minimum. Ethics strives to inspire the best professional behavior; the law demands only a decent minimum. Third, the law can be ambiguous. It is not always clear what the law actually says about a certain question, and the law is often not capable of subtle distinctions. Finally, the law does not address many of the issues that are important in ethics. For example, ethics is concerned not only with what you do, but also with the kind of person you are (virtue or character). With regard to ethical decision making, we are concerned with the ethical “shoulds.” These ethical “shoulds” relate to your duties and obligations as a professional. They involve choosing among the core professional values or between your obligations as a professional and your personal obligations, perhaps even to your family. A key distinguishing feature of the ethical “shoulds” is that they are concerned with the well-being of others and are not self-interested or self-directed. The second step of the ethical decisionmaking process involves asking about your first reaction to the case: “What is my ‘gut’ reaction? What is my ‘gut’ telling me to do on an emotive level?” This step is essential if you are going to be able to identify your own values, assumptions, and biases, and then set them aside to critically analyze the situation. It also helps to notice when others have completely different reactions than you do. You may end up where you began—but not necessarily. The process will help you think more deeply, understand the perspective of others, and justify your final choice. Depending on your background and experiences, you may react by feeling that “of course the nurse and the resident physician need to tell MT the truth.” Others may feel quite differently—“of course you would honor the family and their wish to not have MT told certain information.” Where are you and why? The third step is to gather the relevant facts— both the facts already known and the facts that

you will need to gather if you are to determine a justified course of action. In Scenario 2-A, the facts are as follows: 1. Known facts: ■■ MT is 16 years old with a terminal brain cancer that was the result of the original treatment for his leukemia at age 10. ■■ The team is recommending hospice care. ■■ MT’s parents do not want him to know about his diagnosis and prognosis and want to explore other experimental treatments. They have asked that the team not talk with MT without their presence. ■■ The parents are insisting on full code status—meaning that in the event that he stops breathing or his heart stops beating, they want him to be resuscitated. ■■ MT seemed to agree with their decisions in the past, but now he has started to initiate conversations with his night nurse about his condition. ■■ MT and his parents signed up for access to a patient portal in the past. ■■ MT has recently begun accessing information on his patient portal and has accessed his new diagnosis of GBM. He researched this diagnosis and learned about his poor prognosis. ■■ MT has asked his parents to leave and has asked his nurse and resident physician if he is dying. 2. Facts to be gathered: ■■ Why is MT asking this question now? What does he really want to know? ■■ Why do MT’s parents not want to discuss things with MT? ■■ Are there other trusted family members who can be of assistance? ■■ Is this a family of faith where a chaplain or other clergy could be of assistance? ■■ Do the parents realize that MT is accessing information from the patient portal that they signed up for in the past? ■■ What information is available on the patient portal? ■■ What other experimental treatments are available?



The Process of Ethical Decision Making ■■ ■■

■■ ■■

■■ ■■

Is MT stable enough to be transferred? Does MT have capacity? Is the brain tumor affecting his capacity? What are MT’s wishes? Would MT be willing to wait and talk with his parents? Are there other children in the family? What is the law about decision making by minors in your state? (English, Bass, Boyle, Eshragh, 2010)

It is always tempting to avoid a discussion of ethics by claiming that not enough facts are available to make a decision. Although facts are very important—good ethics begins with good facts—the discussion can proceed if you consider why you want to know something and how it will change your analysis. If certain facts are unclear, assume one set of facts for your analysis, and then change the facts to see if your analysis would change. The fourth step of the ethical decisionmaking process is to ask, “What are the values at stake in this scenario?” You must consider the values from various perspectives. Who are the stakeholders? What is their perspective? A stakeholder is someone who will be affected by the decision to be made. The following stakeholders are relevant to Scenario 2-A: ■■

■■

The patient. MT is 16 years old and seems to want to receive information about his status. Respect for his autonomy (self-rule) is a key value. It’s his life and body, and decisions made will affect how he lives and how he dies. He may have particular ideas about what he thinks will benefit (beneficence) and what will harm him (nonmaleficence). He values being told the truth. He trusts his care providers. He seems to want privacy (a discussion without his parents) and perhaps confidentiality (information not shared with his parents). But he also loves and respects his parents. The nurse and the resident physician. The nurse and the resident physician have a special relationship with MT, and they value that relationship based on trust. They value benefiting MT and keeping him from harm. The quality of MT’s life, not just the quantity of life, is important. They

■■

■■

■■

55

also value telling the truth and respecting MT’s autonomy. They want to respect MT’s privacy and perhaps his desire for confidentiality. But they also value family relationships, and their obligations to the rest of the healthcare team to provide only beneficial treatments. Their integrity is at stake if MT does not receive appropriate health care according to justifiable clinical judgments. The value of justice is also important in that resources could be expended on potentially nonbeneficial treatments that could be better allocated to access more beneficial treatments. The parents. The parents love MT and want him to live as long as possible. The value of prolonging life seems to be more important than the harms that could be  associated with aggressive treatment at the end of life. They seem to want to protect MT from information that could be psychologically harmful. They value their role as decision makers (family autonomy) and do not seem to value MT’s autonomy. The HIM professional. HIM professionals shares key professional values with other healthcare professionals. They value truth telling, respect for patient autonomy, patient well-being (beneficence), keeping patients from harm (nonmaleficence), and the appropriate allocation of healthcare resources (justice). The HIM professional also has particular values around accuracy of information, transparency, the appropriate use of the electronic medical records, and appropriate access through patient portals. Other healthcare professionals. Although the nurse and the resident physician are most directly affected by the ethical question in this scenario, other healthcare professionals are members of the team and are also involved. They include the attending physician, other consultants, other nurses, the pharmacist, the social worker, and the chaplain. MT is probably well known to this oncology team since his first illness and now this relapse. The whole team will be affected by the decisions made. They all share the values of truth telling, respect for patient autonomy,

56

■■

■■

Chapter 2   Ethical Decision-Making Guidelines and Tools patient well-being (beneficence), keeping patients from harm (nonmaleficence), and the appropriate allocation of healthcare resources (justice). They also value working well together as a team to provide the best care for MT and his family. Hospital administrators. Hospital administrators have an obligation to promote the welfare of patients (beneficence) and keep them from harm (nonmaleficence). As healthcare professionals, they also have an obligation to tell the truth. Administrators value patient- and familycentered care, and patient portals are a way to enhance their involvement in their care and respect their autonomy. They also value adolescents as independent decision makers and have granted them access to the patient portal. They value patient privacy and confidentiality, even in the complex situation of adolescents. Just like the patient and family, the hospital administrators also have an interest in controlling healthcare costs and increasing access to health care. The value of justice as fairness is also involved. Society. Society values good care, truth telling, privacy, confidentiality, and patientand family-centered care that enhances respect for autonomy. Some people would argue that everyone in society who pays for health care also has an interest in seeing that healthcare costs are controlled. Also, everyone is obligated to promote the just or fair allocation of healthcare resources.

The fifth step of the ethical decision-making process is to ask, “What are the options in this case?” Specifically, what could the nurse and resident physician do in this scenario? They could (1) tell MT what they understand about his condition, (2) tell MT to ask his parents, or (3) tell MT that they will discuss this with him with his parents present. The sixth step of the ethical decision-making process is to ask, “What should I do?” “What do I think is the best option based on the core values of the stakeholders?” Of the three options listed in the fifth step, 1 and 3 are justified (to answer his question), and 2 (not answer

his question and tell him to ask his parents) is not justified. The seventh step of the ethical decisionmaking process is to ask, “What justifies this choice?” Provide reasons to support your decision based on the values at stake. Anticipate objections and respond to them. The decision to answer MT’s question about whether he is dying—either immediately without his parents or as soon as you can get his parents to join you—is based on the key value of respect for patient autonomy. The nurse and resident have a special relationship with MT, and he trusts them to tell him the truth and to help him. They want to honor his desire for privacy and perhaps for confidentiality as well. Of course, the information should be delivered in a compassionate and skilled way (Kaplan, 2010). Perhaps starting with these types of questions would help to frame your approach. Why do you ask this question now? What do you really want to know? Do you want to talk about it with just us, or do you want us to get your parents? To answer his question is the most respectful and truthful action. MT has been living with cancer for a long time, and he is familiar with the disease and his experience of it. He may be seeking some degree of control over his situation, and contrary to his parents’ belief, the information might help him manage his anxiety and will be helpful, not harmful. At 16, he most likely has the mental capacity to understand his diagnosis and ­prognosis—depending on his maturity and the possible effects of the brain tumor. The presumption is that adolescents should be involved in their healthcare decision making to the extent that they are capable and desire to be involved (Committee on Bioethics, 1995). Not informing him of what is going on will not change his diagnosis or prognosis. He needs help to prepare for his impending death, and so do his parents. Remember that MT loves his parents and they love him. They will live with his death and dying in a way the healthcare providers will not. Be careful that you do not alienate his family just when MT needs them the most. But what about the other values, like respect for family decision making and for their interpretation of what is beneficial and harmful for MT? They love him and want to protect him. Why not



Justification in Ethical Reasoning: How Do You Know What Is Best?

leave it to the parents to answer MT’s ­questions? They have been the most involved, and they have the most at stake after MT. One response is that to not answer his question would be to deny the unique obligation you have to MT as his healthcare professional. Taking care of the family is important, but MT is your patient and he is asking you a direct question. Leaving it to his family is to risk continued nondisclosure and taking part in this “deception.” MT is asking for some privacy and perhaps for confidentiality as well. You can satisfy your obligations to both MT and his parents in carefully planning how to tell. Caring for adolescent patients can be very challenging for healthcare professionals. They have ethical obligations to involve adolescents in decision making in the absence of clear legal support or even contradictory support, especially when it comes to obligations of privacy and confidentiality from parents (Blythe & Del Beccaro, 2012). Institutions share in the obligation to respect adolescents as decision makers and to construct electronic medical records (EMR) systems and patient portals that reflect core healthcare professional values. Institutions should be mindful of legal requirements, but also work to enhance ethical conduct even in the face of tensions. As a professional, you are responsible for your own behavior, and professional standards should be the basis of the values of healthcare institutions, not contrary to them (Griffith, 1993; Worthley, 1997). The eighth and final step of the ethical decision-making process is to ask, “How could this ethical problem have been prevented?” Are there any systemic changes that could be made to prevent this problem from happening again? If you are thinking that the answer is to make sure that adolescents do not have access to information on a patient portal, read Scenario  2-B and the discussion of the ethical issues involved in the access of adolescents to patient portals and the EMR. Regarding Scenario 2-A, the first suggestion would be to work with this family from the beginning about the role of MT in decisions about his care. For his first cancer treatment he was only 10, and the role of his parents was quite different. Now that he is 16 and desiring more information and more voice, the role of his parents should be different. It should be made clear that the presumption is

57

that adolescents are involved in their decisions to the extent that they have the capacity and the desire to be involved. It should also be made clear that the healthcare team will help the family with difficult disclosures and conversations. Although the team will try to work with the family around the timing and content of information, the family should understand that the healthcare team will not lie to their patient and will answer his questions honestly when asked. Refer to Appendix 2-A for a blank copy of the ethical decision-making matrix. A completed ethical decision-making matrix for Scenario 2-A and Scenario 2-B are included at the end of this chapter.

Justification in Ethical Reasoning: How Do You Know What Is Best? The most difficult aspect of ethics is deciding on the best course of action and providing good reasons to support your choice. There is usually not just one right answer; rather, there is a range of morally acceptable options, with some options being better or worse than others. Some answers are even outside the range of moral acceptability; these should not be chosen. But how do we know which choices are better or worse? How do you justify your actions? Ethical standards depend on the systematic application of key ethical concepts. Judgments of “better” and “worse” are based on a combination of applying key ethical concepts and your past reflection and experience. This process of ethical reasoning is very complex. We do not just memorize a few ethical theories and then apply them to problems that arise. What is a theory, anyway? Rather than being a kind of special “truth” about the moral life that we can learn and simply apply, ethical theories are organizing structures that help us to identify important language and key concepts and provide for systematic reflection and dialogue (Steinbock, London, & Arras, 2013).

Classic Ethical Theories Two major types of ethical theories are commonly discussed in the literature: utilitarian and

58

Chapter 2   Ethical Decision-Making Guidelines and Tools

deontological theories (Steinbock, London, & Arras, 2013; Beauchamp, 1982).

Utilitarianism The philosophers Jeremy Bentham (1748–1832) and John Stuart Mill (1806–1873) are credited with the theory of utilitarianism. This theory states that actions are right to the extent that they tend to promote happiness and wrong to the extent that they tend to promote the reverse of happiness (Steinbock, London, & Arras, 2013; Beauchamp, 1982). It is a consequentialist theory in that it judges the rightness and wrongness of an action by its consequences; that is, what will happen if the action is or is not performed. One advantage of this theory is its simplicity. Only one thing needs to be considered—happiness. Based on this theory, happiness is measurable and comparable. Some objections to this theory are that happiness is not the greatest good, that it is impossible to calculate the probable consequences of every action, and that utilitarianism conflicts with some of our basic moral intuitions (basic ideas that we have been taught). For example, slaves have a claim to be free even if others benefit from continued slavery.

One advantage of deontological theory is that it supports common moral intuitions about the absolute value of persons and not only the instrumental value. Disadvantages include an inability to decide among duties when they conflict and the inability to take some consideration of consequences when they seem to be particularly important. For example, it seems important to break a promise if it is necessary to save someone from severe harm. Many people analyze the appropriateness of actions according to theology; that is, their particular beliefs about God (theos) and their religious traditions. When asked about a certain course of action, they turn to sacred texts that reveal standards of behavior established by God. In our pluralistic society, in which people have different religious beliefs or none at all, it is difficult to base ethical reasoning on appeals to God’s word. However, most major religious traditions support the same kinds of ethical concepts, such as principles, values, and virtues that are involved in philosophical ethical inquiry. Furthermore, the discussion is enhanced by the rich reflection that is a part of most theological ethics.

Deontological Theory

Applying Multiple Theories

Deontological theory is based on the calculation of duties (the Greek word for duty is “deon”) rather than consequences. Immanuel Kant (1724–1804) is a famous deontological moral theorist (Kant, 1964). If you want to know if a proposed action is morally acceptable, the right question is not “What are the consequences?” but rather “Can I, as a rational person, consistently will that everyone in a similar situation should act the same way?” It is a type of universal golden-rule analysis. However, it is not based on individual idiosyncrasies. Rather than “Do unto others as you would have them do unto you,” it is really “Do unto others as you would have anyone do unto anyone/everyone else.” Another way to put the question is, “By acting this way, am I treating other people as ends in themselves (as people like me with goals and preferences), and not merely as means to my own ends or goals?”

Philosophers develop and stress ethical theories in their search for an ordered set of ethical standards that can be used to assess what is right and wrong in certain circumstances. In recent years, many philosophers have come to doubt that there can be only one correct theory. They believe that it is a mistake to view the various theories as mutually exclusive claims to moral truth. Steinbock, London, and Arras (2013) suggest that “instead, we should view them as important but partial contributions to a comprehensive, although necessarily fragmented, moral vision” (p. 9). Ethical theories can be useful if we do not ask them to do too much. They cannot provide us with certain truth, but they can guide and direct our moral reasoning as we strive to make reliable moral judgments. For example, in Scenario 2-A, a utilitarian would examine the consequences. What would happen if we



Justification in Ethical Reasoning: How Do You Know What Is Best?

answered MT’s question honestly? If we brought his parents into the discussion? On the first level, perhaps MT would be relieved to know the truth about what he is facing—or he could be more upset. The information would be out in the open for everyone to deal with. He would be supported in the dying process. His parents could be very upset thinking that now they have to deal with this conversation in a way that they wished to avoid. On a higher level, the consequences of routinely not involving adolescents in decisions when they have capacity and want to be involved could be that they do not trust healthcare professionals and do not seek care when they need it. A deontological theorist would analyze the duties involved. These would include the duty to tell the truth and to involve patients who have capacity and want to be involved in their decision making. You could not rationally will that all adolescents be excluded from decision making. Adolescents would be treated only as children and not as decision makers who have values and goals that should be respected.

Current Ethical Approaches Discussions of current healthcare ethics draw not only on the classic ethical theories just discussed, but also on several more current approaches.

Analysis of Principles Analysis of principles is best exemplified in Beauchamp and Childress’s Principles of ­Biomedical Ethics (2012). In this work, the authors identify four core ethical principles: respect for autonomy (self-determination), nonmaleficence (not harming), beneficence (promoting good), and justice (fairness). These principles can be very helpful in understanding ethical issues in professional practice and in drafting policies regarding ethical issues. They are not nearly as helpful in clinical applications, where principles may conflict. This approach has also been criticized for its strong reliance on rules and duties and on dealing with patients and others as strangers. It has been characterized as abstract, impartial, and detached.

59

A principle-based analysis of Scenario 2-A would include the principles of beneficence (promoting good by helping to relieve his anxiety) and nonmaleficence (avoiding possible harms that follow from hearing the truth). The  principle of respect for autonomy would require that we involve MT in decisions. Ultimately, he is the one to determine what would be beneficial and harmful—not his parents and not the healthcare team. The principle of justice supports following the rules that apply equally to all—involve adolescents who have capacity and want to be involved. Or distributive justice would require us to pay attention to whether the resources for potentially nonbeneficial treatment are best allocated for more beneficial treatments. Additionally, some would argue that it is more important to avoid harm than it is to promote good—but that depends on who ultimately determines benefit and harm. Notice that two of the principles (beneficence and nonmaleficence) involve consequences and that the other two (respect for autonomy and justice) involve duties. One medical ethicist argues that dutybased principles always should be respected before consequence-based ones (Veatch, 1981).

Analysis of Rights Much moral discussion, especially in the United States, uses the language of rights (Dworkin, 1977). A right is an especially powerful moral claim that others are obligated to respect. In the United States, we speak of such basic human rights as life, liberty (freedom), and the pursuit of happiness. In healthcare ethics, scholars debate a right to die, a right to life, and a right to health care. One advantage of rightsbased approaches is that they are fairly simple to apply. There are few basic rights, and they are particularly important; therefore, they automatically trump other moral considerations. However, one disadvantage is that people disagree as to which claims are basic human rights and on what basis they are determined to be so. Another disadvantage is that rights language tends to polarize debate, with one party asserting a certain right (to choice) and the other party asserting an opposing right (to life). If a right is a justified claim about what one person owes

60

Chapter 2   Ethical Decision-Making Guidelines and Tools

another, it may be more fruitful just to analyze the basis for the obligation in the first place. What does it add to our analysis to claim that MT has a basic human right to decide about his treatment?

Ethics of Care Proponents of this approach to “doing ethics” emphasize the importance of focusing on the patient and the professional in the context of his or her relationships (Gilligan, 1982; Holmes  & Purdy, 1992). An ethics of care considers emotional commitment and a willingness of individuals in relationships to act unselfishly for the benefit of others. More than a principle-based approach, an ethics-of-care approach values sympathy, compassion, fidelity, discernment, and love. An ethics of care does not use rights language the way a principle-based approach would. The origins of the ethics-of-care approach are predominantly in theology and in some feminist writings (Larrabee, 1993; Kittay & Meyers, 1987). Although an ethics-of-care approach provides a correction to the too-abstract approach of principle-based ethics, its weaknesses include the lack of a well-developed basis for providing justification for courses of action. An ethics of care would approach Scenario 2-A by exploring the consequences of the action on the relationships between the parties involved: between the healthcare team and MT; between MT and his parents; between the healthcare team and his parents; and among the healthcare team itself. What action best supports and nurtures these important relationships? Honesty and truth telling are important aspects of any relationship. Compassion in the fact of difficult conversations and choices is also critical. An ethics of care seems well suited to the analysis of not only what you should do, but how you should go about doing it.

Virtue-Based Ethics Closely associated with an ethics of care is a virtue-based ethics that emphasizes the agents who perform actions and make choices (MacIntyre, 1981). A virtue is a habit of behaving in a good way. With this approach, one would ask, “What would a good HIM professional do?” This approach examines feelings, motivations, and duties. It examines not only actions, but

the individual’s character as well. For example, a good HIM professional should have attitudes of respectfulness, honesty, integrity, courage, compassion, and fairness. A virtuous HIM professional’s actions flow from his or her character and attitudes. The HIM professional is in the habit of behaving correctly. Critics of the virtuebased approach note that sometimes virtue is not enough. People of good character who act virtuously can sometimes perform wrong actions. A virtue-based analysis of Scenario 2-A would ask about the character of the healthcare professionals involved. What does it say about the nurse’s and the resident physician’s character if they are willing to avoid answering a direct question from a patient? It could mean that they have great compassion for the parents and want to preserve this important relationship. But it could also indicate a lack of courage to take on difficult and important issues and advocate for patients.

The Bioethicist’s Toolbox We have reviewed two classic ethical theories and four current approaches to healthcare ethics, outlining the advantages and disadvantages of each and applying them to Scenario 2-A. They also apply to Scenario 2-B. It should be obvious that no one theory or approach is adequate. But do we simply pick and choose which theories and approaches to use depending on the case? How do we build a clearly reasoned argument to justify our actions? Eric Juengst (1999) has developed a “bioethicist’s toolbox,” which we describe here. These tools are very useful for illustrating how we “do ethics” in clinical situations—how we analyze a problem and build a moral justification. Rather than choosing just one ethical theory or approach, aspects of each can be combined in the following ways: 1. Hammers (most powerful): ■■ Appeals to shared moral maxims (rules): “Honesty is the best policy.” ■■ Appeals to shared moral principles: “We should promote respect for autonomy by including adolescents in decision making when they have capacity and a desire to be involved.”



Justification in Ethical Reasoning: How Do You Know What Is Best? Appeals to shared traditions: “HIM professionals have a rich history and tradition of promoting patient autonomy and preserving the accuracy and integrity of the medical record.” ■■ Appeals to nonmoral goals: “The primary purpose of the medical record (continuity of care for the patient) can be enhanced by accessing patient portals. 2. Clamps: ■■ Arguments from precedent: “HIM professionals have promoted appropriate access to patient records by patients themselves.” ■■ Argument by analogy: “MT could have confidential information about care for a sexually transmitted infection or a substance abuse problem. How is information about the seriousness of his cancer different from this information?” ■■ Arguments from paradigm cases: “HIM professionals have been taught about appropriate access to patient portals. Not answering MT’s questions is like not granting him access to the patient portal—doing one without the other doesn’t make sense.” ■■ Transcendental arguments: “All reasonable people would agree that we should answer MT’s question directly if they had all the facts.” 3. Wedges: ■■ Exposing consequences: “Not honestly answering MT’s question will undermine the trust patients have in their physicians to tell the truth and walk with them through difficult choices.” ■■ Exposing implications: “A rationale to justify not answering MT’s question could justify other deception with direct harm to the patient.” ■■ Exposing inconsistencies: “Not answering MT’s question is inconsistent with his access to information in the patient portal.” ■■ Exposing biases: “Picking some information that adolescents should have access to over other information could be based on a bias about the capacities of adolescents and a judgment about ■■

61

the morality of some behaviors (i.e., sexually transmitted infections/abortions/ substance use disorders).” 4. Duct tape (not very powerful or persuasive): ■■ Negotiating compromises: “Only this one time.” ■■ Appealing to procedure: “How about voting on it?” ■■ Passing the buck: “Let the boss decide.” 5. Chewing gum (least powerful or persuasive): ■■ Moral introspection: “That’s just the way I feel about it.” ■■ Moral hand-wringing: “This is just awful, and it’s just not right.” Juengst, E. (1999). The bioethicist’s toolbox. Centerviews: The Newsletter of the Center for Bioethics at Case Western Reserve University 10, 5–6.

Two additional comments about justification are necessary. First, what if you have been reading along and you disagree with my analysis of the cases and the development of the arguments supporting the choice to answer MT’s question honestly? This disagreement is not a bad thing. It can improve both of our ethical reasoning skills. You must point out exactly where you disagree with me and tell me why. Disagreement is a necessary part of moral analysis. Confronting counterarguments and responding to them makes an argument stronger. As part of your analysis, you should always make the strongest argument possible for the other choice and then show why your original argument is stronger. If it is not, you should change your mind. What makes an argument stronger? A good argument (1) is based on good information; (2) is supported by respect for the most values, duties, or virtues or by the least infringement of key values, duties, or virtues; or (3) is supported by respect for the most important values, duties, or virtues of the HIM profession and other healthcare professionals on the team. It is important to identify possible sources of disagreement. People can disagree about each of the steps in the ethical decision-making process. They can disagree about the facts, the values involved, or the application of ethical reasoning. The last type of disagreement is the most difficult to resolve. Resolution requires the skills of respectful attention, patience, and open inquiry.

62

Chapter 2   Ethical Decision-Making Guidelines and Tools

Although a comprehensive and clear process of ethical reasoning usually results in consensus, deep disagreement can still exist. Your responsibility is to be thorough and clear-thinking, challenging assumptions, figuring out where disagreements lie, and striving to resolve them. But disagreement is a part of the moral life. People do hold markedly different values, and conscientious objection (withdrawing from participation in a certain situation because of personal moral beliefs) is an essential ethical concept. We must help build moral consensus when possible and respect moral freedom when it is not.

permitted for unusual or complicated situations (e.g., intellectual disability or cancer) ideally customized with input from the adolescent (Society for Adolescent Health and Medicine, 2014). You are working closely with your vendor to make this happen. Partway through the process, word comes down from the administration that work is to stop on this development and no access will be granted to any adolescent patients—only adult patients 18 and over. When asked for a justification, the administration cites legal concerns. They believe that if they cannot guarantee that no breaches in confidentiality will occur with a complex system, then they should not take any chances and therefore deny all access. They announce that this decision is final. You and your colleagues are deeply disturbed by this recent pronouncement. You wonder what you should do.

Moral Distress Sometimes in professional practice, the ethical issue is not only what the right thing to do is, but also how to do it, given the practice environment. This type of ethical issue has been labeled moral distress (Jameton, 1984). For example, consider the following scenario.

Scenario 2-B  Access by Adolescents to Patient Portals Your institution has been working on developing a patient portal for your EMR. You are a member of the task force along with several other HIM professionals. The question of what access adolescents should have comes up for discussion. It is a challenging question ethically and technically. Privacy and confidentiality concerns related to EMRs are already difficult, and “the typical adolescent patient can experience confidentiality issues at virtually every step of the process” (Anoshiravani, Gaskin, Groshek, Kuelbs, & Longhurst, 2012, p.  409). But after careful consideration, your task force recommends a system permitting full access only to the 13- to 17-year-old adolescents, with parents able to receive only nonconfidential information. This approach requires actively blocking access to certain information by parents and requires vigilance and ongoing effort to maintain. Full parental access would be

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter. In addition to the complex ethical issues involved in determining what access adolescents should have (see Appendix 2-A for an analysis of the ethical issues in Scenario 2-B), (Hollis, 2015, Tegen, 2014) there is an additional moral burden associated with not being able to address the ethical concerns openly and collegially. HIM and other healthcare professionals sometimes believe that by pushing back at what they view as unacceptable practices, they will suffer consequences, such as unsatisfactory reviews, a demotion, or even job loss. This problem is particularly distressing in rural practice, where job opportunities may be severely limited. It takes great moral courage to step up to the challenge of changing institutional culture and practice. Several practical suggestions follow: ■■

Talk with trusted colleagues and get advice. Be sure to approach problems through the proper channels and document your efforts. Confirm discussions with administration by sending memos or letters summarizing meetings. Frame issues for the institution in terms of shared values, using the professional standards articulated in



Chapter Summary

■■

■■

the AHIMA Code of Ethics (AHIMA, 2011; Griffith, 1993). Appeal to professional sources that are locally available. Many healthcare organizations have institutional mechanisms, such as organizational ethics committees or compliance officers. Make integrity issues part of your job selection in the first place.

Ethics Resources HIM professionals facing ethical issues in their practice have three main sources of help. Professionals can look in the literature for information about current ethical problems and their resolution. They can also talk with their professional colleagues about the AHIMA Code of Ethics (2011) and its implications in practice. This dialogue should be both with HIM professionals and with colleagues from other professions. Professional meetings also can be a helpful source of ethical dialogue. As discussed earlier, ethics resources also are available in individual healthcare organizations, including patient care ethics committees. The Joint Commission (TJC) includes standards that require an “ethics mechanism” to help patients, families, and staff address ethical issues in clinical care. HIM professionals can bring issues to the institutional ethics committees for discussion and resolution. It is also helpful to have HIM professionals on ethics committees. Ethics committees are multidisciplinary committees trained in ethical concepts and analysis that help patients, families, and staff address ethical issues. They also educate the staff about ethical issues and write policies that address institutional practices. TJC also requires consideration of the ethical issues that arise in the business practices of healthcare organizations. These standards have prompted healthcare organizations to develop organizational ethics committees in addition to patient care ethics committees (Worthley, 1999).

Conclusion It is important for HIM professionals to be able to identify ethical issues and know how to apply

63

the ethical decision-making process to ethical issues that arise in practice and in the development of healthcare policy. Awareness of ethical theories and approaches can be helpful in understanding why some courses of action are better than others. The goal of the study of ethics is to enable HIM professionals to make reliable moral judgments, and thereby uphold the public’s trust in the HIM profession.

KEY TERMS Analysis of principles Analysis of rights Autonomy Beneficence Confidentiality Deontological theories Ethical issue Ethical theory Ethics Ethics of care Family Autonomy Family-centered care Justice Nonmaleficence Patient-centered care Privacy Stakeholder Utilitarianism Virtue-based ethics

CHAPTER SUMMARY ■■

■■

Ethics is the formal process of intentionally and critically analyzing, with clarity and consistency, the basis of one’s moral judgments. It is important for HIM professionals to engage in this process, because they are accountable for their actions as professionals, not just personally. Ethics is necessary to resolve potential tensions between personal values and professional values and among professional values. It provides a formal way to step back from a conflict, search for reasons to support one choice over another, and apply this reasoning in future situations.

64 ■■

■■

■■

■■

■■

■■

Chapter 2   Ethical Decision-Making Guidelines and Tools The ethical decision-making process presented in this text has the following steps: (1) identify the ethical question, (2) determine your gut reaction, (3) determine the facts in the case, (4) determine what values are at stake from the perspectives of all stakeholders, (5) identify the available options in the case, (6) determine what you should do, (7) justify your choice, and (8) explore how this ethical problem might have been prevented. Two classic theories of ethics are utilitarianism and deontological theory. A utilitarian approach considers the consequences of an action (or failure to take action) in terms of how the action promotes happiness. A deontological approach considers whether it is one’s duty to perform or not perform an action. For HIM professionals, such duties would include professional duties, including duties to the public being served and duties to one’s employer or client. One current approach to ethics is principlebased analysis. Beauchamp and Childress (2012) have identified four core principles of biomedical ethics: respect for autonomy (self-determination), nonmaleficence (not harming), beneficence (promoting good), and justice (fairness). Other current approaches are analysis of rights based on consideration of whether an action affirms or violates basic human rights, an ethics of care based on what action best supports the relationships of the parties involved, and a virtue-based ethics that emphasizes how the action expresses and shapes the character of the person who performs it. The “bioethicist’s toolbox” is a collection of ethical approaches that an HIM professional can draw upon to analyze issues with the rest of the healthcare team and determine a justified course of action. According to this classification, the most powerful arguments are appeals to shared moral rules, shared moral principles, shared traditions, and nonmoral goals. When confronted with an ethical dilemma, the HIM professional should (1) talk with trusted colleagues and get advice,

(2)  approach the problem through the proper channels and document his or her efforts, (3) frame issues for the institution in terms of shared values and the AHIMA Code of Ethics, (4) appeal to professional sources as necessary, and (5) address the issue in some way rather than letting it go on unaddressed.

REFERENCES American Health Information Management Association [AHIMA]. (2011). AHIMA code of ethics. Chicago, IL: Author. Anoshiravani, A., Gaskin, G. L., Groshek, M. R., Kuelbs, C., & Longhurst, C. A. (2012). Special requirements for electronic medical records in adolescent medicine. Journal of Adolescent Health Care, 51, 409–414. Beauchamp, T. (1982). Philosophical ethics: An introduction to moral philosophy. New York, NY: McGraw-Hill. Beauchamp, T., & Childress, J. (2012). Principles of biomedical ethics (7th ed.). New York, NY: Oxford ­University Press. Benjamin, M., & Curtis, J. (2010). Ethics in nursing: Cases, principles, and reasoning (4th ed.). New York, NY: Oxford University Press. Blythe, M. J., & Del Beccaro, M. A. (2012). Standards for health information technology to ensure adolescent privacy. Pediatrics, 130, 987–990. Committee on Bioethics, American Academy of Pediatrics. (1995). Informed consent, assent and permission in pediatrics. Pediatrics, 95(2), 314–317. Davis, A. J., Fowler, M. D. M., & Aroskar, M. (2010). Ethical dilemmas and nursing practice. Boston, MA: Pearson. Dworkin, R. (1977). Taking rights seriously. Cambridge, MA: Harvard University Press. English, A., Bass, L., Boyle, A. D., Eshragh, F. (2010). State minor consent laws: A summary (3rd ed.). Chapel Hill, NC: Center for Adolescent Health and the Law. Gilligan, C. (1982). In a different voice: Psychological theory and women’s moral development. Cambridge, MA: Harvard University Press. Griffith, J. (1993). The moral challenges of health care management. Chicago, IL: Health Administration Press. Hollis, K. (2015). Protecting Adolescent Confidentiality in EHRs, The Journal of AHIMA. Holmes, H., & Purdy, L. (Eds.). (1992). Feminist perspectives in medical ethics. Bloomington, IN: Indiana University Press. Jameton, A. (1984). Nursing practice: The ethical issues. Upper Saddle River, NJ: Prentice Hall. Jonsen, A. R., Siegler, M., & Winslade, J. (2006). Clinical ethics: A practical approach to ethical decisions in clinical medicine (6th ed.). New York, NY: McGraw-Hill.

References 65 Juengst, E. (1999). The bioethicist’s toolbox. Centerviews: The Newsletter of the Center for Bioethics at Case Western Reserve University, 10, 5–6. Kant, I. (1964). Groundwork of the metaphysic of morals. Translated by H. J. Paton. New York, NY: Harper & Row. Kaplan, M. (2010). SPIKES: A framework for breaking bad news to patients with cancer. Clinical Journal of Oncology Nursing, 14(4), 514–516. Kittay, E., & Meyers, D. (Eds.). (1987). Women and moral theory. Savage, MD: Rowman & Littlefield. Larrabee, M. (Ed.). (1993). An ethic of care: Feminist and interdisciplinary perspectives. New York, NY: Routledge. Lo, B. (2000). Resolving ethical dilemmas: A guide for clinicians (2nd ed.). Baltimore, MD: Lippincott, William & Wilkins. MacIntyre, A. (1981). After virtue: A study in moral theory. Notre Dame, IN: University of Notre Dame Press.

Purtilo, R. (2005). Ethical dimensions in the health professions (4th ed.). Philadelphia, PA: W. B. Saunders. Society for Adolescent Health and Medicine. (2014). Recommendations for electronic health record use for delivery of adolescent health care. Journal of Adolescent Health, 54, 487–490. Steinbock, B., London, A., & Arras, J. (2013). Ethical issues in modern medicine: Contemporary readings in bioethics. New York, NY: McGraw-Hill. Tegen, A. (2014), Interview by Mary Butler about protecting adolescents in EHRs. The Journal of AHIMA. Veatch, R. (1981). A theory of medical ethics. New York, NY: Basic Books. Worthley, J. (1997). The ethics of the ordinary in healthcare: Concepts and cases. Chicago, IL: Health Administration Press. Worthley, J. (1999). Organizational ethics in the compliance context. Chicago, IL: Health Administration Press.

66

Chapter 2   Ethical Decision-Making Guidelines and Tools

Blank Ethical Decision-Making Matrix Steps

Information

1. What is the question? 2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN

TO BE GATHERED

4. What are the values?

Patient:

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

HIM Professional(s):

STAKEHOLDERS

Society:

Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue.

Others as appropriate:

Healthcare professional(s): Administrators:

5. What are my options? 6. What should I do? 7. What justifies my choice?

JUSTIFIED

NOT JUSTIFIED

8. How can I prevent this problem?

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.



Ethical Decision-Making Matrices

67

Ethical Decision-Making Matrices SCENARIO 2-A  Decision Making for an Adolescent Steps

Information

1. What is the question?

Should the nurse and the resident physician disclose MT’s prognosis?

2. What is my ‘gut’ reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have? I have two reactions that are very different. My parents taught me to always tell the truth and they taught me that family is important and I should listen to my parents. Tell the truth to MT or listen to his parents?

3. What are the facts?

KNOWN ■■

■■ ■■

■■

■■

■■

■■

■■

4. What are the values? Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

MT is 16 years old with a terminal brain cancer that was the result of the original treatment for his leukemia at age 10. The team is recommending hospice care. MT’s parents don’t want him to know about his diagnosis and prognosis and want to explore other experimental treatments. They have asked that the team not talk with MT without their presence. The parents are insisting on full code status – meaning that in the event that he stops breathing or his heart stops beating, they want him to be resuscitated. MT seemed to agree with their decisions in the past but now he has started to initiate conversations with his night nurse about his condition. MT and his parents signed up for access to a patient portal in the past. MT has recently begun accessing information on his patient portal and has accessed his new diagnosis of GBM. He conducted an Internet search on this diagnosis and learned about his poor prognosis. MT has asked his parents to leave and has asked his nurse and resident physician if he is dying.

TO BE GATHERED ■■

■■

■■

■■

■■

■■

■■

■■ ■■

■■ ■■

■■

Why is MT asking this question now? What does he really want to know? Why do MT’s parents not want to discuss things with MT? Are there other trusted family members who can be of assistance? Is this a family of faith where a chaplain or other clergy could be of assistance? Do the parents realize that MT is accessing information from the patient portal that they signed up for in the past? What information is available on the patient portal? What other experimental treatments are available? Is MT stable enough to be transferred? Does MT have capacity? Is the brain tumor affecting his capacity? What are MT’s wishes? Would MT be willing to wait and talk with his parents? Are there other children in the family?

The patient: MT is 16 years old and seems to want to receive information about his status. Respect for his autonomy (self-rule) is a key value. It’s his life and body and decisions made will affect how he lives and how he dies. He may have particular ideas about what he thinks will benefit (beneficence) and what will harm him (nonmaleficence). He values being told the truth. He trusts his care providers. He seems to want privacy (a discussion without his parents) and perhaps confidentiality (information not shared with his parents). But he also loves and respects his parents. The nurse and the resident physician: The nurse and the resident physician have a special relationship with MT and they value that relationship based on trust. They value benefitting MT and keeping him from harm. The quality of MTs life, not just the quantity of life is important. They also value telling the truth and respecting MT’s autonomy. They want to respect MTs privacy and perhaps his desire for confidentiality. (continued )

68

Chapter 2   Ethical Decision-Making Guidelines and Tools

SCENARIO 2-A  Decision Making for an Adolescent (continued ) STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue .

But they also value family relationships, and their obligations to the rest of the healthcare team to provide only beneficial treatments. Their integrity is at stake if MT does not receive appropriate healthcare according to justifiable clinical judgments. The value of justice is also important in that resources could be expended on potentially non-beneficial treatments that could be better allocated to access more beneficial treatments. The parents:. The parents love MT and want him to live as long as possible. The value of prolonging life seems to be more important than the harms that could be associated with aggressive treatment at the end of life. They seem to want to protect MT from information that could be psychologically harmful. They value their role as decision makers (family autonomy) and do not seem to value MTs autonomy. The HIM professional(s): The HIM professional shares key professional values with other healthcare professionals. They value truth telling, respect for patient autonomy, patient well-being (beneficence), keeping patients from harm (nonmaleficence) and the appropriate allocation of healthcare resources (justice). The HIM professional also has particular values around accuracy of information, transparency, the appropriate use of the electronic medical records and appropriate access through patient portals. Other healthcare professional(s): Although the nurse and the resident physician are most directly affected by the ethical question in this scenario, other healthcare professionals are members of the team and are also involved. They include the attending physician, other consultants, other nurses, the pharmacist, the social worker, and the chaplain. MT is probably well-known to this oncology team since his first illness and now this relapse. The whole team will be affected by the decisions made. They all share the values of truth telling, respect for patient autonomy, patient well-being (beneficence), keeping patients from harm (nonmaleficence) and the appropriate allocation of healthcare resources (justice). They also value working well together as a team to provide the best care for MT and his family. Hospital administrato(s): Hospital administrators have an obligation to promote the welfare of patients (beneficence) and keep them from harm (nonmaleficence). As healthcare professionals, they also have an obligation to tell the truth. Administrators value patient and family-centered care and patient portals are a way to enhance their involvement in their care and respect their autonomy. They also value adolescents as independent decision makers and have granted them access to the patient portal. They value patient privacy and confidentiality, even in the complex situation of adolescents. Just like the patient and family, the hospital administrators also have an interest in controlling healthcare costs and increasing access to healthcare. The value of justice as fairness is also involved. Society: Society values good care, truth-telling, privacy, confidentiality, and patient and family centered care that enhances respect for autonomy. Some people would argue that everyone in society who pays for health care has an interest in seeing that healthcare costs are controlled. Also, everyone is obligated to promote the just or fair allocation of healthcare resources.

5. What are my options?

What could the nurse and resident physician do in this scenario? They could (1) tell MT what they understand about his condition, (2) tell MT to ask his parents, or (3) tell MT that they will discuss this with him with his parents present.

6. What should I do?

Answer MT’s questions

7. What justifies my choice?

JUSTIFIED

NOT JUSTIFIED

The decision to answer MTs question about whether he is dying - either immediately without his parents or as soon as you can get his parents to join you - is based on the key value of respect for patient autonomy. The nurse and resident have a special relationship with MT and he trusts them to tell him the truth and to help him.

Don’t answer MT’s question and tell him to ask his parents



Ethical Decision-Making Matrices

69

SCENARIO 2-A  Decision Making for an Adolescent (continued ) They want to honor his desire for privacy and perhaps for confidentiality as well. Of course, the information should be delivered in a compassionate and skilled way. To answer his question is the most respectful and truthful action. MT has been living with cancer for a long time and he is familiar with the disease and his experience of it. He may be seeking some degree of control over his situation, and contrary to his parents’ belief, the information might help him manage his anxiety and will be helpful, not harmful. At 16, he most likely has the mental capacity to understand his diagnosis and prognosis – depending on his maturity and the possible effects of the brain tumor. The presumption is that adolescents should be involved in their health care decision making to the extent that they are capable and desire to be involved. Not informing him of what is going on will not change his diagnosis or prognosis. He needs help to prepare for his impending death, and so do his parents. Remember that MT loves his parents and they love him. They will live with his death and dying in a way the health care providers will not. Be careful that you do not alienate his family just when MT needs them the most. But what about the other values like respect for family decision making and for their interpretation of what is beneficial and harmful for MT. They love him and want to protect him. Why not leave it to the parents to answer MT’s questions? They have been the most involved and they have the most at stake after MT. One response is that to not answer his question would be to deny the unique obligation you have to MT as his health care professional. Taking care of the family is important, but MT is your patient and he is asking you a direct question. Leaving it to his family is to risk continued nondisclosure and your part in this “deception.” MT is asking for some privacy and perhaps for confidentiality as well. You can satisfy your obligations to both MT and his parents in carefully planning how to tell. 8. How can I prevent this problem?

Work with this family from the beginning about the role of MT in decisions about his care. For his first cancer treatment he was only 10 and the role of his parents was quite different. Now that he is 16 and desiring more information and more voice, the role of his parents should be different. It should be made clear that the presumption is that adolescents are involved in their decisions to the extent that they have the capacity and the desire to be involved. It should also be made clear that the healthcare team will help the family with difficult disclosures and conversations. Although the team will try to work with the family around the timing and content of information, the family should understand that the healthcare team will not lie to their patient and will answer his questions honestly when asked.

70

Chapter 2   Ethical Decision-Making Guidelines and Tools

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to f­ollow all the steps of the matrix.

SCENARIO 2-B  Access by Adolescents to Patient Portals Steps

Information

1. What is the question?

Should adolescents have access to patient portals? At what age should adolescents have access? What access should they have and what access should their parents have?

2. What is my ‘gut’ reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have? A gut reaction can be very variable. It could be something like - “of course adolescents should have independent access since the assumption is that they can consent to some procedures without their parents and they deserve the same considerations as other patients. I have experienced disrespect as an adolescent patient and my bias would be to allow access” – to “of course adolescents should not have access with the assumption that their parents are paying and they would find out from the processing of insurance claims anyway. I have experience with adolescents not being as mature as they think they are and my bias is to involve their parents.”

3. What are the facts?

KNOWN ■■ ■■

■■ ■■ ■■

■■

■■

■■

■■

Your institution is developing a patient portal for your EMR. You are a member of the task force with several other HIM professionals. The question of access for adolescents is raised. This question is very challenging ethically and technically. In all 50 U.S. states, testing and treatment for sexually transmitted infections are protected by law as confidential in most situations. (Position paper, The Society for Adolescent Health and Medicine, 2014) In certain states adolescents can consent to other testing and treatment without their parents, including treatment for alcohol and other drug use disorders and other mental illnesses, and contraception and treatment for pregnancy. Adolescent parents are responsible for treatment decisions regarding their children. (English A, Bass L, Boyle AD et al, 2010) There are federal requirements for confidentiality tied to certain funding sources. (English A, Bass L, Boyle AD et al, 2010) There is a growing literature on the potential benefits of EMR use for children and adolescents. (Position paper, The Society for Adolescent Health and Medicine, 2014) Various HealthCare Policy organizations support the confidential treatment of adolescents and the use of patient portals by

TO BE GATHERED ■■

■■

■■

■■

Does your EMR vendor have a product that has robust, flexible, granular privacy settings? How confident are they that confidentiality/ privacy breeches can be avoided? What was your organization’s policy and procedures regarding adolescent consent and treatment before you switched to an EMR? Does your organization have a past history of confidentiality/privacy breeches?



Ethical Decision-Making Matrices

71

SCENARIO 2-B  Access by Adolescents to Patient Portals (continued )

■■

4. What are the values? Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s). STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue.

adolescents. (Position paper, The Society for Adolescent Health and Medicine, 2014) EMR vendors are not necessarily prepared with products that meet regulatory requirements (privacy and confidentiality for patients including adolescents) and have robust, flexible, granular privacy settings (Anoshiravani A et al, 2012)

■■

What is your organization’s policy and procedures regarding patient portals? What is their experience?

Adolescent patients: Patients value respect for their autonomous health care decisions; respect for their privacy and confidentiality; getting testing and treatment that will promote their well-being (beneficence); avoiding harms that can follow from not seeking testing and treatment for fear of stigma and negative consequences if people found out (nonmaleficence); being treated fairly (not being discriminated against because of their age and having fair access to health care resources); compassionate treatment; fidelity to promises made to provide respectful treatment with attention to privacy and confidentiality; trust in health care professionals and family members; family relationships Their parents/guardians: It can be assumed that most parents love their children and feel deeply responsible for their lives and well-being. They value the well-being of their children and access to healthcare that promotes their children’s best interests (beneficence); they want to keep their children from harm whether physical or psychological (nonmaleficence); they value themselves as decision makers for their children; they may or may not value their adolescent children as decision makers for themselves; they may value fair access to information if they are the ones paying for healthcare services (justice); they value gaining and maintaining the trust of their children; and they value keeping their promises to care for their children (fidelity). They also value honesty and truth telling. Healthcare professional(s) including HIM professional(s): All health care professionals have a commitment to respect their patients’ autonomy to the extent that patients have decision making capacity; this includes adolescent patients, too. They also share a commitment to benefit their patients (beneficence) and keep them from harm (nonmaleficence). They all value honesty and truth telling and treating people fairly (justice as non-discrimination and fair access to health care resources.) Professionals value a trusting relationship with patients and families and also keeping promises (fidelity). They also value respecting privacy and confidentiality. The HIM professional code of ethics is particularly strong on the values of privacy and confidentiality and using the expertise of HIM professionals to make sure systems are developed and utilized that support these values. All health care professionals also value respect for each other and working collaboratively as a team. The institution: Health care institutions value providing the highest quality of care for patients and their families (beneficence and nonmaleficence). Most hospitals have policies that support patientcentered care and also family-centered care. They also value respecting patients, whether this is respecting their autonomous decisions, their privacy or their confidentiality. Health care institutions want a trusting relationship with their health care professionals and with patients and their families. They value health care professionals working collaboratively with each other to provide the highest quality, safest and most cost-effective care. Health care institutions value accurate and accessible health information, for the best health care for patients, for accurate quality improvement measures, and for accurate billing. Health care institutions also value their reputation in the community and following state and federal regulations and laws. Society: Society values high quality, safe, patient-centered and cost-effective care that is provided by trust-worthy health care professionals and health care institutions. Societal laws and policies support the independent decision making by adolescents in an effort to support public health. If adolescents could not receive confidential testing and treatment for sexually transmitted infections, contraception and pregnancy, drug and alcohol use disorders, and other mental illnesses, not only (continued)

72

Chapter 2   Ethical Decision-Making Guidelines and Tools

SCENARIO 2-B  Access by Adolescents to Patient Portals (continued ) would their health suffer, but the health of the public could be at risk as well. Society also values the fair treatment of patients, whether in the form of non-discrimination or fair access to affordable health care. Value Tensions: All stakeholders share the values of wanting to promote the well-being of adolescents and keep them from harm. The tensions arise in determining who best to define wellbeing, the adolescent? Family? Healthcare professionals? There is also a tension between respect for the adolescent as a decision maker or the family as a decision maker and between access to health information and helping to insure privacy and confidentiality. 5. What are my options?

1. Allow only adults (by age – over 18) on the patient portal. 2. Allow adolescents (between ages 13 and 17) on the portal with permission from their parents who have access. 3. Allow adolescents (between ages 13 and 17) on the portal with access given to parents of only non-confidential information or with permission from adolescents.

6. What should I do?

Option #1 would not afford adolescents the benefit of patient portals, especially in areas in which they are the primary decision makers and not their parents (sexually transmitted infections, contraception, pregnancy, drug and alcohol use, other mental illnesses) and should not be chosen. Option #2 seems to allow adolescents access, but only with the permission of their parents, which also denies the benefits of patient portals and involves considerable breaches of privacy/confidentiality and should not be chosen. Option #3 should be chosen because it affords the most access to adolescent patients and also the most control of what their parents have access to.

7. What justifies my hoice?

JUSTIFIED

NOT JUSTIFIED

To deny adolescents access to patient portals is to deny the benefits of them to patients based simply on age, which could be a violation of the principles of respect, beneficence and justice. Our society has determined through laws and public health policies that adolescents should be able to decide about their own healthcare in certain important ways and an EMR could be an important part of improving that care. Key adolescent health care organizations support such access. (Position paper, The Society for Adolescent Health and Medicine, 2014) But all stakeholders are concerned to respect privacy and confidentiality and to minimize the harms that follow from possible breaches (nonmaleficence). It would be important to make sure that the EMR vendor would be able to provide a product with reasonable assurances that breaches could be avoided or at least minimized to an acceptable level. The commitment of the institution should be to grant access, using a vendor that is able to provide this.

Deny adolescent access to patient portal.

To go forward knowingly with a product that could not provide the necessary access and protections would be to violate all the associated values of the stakeholders. Another other possible concern is for the families who, in many instances, are paying and who would like to be involved in the decision making. And in so far as the decisions are sensitive, like end of life decisions, one can see the power of their claim to control information.

Go forward with a product that cannot provide access and protections



Ethical Decision-Making Matrices

73

SCENARIO 2-B  Access by Adolescents to Patient Portals (continued ) Adolescents may have some adult capacities, but they are not adults yet. Many would argue that adolescents need the involvement of their families, especially at such critical decision points as pregnancy, parenthood and end of life. But this important claim does not require either extreme – no access for adolescents or no access for families. The values of respect for autonomy, beneficence, nonmaleficence, justice, trusting family and healthcare relationships could be supported by a policy that allowed adolescents to determine through careful dialogue, what access their families should have. 8. How can I prevent this problem?

The testing, treatment and documentation of care for adolescents waschallenging even before EMR and patient portals. This ethical issue could not have been prevented. It will take the intentional and dedicated efforts of healthcare professionals including HIM professionals working diligently with EMR vendors to create systems that can support the privacy and confidentiality needs of all patients, including particularly adolescents.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

CHAPTER 3

Privacy and Confidentiality

© kentoh/Shutterstock

Laurie A. Rinehart-Thompson, JD, RHIA, CHP, FAHIMA Laurinda B. Harman, PhD, RHIA, FAHIMA

Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and changes per the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act. Authorization requirements are also discussed. Both patient and professional concerns about privacy and confidentiality are identified, with a focus on medical identity theft, the use of electronic health records and mobile devices, and social media challenges.

Learning Objectives After completing this chapter, the reader should be able to: ■■

■■

■■ ■■

■■

Understand the difference between privacy and confidentiality. Understand the primary ethical obligation of the health information management professional to protect the privacy of an individual’s health information and confidential communications. Discuss release-of-information considerations. Discuss the practical implications of the Health Insurance Portability and Accountability Act (HIPAA) privacy requirements and changes per the Health Information Technology for Economic and Clinical Health (HITECH) Act. Discuss patient and professional concerns about privacy and confidentiality, including issues surrounding the use of social media.

Scenario 3-A   Family and Friends: Should I Tell? Mary is a health information management (HIM) student completing a clinical practice rotation in an acute care hospital in her community. This week she is learning about the release-of-information process. At the breakfast table, Mary’s mother asks her to find out what is wrong with Ruth, their next-door neighbor. Ruth has been admitted to the hospital twice in the past three months, and Mary’s mother wants to know why. While processing the requests for release of information that afternoon, Mary comes across one from Ruth’s insurance company. Mary learns that Ruth was hospitalized due to physical abuse by her husband. Mary has been in trouble with her mother recently. She knows that if she tells

Introduction This chapter explores the primary ethical obligation of the health information management (HIM) professional to protect the privacy of information compiled in a health information system. The complexity of balancing privacy and confidentiality against the need to respond to legitimate requests for information is discussed, particularly in light of the Health Insurance

(continued )

75

76

Chapter 3    Privacy and Confidentiality

her mother this information, she will score “big points.” She is very tempted to tell her mother the information she has learned. Later that same day, while responding to another request for information, Mary realizes that the medical record she is reviewing belongs to Ron, her best friend’s fiancé. Mary learns that Ron has a drug abuse problem and was recently diagnosed with HIV. Mary will be the maid of honor at the wedding of Ron and Patricia two months from now, and she knows that Patricia does not know about Ron’s problems. Mary becomes worried and wonders whether she should tell her best friend what she has learned, because Ron’s conditions could affect Patricia’s health and the quality of her married life. Questions 1. What should HIM professionals do when family or friends ask them for information about others or when they discover things about people they know during the process of doing their work? Does Mary have the right to reveal this information to others? HIM professionals must recognize their first priority, which is to safeguard the privacy of the health information they work with. Mary does not have the right to reveal this information to her mother or to anyone else. 2. In the situation regarding Mary’s friend Patricia and her fiancé Ron, would Mary be more justified in revealing patient information than in the situation regarding the next-door neighbor? Why or why not? This situation creates more ethical tension because Mary is dealing with competing valid ethical values: loyalty to her friend and concern for her friend’s safety and well-being versus loyalty to her employer and to the HIM professional values she has committed herself to (in addition to her obligation not to violate HIPAA). As an HIM professional, Mary must remain true to her professional values. As difficult as it will be not to reveal the information she has learned about Ron, she would

not be justified in doing so. It is possible that Ron’s HIV is from Patricia. 3. Would Mary be more justified in revealing patient information if Patricia was not her best friend, but her sister? Why or why not? No, she would not be more justified. It does not matter to whom the information would be disclosed. In either case (friend or sister), the disclosure would be a violation of the law and of HIM ethical principles. 4. Why are privacy and confidentiality so important to patients who receive care and to those who provide care? Why should they be important to the HIM professionals who are entrusted to protect patient information? If patients cannot trust that the privacy and confidentiality of their health information will be preserved, they will be less likely to be honest and forthcoming with information they provide. Privacy and confidentiality should also be important to HIM professionals because they promote health information integrity and because patients will be more honest and forthcoming. This will ultimately result in better patient outcomes.

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter.

Scenario 3-B   Share Information on Facebook? Delaney is a young HIM professional who graduated from college last year. She took a position as a registration clerk in a busy oncology clinic, hoping to obtain an HIM supervisor position in the same organization. One day while Delaney was working, Melissa came into the clinic and Delaney registered her. Melissa was Delaney’s freshman college roommate.



Protecting Health Information

Melissa had been diagnosed with cervical cancer during their sophomore year in college. Both moved out of the dorm after that year, and they did not keep in touch after that. ­Delaney was pleased to see Melissa, who assured Delaney that she was doing well despite mandated yearly check-ups with her oncologist. She told Delaney that she continues to be cancer-free and told Delaney to say “hello” to any of their acquaintances from the dorm that Delaney still keeps in touch with. Delaney is friends on Facebook with quite a few of the friends from the dorm. Questions 1. Should Delaney share Melissa’s status on Facebook? No. This would be a HIPAA violation and an ethical violation. Delaney obtained this information in the course of her employment with a covered entity and, as such, her HIM ethical values require her to protect this information. 2. Would your answer change if Melissa had specifically permitted Delaney to share her health update with their mutual acquaintances? No, even if Melissa had specifically permitted Delaney to share her health status, it would still be a violation because of the manner in which Delaney obtained the information. 3. Would your answer change if Delaney only shared the information with her Facebook friends who know Melissa? No. Answers 1 and 2 continue to apply. 4. Would your answer change if Delaney, instead of encountering Melissa in the oncology clinic, had run into her at a restaurant or in a store after work? Yes. The situation is now different. In this scenario, Delaney did not obtain confidential information in the course of her employment with a covered entity and is thus not bound by HIPAA requirements or HIM ethical obligations.

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter.

77

Protecting Health Information Protecting health information privacy means that information is kept from those not authorized to access it. The information contained in a health information system can be the most private information collected about a person. When a patient receives health care, documentation is compiled that supports medical decisions, care rendered, and outcomes of services. Telling the truth is vital to the successful delivery of appropriate health care, yet this can place the patient in a vulnerable position. Intimate clinical and behavioral secrets, such as family diseases (e.g., cancer, mental illness), social habits (e.g., smoking, alcohol abuse), or previous medical events (e.g., surgeries, suicide attempts), are revealed by the patient or discovered by the provider as the care is given, as diagnostic test results are reported, and as future options for care are discussed. Information is shared and documented with trust that it will be protected from unauthorized access. Health information management (HIM) students and professionals, as well as other healthcare professionals, such as nurses and physical or occupational therapists, gain access to the detailed, confidential information documented in every patient’s medical record as part of their work. This includes making sure that the medical record is accurate and complete as a legal document; that care and services are coded correctly for statistical purposes, clinical studies, and reimbursement; that information is released to authorized parties; and that the myriad other functions that support the complex health information system are performed. Protecting health information privacy and the confidential information collected in the health information system is the central and defining value and obligation of the HIM professional. HIM professionals would have an absolute ethical obligation to protect health information even if there were no privacy and confidentiality laws. In Scenario 3-A, the HIM student who must make decisions about releasing information requested by family and friends is challenged to stay focused on the responsibility to

78

Chapter 3    Privacy and Confidentiality

protect privacy and confidentiality. It can be tempting to release this information to others, especially when one has legitimate conflicting interests such as preventing the harm that might come to family or friends if the information is not revealed.

relating to a person’s healthcare history, diagnosis, condition, treatment, or evaluation. These concepts align with the protection of health information per HIPAA.

Privacy and Confidentiality

The release of information process has long been an integral HIM function. It involves managing the transfer of health information for use within an organization or disclosure outside the organization to authorized recipients. Those to whom access to health information is given includes individuals or entities (Brodnik, Rinehart-Thompson, & Reynolds, 2012). Today, the number of requests for ­i nformation and the amount of health information requested are increasing at a phenomenal rate. Many requesters have a legitimate need for information, and the healthcare system cannot operate effectively without releasing confidential information. HIPAA governs requests made by individuals and organizations for protected health information (PHI). Requests frequently relate to reimbursement for healthcare services. For example, third-party payers often require access to confidential information to verify that medical care was provided and to determine the medical necessity of the services rendered. However, information is requested by a number of other entities, both internal and external to an organization. Such entities include other healthcare providers, licensing bodies, attorneys, life and disability insurers, state agencies, and employers. To be performed correctly, the release-ofinformation function requires attention to detail and knowledge of state and federal laws related to the use and disclosure of health information (LaTour, Eichenwald-Maki, & Oachs, 2013). Thus, it is virtually impossible to discuss the release-of-information function without also considering HIPAA and its authorization requirements, which vary depending on the type of requester. Release-of-information policies and procedures must be established and enforced to ensure that the needs of requesters are met while patient information privacy is protected and laws are followed at the same time.

The terms privacy and confidentiality are often used interchangeably; however, there are important distinctions. Privacy is an important social value that means the right “to be let alone” (Warren & Brandeis, 1890). Privacy requires the protection of information—that is, the assurance that there are no unauthorized uses or disclosures. The value of patient authorization, which is documented permission to use or disclose information, is central to privacy (Brodnik, Rinehart-Thompson, & Reynolds, 2012). It is inherently based on fair and appropriate use of the information. Although the U.S. Constitution has been interpreted to give fundamental privacy rights in some areas of one’s life, such as marriage or child rearing, and to protecting those areas to the greatest degree from government intrusion, privacy of one’s own health information as a fundamental right has not been established. Even so, the right of a patient to the privacy of his or her own health information has generally been recognized by common law and has been advocated by the health information profession. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the federal health information privacy law, clearly sets forth parameters for health information privacy. As compared with privacy, confidentiality stems from a clinical relationship between a patient and those providing his or her health care. When a patient reveals information to a physician or other provider of care, there is an assumption that this information will be treated as confidential. As such, healthcare providers, institutions, and HIM professionals are obligated to protect information that is collected. Personal identity is central to privacy and confidentiality and includes information

Release of Information



The HIPAA Privacy Rule Although the principles of privacy and confidentiality have long been rooted in the HIM profession, statutory and regulatory protections of health information continue to evolve.

History of Privacy Laws Prior to implementation of the HIPAA Privacy Rule, the protection of health information historically resided with state laws. This created a complex patchwork effect because some states broadly addressed patient confidentiality, others targeted only specific types of records (e.g., HIV/ AIDS and mental health) for special protection, and still other states were virtually devoid of health information protections. It was not until 1974 that a federal law was passed to protect privacy. However, the federal Privacy Act of 1974 (5 U.S.C. § 552a) was narrow. It applied only to information collected by the federal government, and it was not tailored to protect health information. As a result, its impact on the protection of health information was extremely limited. Ironically, in years past, despite the existence of fewer health information protection laws, patients had less need for concern about what information was used and disclosed because fewer people sought information from medical records. Information was reviewed primarily by providers of care, researchers, or those who supported important review processes, such as quality of care or risk management. With increasing demands for access to health information and migration toward an electronic health record, however, public concern about threats to health information privacy gained momentum and resulted in federal legislation directed specifically toward health information privacy. The privacy portion of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. L. 104-191) was passed because the limited federal health information privacy laws in existence at the time protected only certain types of health information (e.g., drug and alcohol abuse records) or information held by certain entities (e.g., agencies of the federal government). Likewise, because state

The HIPAA Privacy Rule

79

laws were often limited and inconsistent with one another, they provided varying degrees of protection from one state to the next. The result of these limited and inconsistent laws was that many types of health information,— especially those deemed not to be highly sensitive in nature,—were left unprotected by statute. Prior to HIPAA, the only recourse individuals generally had if their privacy was violated was through the court system, an expensive, timeconsuming, and emotionally exhausting experience with no guaranteed outcome. For example, if an individual lived in a state with statutes that protected only information related to behavioral health and HIV, the only recourse for the wrongful disclosure of that individual’s plastic surgery records from a nonfederal healthcare provider was through the court system in that state. HIPAA, conversely, protects all health information equally and is therefore designed to increase health information privacy and confidentiality.

HIPAA Privacy Rule Framework HIPAA contains five titles, most of which do not specifically address the protection of health information. Although HIM professionals focus on the health information privacy and security aspects of HIPAA, the act is much broader. Title I protects individuals from losing their health insurance when leaving and/or changing jobs by providing insurance continuity (portability). The administrative simplification portion of Title II contains the HIPAA Privacy and Security Rules, but a separate portion of that title increases the federal government’s authority over fraud and abuse in the healthcare arena (accountability). Titles III, IV, and V contain taxrelated provisions relevant to the Internal Revenue Code and requirements for group health plans. Although the HIPAA statute was created and passed by Congress, the U.S. Department of Health and Human Services developed the regulations—the HIPAA Privacy Rule—that delineate the statutory requirements. The final HIPAA Privacy Rule (45 C.F.R. Parts 160 and 164) has been in effect since April 14, 2003. The HIPAA Privacy Rule’s many important and complex provisions require additional

80

Chapter 3    Privacy and Confidentiality

intensive study by HIM students and professionals. Some key provisions of the HIPAA Privacy Rule (hereafter referred to as “HIPAA” or the “HIPAA Privacy Rule”) that relate to discussions in this chapter are described below. HIPAA applies to covered entities (CEs) and their business associates (BAs), discussed later in the chapter. CEs include healthcare providers that conduct certain types of electronic transmissions; healthcare clearinghouses, which process transactions between healthcare providers and their payers; and health plans (45 C.F.R. §160.103). HIPAA also applies to protected health information (PHI), which is individually identifiable health information that relates to an individual’s past, present, or future physical or mental health condition; provision of health care; or payment for the provision of healthcare (45 C.F.R. §160.103). To be PHI, information must be in the custody of or transmitted by a CE or BA. To be individually identifiable, the information must identify an individual, or there must be a reasonable basis to believe an individual could be identified from the information provided. De-identified information, which does not identify an individual and for which there is no reasonable basis to believe the information can be used to identify an individual (45 C.F.R. §164.514), is not PHI and is therefore not protected by HIPAA. For example, the number of patients with Alzheimer’s disease is not PHI as long as the identity of each patient cannot be ascertained. All genomic data are personalized markers and can be linked to an individual and cannot be de-identified, so all of this data is PHI.

Requirements for Patient Authorization PHI may be requested for many reasons: patient care, financial, legal, personal, and myriad other purposes. It is imperative that CEs be familiar and compliant with the requirements of the HIPAA Privacy Rule so each type of disclosure and use can be evaluated to determine if authorization is required, how much information can be used or disclosed, and how each type of situation should be handled. The HIPAA Privacy Rule provides specific requirements for patient authorization forms, including those elements that

must be included in an authorization for disclosure (45 C.F.R. §164.508(c)). Although these required core elements do not differ significantly from the elements historically recommended by the American Health Information Management Association (AHIMA) as professional best practice, they now have the force and effect of federal law. The blanket authorization allows all information, including information that will be created in the future (after the authorization is signed), to be given to a payer (insurer). However, these authorizations are no longer required because HIPAA permits PHI to be disclosed to payers for payment purposes without patient authorization. Nonetheless, some organizations continue to use blanket authorizations to demonstrate patient agreement. ■■

Description of information. This description must identify the information to be disclosed in a specific and meaningful fashion. For example, the request should specify what is wanted, such as “the discharge summary and the operative report,” rather than asking for “any and all information.” Providing the time frame for the information that is to be disclosed (e.g., hospitalization from 9/5/14 to 9/10/14) also provides a more specific description of the desired information. According to the Office for Civil Rights, PHI created after an authorization is signed may be disclosed if the authorization “encompasses the category of information” of the new PHI, as long as the authorization has not expired, has not been revoked, or has been written to limit disclosure of subsequently created PHI (http://www.hhs.gov/ ocr/hipaa/). Discerning what a category consists of can be open to interpretation. HIM professionals must recognize that patients cannot truly protect their right to privacy if they authorize the disclosure of PHI that has not been created yet. One-time authorizations that permit the disclosure of “any and all” information do not adhere to HIPAA’s “category of information” requirement. It is important to develop policies that meet HIPAA’s authorization requirements, the spirit of the HIPAA Privacy Rule, and HIM professional ethical obligations.



The HIPAA Privacy Rule ■■

■■

■■

■■

■■

Name or other specific identification of the person(s) authorized to disclose the information. Identifying information might include demographic data about the disclosing party, such as an address. Recipient of information. HIPAA requires that the authorization for the release of information include the specific party that is to be given the information. Purpose of disclosure. Although the HIPAA Privacy Rule requires that this element be present on authorizations, the patient is not required to provide a statement of purpose and “at the request of the individual” is sufficient. Expiration. HIPAA requires that an expiration date or expiration event (e.g., at the end of the research study) be included on the authorization. Signature and date. The patient must sign and date the authorization. A patient’s personal representative may sign the authorization in lieu of the patient if a statement is included that describes that person’s authority to act for the patient. It is best practice for an authorization to be completed and dated after the PHI has been created; however, as noted previously, HIPAA does not prohibit disclosure of PHI created after the authorization was signed as long as the subsequently created PHI is encompassed within the “category of information” authorized for disclosure (http:// www.hhs.gov/ocr/hipaa/).

HIPAA also requires that an authorization include a statement regarding the patient’s right to revoke the authorization, the fact that treatment cannot be conditioned upon a signed authorization, and the fact that the released information is subject to redisclosure by the recipient. Authorizations must be written in plain language.

Use and Disclosure With the twin goals of giving individuals greater control over their PHI and restricting access by others, HIPAA affects both the use and disclosure of information by CEs. HIM

81

professionals are concerned about information that is released outside the organization (­disclosure), as well as the appropriate degree of access by those within the organization and what they do with that information (use). HIPAA applies a minimum necessary (“need-to-know”) filter on access to a patient’s PHI by others (45 C.F.R. §164.502(b)(1)). That is, no one should gain access to any information unless they are entitled to it, and they should get only the minimal amount of information needed to conduct business, such as processing a claim for benefits or an insurance application. There are certain circumstances where the minimum necessary requirement does not apply, such as to healthcare providers for treatment; to the individual or his or her personal representative, pursuant to the individual’s authorization; to the Secretary of the Department of Health and Human Services for investigations, compliance review, or enforcement; when required by law; or to meet other HIPAA compliance requirements (45 C.F.R. §164.502(b)(2)). Treatment, payment, and healthcare operations (45 C.F.R. §164.501), collectively referred to as TPO, are functions of a CE that are necessary for the CE to successfully conduct business. It is not the intent of HIPAA to impose onerous rules that hinder a CE’s functions. Thus, many HIPAA requirements are relaxed or removed where PHI is needed for TPO.

Patient Authorization Required Access to PHI is needed for business decisions, but each request or situation where access occurs must be considered carefully in the context of the HIPAA privacy provisions, state laws, and confidentiality concerns. Not all uses and disclosures are equal; it is therefore vital for HIM professionals to apply their professional ethics and decision-making skills to each potential use and disclosure. It is also important to remember that patients should still have some control over—or at least knowledge of—the disclosures and uses of their health information. Ensuring that patients have such knowledge about their PHI is a key purpose of a HIPAArequired document, the Notice of Privacy Practices.

82

Chapter 3    Privacy and Confidentiality

The HIPAA Privacy Rule is specific about uses and disclosures that require a patient’s authorization and those that do not. HIPAA’s general rule is that, unless it meets an exception where authorization is not required, patient authorization is required for the use and disclosure of PHI. For example, authorization is required before PHI will be disclosed to a life or disability insurer. It is also required for disclosure to an attorney in a civil action for personal injury or malpractice.

■■

■■

Patient Authorization Not Required Theoretically, one of the goals of HIPAA is to give patients a great amount of control over their PHI. However, there are many situations where this does not occur. As described above, patient authorization is required for the use and disclosure of PHI unless such use or disclosure meets an exception provided by HIPAA. However, there are many exceptions where HIPAA does not require authorization (45 C.F.R. §164.502(a)). As a result, the law has a significant number of loopholes that provide patients with no greater, or even less, control over access to their information by others than they possessed prior to HIPAA. 45 C.F.R. §164.502(a)(1) delineates those circumstances (exceptions) in which a CE may use or disclose PHI without an individual’s authorization. Other laws, however (e.g., state laws), may still require patient authorization. If that is the case, the more stringent or protective law must be followed and authorization must be obtained. In the situations described below, HIPAA is permissive only (i.e., authorization may be used). Below are examples of each of the exceptions: ■■

■■

Providing information to another healthcare provider where authorization may be waived for disclosures for a “treatment” purpose (as described in Example 1 later in this section) (45 C.F.R. §164.502(a)(1)(ii)); Releasing health information to secure reimbursement for health care where authorization may be waived for disclosures for a “payment” purpose (as described in Example 2 later in this section) (45 C.F.R. §164.502(a)(1)(ii));

■■

■■

■■

Internal business audits (“healthcare operations”) purpose under 45 C.F.R. §164.502(a)(1)(ii) or requests for statistical analyses, which may qualify as “healthcare operations” for which patient authorization is waived or which may not be covered under HIPAA because the information has been de-identified. Statistical analyses that qualify as research are subject to an entirely separate set of HIPAA Privacy Rule mandates (45 C.F.R. §§164.501, 164.512(i); 164.532); Disclosing information to the individual (§164.502(a)(1)(i)); Using or disclosing PHI where the individual had the opportunity to agree or object or, if no such opportunity was available (such as in an emergency situation), professional judgment is used to determine that such use or disclosure is in the best interest of the individual. Examples include disclosing basic patient information in the facility’s directory or providing information to family members involved in the family’s care (45 C.F.R. §164.510(a) and (b)); Disclosing information that is incidental to doing business, such as sign-in sheets at a physician’s office, as long as only the minimum necessary information is disclosed (45 C.F.R. §164.502(a)(1)(iii)); Providing information on behalf of public interest and benefit. This exception encompasses 12 situations: public health activities; reporting victims of abuse, neglect, or domestic violence; disclosures required by law; for specified law enforcement purposes; to comply with state workers’ compensation laws; health oversight activities, such as licensing agency requests; judicial and administrative proceedings; specific information about decedents; information relating to cadaveric organ, eye, or tissue donation; research; and situations where serious threats to health or safety exist (45 C.F.R. §164.512). Additionally, given the federal government’s homeland security priority, much leeway has been given to governmental entities to access individuals’ protected health information for activities that have been deemed to be “specialized

Breaches or essential government functions,” including intelligence, counterintelligence, and other authorized national security activities (45 C.F.R. §164.512(k)(2)); and releasing limited data sets, where certain identifiers have been removed and certain safeguards have been put into place (45 C.F.R. §164.512(e)). Individual authorization also is not required for federal investigations of fraud and abuse (45 C.F.R. §164.502(a)(2)). Further, individual authorization is not required for disclosures to a CE’s business associates (BAs), which are legally separate organizations or individuals who function for or on behalf of a CE and whose activities involve the use or disclosure of individually identifiable health information (45 C.F.R. §160.103). Examples include independent transcription companies, a hospital’s external legal counsel, or accrediting bodies such as The Joint Commission. Although HIPAA does not require a patient’s authorization before PHI is disclosed to BAs, a CE must have a contract, called a business associate agreement, in place with each BA to ensure the PHI is protected when it is in the hands of that BA. Many of HIPAA’s protective authorization requirements are relaxed or removed in order to permit a CE to perform TPO (45 C.F.R. §164.502(a)(1)). The effect of HIPAA is that it has, in some cases, facilitated the flow of patient information where industry standards previously dictated a tighter control. In response, where possible, many CEs have maintained the stricter standards that they established and practiced prior to the implementation of HIPAA. Following are two examples where HIPAA’s authorization requirement is more relaxed than the procedures exercised by many HIM professionals. ■■

Follow-up care. For example, under the HIPAA Privacy Rule, a hospital (CE) is not required to procure a patient’s authorization before sending records from the patient’s hospital stay to a physician who is following up with that patient (this is TPO, for treatment). Although many hospitals, in accordance with prior policy, will continue to require an authorization in this situation (especially if the hospital was not previously aware of the patient’s

■■

83

relationship with this physician), HIPAA has removed that requirement. Note, too, that the minimum necessary requirement does not apply when PHI is disclosed for treatment purposes, although CEs will want to exercise caution. Insurance company. For example, per HIPAA, a healthcare provider (CE) is not required to obtain a patient’s authorization before disclosing PHI to the patient’s health insurance company for payment purposes (this is TPO, for payment). Many providers continue to obtain an authorization according to their prior policies, but HIPAA does not require it. However, only the minimum necessary amount of PHI can be disclosed.

Blanket Authorizations Blanket authorizations are often used by CEs at the outset of care and are usually signed by patients prior to the creation of health information. They can also be initiated by payers at the time individuals are enrolled in health plans. Although they are designed for disclosure of PHI to payers, HIPAA does not require any authorization for disclosure of PHI for payment (45 C.F.R. §164.502 (a)(1)). Thus, as used for payment purposes, blanket authorizations go beyond what HIPAA requires. HIPAA does provide for an optional consent, which a CE may ask a patient to sign, granting permission to use or disclose PHI for TPO purposes only. However, because the “minimum necessary” principle does apply, care should be taken to disclose only that information which is necessary for the covered entity to receive payment.

Breaches HITECH imposes significant penalties for HIPAA violations, and this is most apparent with breaches. As a result, health information privacy has become a heightened priority as the healthcare industry and HIM professionals strive to comply with the challenges it creates. Per HITECH, a breach is an “unauthorized acquisition, access, use or disclosure of PHI

84

Chapter 3    Privacy and Confidentiality

which compromises the security or privacy of such information” (American Recovery and Reinvestment Act of 2009). Prior to the passage of HITECH, a covered entity could decide how to best mitigate, or lessen the harmful effects of, a breach. Now, once an unauthorized acquisition, access, use, or disclosure is determined to be a breach, affected individuals must be notified and the breach must be reported into the Department of Health and Human Services’ online reporting system. If a breach affects 500 or more individuals, the Department of Health and Human Services and prominent media outlets must be notified immediately.

Patient Concerns A number of factors cause patients to be concerned about their health information privacy. Privacy concerns can certainly be related to paper-based PHI. Oral communications, too, can violate an individual’s privacy rights through the discussion of patient cases in elevators, hallways, eating areas, and other public venues. Many concerns, however, relate in some way to the fast pace at which technology is developing and being used, challenging laws and ethical principles to stay abreast of the changes. These include the ability of authorized and unauthorized individuals alike to quickly access and download vast amounts of data; mobile devices that can display PHI anywhere and any time, and which are subject to loss or theft; and social media, which tempts many people to share private information about others that should not be shared.

Medical Identity Theft Medical identity theft is inappropriate (often unauthorized) misrepresentation of another’s identity to “obtain medical services or goods, or obtain money by falsifying claims for medical services and falsifying medical records to support those claims” (Dixon, 2006). There are two types of medical identity theft: external and internal. External medical identity theft perpetrators include hackers and uninsured individuals who take on another’s identity due to financial need.

Organizations often deter external medical identity theft through system safeguards (to prevent hacking) and photographing individuals seeking treatment at registration or scanning drivers’ licenses. Perpetrators of internal medical identity theft are individuals inside an organization. They can be either legitimate staff who wrongfully access patient information or imposters who seek employment at an organization for the sole purpose of gaining access to information. In either case, internal medical identity theft culprits may act alone or with others. Electronic PHI allows significant volumes of patient information to be accessed and downloaded at one time. Organizations try to deter internal medical identity theft through pre-employment screening and background checks. Medical identity theft is a significant concern because its victims face monetary consequences such as those suffered by financial identity theft victims, but their medical information is compromised as well (Rinehart-Thompson, 2013; Harman, 2013; Nichols, Davis, Lemery, & Smith, 2008). Advances in electronic health records exacerbate the issue while also providing remedies. Electronic information-sharing among providers and payers allows undetected false information to be readily disseminated and duplicated in multiple databases, including secondary databases such as disease registries where information is aggregated. However, as the use and content of patient portals increase, individuals can view their own health information, more easily identifying false information and becoming their own advocates. Also, electronic detection tools such as audit trails and intrusion detection systems can aid in identifying improper activity (Harman, 2013). Health information management professionals have an ethical obligation to be vigilant in identifying medical identity theft to ensure data integrity, information privacy, and patient safety. They are obligated to assist the “real” patient and develop internal protocols to confirm accurate information and correct information that is inaccurate because false documentation cannot be ignored. Further, they must take steps to prevent further release of information that is fraudulent or potentially

fraudulent (Harman, 2013). The challenge will only increase as electronic health record systems and health information exchanges, as well as criminal techniques, become more sophisticated.

Electronic Health Records and Mobile Devices In today’s electronic environment, patients are increasingly concerned about the loss of privacy and their inability to control the dissemination of their health information. Patients should be able to expect that their information will be protected, but they cannot fully presume this. For example, information that is faxed or emailed from one healthcare location to another may be left unattended for unauthorized people to see. Electronic information can readily be copied and pasted. Mobile devices such as laptops and cellular phones can be misplaced or stolen. Organizations may not maintain a proper inventory of mobile devices that are receiving and displaying PHI. The preamble to the AHIMA Code of Ethics confirms that “healthcare consumers are increasingly concerned about security and the potential loss of privacy and the inability to control how their personal health information is used and disclosed. Core health information issues include what information should be collected, how the information should be handled, who should have access to the information, under what conditions the information should be disclosed, how the information is retained and when it is no longer needed, and how is it disposed of in a confidential manner” (AHIMA, 2011). As patients become more aware of the misuses of information, they may become reluctant to share information with their healthcare team. This may, in turn, result in problems with the health care that is provided and the information given to researchers, insurers, the government, and the many other stakeholders who legitimately gain access to the information. It is not unlikely for individuals to fear that their health information will be used against them in employment and insurance situations. Whereas, historically, the patient was the least likely to gain access to his or her own information,

Patient Concerns

85

this fortunately has changed. HIPAA, through one of its guaranteed individual rights, grants patients the right to access their own PHI (45 C.F.R. §164.524). Other HIPAA individual rights include the right to request an amendment to one’s records to clarify inaccurate or incomplete documentation (45 C.F.R. §164.526); to request an accounting of disclosures (45 C.F.R. §164.528); to request restrictions of uses and disclosures (45 C.F.R. §164.522(a)); to request confidential communications (45 C.F.R. §164.522(b)); to receive a Notice of Privacy Practices (45 C.F.R. §164.520); and to make complaints regarding perceived HIPAA Privacy Rule violations (45 C.F.R. §160.306). Although these rights cannot protect an individual from the wrongful dissemination of his or her PHI, either via paper, electronically, or orally, they do at least provide a measure of individual control. Because HIPAA provides a “floor” (i.e., minimum individual rights), state laws that provide patients with even greater control over their PHI, including access, supersede HIPAA. As patients become more aware of their individual rights, as delineated under HIPAA, they may eventually exercise those rights and use them to make informed choices about the healthcare decisions that must be made and to assess whether the information is accurate. As patients learn more about the information that is collected, analyzed, and disseminated, they will increasingly want access to that information and will seek the assistance of the HIM professional. Evidence of patient awareness is becoming apparent as individuals file complaints with the federal government via the Office of Civil Rights (OCR), Department of Health and Human Services, regarding alleged violations of the HIPAA Privacy Rule. Through 2013, more than 90,000 complaints had been filed with OCR (U.S. Department of Health & Human Services), reflecting a trend toward consumer empowerment with respect to their own health information.

Social Media Social media refers to a variety of Internetbased engines that facilitate fast and widespread communication for both business and

86

Chapter 3    Privacy and Confidentiality

entertainment purposes. Well-known social media sites include Facebook, LinkedIn, Twitter, YouTube, and blogs (Backman, Dolack, Dunyak, Lutz, Tegen, & Warner, 2011). Although these and other online tools are convenient (for example, a healthcare provider can promote services and events), social media also presents risks to an individual’s privacy. For example, employees of a covered entity may describe their workday on social media by referring to patients. Even if PHI is not explicitly used or disclosed, it may be possible to determine who the patient is. Such use of social media threatens to harm CEs in terms of both reputation and HIPAA compliance. It is important for organizations to establish policies and procedures that prompt responsible use of social media by its workforce. Measures that can be taken include training, policies and procedures that include mechanisms for reporting inappropriate social media use, sufficient monitoring, and sanctions for policy violations (Backman et al., 2011).

Professional Concerns Patient health information privacy concerns are shared by HIM professionals, who are responsible for the safekeeping of health information. AHIMA supported the passage of HIPAA and continues to support ongoing efforts to protect health information privacy as technology and other challenges continue to evolve. Further, in the first ethical principle, the AHIMA Code of Ethics (2011) states that AHIMA members shall “advocate, uphold, and defend the individual’s right to privacy and the doctrine of confidentiality in the use and disclosure of information.” This tenet remains as important as ever, but the profession takes on new challenges as confidential information now exists electronically, is copied and pasted, is transmitted at the touch of a button, and can be electronically accessed by unauthorized individuals if necessary precautions are not taken.

Ethical Challenges Although the HIPAA Privacy Rule’s specific requirements distinguish lawful uses and disclosures from those that violate the law, situations

like those presented in this chapter’s scenarios demonstrate that the language of a law can neither anticipate nor address every possible situation. Neither can it acknowledge competing valid interests, such as concern for the well-being of others. It is within these voids that ethics must prevail and guide our decisions. Even then, personal and professional ethics may conflict with one another. The AHIMA Code of Ethics states that Professional responsibilities often require an individual to move beyond personal values. For example, an individual might demonstrate behaviors that are based on the values of honesty, providing service to others, or demonstrating loyalty. In addition to these, professional values might require promoting confidentiality. . . . Professional values could require a more comprehensive set of values than what an individual needs to be an ethical agent in their personal lives. . . . Ethical responsibilities flow from all human relationships, from the personal and familial to the social and professional. Further, the AHIMA Code of Ethics does not specify which values, principles, and guidelines are the most important and ought to outweigh others in instances when they conflict. Reprinted with permission from the American Health Information Management Association. Copyright © 2011 by the American Health Information Management Association. All rights reserved. No part of this may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association. Adapted with permission from the Code of Ethics of the National Association of Social Workers.

The considerations presented in the Code of Ethics require an individual to balance conflicts and obligations internally in order to reach the most appropriate decision in any given situation. The ethical decision-making matrix generated for the ethical scenarios provides a framework to help balance the interests of several stakeholders.

The HIPAA Privacy Rule has challenged HIM professionals to meet the mandates of health information privacy protections and patient rights while also conducting business as efficiently as possible. Consider the following ethical question: A CE may ask, “Does a particular activity qualify as a healthcare operation?” If it does, HIPAA’s authorization and accounting of disclosure requirements—which can be time consuming and burdensome—need not be met. For that reason, it is tempting to identify an activity as a healthcare operation (as opposed to another category, such as marketing, where more requirements apply). However, it is not ethical to intentionally define an activity as a healthcare operation simply to avoid HIPAA’s administrative requirements. Indeed, HIPAA has caused new ethical issues to emerge. As CEs and their HIM professionals attempt to develop policies and procedures that balance all of these needs, they will continue to seek advice from the Department of Health and Human Services’ Office for Civil Rights in an effort to best comply with HIPAA (http://www .hhs.gov/ocr/hipaa/).

Conclusion The protection of private and confidential health information is difficult, but not impossible. The privacy of health information continues to be an important national policy initiative as HITECH builds on the HIPAA Privacy Rule’s foundation. In addition, honest and ethical people work each day to protect information out of a sense of respect and professionalism. The responsibility of the HIM professional is to stay current with mandates in order to protect entrusted information. The HIM professional serves as the patient’s advocate in the preservation and protection of information entrusted to a CE and its BAs. He or she is responsible for safeguarding an individual’s most private and confidential information by facilitating appropriate access and preventing inappropriate access from occurring. The patient, the healthcare team, and the many parties who seek health information must be able to trust the HIM professional to handle the use

Key Terms

87

and disclosure of PHI with both technical and ethical expertise. Responsibility to protect patient privacy and the confidential information in a health information system engages the ethical principles of respect for autonomy (self-determination to decide what information is or is not released), nonmaleficence (not harming or potentially causing discrimination), beneficence (promoting good and providing the necessary information for an appropriate release), and justice (fairness in the appropriate use of the information). If access is inappropriately granted, the action will be in clear violation of ethical principles (beneficence and nonmaleficence), values (need to know, integrity, and courage), and professional responsibilities (reliability). Protecting patient information is an honorable responsibility with evolving complexities (Beauchamp & Childress, 2012).

KEY TERMS Authorization Blanket authorization Breach Business associate (BA) Confidentiality Consent Covered entities (CEs) Databases De-identified information Hackers Health Information Technology for Economics and Clinical Health (HITECH) Act Health Insurance Portability and Accountability Act of 1996 (HIPAA) HIPAA Privacy Rule Individually identifiable health information Medical identity theft Minimum necessary Notice of Privacy Practices Privacy Protected health information (PHI) Release of information Requests for information Social media Treatment, payment, and healthcare operations (TPO) Use and disclosure

88

Chapter 3    Privacy and Confidentiality

CHAPTER SUMMARY ■■

■■

■■

■■

■■

■■

Privacy is the right to be let alone or the right to decide what information is released to others. Confidential information is compiled during the course of caring for a patient and must be protected by providers of care, HIM professionals, and all others who have legitimate access to information. A primary ethical obligation of the HIM professional is to protect an individual’s health information privacy and the confidential information documented in the health information system. There must be a constant balancing between the protection of health information privacy and the release of information, in accordance with federal privacy legislation, to authorized users so that business functions that support health care can be accomplished. Several important criteria should be used when evaluating requests for the release of information, including the “need-to-know” (minimum necessary) criterion. Patients, HIM professionals, and legislative representatives are concerned about privacy and confidentiality. This concern has provided the impetus for passage of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which focuses in part on the privacy and security of patient information.

REFERENCES American Health Information Management Association [AHIMA]. (2011). AHIMA code of ethics. Chicago, IL: Author.

American Recovery and Reinvestment Act (ARRA) of 2009, Pub. L. No. 111-5, 123 Stat. 115, 516 (Feb. 19, 2009). Backman, C., Dolack, S., Dunyak, D., Lutz, L., Tegen, A., & Warner, D. (2011). Social media + healthcare. Journal of AHIMA, 82(3), 20–25. Beauchamp, T., & Childress, J. (2012). Principles of biomedical ethics (7th ed.). Oxford University Press. Brodnik, M., Rinehart-Thompson, L., & Reynolds, R. (Eds.). (2012). Fundamentals of law for health informatics and information management (2nd ed.). Chicago, IL: AHIMA Press. Department of Health and Human Services, Standards for Privacy of Individually Identifiable Health Information (known as the HIPAA Privacy Rule or Privacy Rule), 65 Fed. Reg. 250, 82462 (Dec. 28, 2000) (incorporated at 45 C.F.R. Parts 160 and 164). Available at http://www.hhs.gov/ocr/hipaa/. Dixon, P. (2006). Medical identity theft: The information crime that can kill you. World Privacy Forum. Available from http://www.worldprivacyforum.org/medicalidentitytheft.html. Harman, L. B. (2013). Ethical issues in health information management. Chapter 13 in K. M. LaTour, S. Eichenwald-Maki, & P. K. Oachs (Eds.), Health information management: Concepts, principles, and practice (4th ed.). Chicago, IL: AHIMA. LaTour, K., Eichenwald-Maki, S., & Oachs, P. (Eds.). (2013). Health information management: Concepts, principles, and practice (4th ed.). Chicago, IL: AHIMA. Nichols, C., Davis, N. A., Lemery, C. K., & Smith, C. P. (2008). Medical identity theft. Chicago, IL: AHIMA. Office for Civil Rights, Department of Health and Human Services. (n.d.). [Website]. Available at http://www.hhs.gov/ocr/hipaa. Rinehart-Thompson, L. (2013). Introduction to health information privacy and security. Chicago, IL: AHIMAPress. U.S. Department of Health & Human Services. (n.d.). Health information privacy. Available at http://www. hhs.gov/ocr/privacy/hipaa/enforcement/data/complaintsyear.html. Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4, 193.



Ethical Decision-Making Matrices

89

Ethical Decision-Making Matrices SCENARIO 3-A  Family and Friends: Should I Tell? Steps

Information

1. What is the question?

Should Mary tell her mother about Ruth being abused? Should Mary tell Patricia about Ron’s drug problem and HIV+ status?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

■■

Ruth was hospitalized because of physical abuse by her husband. Ron’s medical record indicates a drug abuse problem. Ron has been diagnosed with HIV.

TO BE GATHERED ■■

■■ ■■

■■

■■

■■

■■

■■

■■

■■

Would Mary violate confidentiality by telling her mother about Ruth? May she act on her knowledge in any way? If Mary contacted Ruth directly and discussed the abuse, without acknowledging that she learned this information from Ruth’s medical record, would this be acceptable? Would Mary violate confidentiality by telling Patricia about Ron? Is it certain that Ron did not contract the HIV disease from Patricia? Does Mary already know about Ron’s diseases but wants to marry him anyway? What are the customary practices in this situation? Is a faculty member or clinical supervisor available to offer guidance? Is it ever appropriate because of concern for an individual to have personal values supersede professional values? Does the HIPAA Privacy Rule address this type of situation? (continued)

90

Chapter 3    Privacy and Confidentiality

SCENARIO 3-A  Family and Friends: Should I Tell? 4. What are the values? Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s). STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue. 5. What are my options?

Patient: Right to privacy and confidentiality of medical and health information; moral obligation to society not to transmit communicable disease. Family: Honesty; protecting privacy of neighbor information; supporting student responsibilities. HIM Professional(s): Integrity (protect patient confidentiality); protect information (information learned in the course of professional work cannot be shared with others); avoid harm (could be caused by others not knowing); fairness (follow the rules); legal (obligations regarding privacy and confidentiality); burden of knowledge of information that could affect someone negatively. Healthcare professional(s): Preservation of confidential information. Administrators: Legal obligations regarding protection of privacy and confidentiality. Society: Desire to be kept from harm; need for privacy and confidentiality of medical information.

■■ ■■ ■■ ■■

■■

Refuse to reveal information to family and friends. Tell the mother about the neighbor’s abuse. Tell the friend about the fiancé’s drug addiction and HIV disease. Approach the neighbor to encourage her to seek help; approach the fiancé to encourage him to seek treatment. Consult with faculty or clinical supervisor.

6. What should I do?

Protect information and do not reveal what has been learned to family and friends; maintain patient confidentiality by keeping information about patients private.

7. What justifies my choice?

JUSTIFIED ■■ ■■ ■■ ■■

NOT JUSTIFIED

Follow rules of patient confidentiality. Respect patient privacy. Preserve integrity of the information system. Avoid possible legal ramifications of breaking confidentiality.

■■

■■

■■ ■■

■■

8. H ow can I prevent this problem?

■■

■■

Tell mother about neighbor’s information discovered in the medical record. Make exception to the rules of confidentiality to get in good favor with mother. Risk lawsuit due to violation of privacy. Tell friend about fiancé’s drug problem and HIV disease. Make an exception to the rules of confidentiality.

Ensure educational program addresses the special issues related to reviewing health information for family and friends during the course of work. Change the system so that HIM professionals do not work with the medical records of people they know.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.



Ethical Decision-Making Matrices

91

SCENARIO 3-B  Share Information on Facebook? Steps

Information

1. What is the question?

Should Delaney share Melissa’s status on Facebook?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

■■

■■ ■■

■■

Delaney is an HIM registration clerk in an oncology clinic. Melissa was Delaney’s freshman college roommate. Melissa had cervical cancer as a sophomore and is now cancer-free. Delaney registered Melissa at the clinic. Melissa told Delaney to say “hi” to their dorm acquaintances that Delaney still keeps in touch with. Delaney does have several of their friends on her Facebook.

TO BE GATHERED ■■

■■ ■■

■■ ■■

■■

■■

Would Delaney violate confidentiality by telling her friends on Facebook? May she act on her knowledge in any way? What are the customary practices in this situation? Is a supervisor available to offer guidance? Is it ever appropriate because of concern for an individual to have personal values supersede professional values? Does the HIPAA Privacy Rule address this type of situation? Could some friends be harmed by the knowledge of Melissa’s cancer?

4. What are the values?

Patient: Values right to privacy and confidentiality of medical and health information.

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

HIM Professional(s): Integrity (protect confidentiality of patient information); protect information (information learned in the course of professional work cannot be shared with others); fairness (follow the rules); legal (obligations regarding privacy and confidentiality).

STAKEHOLDERS

Administrators: Legal obligations regarding protection of privacy and confidentiality.

Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue.

Society: Desire to be kept from harm based on social media information; need for privacy and confidentiality of medical information.

5. What are my options?

Friends: Burden of knowledge of information could harm friend(s) negatively. Healthcare professional(s): Preservation of confidential information.

■■ ■■

6. What should I do?

■■ ■■ ■■

Refuse to share information on Facebook with any friends or with those who do not know Melissa. Share information on Facebook, because Melissa told Delaney she could do this. Protect information that was discovered while doing work. Do not reveal what has been learned to anyone on Facebook. Maintain patient confidentiality by keeping information about patients private. (continued)

92

Chapter 3    Privacy and Confidentiality

SCENARIO 3-B  Share Information on Facebook? 7. What justifies my choice?

NOT JUSTIFIED

JUSTIFIED ■■ ■■ ■■ ■■

Follow rules of patient confidentiality. Respect patient privacy. Preserve integrity of the information system. Avoid possible legal ramifications of breaking confidentiality.

■■

■■

■■

■■

8. How can I prevent this problem?

■■

■■

Share Melissa’s information on Facebook, either with all her friends or only those who knew Melissa, because this is a HIPAA violation. Make exception to the rules of confidentiality despite the fact that the information was discovered as part of employment responsibilities, because Melissa is a friend who asked Delaney to share the information. Violate professional values that protect privacy and confidentiality. Risk lawsuit due to violation of privacy.

Ensure educational program addresses the special issues related to reviewing health information for family and friends during the course of work. Change the system so that HIM professionals do not work with the health information of people they know.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

SECTION II

© kentoh/Shutterstock

Uses of Information

Section II explores privacy and confidentiality within the context of the many uses of health information. Chapter 4 (Data Analytics) describes advances in technology that have enabled the medical community to generate and capture data to improve patient health and outcomes, help prevent and detect diseases, and diagnose diseases with more accuracy. This chapter reinforces the importance of having data analysts that can effectively and reliably analyze health data to produce graphs, reports, and analyses so that healthcare providers make the best decisions for the patients they treat. The value of electronic medical records (EMRs) and electronic health records (EHRs) to capture the data are discussed. Ethical scenarios: “Readmission Predictive Model Project, Part 1: Right Skills?” and “Readmission Predictive Model Project, Part 2: Impact of Bad Data”. Chapter 5 (Compliance, Fraud, and Abuse) reviews the process of clinical code assignment and the submission of a bill for reimbursement, in addition to the risks of dishonest motivations to collect more money than properly owed or sloppy procedures and failure to accept responsibility for staying current and informed. The

submission of a false claim can result in penalties and can include prison. Applicable guidelines and compliance programs for hospitals, physicians, home health agencies, long-term care facilities, laboratories, and third-party payers are reviewed as well as the traditional and current regulations, acts, statutes, standards, and penalties related to compliance programs and the penalties for noncompliance, fraud, and abuse. Ethical scenarios: “Documentation Does Not Justify Billed Procedure”, “Accepting Money for Information”, “Retrospective Documentation to Avoid Suspension”, and “Coder Assigns Code Without Physician’s Documentation”. Chapter 6 (Coding) covers ethical dilemmas related to documentation, workplace pressures, and fraud and abuse. Applicable legal mandates, professional standards and ethical codes, reputable sources for coding guidelines, and personal and professional integrity are explored. Professional practice solutions are offered and future ethical issues are presented. Ethical scenarios: “Blood Loss Anemia”, “Thoracic Aortogram”, and “Revise the Analysis?”. Chapter 7 (Quality Management) presents quality management challenges due to

rising costs, scarce resources, the hierarchical nature of healthcare organizations, and conflicting values of the people involved. The importance of patient safety and organizational values are presented. Ethical scenarios: “Inaccurate P ­ ublicly Reported Performance Data”, “Audit Results Indicate Inappropriate Health Care”, “Reporting Hospital-Acquired Conditions”, “Disclosure of an Unanticipated Outcome”, and “Failure to Check Physician’s Licensure Status”. Chapter 8 (Research and Decision Support) addresses the importance of data acquisition access and reporting and reviews the roles of the research specialist and decision support specialists. Ethical considerations with regard to privacy and data integrity associated with new technologies and industry demands for more information are examined. Ethical scenarios: “Designing a Survey to Bias the Results” and “The Impact of Sample Selection Bias”. Chapter 9 (Public Health and Informatics) addresses government access to and use of patient information that is critical for protecting the public’s health at local, state, national, and international levels. Ethical challenges to doctor–patient confidentiality and respect for the individual’s privacy are

explored. Emerging issues in global health and the use of social media in public health activities are described. Ethical scenarios: “Gun Control and Reporting Mental Health Status” and “Conflicting Personal and Public Duties”. Chapter 10 (Longitudinal Coordinated Care) clarifies a significant change in health care as the patient becomes a member of the care team across the continuum of integrated longitudinal care. Patient-centered medical homes, longitudinal care, and complex care management are explored. Ethical scenarios: “Competing Stakeholder Agendas in a Community ACO” and “Patient Transfer”. Chapter 11 (Clinical Care: End of Life) describes challenges healthcare providers face when making an effort to support their patients at the end of life and their families who are trying to help. Patients are frail, have hearing and vision loss, and suffer cognitive impairment, increasing the clinical and ethical challenges. Values, cultural beliefs, family dynamics, life experiences, and the role of information exchange encountered among older adults with advanced illnesses across a fragmented healthcare continuum are reviewed. Ethical scenarios: “Bad News”, “Treatment Choices”, “Advance Care Planning”, and “Palliative Care”.

CHAPTER 4

Data Analytics

© kentoh/Shutterstock

Billie Anderson, PhD J. Michael Hardin, PhD

current practices of data collection and management of health information and how they can inform care delivery, particularly as the medical record transitions into the electronic medical record (EMR). The value of EMRs as a primary source of data for the electronic health record (EHR) and the big data housed within are discussed. The ethical issues that surround EMRs and EHRs are also examined.

Learning Objectives After completing this chapter, the reader should be able to: ■■ ■■ ■■

■■

■■

■■

Understand what medical data are. Describe how medical data are collected. Discuss the ethical considerations associated with data analytics in an environment in which health information is stored in multiple formats. Understand several ethical issues regarding the use of data from electronic medical records (EMRs). Describe several statistical techniques to analyze medical data. Discuss ethical considerations related to the management of health data repositories.

The Role of Data Analytics in Health Care A discussion of data analytics in the healthcare field would not be complete without introducing the concept of big data. Big data plays a pivotal role in data analytics. There is no one universal accepted definition of big data, but big data can be characterized by three V’s:

Introduction Advances in technology have enabled the medical community to generate and capture more data than ever before. The availability of healthcare data can be used to improve patient health and outcomes, help prevent and detect diseases, and diagnose diseases with more accuracy. It is important to have data analysts that can effectively and reliably analyze this tremendous amount of health data to produce graphs, reports, and analyses so that healthcare providers make the best decisions for the patients they treat. Much of the data generated comes from patient medical records. This chapter explains

■■

95

Variety. Traditional databases are well formatted and tend to change slowly, in contrast with today’s rapid speed of data collection. Currently, healthcare data are captured in both structured and unstructured formats. Healthcare data in the form of unstructured data include physicians’ notes, medical imaging, real-time data from monitoring devices, patient feedback from social media websites, and smartphones. One study suggests that up to 80 percent of healthcare data exists in an unstructured format (Murdoch & Detsky, 2013).

96 ■■

■■

Chapter 4   Data Analytics Velocity. The rate at which data are now being collected in the healthcare field is virtually nonstop. The data generated by computers and machines can produce larger volumes of data than traditional data collection techniques. One report recently stated that the amount of information being created in the healthcare industry from electronic and “smart” devices would be equivalent to 500 billion file cabinets (Roski, Bo-Linn, & Andrews, 2014). Volume. Massive amounts of data can strain the systems and limit the capability of a traditional data warehouse. The healthcare industry is conducting massive data collection. For example, the Centers for Medicare and Medicaid Services (CMS) generates billions of data observations per year. The data are generated from healthcare provider payments, enrollment information, and information obtained when beneficiaries call 1-800-MEDICARE (Brennan, Oelschlaeger, Cox, & Tavenner, 2014). Kaiser Permanente, a large healthcare provider, manages 44 petabytes of data in its EMR system alone (Roski et al., 2014).

One could think of big data as data that are so numerous that traditional software and hardware cannot analyze and store the data. Usually, big data databases are in the realm of containing multiple petabytes. A petabyte is a unit of information equal to one quadrillion bytes. Large amounts of data in the healthcare field have always been common, but the amounts have increased dramatically with the rise of electronic devices such as automated sensors that monitor vital signs, healthcare website portals, and medical equipment that provides streaming data information regarding a patient’s status (such as a bedside early-warning system that measures intracranial pressure in patients with traumatic brain injuries) (Schick, 2013). The impact of big data on data analytics in the healthcare field is enormous, with the potential to improve patient outcomes, save lives, change healthcare policy, reduce costs, and manage resources more efficiently. Bates, Saria, Ohno-Machado, Sha, and Escobar (2014) give several examples of using big data to showcase

how big data is providing opportunity to change the healthcare landscape, ranging from treatment optimization to reducing the number of readmissions to hospitals. One example concerns chronic conditions that encompass multiple organ systems; these are among the costliest conditions to treat. Bates and colleagues (2014) illustrate the use of clinical data analytics that allow the organ path of the disease to be detected. Being able to detect what organ the disease will attack next allows healthcare workers to target the organ proactively with specific treatments. Tailoring a treatment to a specific patient has the ability to save patient lives and enhance treatment regimens for patients. In another example, Bates and colleagues (2014) describe how big data analytics can address readmissions to hospitals. Readmissions to hospitals prove very costly, and are usually a sign of patients not understanding how to appropriately manage self-care or obtain the necessary follow-up care after leaving the hospital. Data analytics has the potential to reduce the number of readmissions. The authors discuss using data from smartphones to allow hospitals to determine if patients are managing their conditions after they leave the hospital and to intervene proactively to prevent rehospitalizations. At the core of a data-driven healthcare organization is the ability to analyze a wide range of big data. From within and outside its four walls, the organization can determine what is happening in real time with regard to patients, staff, and population profiles, as well as financial, clinical, and operational processes. Big data comprises much larger volumes, wider varieties, and greater velocities of data than most organizations have previously captured, stored, and analyzed. With the many benefits that big data can bring to the healthcare industry, certain ethical considerations must be addressed. The ethical challenges surrounding big data to be discussed in this chapter include ensuring that if data is shared, it is “good data”; that is, one must ensure that the data being used to develop an analytical model are representative of the entire population and do not leave out vulnerable patient groups. The data used for analytical purposes should not be used for any task



Medical Data and the Data Collection Process

other than improving patient health, conducting research that adds to the body of medical knowledge, improving system processes, and so on. Finally, those who are using the data to develop analytical models and perform statistical analyses must be appropriately trained so that there will be no misuse of the statistics and analytical techniques that could end up harming patients. As the healthcare industry faces a rapidly changing data environment, it is vital that healthcare organizations become data driven. They must treat data as a strategic asset and put processes and systems in place that allow them to access and analyze the right data, in order to inform decision-making processes and drive actionable results. The entry point of capturing the data is pivotal, as discussed in the next section.

Medical Data and the Data Collection Process Medical data refers to any piece of information collected from an individual in a formal healthcare institution, such as a doctor’s office, hospital, or long term care facility, for the purposes of: ■■ ■■

■■

■■ ■■

■■

treating an individual categorizing a problem that a patient may be having identifying subpopulations of patients that have similar problems detecting diseases conducting clinical trials and research to help cure diseases collecting additional data to gain a greater understanding of the patient’s problem so as to treat the problem most effectively.

A medical record is created when a patient sees a healthcare professional for either preventive care or treatment of some disease or condition. A medical record consists of: ■■ ■■ ■■ ■■

demographic information details about lifestyle family medical history allergy information

■■ ■■ ■■ ■■

■■ ■■

■■ ■■ ■■

97

prescriptions laboratory results X-ray images other medical images such as computed tomography (CT) or magnetic resonance imaging (MRI) scans physicians’ notes reports that describe medical procedures or operations insurance information prescription information method of payment for medical services rendered

Health care is a continual process in which data are, ideally, progressively collected over the lifetime of an individual, making the medical record a key reference for patient care coordination. The primary role of the medical record is to document encounters with healthcare professionals, test results, course of treatment, treatment orders, care received, and the patient’s response to the treatments. The medical record is a written communication record among all healthcare providers involved in the patient’s care—without such a record, the lab technician would not know which blood test to run on the patient, nor would the X-ray technician know the appropriate part of the body to X-ray, for example. The record provides a documented account of any and all treatments administered to the patient as well as any tests performed, and the subsequent results. The record also serves as a reminder to healthcare professionals treating the patient as to what has happened to the patient in the past.

Structured and Unstructured Data As discussed earlier, medical data can be structured or unstructured. Structured data are any individual data points of a patient that can be stored as a column in a database. Examples of structured data include temperature, weight, blood-pressure reading, glucose reading, and red-blood-cell count. Unstructured data are data that cannot be stored in a traditional database. Examples of unstructured data are physicians’ notes, X-ray images, and medical correspondence.

98

Chapter 4   Data Analytics

Healthcare data are specifically collected and analyzed for the purposes of: ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■

identifying trends and patterns disease surveillance cost considerations improving patient outcomes population health management clinical decision support risk reduction and fraud detection research

Healthcare data are collected both at the individual and aggregate levels. Individual healthcare data collection is the process of collecting healthcare data relating to a single patient. This type of data is usually based on a single interaction between the patient and healthcare worker. For example, when a patient visits his or her family doctor, a variety of details may be recorded, such as the patient’s temperature, weight, and results of various blood tests. The patient may be complaining of flu-like symptoms, joint pain, and a rash and, following bloodwork results, receive a diagnosis of Lyme disease. This particular interaction may subsequently become a confirmed diagnosis of “Lyme disease” in an aggregated database. Individual patient data are important when tracking the progress of a patient over time. For example, when tracking how a patient is adhering to and responding to the Lyme disease treatment (which sometimes can take place over several months or longer if the case is severe), individual-based data would be needed. Aggregated data refers to the consolidation of data relating to multiple patients, and therefore cannot be traced back to a specific patient. Aggregated data can take the form of counts, such as incidences of malaria, the flu, or other diseases. This type of data is used for the generation of routine reports and tracking health indicators and, most importantly, for strategic planning within the health system. Aggregate data cannot provide the type of detailed information that individual-based data can, but it is crucial for planning and guidance of the performance of health systems. Medical data concerning individuals and populations are collected by a variety of healthcare professionals. Traditionally, physicians and

nurses have been the central figures in the data collection process. They talk with patients, gather their medical complaints, record past medical history, order and perform medical tests, and observe and examine patients. All of these activities create data. There are other sources of data collection via healthcare professionals, such as office staff, that collect demographic, financial, and insurance information. Physical and respiratory therapists, radiologists, lab technicians, and pharmacists all record the results of their assessments, treatments, tests, or results. Medical devices are also a source of medical data. For example, vital sign monitors, ventilators, infusion pumps, electrocardiogram (ECG) machines, sphygmomanometers for taking blood pressures, and spirometers for testing lung function are all examples of medical devices that generate data. Collen (2012) provides a comprehensive overview of the medical data collection process and how the advent of data warehouses changed the landscape of data collection. Prior to the 1990s, most healthcare workers and physicians documented their patient-care activities by handwriting in paper-based charts. Many healthcare workers would dictate their reports and have medical secretaries transcribe their dictations. With the increasing access to larger computers in the 1990s, healthcare providers began entering a patient’s data directly into the patient’s electronic medical record (EMR) using keyboard terminals and clinical workstations. With access to larger servers that could house large amounts of data, the clinical data warehouse became relevant in the early 1990s. A medical data warehouse is a large central repository that stores medical data (Wade, 2014). The data stored in a data warehouse are typically derived from clinical records, usually from a single organization (Wade, 2014). A data warehouse is a repository of historical data organized for reporting and analysis. It facilitates data access by having data from many sources in one place, linked together, and easily searchable. One example of how this might work is when a patient’s lab result is electronically sent to another area of a hospital for analysis by a clinician. Data warehousing and the medical data collection process face challenges in the age of big

data. There is a need for healthcare professionals to leverage the power of big data analytics to inform and advance the practice of medicine. Some specialties, such as bioinformatics, have become early adopters and have begun to apply novel approaches to examine big data; they see the value of its impact in improving healthcare practice by contributing to scientific knowledge. Krumholz (2014) recently reported on the benefits that big data can provide healthcare professionals by stating, “New big-data methods can turbocharge powers of observation in health care. In the same way the microscope enhanced eyesight, sophisticated mathematical and computational approaches can augment what can be ‘seen’ and understood from massive amounts of data” (p. 1165). Perhaps the best example of how a large healthcare organization is incorporating big data into the medical data collection process and decision-making process is the Veterans Healthcare Administration (VHA). Fihn et al. (2014) describe how the VHA has incorporated big data sources and concepts into its medical data collection process. In 2006, the VHA started developing a large data warehouse that would collect aggregated patient-level data from across the entire VHA system. The warehouse is still under development, but it is one of the largest data warehousing efforts ever undertaken by a single healthcare system. As of 2015, the warehouse had 1.5 petabytes of storage; 20 million unique patient records, consisting of 80 billion rows of data; and more than 1,000 data tables. As discussed earlier, big data not only is composed of massive data storage (i.e., volume), but also includes two other concepts: variety and velocity. The VHA data warehouse also has the capacity to store different types of data, such as images and text fields. The data warehouse, when completed, will be updated with new data sources every four hours, making the warehouse able to handle the velocity of data streams present in big data environments. As big data impacts health care, it is important to understand how the majority of healthcare providers collect and store their data. The next section describes the three medical data collection procedures from a data analytics perspective.

Medical Data and the Data Collection Process

99

Current State of Medical Data Collection It is important for data analysts to understand how the healthcare industry collects its data. The way in which a healthcare institution collects data will ultimately affect how a data analyst analyzes the data and the techniques that are used. Healthcare providers currently use three main systems to collect medical data: paper based, hybrid, and electronic.

Paper-Based Medical Records Even today, with many advanced data collection techniques available, many patient records are still collected using paper-based systems, with records stored in filing cabinets and storage boxes. With the advances in technology, why would medical information still be collected and stored in an antiquated system? One reason why healthcare facilities do not want to phase out paper-based medical records is that such a system has been used for decades; it is an established and familiar process. In a healthcare setting in which the medical data is collected and stored in a paper format, the data analytical process can be limited. For example, a data analyst who wants to perform a statistical analysis using paper-based medical records has to rely on a single individual to extract and convert the contents of the paperbased records to an electronic format for analysis. Another challenge with paper-based medical records is that the results of the analysis may not be generalizable or reproducible (Strausberg, Koch, & Betzler, 2003). The data analysis process that relies on paper medical records locked in unconnected file cabinets is amazingly cumbersome, and the populations studied by most medical researchers are often small. This scenario limits important medical research work, such as analyzing the impact of a new medical device or drug, or monitoring diseases and establishing early warning systems. Paper-based medical records also create difficulty for medical personnel in finding relevant data items about a patient or in gaining an overview of the patient because of the amount of paper the clinician has to search through.

100

Chapter 4   Data Analytics

Hybrid Medical Records The next type of medical data collection format is the hybrid medical record. A hybrid medical record contains both paper documents and a digital component. The hybrid medical record may be an attractive alternative for a hospital or medical practice that is not ready to move to a fully electronic system. Healthcare professionals who work in a hybrid medical records system face unique challenges, mainly regarding collecting and reporting data. The time required to compile a complete medical record in a hybrid system may be longer than with the traditional paper-based system, as both the physical paper documents and the electronic component must be searched. Consider a large hospital that incorporated an electronic system in which nurses enter all vital signs, notes, medications, and any other pertinent data about the patient from the nurses’ perspective in an electronic database, but still has physicians who handwrite their notes. The hospital has not yet entered the historical physicians’ notes or other handwritten clinical notes into an electronic database, because that task alone could overwhelm the staff. This type of hybrid system leaves part of the patient’s medical record in an electronic form and part in a paper form. The hybrid medical record can cause a particular problem for the data analyst. For example, when a data analyst attempts to access the data to perform a particular analysis, not all data will be available. The unstructured part of the data, such as physicians’ notes, will not be available for the analysis in an electronic format. The unstructured component of the data is the part of the data that traditionally requires a human to read and interpret. The past several years have brought many advances in computer software that interprets clinical notes in the right context (Halamka, 2014). However, if the unstructured data, such as physicians’ notes, needed to perform an analysis are not available in an electronic format, valuable patient information can be lost. A significant piece of the puzzle that describes the “patient narrative” is often trapped in clinical handwritten notes. Healthcare providers have massive amounts of unstructured data in the form of images,

scanned documents, and clinical notes. Big data analytical techniques enable providers to analyze unstructured data in its native state, integrate it with structured data, and address analytical questions based on their findings. The solution to dealing with unstructured data may lie in using analytical techniques. Analytical techniques may include care pattern identification that aids in improved patient care; predictive identification of risk factors to avoid unwanted clinical outcomes; and comparisons of images, procedures, and surgeries to improve education, research, and care. A hybrid medical record may not have an electronic unstructured data component, and therefore the types of big data analytical techniques that can be performed are limited. Hybrid medical record systems can cause problems beyond what the data analysts face: there is also the risk of error regarding the patient’s health. Sparnon (2013) examined 3,099 hybrid medical records and found that 85 of them had errors. The errors were specifically due to miscommunication among the healthcare workers in the hybrid medical record system. The author found that the errors were due to either omitting information or duplication of information in the hybrid medical record. These errors have the potential to harm the patient’s safety. Of the 85 records that were identified as errors reported in Sparnon (2013), one had an error serious enough to cause harm to the patient. This incident involved the patient receiving the wrong dose of the pain-relieving narcotic oxycodone. The other types of errors were primarily related to medication, either dose omission or overdoses related to miscommunications as to whether the patient had received the medication. The article written by Sparnon (2013) brings to light the medical errors that occur when a healthcare facility is operating with hybrid medical records, notwithstanding the limitations associated with the inability to access and organize patient data quickly and efficiently to inform decision making and build a knowledge base to guide practice. The author suggests that to reduce these types of medical errors, a healthcare facility should consider skipping the hybrid medical record and converting from a paperbased medical record to a strictly electronic

system in as short a time as possible. The EMR is the topic of the next section.

Electronic Medical Records The last type of medical record is the EMR. The EMR is the gold standard for healthcare medical data collection and storage. An EMR is the patient’s medical record in a completely electronic format. EMRs interface with electronic health records (EHRs), defined as a broader “electronic record of health related information on an individual that conforms to nationally recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff across more than one healthcare organization” (National Alliance for Health Information Technology [NAHIT], 2008, p. 6). The major difference between an EMR and EHR is the characteristic of interoperability. The EHR meets nationally recognized interoperability standards, which allows for all different types of big data analytical techniques to be applied to the data. As electronic medical records move toward this important industry standard, the term EMR will be retired (NAHIT, 2008). Raghupathi and Raghupathi (2014) describe the impact that EMRs and the use of big data analytics can have on the healthcare sector. They describe the importance of healthcare providers converting to EMRs so that these big data analytic techniques can be applied to the data. A recent McKinsey report states that the use of big data analytics has the potential to enable more than $300 billion in savings per year in U.S. healthcare, two-thirds of that through reductions of approximately 8 percent in national healthcare expenditures (Raghupathi & Raghupathi, 2014). The EMR has enabled the healthcare industry to move from traditional analytical tasks such as descriptive statistics, static reports, and dashboards to predictive analytics (Peters & Buntrock, 2014). The use of more sophisticated tools, such as predictive analytics, has the potential to confront problems and transform the way in which health care is delivered. These could not have been tackled until the emergence of the EMR and use of big data predictive analytics. Peters & Buntrock (2014) describe several promising scenarios that the EMR has brought

Medical Data and the Data Collection Process

101

to the healthcare industry, including an example of genetics and clinical findings. The Electronic Medical Records and Genomics Network (eMERGE) consortium was developed to test and improve the ability to identify certain cohorts of patients that are eligible for clinical trials based on their genetics. Genetic data is a very typical example of big data; genetic data is complex, occurs in massive quantities, and is varied by type. Without the use of EMRs, this type of medical breakthrough would have never been possible. Salmon et al. (2012) describe the use of multiple electronic medical data sources in a disease surveillance program. After the 2009 H1N1 epidemic, the Department of Health and Human Services developed the H1N1 Post-­ Licensure Rapid Immunization Safety Monitoring (PRISM) Program. The idea behind PRISM was to identify adverse reactions from the H1N1 vaccine. PRISM used data from four large health plans and nine city and state vaccine registries that were chosen to participate based on their stated ability to rapidly assemble and update specified data every one to two weeks. Fifteen million members lived in states with participating immunization registries, and 11 million of those members belonged to health plans paired with immunization registries to exchange immunization data. PRISM was an unprecedented epidemiological disease surveillance system not only by the amount of data the system was able to analyze, but by linking multiple electronic medical data sources from immunization registries with vaccine and outcome data from private national health plans on a larger scale than had been previously attempted. Another benefit of EMRs is the ability of healthcare providers to more easily make “meaningful use” of their data. In 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act established Medicare and Medicaid incentive programs to encourage the adoption of EHRs by hospitals and eligible professionals. Under Medicare, eligible professionals who show “meaningful use” of certified EMRs are eligible for payments up to $44,000, whereas eligible professionals who do not are subject to penalties after 2015 (Wright et al., 2013). Blumenthal and Tavenner (2010)

102

Chapter 4   Data Analytics

provide the background and overview of what “meaningful use” is and how it is connected to data contained in the EMR. The authors provide a table of meaningful use objectives and the data measures that will be used to determine if the objective has been met. For example, one objective is to electronically record the smoking status of patients 13 or older. The data requirement is that more than 50 percent of the healthcare provider’s patients who are 10 or older must have their smoking status recorded in a structured data format. Another objective is to generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, or outreach. The data measure for the listing objective would be to perform the query to generate the list. From the perspective of medical data collection and analysis, what is required for meaningful use of data is a sufficient number of adequately trained data analysts assisting healthcare providers to fulfill the appropriate data measures. For example, Halamka (2014) provides an example of an individual in a data analyst role who had no statistical/data analyst background, yet was conducting a length-of-stay analysis for a hospital. The analyst concluded that the average length of stay of a patient in an operating room was 241 days. What the analyst failed to realize was that the measurement of length in the operating room was minutes, not days. Given an inexperienced analyst who does not fully understand data sources and uses, access to big data produces useless results that cannot help the healthcare provider make meaningful use of their data. The importance of having an adequately trained data analysis staff is revisited in the next section, in which the ethical implications of big data in healthcare are discussed.

Ethical Dilemmas Associated with Big Data and Data Analytics With the tsunami of big data in the healthcare industry, it is important to temper the excitement of the promise of big data with moral and

ethical questions regarding how the healthcare field should use big data. All healthcare professionals should help guarantee that the data is used appropriately and ethically. For every opportunity and promise that big data holds for improving patient care and lowering healthcare costs, there is an associated ethical challenge, issue, or problem. Cohen et al. (2014) state, “Predictive analytics, or the use of electronic algorithms to forecast future events in real time, makes it possible to harness the power of big data to improve the health of patients and lower the cost of health care.” (p. 1139) But the use of big data in health care raises serious ethical concerns, from initially acquiring the data to the implementation stage. For example, when acquiring data, patient consent, privacy, fairness, and equity issues arise. HIPAA allows for the use of de-­identified patient-level data without consent, but re-­ identification is possible, and data breaches are a risk. The authors suggest that healthcare providers notify all patients that data collected from them may be used in a predictive analysis model. Equitable representation in the data population is important where certain groups of people, such as vulnerable high-risk or highcost patients, could be excluded from care. The authors give the example of the Tuskegee experiments (in which subjects were intentionally not treated in order to study the progression of a disease) to highlight how big data could be used to identify high-risk and high-cost patients and exclude them from care. To deal with equity and fairness, the  authors recommend governance structures that include community engagement boards. Other phases of analytics after the initial data collection phase include building and validating the data model and keeping patients at the center, testing the model in the real world, and broader dissemination and adoption of the model. Each of these phases has specific ethical issues that the authors discuss. The next ethical challenge is ensuring that a professionally trained statistician is the one performing data analysis tasks. The misuse of statistics in the medical field is well documented (Strasak, Zaman, Pfeiffer, Gobel, & Ulmer, 2007). With the advent of big data in health care and the increasing computing power available,

Ethical Dilemmas Associated with Big Data and Data Analytics 103



the misuse of big data is inevitable (Halamka, 2014). It is critical that the professionals analyzing the data be properly trained in the statistical data techniques that are used. Insufficient training regarding the appropriate underlying assumptions can have devastating effects on proper patient care, as is demonstrated in the following ethical scenario.

Scenario 4-A  Readmission Predictive Model Project, Part 1: Right Skills? Dan is a healthcare information management (HIM) professional who has worked for a large healthcare consortium, referred to in this scenario as the “hospital.” Dan has worked for the hospital for 15 years. The hospital is a large consortium of healthcare provider services in southern California. They manage 50 hospitals and have more than 5,000 medical providers in their system. The hospital has a large data warehouse that stores massive amounts of patient and provider data. The hospital’s data and data collection process are completely electronic. Thus, everything from the EMR to the patient’s insurance and financial information is contained in the data warehouse. Starting as a file clerk, Dan learned how to code medical claims. He eventually learned how to write queries to access the hospital’s data warehouse so he could report on hospital charges. As the need for data analysis grew, Dan moved into his current role, reporting to the director of operations. He spends most of his time writing structured query language (SQL) queries, running scheduled and ad hoc reports, and attending meetings to explain the data and make suggestions for process improvement. Dan realizes that the hospital will soon be moving into using analytics in a fairly significant way, due to the data goldmine that the healthcare field is currently experiencing. He wants to make sure that his data analytical skills are up to date,

and he understands the importance of incorporating statistics and data mining concepts into his skill set. Dan decides he wants to pursue the certified health data analyst (CHDA®) credential. To prepare for this credential, he enrolls at a local university to take a statistics course to begin the foundation courses that he believes will help him pass the CHDA® certification exam. Dan’s boss, colleagues, and administrators are all pleased that he wants to further his analytical skills by preparing for the CHDA® certification exam. His boss allows him to work alongside the research specialist (RS) and decision support specialist (DSS) to gain practical experience, and Dan is eager to start applying the statistical techniques he is learning in his Statistics 101 class to real data. Recently, the hospital has decided to begin using its data for clinical and decision-making purposes, and it has invested heavily in analytical software products. The hospital administration is aware that Medicare is tracking the rate of hospital readmissions via their Hospitals Readmissions Reduction Program (Joynt & Jha, 2013), which penalizes hospitals with excess 30-day readmissions for health conditions like pneumonia, myocardial infarction, and heart failure. The hospital administration would like to build and implement a predictive model for the likelihood of readmission within 30 days of discharge from the hospital in an effort to improve clinical outcomes. The patient’s risk of being readmitted in 30 days is computed and then fed back into the EMR, to determine a risk (high, medium, or low) of being readmitted within 30 days of discharge. Messages will be sent to the patient’s primary care provider that indicate risk of readmission so that the provider will make sure to follow up with and more closely track patients with medium to high risk of readmission. When the readmission predictive model request comes from the administration, the DSS that Dan works alongside (continued )

104

Chapter 4   Data Analytics

is offsite at other affiliated hospitals working on a major project and will not return for several weeks. The request is urgent, with pressure from the administration to build the model in a timely manner due to penalties the hospital network could potentially face. Dan is eager to apply his skills and has a phone conversation with the DSS, noting that his Statistics 101 course has covered logistic regression. The DSS informs Dan that the appropriate type of model needed for the administration’s request is a special form of logistic regression, known as ordinal logistic regression because the outcome (high, medium, or low risk of readmission) is ordinal in nature. The DSS provides Dan with a reference in which he can read about an ordinal logistic regression. The DSS reminds Dan to make sure that the assumptions of the ordinal logistic regression model are verified before moving forward with the building of the model. Excited about taking on this new project, Dan is glad that he will be extending his knowledge of linear regression gained in the classroom to ordinal logistic regression. The hospital just purchased several high-performance software products, so Dan starts looking through the help manuals regarding how to build this particular type of regression. He also uses the reference that the DSS provided him regarding ordinal logistic regression models; the reference book discusses the assumptions of an ordinal logistic regression model. Dan proceeds to build the ordinal logistic model using the software help manual and determines how to perform an ordinal logistic regression using the data he has available to him. Questions 1. What are the possible ethical implications for such a situation? 2. What should Dan do? 3. What should the DSS do? 4. What should the hospital administration do?

In the situation described above, the ethical concern is that Dan is being asked to do something that he is not qualified to do. There is a significant risk that he will make a mistake in building the predictive model and patient care will be negatively impacted because he does not have the proper training. Dan should make this clear to his supervisor and refuse to accept the assignment. He should, of course, offer to assist the RS and DSS as he has in the past, but he must make it clear that building the predictive model is out of his scope of practice. The DSS should support Dan’s refusal. Ideally, hospital administration should not have made this request of Dan in the first place; however, after Dan explains why it is not appropriate for him to build the predictive model, hospital administration should respect and support his position. The matrix for Scenario 4-A is located at the end of this chapter and outlines the steps for an ethical analysis of the situation.

Scenario 4-B  Readmission Predictive Model Project, Part 2: Impact of Bad Data Dan has been working on building the model for two days and is just beginning to feel comfortable with the data and the type of model he has to build. On the third day of the model-building project, his boss has another urgent request for Dan to run a report on the number of bloodstream infections in the hospital’s acute care settings in the past year. This request has come in from the Centers for Medicare and Medicaid (CMS), and the hospital has an immediate need to respond to CMS. Dan has two pressing analytical projects and is feeling pressure to “produce” from administration, so at the urging of administration, he makes the predictive model operational and turns his attention to the urgent request for CMS. Several weeks pass, and as hospital officials track the accuracy of the predictive model, they notice that the model is missing high-risk

Ethical Dilemmas Associated with Big Data and Data Analytics 105



patients. There are an alarming number of patients that the model classified as low risk of readmission, but were readmitted. In many of the cases, if the provider had been notified correctly of their risk, the provider could have ordered in-home care services, which could have prevented the hospital readmission. In other words, the predictive model is not correctly predicting the patient risk of readmission. Questions 1. What are the possible ethical implications for such a situation? 2. What should Dan do? 3. What should the DSS do? 4. What should the hospital administration do?

The main ethical issue with the scenario above is that Dan did not check the assumptions of the ordinal logistic regression and the model was put into operation too quickly. Thus, the rush to implementation has resulted in adverse outcomes for certain patients. Dan should have told the RS and DSS that he had not fully completed the model building process since the assumptions of the model had not been checked. Now that the adverse effects of the model have been discovered, Dan should immediately inform the RS and DSS of the mistake. The RS and DSS should verify that the assumptions of the ordinal logistic model are violated and suggest that a multinomial logistic regression be implemented instead of the ordinal model. While the RS and DSS needs to respect the hospital administration’s request for multiple projects, the RS, DSS, and hospital administration should work together to create a priority plan of the data analysis tasks that needs to be completed. The hospital administration uses the results of data analysis analyses and models to guide hospital policy and manage the resources of the hospital. It is important that the administration seek ways to set priorities clearly and fairly in order to be effective in strategic planning. The matrix for Scenario 4-B is

located at the end of this chapter and outlines the steps for an ethical analysis of the situation. These two scenarios clearly demonstrate that, without the appropriately trained individuals and adequate support from healthcare administration, the benefits of big data in health care are limited and the risk of error is great.

Value of Model Assumptions An assumption made in the ordinal logistic model is proportional odds (Allison, 2001). The proportional odds assumption checks if the distance between each category (high, medium, low risk) is the same. If this assumption is violated, then the analyst should try to use a multinomial logistic regression, or create an interval-level risk score and try modeling the interval-level risk score with a multiple regression. Model assumptions have not been covered in Dan’s Statistics 101 course and are not mentioned in the software help manual. So, without this indepth understanding, Dan made errors. And, as stated earlier, Dan should not have accepted the assignment on the ground that it is outside of his scope of practice. As soon as it became evident that the data from the predictive model were flawed, corrective action should have been taken. Hospital administration must acknowledge that patients have been affected by not receiving an accurate readmission risk score and make primary providers fully aware that the warning system is incorrect. Primary care providers should be instructed to follow up with all patients until the alerting system is corrected. Administration should do a retrospective analysis of the events leading to this error and put in place more stringent policies regarding scope of practice associated with data analytics. Another important consideration is the multiple demands made on Dan’s time. The lack of prioritization of projects and the urgency of both projects created an environment full of risk and potential for errors. Figure 4-1 depicts a typical cycle of analytics in which an HIM professional does not have sufficient time to fully understand and complete an analytical task that can have a major negative impact on patient care or healthcare processes.

106

Chapter 4   Data Analytics Administration requests analytical task

HIM professional assigned to study problem

HIM professional gets directed to new analysis

HIM professional begins to comprehend problem

FIGURE 4-1  Analytical Cycle

Hospital administration should have identified priorities and allocated resources to support the success of both projects. A realistic needs assessment may support adding additional RS and DSS positions to meet the healthcare organization’s needs for data analysis.

Data Altruism Another ethical issue involving big data in healthcare is that of data altruism, which means that the collection, usage, and sharing of healthcare data is for the sole purpose of benefiting patient care and outcomes. Faden et al. (2013) put forth the idea that patients are obliged to contribute to, participate in, and facilitate learning in health care. But do people, patients, consumers, and caregivers want to share their data for the benefit of both themselves and others? There is some evidence that some people are indeed willing to share data “for good.” The obligation placed on patients to contribute, under limited and appropriate conditions, to learning that is integrated with their clinical care is not present in conventional accounts of either clinical ethics or research ethics, where the assumption is that no such obligation exists (Longhurst, Harrington, & Shah, 2014). Longhurst et al. (2014) discuss the idea of turning away from traditional clinical trials and

using an observational, empirical-type analysis to determine patient care. The authors describe a “green button” that would allow healthcare providers to leverage data from EMRs, pharmacy benefits, social media, and patients’ shopping habits to determine patient care instead of the results from clinical trials. Just as there are ethical issues in clinical trials, new and different ethical issues must be examined if big data sources are used to provide patient care. Longhurst et al. (2014) address these new ethical issues by pointing out the importance of making the data anonymous, which involves removing all identifying patient information. To support this idea, the authors ask whether HIPAA needs to be revamped to take into account smartphones, sensors, and online patient communities, which have become prevalent in the American healthcare system. There is indeed huge potential for good in the form of cost reduction and improved patient care through using big data in health care. Within society, the technology exists to derive substantial benefits from big data in health care. The authors conclude their article with one lingering question: will political and public forums support big data in health care? Heitmueller et al. (2014) consider this ongoing question of the ethical issues around data sharing from the perspective of public policy. The authors argue that broad public health benefits could be gained if patients would share their data with third-party organizations. If individuals or organizations do not recognize the societal benefits from data sharing and linking, there will unlikely be any incentives for them to do so. Patients must perceive the societal benefits of data sharing as outweighing the privacy concerns. Cultural and ethical barriers still exist in society that prevent everyone from feeling comfortable with sharing health information. For example, many people are comfortable sharing health information across health providers, but when it comes to providing health information to thirdparty organizations, many people are hesitant. The idea of sharing healthcare data, even if anonymized, is still controversial. Consider the well-known case of Henrietta Lacks, a young black woman who was diagnosed with and died of cervical cancer in 1951. Doctors took samples



Ethical Dilemmas Associated with Big Data and Data Analytics 107

of her cells without her knowledge and then shared them with scientists, who used them to develop a human cell line for research. No one knows why, but her cells, known as HeLa cells, did not die. They were used in numerous experiments over many years, including one experiment that helped develop the polio vaccine. Eventually, labs were selling vials of the cells to researchers around the world, yet Lacks’s family did not receive any of that money or even know how the cells were being used (Fallik, 2014). Heitmueller et al. (2014) claim that the ethical concerns raised in the Lacks case resulted from the lack of an ethical framework for dealing with such situations. The authors propose a way to develop such an ethical framework. First, support for data sharing should be cultivated. The authors contend that people do not trust third-party entities and are fearful of sharing their data when they do not know how the data will be used. The intention of data usage must be clear and transparent so that patients will trust the release of their health information to third parties. Building a trust network is pivotal in getting people to share their health data. In a trust network, all personal data have labels that specify what the data can and cannot be used for. These labels correspond to the terms in a legal contract signed by all of the participants, which states the penalties for not obeying the labels. The authors claim that healthcare data has the potential to be as secure and trusted as the well-known SWIFT network. The SWIFT network reliably handles trillions of dollars of interbank transfers per day. The authors note that the financial and health care contexts cannot be directly compared, but the existence of the SWIFT network shows that trust networks can handle complex information securely on a large scale. The authors provide many other suggestions for building an ethical framework in a big data healthcare setting, such as giving patients the responsibility of managing their own healthcare records using online access, passing laws to provide oversight of third parties that use healthcare data for research purposes, and governments leading by example through creating open data commons. An open data common is a location in which anyone can access, modify, or share data sources.

Perhaps another V should be added to the three V’s of big data mentioned earlier: Value. Ethical questions that still need addressed are as follows: 1. What patient cohort gains value in using big data in health care? 2. Whose value will be taken into consideration when the data collection process is conducted, big data analysis techniques are applied, and the analyses are interpreted? There is potential value for all stakeholders, including patients, providers, administrators, policy makers, and insurers. Examples of benefits from each stakeholder’s perspective are discussed below. ■■

■■

■■

Patients. Patients must receive the most timely, appropriate treatment available. Appropriate care requires a coordinated approach, with all caregivers having access to the same information and working toward the same goal to avoid duplication of effort. Providers. Healthcare providers can use big data analytics to evaluate the relationship across many complex variables, such as laboratory results, nursing notes, patient family history, diagnoses, medications, and patient surveys, to identify patients who may be at risk of an adverse outcome. Better knowledge and efficient assessment of disparate facts about patients at risk could mean the difference between timely intervention and a missed window for treatment. Administrators. Hospital administrators can utilize big data to provide the correct care more quickly at a cost-effective rate, and monitor outcomes and performance to attract insurer payers. For example, a pharmacy administrator can use such data to manage medication inventory—potentially controlling their costs—and hospital systems can use the database to understand their internal cost structure and monitor their pharmacy’s materials and device procurement costs. In addition, hospital administrators can more easily identify areas of risks to patients. For example, big

108

■■

■■

Chapter 4   Data Analytics data can help identify emerging trends such as nosocomial (hospital-acquired) infections and more quickly take corrective actions to eliminate risk to patients. Policy makers. It is important that support is provided to decision makers in formulating policies to realize the opportunity and value that big data and big data analytical techniques can provide to the healthcare world. Insurers. Insurers should continually look for ways to improve value while preserving or improving healthcare quality. For example, they could develop a system in which provider reimbursement is tied to patient outcomes or undertake programs designed to eliminate wasteful spending.

Big data and advanced analytics, used intelligently, provide an opportunity to bring together diverse data sources—including patient records, clinical trials, insurance claims, government records, registries, wearable devices, and even social media—to understand health in a truly value-oriented way.

Big Data Analysis Techniques Used to Analyze Medical Data Big data varies from data collected and stored for traditional statistical analysis purposes. Table 4-1 summarizes several of the differences between healthcare data in a traditional statistical inferential setting and big data.

Because of the differences in the data collection, storage, and type of data, there are specific analytical techniques that must be used when dealing with big data. Analysis techniques available to medical researchers and practitioners vary from those used in a traditional statistical inference setting. It is important to understand the main differences between traditional statistical techniques and those used in big data situations. The first distinction to discuss is the initial data exploratory phase. In traditional statistics, researchers perform exploratory data analysis (EDA) to identify specific relationships between variables. Big data analysis techniques are not concerned with the underlying relationships; identifying multivariate dependencies between variables is not the main goal. EDA is performed in big data analysis situations when an analyst wants to visualize big data for the purposes of taking massive amounts of data and discovering something interesting or novel about the patient population. In big data EDA, the goal is to find interesting patterns and use the information to make decisions about the patient population or investigate the patient population in more depth. EDA in big data is concerned with exploring data more easily and understanding the data more fully.

Big Data Analysis EDA in big data requires far more flexibility than the static graphics in traditional statistics.

TABLE 4-1  Comparison of Traditional Data Versus Big Data

Traditional Statistical Data

Big Data

Collected with a specific purpose in mind; consists of survey, experimental, or observational data sets

Observational data collected automatically over the entire patient population; data comes from sensors, patient portals, social media websites, EMRs

Collected during specific time periods and under specific constraints

Collected continuously under no real constraints; there are many situations in which data is collected in real time

Stored in a conventional database or spreadsheet format

Stored in an unstructured format that can handle unconventional data such as email, video, audio, text documents

Does not need scalability for the databases that stored the data; the data volume is not large enough for scalability to be an issue

Needs databases that scale appropriately to the volume of data being collected



Big Data Analysis Techniques Used to Analyze Medical Data

Data must be analyzed in real time, to enable end users to produce dynamic visual presentations of data. Further, users often need to access and visualize data from their mobile devices. Inmemory storage capability is necessary to avoid data transfer, making visualization processing faster. Data should be stored in such a way that multiple researchers can access the data and collaborate on analyses together. Richter (2013) reported that policy makers at the Australia Institute of Health and Welfare are using EDA techniques to answer such questions as: ■■

■■

■■

What types of injuries result in hospitalization? Is the dental care provided in rural areas of the country equivalent to that in urban areas? Is Australia’s medical workforce growing at an appropriate rate to keep up with the country’s medical demand?

Such questions are precisely the types of questions that EDA big data can answer. One would never find these types of questions being asked in a traditional data analysis scenario. EDA big data uses visualization techniques to answer specific healthcare population questions or to investigate a patient subpopulation in more detail to gain insight. Richter (2013) provides four steps in helping researchers use and incorporate EDA into their workflow: 1. Understand the data you want to visualize 2. Determine the kind of information you want to provide 3. Know your audience and how it processes visual information 4. Choose a visual technique that represents the data in its best and simplest form The other main difference between traditional data analytical techniques and big data techniques is the purpose of the analysis. In both traditional statistics and big data, models will be developed. A statistical model is a mathematical relationship developed to describe the relationship between an outcome variable and a set of explanatory or predictor variables. However, the purposes of model building in a

109

traditional data analysis and in a big data analysis are not the same.

Traditional Data Analysis In traditional data analysis, the researcher is building a model with an inferential purpose in mind. That is, much time is spent on interpreting the results of the model. Inferential questions are asked, such as: ■■

■■

■■

■■

How do you interpret the parameter estimates of the model? Which parameter estimates are important via a hypothesis test? How much of the variability can be explained in the outcome variable using the predictor variables? How can the model be used to explain the relationship between the outcome and explanatory variables?

Predictive Analytics In contrast to much of the traditional statistical methodologies, big data analytical methods are typically not concerned with answering any of the inferential questions listed above. Instead, the main goal of a statistical model to a big data analyst is prediction and the accuracy of that prediction; regardless of whether or not the models or techniques used to generate the prediction are interpretable or open to simple explanation. There are many different types of big data analytical techniques that can be used for prediction purposes. Each type of analysis will have a different impact or result. Which type of technique to select depends on the type of problem the researcher is trying to solve. Different analyses will deliver different outcomes and thus provide different insights. There are two main categories of big data learning techniques: supervised and unsupervised techniques.

Supervised and Unsupervised Analyses Supervised techniques encompass all of the methodologies used in predictive analytics. When a researcher uses a supervised technique, there

110

Chapter 4   Data Analytics

is a defined outcome or response variable that is being modeled. The goal is to predict the response variable using predictor variables. An example of a supervised technique would be using a predictive model to detect where the next Ebola outbreak will take place. Certain predictor variables such as geographic factors, Ebola-like symptoms reported from hospitals and clinics, information from social media streams, online news stories, and the number of travelers between specific airports in different countries would all be predictor variables that would factor into predicting the outbreak’s location. Predictive analytical models can provide much value to healthcare providers, policy makers, and organizations. The use of predictive modeling is especially important to help control healthcare costs. Chawla and Davis (2013) describe a predictive model that uses a patientcentric approach to produce a personalized risk score for developing certain diseases. The model also develops a disease management plan and a wellness plan for each patient. By using big data sources, the authors are able to answer such questions as: ■■ ■■

■■

Is the patient at risk for a certain disease? If the patient is at risk, how should the disease risk be managed? What wellness strategies will work best for the patient?

Chawla and Davis (2013) contend that by using advanced analytical techniques such as predictive models, they can produce early warning indicators of potential disease risks of an individual patient and then provide patients with customized health care. The intent is to reduce readmission costs to healthcare providers, thus saving millions of dollars in healthcare costs. Predictive models have the ability to assist healthcare policy makers as well. Returning to the Ebola example, an initiative was recently launched called the Ebola Modeling Community call. The initiative was started by an IBM researcher. The call, which takes place every Wednesday, is designed for researchers studying Ebola epidemiology and modeling. Predictive models of Ebola are designed to produce

accurate predictions of the path of the disease. Healthcare organizations can use the results of the models to decide what actions to take. For example, health authorities and policy makers can decide where to focus their limited resources based on assessments of the model’s results (Hamm, 2014). The second category, unsupervised techniques, is those that are applicable when there is no defined outcome or response variable being modeled. In an unsupervised methodology, the techniques are looking for commonality among the individual observations of the data. Observations that are similar in some way are grouped together. Cluster analysis is a classic example of unsupervised technique. Clustering places observations into groups or clusters that are suggested by the data, based on the values of the input variables. The observations in each cluster tend to have a similar set of values across the input fields, and observations in different clusters tend to be dissimilar. Clustering differs from predictive modeling in that clustering leverages the relationships within the data themselves to inductively uncover the data structure, rather than imposing an analyst’s structure on the data. For example, hospitals can be grouped together based on patient utilization and geographic regions in an effort to allocate medical resources more efficiently (Delamater, Shortridge, & Messina, 2013). Table 4-2 provides specific examples of what types of analyses can be performed using both supervised and unsupervised methods. Implementing big data analytical techniques allows the healthcare industry more insight into their data, as well as providing better decisionmaking tools to improve patient outcomes and reduce costs. Big data analytical techniques offer several key benefits to healthcare stakeholders, including: ■■

■■

■■

■■

They are able to process even the largest and most complex data sets. They are data driven and, as such, are not as prone to user bias. They allow deeper investigation of the relationships driving predictions. They do not require a human expert to drive the algorithms.



Big Data Analysis Techniques Used to Analyze Medical Data

111

TABLE 4-2  Examples of Supervised and Unsupervised Analyses

Analysis Objective Prediction

Supervised (outcome/response variable exists) ■■ ■■ ■■ ■■ ■■ ■■ ■■

Cost of hospital stay Disease outbreaks and epidemics To what degree patient has Alzheimer’s (none, mild, severe) Intensive care unit (ICU) readmission Mortality after ICU discharge Hard-to-detect diseases such as heart disease Adverse events of certain pieces of medical equipment

Unsupervised (no outcome/response variable exists) Segmentation/Clustering

■■ ■■

■■

Grouping similar cases of fraudulent Medicare payments to detect Medicare fraud Detecting certain segments of the population that are underserved in preventive medical screenings like breast cancer screenings Determining geographic locations of a city that need more emergency medical personnel during certain times of the day

Investment in big data analytics is therefore vital for uncovering truths and patterns in data that stakeholders can leverage for innovation. The power of these advanced analytics should encourage the healthcare industry to assess big data analytical techniques for their specific needs. For all the benefits that big data analytical techniques can provide, there are some challenges in implementing such techniques. Many challenges in data collection and management arise from incomplete, heterogeneous, incorrect, or inconsistent data. In order to have a successful big data analysis, the data must be accurate, accessible, and precise (Kennedy, 2014). In addition, typically there are many variables that are redundant in large data sets. Variable redundancy reduction and data compression without loss of valuable information are vital to the success of a big data analysis. The type of work required to gather accurate and reliable data and to appropriately reduce the data is tedious and requires special training. As data collection capabilities change and large amounts of data are collected, it is increasingly important to leverage the skills of appropriately trained statisticians or data scientists specifically trained

in implementing big data methodologies while developing the analysis. Reconsidering the ethical scenario given earlier in the chapter, we are reminded of the importance of having an appropriately trained individual not only for the data preparation component of an analysis, but for the model-building stage as well. The next set of challenges involves actual system usage in demanding clinical workflows, systems, and environments. Healthcare workers face a variety of issues while interfacing with electronic medical records on a day-to-day basis. Some usability challenges include the lack of support for information integration, data heterogeneity, too many options for data entry, lack of visualization and summary information, and sharing information in a privacy-safe manner. Although EMRs provide support for entering structured information, clinicians often resort to unstructured notes due to the lack of time and system usability. This leads to natural language processing challenges and data errors. More importantly, the difficulty in primary usage of EMRs leads to low confidence in their value, which results in reduced interest in their secondary, and potentially very powerful, purpose—predictive clinical analytics.

112

Chapter 4   Data Analytics

Conclusion Big data and big data analytical techniques are no doubt affecting the future of health care, healthcare providers and organizations, and most importantly, patients. Crawford (2014) describes the evolving role of data and data analytics in the healthcare landscape. Crawford uses the phrase applied informatics, which refers to taking big data sources and producing something meaningful to analyze data at a high regulatory/policy level or at the individual patient level and further notes that with the advancements of technology, the healthcare field can collect and analyze more data than ever before. The data collection processes and big data analytical techniques now available will allow for better patient care and money savings for healthcare providers. With the many benefits of big data noted by Crawford (2014) and outlined in this chapter, it is important to note that the healthcare field is just at the “tip of the iceberg” in terms of the great potential of big data. The Affordable Care Act places heavy emphasis on the electronic medical record and better data collection. Additionally, patients already have the ability to collect valuable data points using smartphones and wearable devices. Big data, analyzed properly, has the ability to transform health care for everyone, from practitioner to patient. However, with the rise of big data in the healthcare field, some serious and compelling ethical issues need to be addressed. This chapter has asked and addressed the following ethical questions regarding big data in health care: ■■

■■

■■

■■

How does the researcher ensure the data is valid and “good” data—that is, no one group is left out of a medical study? Why is it important that a professionally trained data analyst perform big data analytical techniques? How is patient privacy of medical data addressed? How do patients share their data in a manner that benefits the entire patient population?

Healthcare researchers and policy makers are still grappling with these questions, and there is

no one definitive response to these ethical questions. The important aspect is that a dialogue has begun in the healthcare community regarding ethical concerns, and this focus will make the use of big data in the healthcare sector more beneficial to all individuals.

KEY TERMS Aggregated data Applied informatics Big data Data altruism Data analytics Data collection process Data driven Data warehouse Individual data Petabytes Predictive analytics Predictive clinical analytics Model assumptions Ordinal logistic regression Scope of practice Structured data Supervised analyses Traditional statistical data Unsupervised analyses Unstructured data Variety Velocity Volume

CHAPTER SUMMARY ■■

■■

■■

A variety of methods used to collect medical data, both from a traditional standpoint and from a big data perspective, are discussed. Medical data can be captured in both structured and unstructured forms. Health information is stored in multiple formats, such as paper-based, hybrid, and electronic medical records. Different data analytical techniques are utilized for the various formats. For example, paper-based health information can be limited in terms of the data analytical techniques that can be utilized. Hybrid formats have both paper and electronic

References 113

■■

■■

components, but still are quite limited, particularly when the unstructured data are not in an electronic format. Many of the big data analytical tools that are available cannot be applied to unstructured data if they are not in an electronic format. Electronic medical records are the gold standard in terms of data analytics. The electronic component allows the analyst to perform both structured and unstructured types of data analytics, from improving patient care to implementing more effective resource management. The ethical considerations related to the management of health data repositories involve not only data security but also ensuring data quality and integrity. The idea of data altruism is evaluated in relation to the massive health data repositories that are developing in the healthcare landscape. Data altruism ethical issues, from both the individual patient and public policy perspectives, are discussed. Several statistical techniques that can be used to analyze medical data are given. Big data analytical techniques, such as supervised techniques, which include predictive analytics, and unsupervised techniques are described. These big data analytic techniques can be utilized to solve all types of applied and research problems, such as detecting disease outbreaks, predicting hospital readmission, monitoring social media to prevent medical insurance fraud, and determining the combination of treatment and services that can help lead to better outcomes for both patients and providers.

REFERENCES Allison, P. (2001). Logistic regression using SAS: Theory and application. Cary, NC: SAS Institute and John Wiley & Sons. Bates, D. W., Saria, S., Ohno-Machado, L., Sha, A., & Escobar, G. (2014). Big data in healthcare: Using analytics to identify and manage highrisk and high-cost patients. Health Affairs, 33(7), 1123–1131. Blumenthal, D., & Tavenner, M. (2010). The “meaningful use” regulation for electronic health records. New England Journal of Medicine, 363(6), 501–504.

Brennan, N., Oelschlaeger, A., Cox, C., & Tavenner, M. (2014). Leveraging the big-data revolution: CMS is expanding capabilities to spur health system transformation. Health Affairs, 33(7), 1195–1202. Chawla, N. V., & Davis, D. A. (2013). Bringing big data to personalized healthcare: A patient-centered framework. Journal of General Internal Medicine, 28(Suppl. 3), S660–S665. Cohen, I.G., Amarasingham, R., Shah, A., Xie, B., & Lo, B. (2014). The legal and ethical concerns that arise from using complex predictive analytics in health care. Health Affairs, 33(7), 1139-1147. Collen, M. F. (2012). Computer medical databases: The first six decades. London: Springer-Verlag. Crawford, M. (2014). Making data smart: Practical informatics is helping transform data into health intelligence, and now moving into day-to-day HIM work. Journal of AHIMA, 2, 24–27. Delamater, P. L., Shortridge, A. M., & Messina, J. (2013). Regional healthcare planning: A methodology to cluster facilities using community utilization patterns. BioMed Central Health Services Research, 13, 333–349. Faden, R. R., Kass, N. E., Goodman, S. N., Pronovost, P., Tunis, S., & Beauchamp, T. L. (2013). An ­ethics framework for learning a health care system: A departure from traditional research ethics and clinical ethics [Special issue]. Hastings Center Report, S16–S27. Fallik, D. (2014). For big data, big questions remain. Health Affairs, 33(7), 1111–1114. Fihn, S. D., Francis, J., Clancy, C., Nielson, C., Nelson, K., Rumsfeld, J., Cullen, T., Bates, J., & Graham, G. (2014). Insights from advanced analytics at the Veterans Health Administration. Health Affairs, 33(7), 1203–1211. Halamka, J. D. (2014). Early experiences with big data at an academic medical center. Health Affairs, 33(7), 1132–1138. Hamm, S. (2014). How big data can help beat Ebola. Retrieved November 18, 2014, from http:// asmarterplanet.com/blog/2014/10/data-can-helpbeat-ebola.html. Heitmueller, A., Henderson, S., Warburton, W., Elmagarmid, A., Pentland, A. S., & Darzi, A. (2014). Developing public policy to advance the use of big data in healthcare. Health Affairs, 33(7), 1523–1530. Joynt, K. E., & Jha, A. K. (2013). Characteristics of hospitals receiving penalties under the hospital readmissions reduction program. Journal of the American Medical Association, 309(4), 342–343. Kennedy, A. (2014). Informatics ahead: HIM must rise to the challenge of evolving industry demands. Journal of AHIMA, 10. Krumholz, H. M. (2014). Big data and new knowledge in medicine: The thinking, training, and tools needed for a learning health system. Health Affairs, 33(7), 1163–1170.

114

Chapter 4   Data Analytics

Longhurst, C. A., Harrington, R. A., & Shah, N. H. (2014). A “green button” for using aggregate patient data at the point of care. Health Affairs, 33(7) 1229–1235. Murdoch, T. B., & Detsky, A. S. (2013). The inevitable application of big data to health care. Journal of the American Medical Association, 309(13), 1351–1352. National Alliance for Health Information Technology [NAHIT]. (2008, April 28). Report to the Office of the National Coordinator for Health Information Technology on defining key health information technology terms. Retrieved from https://www.nachc.com/client/ Key%20HIT%20Terms%20Definitions%20Final_ April_2008.pdf. Peters, S., & Buntrock, J. D. (2014). Big data and the electronic health record. Journal of Ambulatory Care Management, 37(3), 206–210. Raghupathi, W., & Raghupathi, V. (2014). Big data analytics in healthcare: Promise and potential. Health Information Science and Systems, 2(3), 1–10. Richter, W. (2013, third quarter). Using visual analytics to support policy decisions. SAS.com Magazine. Retrieved from http://www.sas.com/news/ sascom/2013q3/sascom-3q-2013.pdf. Roski, J., Bo-Linn, G. W., & Andrews, T. A. (2014). Creating value in health care through big data: Opportunities and policy implications. Health Affairs, 33(7), 1115–1122.

Salmon, D., Yin, W. K., Rosofsky, R., Brown, J., Vennice, K., Tokars, J., Roddy, J., Ball, R., Gellin, B., Lurie, N., Koh, H., Platt, R., & Lieu, T. (2012). Success of program linking data sources to monitor H1N1 vaccine safety points to potential for even broader safety surveillance. Health Affairs, 31(11), 2518–2527. Schick, C. (2013). Saving lives at 1000 data points per second. Retrieved September 28, 2014, from http://www.ibmbigdatahub.com/blog/savinglives-1000–data-points-second. Sparnon, E. (2013). Spotlight on electronic health records: Paper or electronic hybrid workflows. Pennsylvania Patient Safety Advisory, 10(2), 55–58. Strasak, A. M., Zaman, Q., Pfeiffer, K. P., Gobel, G., & Ulmer, H. (2007). Statistical errors in medical research: A review of common pitfalls. Swiss Medical Weekly, 137, 44–49. Strausberg, J., Koch, D., & Betzler, M. (2003). Comparing paper-based with electronic patient records: Lessons learned during a study. Journal of the American Medical Informatics Association, 10(5), 470–477. Wade, T. D. (2014). Traits and types of health data repositories. Health Information Science and Systems, 2(4), 1–8. Wright, A., Henkin, S., Feblowitz, J., McCoy, A., Bates, D., & Sittig, D. F. (2013). Early results of the meaningful use program for electronic health records. New England Journal of Medicine, 368(8), 779–780.



Ethical Decision-Making Matrices

115

Ethical Decision-Making Matrices SCENARIO 4-A  Readmission Predictive Model Project, Part 1: Right Skills? Steps

Information

1. What is the question?

Should Dan be asked to develop the readmission predictive model?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

■■ ■■

4. What are the values? Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s). STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue.

Hospital administration is taking proactive measures to avoid penalties associated with hospital readmission. Hospital administration wants to implement model immediately. DSS is off-site working on a major project. Dan is eager to work on request and has some technical capabilities but is not formally trained in data analytics.

TO BE GATHERED ■■

■■

■■

■■

Why was someone who was not formally trained in data analytics allowed to produce the final predictive model? Whose responsibility is it to identify work/ project priorities? What is the scope of practice for the HIM professional? Was he practicing out of scope? Who was aware of this? Is it appropriate and ethical for a nonformally statistically trained HIM specialist to build the model under DSS supervision? Are there standards of practice associate with this? Is there precedent?

Patient: Trust; patients trust their primary doctor to provide them with all the services they will need when they leave the hospital to fully recover. Family: Trust; family members trust the healthcare providers will provide their family member with all the services they will need when they leave the hospital to fully recover and also provide caregiver support services as needed. RS/DSS: Ensure data accuracy and validity to guide organizational decision making. HIM professional(s): Security, integrity, accuracy, and reliability (ensure development of an alerting system is effective, but does not violate ethics); wants to be responsive to administration’s requests; multiple demands and lack of prioritization of requests can result in conflicting obligations related to quantity versus quality. Healthcare professional(s): Protect welfare of patients without compromising confidentiality or data integrity; avoid harm to patients; respect patient autonomy. HIT professional(s): Ensure that patients, physicians, insurers, public agencies, and healthcare facilities have the right information to make critical decisions; ensure security and accurate information and results of the data analysis to guide organizational decision making. Administrators: Meet fiduciary and stewardship responsibilities to manage hospital system operations to ensure cost reductions, improve patient safety, improve patient outcomes, and reduce hospital readmissions; access to trusted information and results of the data analysis to guide organizational decision making. Society: Reduce healthcare costs; quality and equitable health care for all. (continued)

116

Chapter 4   Data Analytics

SCENARIO 4-A  Readmission Predictive Model Project, Part 1: Right Skills? 5. What are my options?

■■ ■■

Build the predictive model as requested. Wait until the DSS is available to work on the predictive model.

6. What should I do?

■■

7. What justifies my choice?

JUSTIFIED ■■

Wait until the DSS is available to work on the predictive model. NOT JUSTIFIED

Dan does not possess the skills to build the predictive model.

■■ ■■ ■■

8. How can I prevent this problem?

Loss of professional integrity. Violate professional standards. Endanger patient health.

Put in place more rigorous guidelines not allowing individuals to perform data analytic techniques without the proper formal statistical education. Administration/management should identify human resources needs proactively to ensure adequate professional staffing to meet organizations needs for timely information.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.



Ethical Decision-Making Matrices

117

SCENARIO 4-B  Readmission Predictive Model Project, Part 2: Impact of Bad Data Steps

Information

1. What is the question?

Should the readmission predictive model have been deployed?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

■■

■■ ■■

Hospital administration is taking proactive measures to avoid penalties associated with hospital readmission. Hospital administration wants to implement model immediately. Administrators have to respond to CMS inquiry immediately. DSS is off-site working on a major project. Dan is eager to work on request and has some technical capabilities but is not formally trained in data analytics.

TO BE GATHERED ■■

■■

■■

■■

■■

■■

4. What are the values? Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s). STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue.

Why was someone who was not formally trained in data analytics allowed to produce the final predictive model? Whose responsibility is it to identify work/ project priorities? Why were the assumptions of the model not verified by the HIM professional that built the model, even after the DSS stated that the assumptions should be checked? Whose responsibility was it to follow up? Should the DSS have tested the model upon return from the off-site project? What is the scope of practice for the HIM professional? Was he practicing out of scope? Who was aware of this? Is it appropriate and ethical for a nonformally statistically trained HIM specialist to build the model under DSS supervision? Are there standards of practice associate with this? Is there precedent?

Patient: Trust (patients trust their primary doctor to provide them with all the services they will need when they leave the hospital to fully recover). Family: Trust (family members trust the healthcare providers will provide their family member with all the services they will need when they leave the hospital to fully recover and also provide caregiver support services as needed). RS/DSS: Ensure data accuracy and validity to guide organizational decision making. HIM Professional(s): Security, integrity, accuracy, and reliability (ensure development of an alerting system is effective, but does not violate ethics); wants to be responsive to administration’s requests; multiple demands and lack of prioritization of requests can result in conflicting obligations related to quantity versus quality. Healthcare Professional(s): Protect welfare of patients without compromising confidentiality or data integrity; avoid harm to patients; respect patient autonomy. HIT Professional(s): Ensure that patients, physicians, insurers, public agencies, and healthcare facilities have the right information to make critical decisions; ensure security and accuracy accurate information and results of the data analysis to guide organizational decision making. (continued)

118

Chapter 4   Data Analytics

SCENARIO 4-B  Readmission Predictive Model Project, Part 2: Impact of Bad Data Administrators: Meet fiduciary and stewardship responsibilities to manage hospital system operations to ensure cost reductions, improved patient safety, improved patient outcomes, reduced hospital readmissions; need access to trusted information and results of the data analysis to guide organizational decision making. Society: Reduce healthcare costs; quality and equitable health care for all. 5. What are my options?

■■

■■

■■

■■

Acknowledge that all patients have been affected by not receiving an accurate readmission risk score. Make primary providers fully aware that the warning system is incorrect, and follow up with all patients until the alerting system is properly addressed. Put in place more stringent policies regarding which individuals can build the final predictive models for data analysis purposes. Only allow professionals who have been formally trained in statistics to perform any type of data analytics.

6. What should I do?

Carry out the disclosure to the primary providers so that they can reach out to all their patients who have recently been discharged and determine if they need any follow-up care.

7. What justifies my choice?

JUSTIFIED ■■

■■

NOT JUSTIFIED

Notify providers that received the alerts that there is a problem with the alerting system. Be truthful in the information regarding the data analysis problem.

■■

■■

8. How can I prevent this problem?

■■

■■

■■

■■

Not making providers aware that there is an issue with the medical alerting system and continuing on with medical care as if nothing has happened. Competing demands on time, limited resources (e.g., staff, expertise), and information needs are realities within the contemporary healthcare arena but do not justify bypassing standard procedures and protocols.

Read more and learn about the importance of using big data and data analysis techniques to improve patient care. Put in place more rigorous guidelines not allowing individuals to perform data analytic techniques without the proper formal statistical education. Administration/management must become proficient with prioritization. Furthermore, analysts should not be put into a position of determining which project comes first; such responsibility lies with leadership. Senior management must collectively take a step back, determine which projects have the highest value (as well as which can wait), and then commit to seeing the highest-value projects through to completion—even if new opportunities or dilemmas appear on the horizon.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

CHAPTER 5

Compliance, Fraud, and Abuse © kentoh/Shutterstock

Laurie A. Rinehart-Thompson, JD, RHIA, CHP, FAHIMA

become involved in, and responsible for, submission of a false claim. The penalties are real and expensive and can include prison. The HIM professional must have knowledge of the applicable guidelines and an appreciation and understanding of the requisite compliance programs for hospitals, physicians, home health agencies, long-term care facilities, laboratories, and thirdparty payers. This chapter outlines the laws, penalties, and preventive programs that an HIM professional should be familiar with.

Learning Objectives After completing this chapter, the reader should be able to: ■■

■■

■■

Discuss the laws and penalties concerning fraud and abuse in health care. Identify the responsibilities and liabilities of the health information management (HIM) professional relative to those laws. Identify roles of the HIM professional in establishing compliance programs and meeting the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Scenario 5-A  Documentation Does Not Justify Billed Procedure

Introduction

An active practice of physicians specializing in infertility regularly admits patients to the outpatient surgical department. The practice is a significant source of revenue for the hospital. The physicians perform laparoscopy on many of their patients. This procedure can be performed to determine the extent of endometriosis that is causing the patient pain or to determine the effect of the endometriosis on the patient’s current infertile state. Treatment for infertility is not a covered component of the patient’s federally reimbursed healthcare plan. Allison, the new HIM director,

The health information management (HIM) professional is a key player in the process that begins with the delivery of care to a patient and leads to the submission of a bill for reimbursement for services provided. One of the HIM professional’s major responsibilities is facilitating the collection of appropriate information needed to properly assign the correct clinical classification codes to the care provided. This process and responsibility sounds straightforward, but through either dishonest motivations to collect more money than properly owed or sloppy procedures and failure to accept responsibility for staying current and informed, the HIM professional can

(continued )

119

120

Chapter 5   Compliance, Fraud, and Abuse

has come to realize that the physicians’ documentation for this procedure always refers only to endometriosis, even when, for example, the nurses’ notes repeatedly mention that the patient gives, as the reason for the procedure, to “find out why she is not pregnant.” Questions 1. What should Allison do if she is aware that the documentation in the medical record does not reflect the true underlying reason for a procedure? Allison must bring this to the attention of the physicians. Perhaps they simply need to be educated about proper documentation in this situation, as well as insurance coverage rules. 2. What should Allison do if the physicians insist that she code only endometriosis, with no reference to infertility? Should she defer to the physicians on this issue, because physician documentation is the only source documentation that coders may code from? This is a difficult situation because the physicians may be the owners of the practice, and going against their orders may cost Allison her job. However, not abiding by the physicians’ wishes is the right thing to do. Further, the consequences for failing to comply with a federal payer are much more severe than the loss of a job. Allison should discuss this with the physicians and try to make them understand the severe penalties associated with misleading or fraudulent documentation and coding. If she cannot convince them otherwise, this may not be an environment in which she wants to continue working. She may want to search for another position in a more ethical setting where she will not risk federal payer penalties for noncompliance. If the physician practice is owned by the hospital rather than by the physicians themselves, Allison may have more leverage. She should speak immediately to the institution’s compliance officer.

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter. A critical function in every healthcare provider organization is to ensure that the operation of the HIM department supports ethical and accurate processes to document the care provided to patients, to assign appropriate clinical codes, and to manage health information in a responsible and timely manner. This has always been an important responsibility of the HIM professional, and it is even more important now as government actions to eliminate fraud and abuse have increased. It is important to understand the distinction between healthcare fraud and healthcare abuse, which are often discussed in tandem, and which most generally relate to federally funded programs. In the healthcare context, fraud is defined as knowingly “making false statements or representations of material facts to obtain a benefit or payment for which no entitlement would otherwise exist.” Abuse is defined as using “practices that are inconsistent with accepted sound fiscal, business, or medical practices” that may result in improper or unnecessary payments from a payer to a provider (Bowman, 2012). The passage of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) strengthened the federal government’s efforts to combat fraud committed against both public and private health plans (Office of the Inspector General, n.d.-a). In 1997, the Office of the Inspector General (OIG) for the U.S. Department of Health and Human Services invited healthcare providers to join the OIG in a national initiative to eliminate fraud and abuse from federal healthcare programs. The agenda included development of compliance guidances for healthcare sectors, implementation of mechanisms to promote self-disclosure of improper conduct, and increased awareness of the sanctions that might be imposed for fraudulent behavior. The goal was to protect the financial integrity of the federal healthcare programs. This initiative, the Health Care Fraud and Abuse Control (HCFAC) Program, has had substantial results, with recovery amounting to $4.3 billion in fiscal year 2013. In the previous three years, the government recouped $8.10 for every dollar spent on



Regulations that Guide HIM Professionals

investigating healthcare fraud and abuse (Department of Health and Human Services, 2014). An additional demonstration of the seriousness of the government’s intention to combat healthcare fraud has been the funding devoted to the Federal Bureau of Investigation (FBI). In fiscal year 2013, 480 agents were assigned (Department of Health and Human Services and Department of Justice Health Care Fraud and Abuse Control Program, 2014). This increased funding is a component of HIPAA. The effect of these efforts are apparent. In fiscal year 2013 alone, 345 individuals were criminally charged with 234 guilty pleas and 48 convictions by jury (Department of Health and Human Services, 2014). The struggle by healthcare providers to comply with public and private reimbursement programs can be additionally complicated by physicians’ responsibility to consider their commitment to the Hippocratic Oath. Putting the patient’s welfare first, while still complying with reimbursement policies, may not always seem possible, and insurer deception is a temptation for many. HIM professionals, because they manage functions that rely on the documentation and assertions of the physician, are challenged as well. The coding staff ’s use of the physician’s documentation to assign codes used for billing purposes is a key link in the submission of the bill for patient care to the third-party payer. Given the OIG fraud and abuse campaign, it is essential that HIM professionals ■■

■■ ■■

■■

■■

■■

Ensure that documentation processes capture accurate and timely information Code all diagnoses and services accurately Refuse to code inaccurately due to pressures to capture more money for the facility Manage information in a timely and responsible manner Clarify documentation and assertions of the providers if there appear to be inconsistencies Maintain awareness of requirements for coding and documentation as set forth by governmental, regulatory, and professional groups

HIM professionals have a crucial role and responsibility in preventing unethical and fraudulent behavior.

121

Regulations that Guide HIM Professionals A wide range of statutes, regulations, and programs addresses fraud, abuse, and compliance. The HIM professional must have a general understanding of these areas to fulfill a responsible leadership role in the management of HIM or compliance processes in a healthcare organization.

False Claims Act Suppose that the owner of a medical clinic and the clinic manager frequently submit claims for reimbursement as if diagnostic tests had been ordered and interpreted by physicians at the clinic, even though they actually have not been ordered or performed. The HIM professional at the clinic is presented with records that appear to be actual visits, the coder in the health information department assigns the appropriate codes for the tests as documented in the records, and Medicare pays more than $100,000 for the billings. The 1986 False Claims Act (FCA; 18 U.S.C. §§287 & 1001, 31 U.S.C. §3729; 42 U.S.C. #§1320a-7a) prohibits the presentation of such false or fraudulent claims to the government. Anyone who knowingly makes such a claim may be subject to criminal, civil, or administrative liability. The False Claims Act was enacted during the Civil War to target vendors who supplied the Union with inferior products or cheated the government. The general nature of the statute extends to, and is applied in, the current reimbursement environment of health care. Title 42, section 1320a-7b(a), of the U.S. Code adds criminal penalties that subject the violator to prison, fines, and mandatory exclusion from federal healthcare programs, including state (Medicaid) programs. In the previous case, the clinic owner and clinic manager, if convicted, could each face a maximum sentence of five years in prison and a $250,000 fine or twice the amount of the false claim, whichever is greater (Showalter, 2012). The statute qualifies that the submission of false or fraudulent claims must be done

122

Chapter 5   Compliance, Fraud, and Abuse

“knowingly” to result in a violation. The False Claims Act specifies, however, that proof of intent to defraud is not required. Rather, any of the following qualifies as knowledge: (1) actual knowledge of the falseness or fraudulence of the claim, (2) deliberate ignorance of the truth, or (3) reckless disregard for the truth (Showalter, 2012). The U.S. Department of Justice (DOJ) issued a memorandum in 1998 that contains guidelines for use of the False Claims Act. These guidelines, still applicable, outline the conditions for determining whether a false claim exists and whether the provider knowingly submitted the false claims. The DOJ must consider numerous factors bearing on the provider’s state of mind (Department of Justice, 1998). The HIM professional has a responsibility to obtain, analyze, and apply the available transmittals from the government regarding documentation and reimbursement guidelines as well as the official coding guidelines, Coding Clinic, published by the American Hospital Association. Failure to accept and apply these responsibilities could be interpreted as “deliberate ignorance or reckless disregard for the truth.” In Scenario 4-A, the clinic manager and owner are guilty of violating the False Claims Act because they have knowingly submitted false claims to a government-sponsored program, Medicare; thus, they have violated the statute. Might the HIM professional also be liable? If the HIM professional did not know that the claims were false, he or she would not be liable. However, the False Claims Act says that acting in deliberate disregard for the truth can be considered a violation of the act. If it could be shown that the HIM professional should have known that the tests did not occur—if, for instance, it could be shown that procedures to reconcile records with registration lists were considered a standard practice of HIM departments, and if the HIM professional had no such procedures in place—he or she could indeed be liable.

Qui Tam Statutes Suppose that an HIM department does not consistently enforce the coding guidelines published for the organization. The coders know that the chief financial officer wants a higher case-mix index to result from the inpatient

cases coded and has been known to state that raises may be in order if the case mix, and subsequently reimbursement, improves. Several of the coders have decided that they want to do whatever it takes to get a raise, and they are inappropriately assigning codes that result in a higher Diagnosis-Related Group (DRG) for the hospital. One of the other coders knows about this activity and informs the HIM department director. The director says she will look into the situation, but the practice continues. Frustrated that the department director appears to not want to deal with this, the coder initiates a “whistleblower,” or qui tam, lawsuit under the False Claims Act. Qui tam statutes provide a means for private individuals, called relators, to bring lawsuits under the False Claims Act alleging that an individual or organization has committed fraudulent behavior against the government. The case brought by the private individual is reviewed by the DOJ. The DOJ then decides whether it will join the case as a co-plaintiff. If the DOJ joins the case, the relator still receives a percentage of the funds recovered. Even if the DOJ declines the case, the individual can proceed on his or her own. Deferral of the case by the DOJ, however, can be a sign that the case is not strong enough to prevail. If the private individual, or “whistleblower,” decides to proceed without the DOJ’s participation, then he or she must independently fund the legal actions. Because the legal expenses for a qui tam case can be very costly, it is difficult to proceed without the DOJ’s participation. Few cases continue if the DOJ does not join the action. The relator can be any person with knowledge of fraudulent behavior. Employees are protected from retribution, and the relator is frequently a disgruntled staff person. The number of qui tam suits rose from 17 in 1992 to more than 178 in 1996 (Stringer, 1998). By fiscal year 2013, the number had reached a record 752. Recovery resulting from qui tam actions was $2.9 billion, and relators recovered $345 million of that amount (Department of Justice, 2013). In a major civil case brought by the DOJ against Columbia/HCA Healthcare Corporation, a portion of the charges were brought with the assistance of “whistleblowers,”

who testified that the company had inappropriately assigned DRGs to cases that were not substantiated by the patient’s documented care. After the federal government had completed its investigation against Columbia/HCA, criminal and civil penalties were assessed totaling $1.7 billion. (Department of Justice, 2003). This represents the most comprehensive health care fraud investigation and the largest total recovery due to healthcare fraud from any single provider to date. Again, this case illustrates the role of the HIM professional to establish appropriate coding guidelines and ensure that the coding function submits only those codes that truly reflect the patient’s condition or the care provided. Qui tam suits pose two challenges. The first is the clear responsibility of the HIM professional to manage the health information processes in an accurate, ethical manner and to ensure that compliance with regulations, policies, and procedures occurs. The second challenge is to establish fair, consistent personnel policies to decrease the incidence of disgruntled employees. An unhappy employee who brings a false charge of wrongdoing can cost the HIM professional and institution time and money that could be better used.

Voluntary Disclosure Protocol Suppose that a hospital’s health information management department changes the patient type on a case from “Inpatient” to “Observation” status after discharge if the patient is discharged in less than 23 hours. The director of the hospital’s health information system professional attends a seminar and learns that the decision of the physician to admit the patient as an inpatient cannot be retroactively changed to “observation” if the initial intent was to admit the patient. The fact that the patient stayed less than 23 hours is irrelevant. But the department has been changing patient types like this for over a year. In 1998, the OIG implemented a voluntary disclosure protocol to self-disclose fraudulent conduct that can help HIM professionals who find themselves in situations like this one. The Self-Disclosure Protocol (SDP) furthers the intent of the OIG to work with the healthcare

Regulations that Guide HIM Professionals

123

industry to help identify and resolve irregularities that adversely affect federal healthcare programs as defined in Title 42, section 1320a-7b(f), of the U.S. Code. The goal of the protocol is to remove the disincentives that accompany selfdisclosure of wrongdoing and involve healthcare providers in anti-fraud efforts (OIG, 2013). Further, self-­disclosure is often less costly and disruptive than a full government investigation (OIG, n.d.-b). Although the protocol does not protect an entity from civil or criminal action under the False Claims Act, it does advise that self-­reporting can be considered as a positive mitigating factor when the OIG makes recommendations to prosecuting agencies. By self-reporting, an organization can avoid a full-scale audit, which can be costly and disruptive. Self-reporting also offers the opportunity to negotiate the monetary settlement and to avoid exclusion from further participation in federal healthcare programs. The protocol should be used only for instances involving possible fraudulent behavior where the provider has reason to believe that the fraudulent behavior, by either an employee or the entity, has occurred. Negotiations with the OIG may result in the imposition of a Corporate ­Integrity Agreement (CIA). When such an agreement is reached, the provider must meet certain government-imposed requirements to ensure the provider’s ongoing compliance. Comprehensive CIAs typically last five years. The provider agrees with the CIA’s obligations in exchange for the OIG agreeing not to seek exclusion of the provider from Medicare, Medicaid, or other federal health programs (OIG, n.d.- b). Typically, the CIA will include an annual audit of billing or other operations by designated auditors. It usually also specifies obligations that must be met by the provider’s own compliance plan activities. The majority of audits include review of the documentation maintained in the medical record as a basis for determining the appropriateness of assigned codes directly affecting the amount of reimbursement. CIAs may be imposed only by the OIG, not by the Medicare contractor. The HIM professional may be involved in these types of audits as a manager who either facilitates arrangements for the audit or conducts the audit. The HIM professional may also

124

Chapter 5   Compliance, Fraud, and Abuse

serve as an external consultant who comes in to help perform the audit. Knowledge of statistics and sampling techniques is an important skill for the HIM professional as a key player in an audit. The HIM professional may also be a key player in self-disclosure because, through the course of regular processing of incomplete charts, coding, or performance of ongoing record reviews, it may become obvious that a provider or practitioner is violating regulatory guidelines and benefiting unjustly from reimbursement. The HIM professional has an important responsibility to report the findings to the next level of authority and to the facility’s corporate compliance program.

Anti-kickback Statute The anti-kickback statute (§1128(b)(7) of the Social Security Act, 42 U.S.C. §1320a-7b), makes it illegal to offer, pay, solicit, or receive anything of value (a “kickback”) for inducing referrals to a federal healthcare program. These are felonylevel criminal violations for anyone who knowingly and willfully engages in this behavior. Additionally, conviction for these actions results in automatic exclusion from as a provider in federal healthcare programs (Bowman, 2012). An exclusion of this type essentially makes it impossible for a healthcare provider to continue to provide services, because a significant percentage of a provider’s reimbursement often comes from these programs. The anti-kickback statute assigns liability to the parties on both sides of a transaction that violates the statute. In other words, both the person soliciting and receiving anything of value and the person offering or paying it for an impermissible transaction are liable. Even arranging for or recommending these actions is prohibited (Showalter, 2012). Proving antikickback violations requires the government to prove that the violator possessed intent and engaged in knowing and willful conduct. The criminal standard for burden of proof, “beyond a reasonable doubt,” must be met. Why should the HIM professional be aware of the antikickback statute? Although HIM professionals are seldom likely be in a position to benefit financially from inducing referrals to a federally

reimbursed healthcare program, they may observe such an arrangement or be in a position to warn other healthcare providers of the prohibition. As demonstrated in a recent case by the U.S. Department of Justice against DaVita HealthCare Partners, the penalties can be severe. DaVita, a kidney dialysis company based in Denver, was required to pay $389 million in a criminal and civil anti-kickback case for which physicians were compensated illegally for referring patients to DaVita for dialysis treatments (Osher, 2014). The involvement of HIM professionals in processing healthcare documentation and assigning codes used for billing purposes exposes them to a wide range of knowledge about the activities occurring in an organization. HIM professionals should not ignore what is going on around them as they carry out their professional role and responsibility.

Anti-referral Statutes: Stark I and II Suppose that a physician owns a part of a reference lab that offers specialized laboratory testing. The physician’s practice refers a significant portion of its patients to this reference lab for performance of these specialized tests. As an indirect result, the physician benefits through the profits made by the reference laboratory. The anti-referral statutes (42 U.S.C. §1395nn), titled the Ethics in Patient Referral Act and enacted as part of the 1989 Omnibus Budget Reconciliation Act (OBRA), prohibit this kind of arrangement. The statutes are commonly referred to as Stark I and II because they were introduced by California Representative Pete Stark. Under Stark, it is unlawful for a physician to make referrals for Medicare-covered services to entities in which the referring physician (or immediate family members) has a financial relationship (Preamble to Stark I Regulations, 1995; 42 U.S.C. §1395nn). The first, early version of the statute (Stark I), passed in 1989, focused on prohibitions against a physician’s referral of patients to a clinical lab in which the physician had a financial interest. The second (Stark II), passed in 1995, extended the statute to include referrals to any entity furnishing



Regulations that Guide HIM Professionals

designated health services. Designated health services are broadly defined to include items or services such as clinical labs, occupational therapy, physical therapy, hospital services, orthotics, durable medical equipment, parenteral/ enteral nutrition, radiology, radiation therapy, home health services, and outpatient prescription drugs (Centers for Medicare & Medicaid Services, n.d.). Unlike the federal anti-kickback statute, the anti-referral statute is a civil, not a criminal, statute and carries a lower standard of proof. Only a simple preponderance of evidence, “of greater weight or more convincing than the evidence offered in opposition,” or “more likely than not,” is needed. Intent need not be shown. In other words, just making the referral is a violation of the statute. The penalties for Stark do not involve jail terms because it is a civil violation. The monetary penalties are high, however. Up to $15,000 per service, in addition to exclusion from future provision of services to federal healthcare programs, can be applied (OIG, n.d.-c). As with anti-kickback regulations, HIM professionals are not likely to be directly involved in the activities that this statute prohibits. But they could be a spouse of a physician, and thus would need to make sure that they are not participating in ownership or financial benefit from an entity that their physician spouse or other immediate family member made referrals to.

“Safe Harbors” and Stark Exceptions The Stark anti-referral statutes specify exceptions (42 C.F.R. §411.350 et seq. and 42 U.S.C. §1395nn), and anti-kickback statutes designate “Safe Harbor” categories (42 C.F.R. §1001.952 & 42 U.S.C. §1320a-7b(b)), defined by the U.S. Department of Health and Human Services, for practices unlikely to bring harm to the federal healthcare programs. These are practices that technically violate either the anti-­referral or antikickback statutes, but that have been proven to not improperly influence or reward someone. In particular, the federal government has designated exceptions or safe harbors for underserved areas in an effort to promote the accessibility and availability of healthcare providers to residents of such areas. Although anti-kickback and

125

anti-referral violations infrequently turn on the basis of health information documentation and coding activities, the HIM professional should maintain an awareness of these aspects of illegal healthcare arrangements to ensure active participation and support in hospital-wide compliance program activities, as discussed later in this chapter.

Mail and Wire Fraud Frequently, charges for violations under the preceding statutes will be accompanied by additional charges for violations of mail and wire fraud (18 U.S.C. §1341; 18 U.S.C. §1343). These laws prohibit the use of the U.S. Postal Service or any wire service to execute a scheme related to fraud. Violation of these felony statutes is punishable by a fine of up to $1,000,000 and/or imprisonment up to 30 years (18 U.S.C. 1343). Because most transmissions of information for reimbursement are by either mail services or wire services, this is another criminal statute, though general in nature, that can be applied in the war against healthcare fraud.

HIPAA Regulations In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA; 42 U.S.C. §201 et seq.). Although HIPAA established requirements to ensure the transfer or continuance of insurance benefits when one changes or terminates employment, HIPAA is best known to HIM professionals not only for its standardization of transactions and code sets, but for its national standards that protect the privacy and security of individually identifiable health information. It extends beyond previous statutes discussed earlier in this chapter to include all uses and disclosures of protected health information by healthcare providers, funded by either federal or private payers, who conduct certain healthcare transactions electronically and therefore qualify as covered entities. Although an original intent of the act was to standardize and simplify electronic transmissions of health information to result in long-term cost savings as a result of efficiencies achieved by switching from paper claims

126

Chapter 5   Compliance, Fraud, and Abuse

submission to electronic claims submission, the focus of this legislation quickly shifted to compliance efforts in protecting the privacy and security of individuals’ health information.

HIPAA Administrative Simplification Standards HIPAA’s Administrative Simplification Standards for covered entities, which consist of health plans, healthcare clearinghouses, and healthcare providers (42 U.S.C. §1320d-2 et seq.), address the situation outlined previously. These standards are aimed at ■■

■■

■■

■■ ■■

■■

Maintaining the integrity and confidentiality of healthcare information Protecting against reasonable foreseeable threats to the security and integrity of the information Protecting against unauthorized uses or disclosures of the information Ensuring compliance by employees Standardizing transactions and code sets across the healthcare spectrum Penalties. In 2009, the American Recovery and Reinvestment Act (ARRA) was signed into law. A section of that statute titled the Health Information Technology for Economic and Clinical Health (HITECH) Act made changes to the HIPAA Privacy and Security Rules. One important aspect was the imposition of much stricter penalties for violations of the law. Per HITECH, there are three tiers of penalties: ■■ Unknowing or did not know (even with reasonable diligence); $100 to $500 per violation, with a maximum penalty of $1,500,000 per calendar year for identical violations ■■ Reasonable cause (knew or would have known with reasonable diligence, but not categorized as willful neglect); $1,000 to $50,000 per violation, with a maximum penalty of $1,500,000 per calendar year for identical violations ■■ Willful neglect; $10,000 to $50,000 per violation, with a maximum penalty of $1,500,000 per calendar year for identical violations if corrected, or $50,000 per violation, with a maximum penalty of $1,500,000 per calendar year

for identical violations if uncorrected (­Rinehart-Thompson, 2013)

Security Standards HIPAA’s security standards, which are also part of the Administrative Simplification provisions, apply to any electronic data in a data repository or transmitted over any network. These standards address five main categories: 1. Administrative safeguards to guard data integrity, confidentiality, and availability. These must be documented, formal practices. 2. Physical safeguards to guard data integrity, confidentiality, and availability. Again, these must be documented, formal practices. 3. Technical safeguards to guard data integrity, confidentiality, and availability. These include the processes that the entity uses to control and monitor information access as well as to prevent unauthorized access to data that an entity transmits over a communication network. 4. Organizational requirements that regulate business associate contracts, other arrangements, and group health plans. 5. Policies and procedures and documentation to address appropriateness, retention, availability, and timely nature of HIPAA-related documentation, including policies and procedures (Rinehart-Thompson, 2013). The HIM professional has a large job to design and document the procedures used to safeguard the data’s integrity, confidentiality, and availability. Technical and operational steps have been implemented to meet the requirements to protect data and prevent unauthorized access. As one of the main venues for storage, retrieval, and release of medical information, the HIM department is a primary source and keeper of the type of data that HIPAA intends to protect.

Privacy Standards HIPAA’s privacy standards, which are also part of the Administrative Simplification provisions, apply to any individually identifiable health information that is or has been transmitted

or maintained in any form by a covered entity that conducts certain healthcare transactions electronically. Health information that has been created by another entity becomes protected health information under HIPAA once it is in the custody of a HIPAA-covered entity. The HIPAA privacy standards generally prohibit the use or disclosure of protected health information without an individual’s authorization, although there are many exceptions. Protected health information may be used or disclosed, without individual authorization, for purposes of treatment, payment, and healthcare operations. Use and disclosure may also occur without individual authorization for myriad reasons, including those identified as “public interest and benefit activities.” Examples of these activities include public health, research, health oversight, law enforcement purposes, and the activities of coroners or funeral directors (45 C.F.R. §164.512). These uses and disclosures are permissive rather than mandatory, meaning that HIPAA allows such uses and disclosures but does not require them. Such uses and disclosures should only be made in conjunction with state law requirements. The chain-of-trust concept requires disclosing entities to ensure that a business partner receiving protected health information will safeguard the information. The privacy standards also establish basic rights for patients, such as the right to access, inspect, and copy information; obtain an accounting of certain disclosures; request an amendment of one’s own inaccurate or incomplete protected health information; request confidential communications; and request restrictions on the use and disclosure of one’s own health information (45 C.F.R. §164.522 through 45 C.F.R. §164.528). For uses and disclosures that do not require patient authorization, a written notice must be provided to inform patients of these uses and disclosures (45 C.F.R. §164.520(a)).

Enforcement Programs HIPAA also established four key programs to assist with healthcare fraud enforcement in both the public and private areas of the healthcare industry. The first, the Fraud and Abuse Control Program, was established to control

Regulations that Guide HIM Professionals

127

healthcare fraud and abuse against both public and private health plans. It is under the joint direction of the Attorney General and the Secretary of the Department of Health and Human Services (HHS), which acts through the HHS Inspector General (42 U.S.C. 1320a-7c). The second, the Medicare Integrity Program, was established to direct HHS to enter into agreements with private companies to carry out fraud and abuse protections (42 U.S.C. 1395ddd). The third, the Beneficiary Incentive Program, encourages the reporting of suspected fraud and abuse by Medicare beneficiaries (42 U.S.C. 1395b-5). The fourth, the Healthcare Fraud and Abuse Data Collection Program, was designed to create a national healthcare fraud and abuse database in conjunction with the National Practitioner Data Bank (42 U.S.C. 1320a-7e).

False Claims Penalties Civil penalties for violating the False Claims Act range from $5,500 to $10,000 for each false claim and three times the amount of overpayment (“treble” damages) (Department of Justice, 2011). Two provider practices that qualify as false claim submission are upcoding (that is, assigning a code that the person knows or should know will result in greater payments than appropriate), and misrepresenting billed services with respect to factors such as duration, frequency, and provider (Showalter, 2012). The government is particularly interested in patterns of fraudulent behaviors versus periodic errors.

Roles for HIM Professionals The components of HIPAA create many opportunities requiring the experience and knowledge of the HIM professional. For example, to comply with the privacy standards of HIPAA, an organization must designate a “privacy officer” to develop the policies and procedures needed regarding use and disclosure of health information. Extensive education must also be given to all workforce members, which includes not only employees but others such as unpaid volunteers, regarding health information policies and procedures, with ongoing, repeated education at

128

Chapter 5   Compliance, Fraud, and Abuse

least once every three years. Safeguards such as passwords and door locks must be implemented to comply with the HIPAA security standards. A process to report lack of compliance with the standards must exist. Appropriate sanctions must also be developed (Rinehart-Thompson, 2013). Development of these functions and requirements is a process that the HIM professional can guide and facilitate.

Compliance Programs to Prevent Fraudulent Behaviors Passage of the Federal Sentencing Guidelines in 1992 established a framework of seven specific elements required for the implementation of compliance programs for a broad range of healthcare providers. The OIG has outlined several compliance program guidances in its continued efforts to promote voluntary compliance for the healthcare industry. A compliance program is intended to foster the prevention of fraudulent activities by the development of internal controls. The fundamental intent is to establish a culture that promotes prevention, detection, and resolution of instances of conduct that do not conform with federal, state, and private-payer healthcare program requirements (OIG, 2005). The OIG has published compliance program guidance documents for myriad entities including hospitals, home health care, nursing homes, third-party billing companies, pharmaceutical manufacturers, and physician practices (OIG, 2005). The OIG emphasized that a compliance program must effectively articulate and demonstrate the organization’s commitment to compliance. The inclusion of the governing body, upper management, other managers, employees, and physicians should guide the management of the healthcare entity. The OIG recognized that although a compliance program may not entirely eliminate fraud, abuse, and waste from the hospital system, it can significantly reduce the risk of unlawful or improper conduct (OIG, 2005). The OIG outlined seven essential elements of a compliance program (OIG, 2005), based on the U.S. Sentencing Commission Guidelines

(U.S. Sentencing Commission 2014 8A1.2, comment [n3(k)]): 1. Implementation of written standards of conduct and accompanying policies and procedures to promote compliance. These standards are the basic framework for expressing the organization’s values and ethics and the governing body’s commitment to corporate compliance. Recent case law suggests that failure of a corporate director to attempt in good faith to institute a compliance program in certain circumstances may be a breach of a director’s fiduciary obligation (see, e.g., In re Caremark International Inc. Derivative Litigation, 698A.2d 959 (Ct. Chanc. Del. 1996)). These standards must be designed to address specific areas of risk for potential fraud, such as claims development, coding, and financial relationships with physicians and others. The OIG Work Plan (2014) outlines activities that the OIG will pursue relative to programs offered by the U.S. Department of Health and Human Services. It is wise for healthcare organizations to also assess these known risk areas. HIM professionals must carefully document policies and procedures for coding and the associated documentation required to assign the code. Every institution needs coding policies and procedures and accompanying coding compliance plans validating the coding process. 2. Designation of a chief compliance officer (CCO) and a compliance committee. This element is to designate the upper-level leadership charged with responsibility of operating and monitoring the compliance program. The CCO reports directly to the CEO and governing body. The scope of the CCO’s responsibilities includes general oversight and implementation of the compliance program and regular reports to the governing body, CEO, and compliance committee regarding compliance activities. The CCO ensures that all elements of the compliance plan are carried out. 3. Development and implementation of regular, effective education and training



Dilemmas in Practice programs for all affected employees. The OIG recommends that ongoing education programs include sessions highlighting the organization’s compliance program and that they cover regulations and processes related to compliance such as fraud and abuse laws, coding and documentation requirements, and the claims submission process. The OIG examples include education of upper-level management regarding proper confirmation of diagnoses, alterations to medical records, and proper documentation of services rendered. Providing education on these topics is an area for an active role by HIM professionals in the hospital’s compliance program. 4. Maintenance of an effective method for a line of communication. The lines of communication are designed to receive complaints, to protect the anonymity of complainants, and to protect whistleblowers from retaliation. The OIG recommends that the compliance officer be accessible to staff. Hotlines and other forms of communication may be established to facilitate this process. The OIG believes that whistleblowers should be protected from retaliation, as provided for in the qui tam provisions under the False Claims Act. Employees may be forced to file the qui tam actions when there is not a safe, effective method to bring questionable, fraudulent, or abusive situations to the attention of senior officials. 5. An ongoing process for auditing and monitoring. The use of audits or other evaluation to monitor compliance and reduce problem areas is critical to a successful compliance program. The OIG outlines the conduct of regular, periodic compliance audits by internal or external auditors as a program component in the guidance document. Coding and claim development are aspects that should be included in the audit process. 6. Development of a system to enforce standards through well-publicized disciplinary guidelines. The disciplinary actions for failure to comply with compliance program standards must be established, implemented, and followed. New

129

employees should receive a careful background check. Any criminal conviction or exclusion should be checked carefully against the OIG’s recommendations for exclusion from involvement in any federal care program. 7. Responding promptly to detected offenses and developing corrective action initiatives. The appropriate actions must be implemented when offenses are detected. Determining the level of reporting to the correct government authorities must be accomplished. A voluntary self-­disclosure action may be invoked as appropriate. In any event, any overpayment must be returned to the government as discovered. The OIG advised that each program be tailored to fit the needs and resources of the hospital. The hospital guidance elements are generally consistent with the instructions found in the OIG guidance documents that are specific to other healthcare entities, such as home health agencies, long-term care facilities, physician practices, and third-party payer billing companies. An HIM professional working in one of those specific settings should obtain the guidance document from the OIG for that entity. The development of compliance program activities in a hospital can benefit significantly from the leadership, participation, and support of HIM professionals. In many instances, HIM professionals have assumed the role of CCO or a significant role in the conduct of aspects of the program, such as auditing and monitoring, education, and reports for the compliance committee or governing board. Obtaining the annual OIG Work Plan is a good starting point to determine the current focus on perceived issues with coding and documentation issues. A corporate compliance plan should discuss coding actions in relation to the seven essential elements of a compliance program that the OIG has outlined.

Dilemmas in Practice HIM professionals are faced on a daily basis with the challenge of finding ways to ensure that health information is documented accurately and efficiently.

130

Chapter 5   Compliance, Fraud, and Abuse

Scenario 5-B  Accepting Money for Information The director of the HIM department serves as the system manager for the department’s system that assigns codes to patient accounts. The system downloads patient-identifiable demographics to facilitate the use of the database for facility reporting to analyze physician practice patterns, patient outcomes, and facility utilization. The HIM director’s department budget has been cut again this year by 10 percent. The transcription equipment is in need of constant repair, and the fax machine jams on a regular basis. An entrepreneur starting a service to provide home dialysis visits to patients is trying to decide if there will be enough business to support his new business venture. He also needs to know which patients receive dialysis and which physicians treat patients with this condition. He offers the HIM director a good sum of money for a downloaded listing of information on patients with applicable diagnosis types. The money provided to the HIM director could be used to replace the fax machine and pay for a regular service contract. The business is for a good cause, and the department could really use the money. Questions 1. Is it acceptable for the HIM director to accept the offer from the new business entrepreneur? No. 2. Would anyone be harmed if the HIM director released the information to the entrepreneur? Yes. Patients would be harmed because their protected health information was disclosed in violation of the law. The organization would be harmed because one of its own workforce had violated the law. This could subject the organization to penalties.

3. Would this violate any HIPAA standard, and, if so, what would the penalty be for this violation? Yes, this violates the HIPAA authorization requirement. There is not an exception to the authorization requirement for this type of disclosure.

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter.

Fraudulent Documentation Practices Let us return to Scenario 5-A. What should an HIM professional do if he or she is aware that documentation in the medical record does not reflect the true underlying reason for a procedure? For both ethical and legal reasons, the HIM professional should not acquiesce to the physician’s documentation, even if the physician insists on it. It is a violation of the law and, as noted in this chapter, the stakes for noncompliance are high. If the physician is committing fraud by signing the final diagnostic statement with information that misrepresents the reason for the patient’s treatment, and the HIM professional knows that the information is misrepresented, he or she should report the situation to hospital compliance and legal staff. With regard to Scenario 5-B, the sale of patientidentifiable information to a business entrepreneur is an unacceptable breach of patients’ confidentiality. It is also a violation of HIPAA’s Administrative Simplification Standards, which prohibit the sale, transfer, or use of individually identifiable health information for commercial advantage, personal gain, or malicious harm. The HIM director could be in big trouble: a $250,000 fine or 10 years in prison, or both.

Scenario 5-C  Retrospective Documentation to Avoid Suspension The HIM medical record analyst is assessing the medical record of Susan Smith,



Dilemmas in Practice

who was discharged yesterday, and notes that it does not have a history and physical in it. The HIM analyst has been told that every medical record needs a history and physical per The Joint Commission standards. In an effort to do her job, the analyst flags the record for the doctor to complete a history and physical. At this hospital, if physicians do not complete their medical records, and they subsequently become delinquent, the physicians’ admitting privileges are suspended. Dr. Tired logs onto his computer to complete his incomplete medical records. He gets to Susan Smith’s record and sees the incomplete tag for a history and physical. He knows that Susan was worked up by the consultants on the case, and he assumes that they probably did a history and review of systems when they visited Susan during her stay. Dr. Tired does not want to debate the situation with the medical record completion clerk, so he simply reviews the notes from the consultants and fills out the history and physical form. The form is complete now, and he will not be suspended. Questions 1. Even though the medical record now has a history and physical on it, name as many reasons as you can that this retrospective recording of a history and physical should not have occurred. ■■ The document is lacking completeness because Dr. Tired’s knowledge and memory about the patient’s history and physical exam would have been more comprehensive at the time the history and physical exam were completed. ■■ The document is lacking accuracy because Dr. Tired’s knowledge and memory about the patient’s history and physical exam would have been clearer at the time the history and physical exam were completed. ■■ The document is lacking integrity because it is not based on information obtained at or near the time

■■

■■

131

of the patient’s admission, and yet it gives the impression that it is. This fact is important from a legal standpoint. The document is misleading because it gives the reader the impression that it was documented based on an initial assessment of the patient by Dr. Tired. This fact is important from a reimbursement compliance standpoint. Because the information may not be accurate, it could be harmful from the most important standpoint: patient care and well-being, even as it relates to future medical care.

2. If this case goes to court, will it represent care as it was truly delivered to the patient? Or, does the history and physical make a difference? Explain your thoughts. No, it will not represent care as it was truly delivered. Using a review of systems (which is part of the patient’s history and is not a physical exam), performed by another physician, does not reflect the patient’s physical status as obser ved by Dr. Tired. The history and physical is a key document within the health record. It establishes the patient’s baseline status upon admission. If the court (judge and/or jury) learns that a document within the health record was created after the fact and does not truly reflect the patient’s course of treatment, they may infer negligence by the provider. 3. What might an HIM professional do to maintain ethical standards of compliance and prevent this kind of problem from occurring? Rather than retrospectively reviewing charts, a concurrent analysis will capture missing or incomplete documentation while the patient is still being treated. This will prompt more timely documentation, thus increasing both its accuracy and completeness. Physician education will be an important component in implementing concurrent analysis.

132

Chapter 5   Compliance, Fraud, and Abuse

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter.

Retrospective Medical Record Analysis It has been a customary practice, after the patient is discharged, to complete whatever medical information has been left uncompleted in the patient’s record. But this practice encourages providers to fill in the blanks with dimly recalled, or even unrecalled, information that may be totally erroneous. As such, it may jeopardize the patient’s future care—and jeopardize the provider as well. Inadvertent false claims may be filed when a caregiver dictates a report months after a patient’s surgery and tries to recall what happened. More and more healthcare facilities have shifted away from retrospective, after-discharge analysis of closed records, emphasizing instead the completion of documentation concurrently with the delivery of the patient’s care (Cerrato & Roberts, 2013). This “open” or “ongoing” record review at the point of care has also become standard practice due to changes in requirements set forth by The Joint Commission. The emphasis is on acquiring the documentation at the point of care, when it will benefit the patient the most and when it is fresh in the mind of the caregiver. Joint Commission standard RC.01.04.01 requires ongoing medical record review audits at the point of care to assess all of the following related to documentation: presence, timeliness, legibility, accuracy, authentication, and completeness (The Joint Commission, 2014). HIM professionals can play a major role in this transition. They should request only elements of documentation that were not included in the record at the time of discharge because of transcription or filing delays; because the medical record was not available to the caregiver at the time the care was delivered; or because of an oversight or delay by the practitioner. The focus is on completing or authenticating reports that are dictated or properly completed at discharge, such as a discharge summary, and ensuring that all documents prepared during the patient’s care are properly located in the patient’s record.

Retrospective medical record completion should not promote fabrication of documentation for the sake of “making the medical record complete.” For example, if a physician never took a patient’s history or conducted a physical exam, then the correct documentation should reflect that no exam was given; documentation should not be created to reflect performance of a history and physical when in fact the patient had no such examination. HIM professionals cannot lose sight of the fact that the real purpose of a history and physical is to provide an overall assessment of the patient’s medical condition prior to delivering care, and not just to comply with documentation standards requiring there be one.

Scenario 5-D  Coder Assigns Code Without Physician Documentation The HIM director is told by the Chief Financial Officer (CFO) that her job is on the line if she does not get cases coded and billed within 72 hours. Dr. Evans is on vacation again, and he left 20 case records in such an incomplete state that they are uncodable. The HIM director does what it takes to keep her job—and has the coder assign codes as best as he can from what sketchy information is on the chart. Questions 1. What organizational initiatives should the director take instead of succumbing to the CFO’s pressure? The HIM director should use this situation as an opportunity to talk to the CFO (and quite possibly the CEO as well) about the legal (compliance) issues associated with inaccurate coding. Once the risks of inaccurate coding have been conveyed, the parties should work collaboratively to develop a system that minimizes—or eliminates—uncodable records after 72 hours post-discharge. Overall, administration and the medical staff will need to be educated about the



Key Terms

risks associated with inaccurate and/ or fraudulent coding and billing practices. 2. What operational actions or interventions could the director have taken to prevent this dilemma from occurring? Name a procedural process change and a governance change that would have helped prevent this dilemma. Procedural process changes would include mechanisms that facilitate timely and complete physician documentation. These could include concurrent documentation reviews (while patients are still being treated), frequent reminders, educational sessions regarding the importance of timely and complete documentation, and penalties for noncompliance (or incentives to promote compliance). A governance change would include top-down support by administration, and support from medical staff executives, for compliance efforts. Not only does this assist the HIM director in completing her duties, but it promotes a culture of compliance within the organization. Not only is this desirable, but it is legally required.

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter.

Coding Turnaround Time It is a challenge for HIM professionals to acquire the proper documentation needed to allow prompt coding of the patient’s record so that the claim can be submitted to the third-party payer. Coding standards recommended by the OIG, and frequently required by state law, look for the physician to prepare a final diagnostic statement used for assignment of codes to the patient’s claim. If this is not completed accurately to allow coding to proceed, or is not completed in a timely manner, the healthcare entity suffers financially due to unnecessary delay of

133

submission of the bill to the third-party payer. This delay results in an increase in the number of days in accounts receivable, thus delaying receipt of funds owed to the hospital for care already rendered and needed to continue sound financial operations. Hospitals often routinely create reports of accounts unable to be billed due to incomplete medical record coding. This pressure on the HIM professional challenges him or her to get cases coded as quickly as possible while still maintaining ethical standards of compliance. Maintaining standards for coding accuracy and required documentation without compromise must continue despite the simultaneous need to keep the days in accounts receivable as low as possible. This can be done by building strong concurrent documentation systems at the point of care that allow accurate and timely processing by the coders as soon as care is complete.

Conclusion In the quest to achieve a needed result, whether it be additional documentation so that the record can be deemed complete or timely coding so that the account can be billed, the HIM professional must resist resorting to inappropriate methods. The risk of losing Joint Commission accreditation and the cost of delaying billing are strong forces in the daily lives of HIM professionals. Only through competent management of an efficient department that does not get boxed into these dilemmas, and through a welldesigned documentation process supported by standards for documentation through the medical staff ’s rules and regulations, can the HIM professional maintain the required level of performance and resist any intended or unintended violations of regulations posed at preventing fraudulent reimbursement in health care.

KEY TERMS Abuse Anti-kickback statute Anti-referral statutes Audit

134

Chapter 5   Compliance, Fraud, and Abuse

Compliance guidances Compliance program Compliance program guidance Corporate Integrity Agreement (CIA) False Claims Act Fraud Health Care Fraud and Abuse Control (HCFAC) Program Health Insurance Portability and Accountability Act of 1996 (HIPAA) Qui tam statutes Safe Harbors Self-Disclosure Protocol (SDP) Stark I and II Voluntary disclosure protocol

■■

CHAPTER SUMMARY ■■

■■

■■

In the late 1990s, the government began stepping up its activities to eliminate fraud and abuse in health care. To ensure institutional compliance—and their own c­ ompliance— with the law, HIM professionals must ensure that processes to document the care provided to patients are ethical and accurate, that codes are appropriately assigned, and that health information is managed responsibly. The False Claims Act prohibits knowingly presenting false or fraudulent claims to the government. Even if an HIM professional does not know that certain claims processed by the HIM department are false, he or she may be liable if it can be shown that he or she should have instituted standard monitoring procedures that would have exposed the claims as fraudulent. If HIM professionals become aware that past mistakes or abuses have led to erroneous or fraudulent billing of the Medicare program, the facility can follow the OIG’s voluntary disclosure protocol to report it and return the overpayment to the Medicare contractor. Self-reporting may or may not exempt the provider from sanction, depending on whether there is a pattern of abuse and whether there is intent to defraud or reckless disregard of the truth, but if it does not, it can lighten the penalties. Sometimes

■■

■■

it results in the imposition of a Corporate Integrity Agreement (CIA), in which the provider agrees to meet certain governmentimposed requirements, such as regular audits of billing or other operations. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established national standards for privacy and security of health information that apply to health care funded by both federal and private payers. These standards penalize the unauthorized uses or disclosures of health information and mandate the implementation of practices to safeguard the integrity, confidentiality, and availability of protected health information. The HIM professional can play an important role in developing policies and procedures, educating staff, and implementing measures to protect patient information in compliance with HIPAA. The anti-kickback statute, anti-referral statutes (Stark I and II), and mail and wire fraud statute, though not directly related to HIM operations, are important to be aware of because HIM professionals may observe arrangements that violate these laws and may be in a position to warn other healthcare providers of the prohibition. The role of HIM professionals exposes them to a wide range of activities in an organization. A compliance program is intended to foster the prevention of fraudulent activities in a healthcare organization by the development of internal controls. The OIG has published several guidances for healthcare organizations attempting to establish a compliance program. Such programs are to include seven elements: written standards of conduct and accompanying policies and procedures; designation of a chief compliance officer (CCO) and compliance committee; regular, effective education programs; maintenance of a hotline to receive complaints and protect anonymity; disciplinary guidelines; an ongoing auditing and monitoring process; and response to detected offenses and development of corrective action initiatives. HIM professionals play an important role in establishing such programs.

References 135

REFERENCES Bowman, S. (2012). Corporate compliance. Chapter 15 in M. S. Brodnik, L. A. Rinehart-Thompson, & R. Reynolds (Eds.), Fundamentals of law for health informatics and information management (2nd ed.). Chicago, IL: AHIMA. Centers for Medicare & Medicaid Services. (n.d.). Physician self-referral. Retrieved January 15, 2015, from https://www.cms.gov/Medicare/Fraud-andAbuse/PhysicianSelfReferral/index.html?redirect=/ physicianselfreferral/. Cerrato, S., & Roberts, J. (2013). Health information functions. Chapter 7 in N. Sayles (Ed.), Health information management technology: An applied approach (4th ed.). Chicago, IL: AHIMA. Department of Health and Human Services [HHS]. (2014, February). Departments of Justice and Health and Human Services announce record-breaking recoveries resulting from joint efforts to combat health care fraud. Retrieved February 5, 2015, from http://www.hhs. gov/news/press/2014pres/02/20140226a.html. Department of Health and Human Services and Department of Justice Health Care Fraud and Abuse Control Program. (2014, February). Annual report for FY 2013. Retrieved February 5, 2015, from http://oig.hhs.gov/publications/docs/hcfac/ FY2013-hcfac.pdf. Department of Justice. (1998, June). Guidance on the use of the False Claims Act in civil health care matters [memo]. Retrieved February 5, 2015, from http:// www.justice.gov/dag/memo-guidance-use-falseclaims-act-civil-health-care-matters-june-3-1998. Department of Justice. (2003, June). Largest health care fraud case in U.S. history settled: HCA investigation nets record total of $1.7 billion. Retrieved February 5, 2015, from http://www.justice.gov/archive/opa/pr/2003/ June/03_civ_386.htm. Department of Justice. (2011). The False Claims Act: A primer. Retrieved February 5, 2015, from http://www.justice.gov/sites/default/files/civil/ legacy/2011/04/22/C-FRAUDS_FCA_Primer.pdf. Department of Justice. (2013). Justice Department recovers $3.8 billion from False Claims Act cases in fiscal year 2013. Retrieved January 13, 2015, from http://www. justice.gov/opa/pr/2013/December/13-civ-1352. html. Office of the Inspector General, U.S. Department of Health and Human Services. (n.d.-a). Health care fraud and abuse control program report. Retrieved

August 18, 2014, from http://oig.hhs.gov/ reports-and-publications/hcfac/. Office of the Inspector General, U.S. Department of Health and Human Services. (n.d.-b). Corporate integrity agreements. Retrieved February 5, 2015, from https://oig.hhs.gov/compliance/corporateintegrity-agreements/. Office of the Inspector General, U.S. Department of Health and Human Services. (n.d.-c). Comparison of the Anti-Kickback Statute and Stark Law. Retrieved January 13, 2015, from https://oig.hhs.gov/compliance/ provider-compliance-training/files/StarkandAKS ChartHandout508.pdf Office of the Inspector General, U.S. Department of Health and Human Services. (2005, January). OIG supplemental compliance program guidance for hospitals. Retrieved February 3, 2015, from http://oig.hhs. gov/fraud/docs/complianceguidance/012705Hosp SupplementalGuidance.pdf. Office of the Inspector General, U.S. Department of Health and Human Services. (2013, April 17). OIG’s provider self-disclosure protocol (updated). Retrieved February 3, 2015, from http://oig.hhs.gov/compliance/ self-disclosure-info/files/Provider-Self-DisclosureProtocol.pdf. Office of the Inspector General, U.S. Department of Health and Human Services. (2014). Work plan for fiscal year 2014. Retrieved February 3, 2015, from https://oig.hhs.gov/authorities/docs/cpghosp.pdf. Osher, C. N. (2014, October 22). DaVita to pay $389 million to settle anti-kickback investigations. Denver Post. Retrieved February 5, 2015, from http:// www.denverpost.com/news/ci_26780485/davitapay-389-million-settle-anti-kickback-investigations. Rinehart-Thompson, L. (2013). Introduction to health information privacy and security. Chicago, IL: AHIMA. Showalter, J. S. (2012). The law of healthcare administration, 6th ed. Health Administration Press (6th ed.). Chicago, IL. Stringer, W. (1998). The 1986 False Claims Act Amendment: An assessment of economic impact. DOJ health care fraud report for fiscal year 1997. Washington, DC: Government Printing Office. The Joint Commission. (2014). CAMH RC Standards. Oak Brook, IL: The Joint Commission. U.S. General Accounting Office [GAO]. (1998). GAO accountability report for 1999. Washington, DC: Government Printing Office. United States Sentencing Commission Guidelines Manual (2014).

136

Chapter 5   Compliance, Fraud, and Abuse

Ethical Decision-Making Matrices SCENARIO 5-A  Documentation Does Not Justify Billed Procedure Steps

Information

1. What is the question?

Should Allison insist that the physicians code for infertility?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

Discrepancy between doctors’ notes regarding endometriosis and nurses’ notes regarding infertility. Laparoscopy performed.

TO BE GATHERED ■■

■■

■■

■■

■■ ■■

In performing the laparoscopy for infertility, is the extent of endometriosis determined as well? Is the documentation of endometriosis false documentation? Would billing only for endometriosis constitute fraud? What are the customary practices in such cases? What is your new boss expecting you to do? What is the likely impact on your family of changing jobs?

4. What are the values?

Patient: Values accurate documentation as the basis for receiving quality care, keeping costs down.

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

HIM Professional(s): Truth, integrity, accuracy, and reliability (code accurately and reliably rather than to maximize reimbursement); fairness (follow rules and obey the law); loyalty to employer; avoid harm (inaccurate documentation may harm the patient); disclosure of inaccurate reporting could close the facility, which would harm patients, doctors, and their families; personal values (promote the welfare of family by avoiding loss of job).

STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue.

Healthcare Professional(s): Promote welfare of patients through accurate documentation for future care; truth telling; fairness in following rules equally for all; personal values (promote the welfare of family by avoiding legal ramifications). Administrators: Benefit patients and keep from harm; promote welfare of facility; maximize reimbursement without compromising truth telling; fairness in applying rules for all. Society: Control costs; promote fair and just allocation of resources; follow rules of reimbursement equally for all.



Ethical Decision-Making Matrices

137

SCENARIO 5-A  Documentation Doesn’t Justify Billed Procedure (continued ) 5. What are my options?

■■ ■■ ■■

Gather more information. Comply with physicians’ requests to code only endometriosis. Tell physicians that you will code only what is documented in the medical record.

6. What should I do?

Code only what is documented.

7. What justifies my choice?

JUSTIFIED ■■

■■ ■■ ■■ ■■ ■■

NOT JUSTIFIED

Code accurately based on obligation to tell the truth. Support accuracy of the medical record. Preserve professional integrity. Follow rules equally for all. Respect the law. Demonstrate loyalty to employer, unless asked to push legal boundaries.

■■

■■ ■■

■■ ■■

■■ ■■

8. How can I prevent this problem?

■■ ■■ ■■ ■■

Continue current practice of coding for endometriosis. Push legal boundaries. Make special exception to the rules to maximize reimbursement. Lack of fairness for others who follow rules. Miscoding undermines the reimbursement system. Miscoding increases long-term costs. Keeping federal monies makes HIM professional liable for fraud and abuse

Determine if system changes are needed. Learn more about procedures that are not covered by federal plans. Discuss standards and the values that support them with colleagues. Evaluate institutional integrity at job interview and when ethical problems arise.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

138

Chapter 5   Compliance, Fraud, and Abuse

SCENARIO 5-B  Accepting Money for Information Steps

Information

1. What is the ethical question?

Should the director take the money and give the entrepreneur the information he requested?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

HIM professional has access to requested information. Money is needed to repair office equipment.

TO BE GATHERED ■■

■■

■■

■■

■■ ■■

4. What are the values? Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s). STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue. 5. What are my options?

Patients: Right to personal privacy and the confidentiality of medical records; could benefit from home dialysis visits; would benefit from efficient operation of the HIM department. HIM Professional(s): Integrity (preserve privacy and confidentiality); fairness (follow the rules and obey the law); personal values (promote the welfare of family by avoiding loss of job); would benefit from efficient operation of the HIM department. Healthcare Professional(s): Interest in preservation of personal privacy and confidentiality of medical records; would benefit from efficient operation of the HIM department. Administrators: Promote welfare of facility; would benefit from efficient operation of the HIM department. Society: Follow rules of privacy and confidentiality equally for all; do not sell health information for money.

■■ ■■ ■■ ■■

6. What should I do?

Could entrepreneur make use of the data if it did not include personally identifiable information? Is there any other way to obtain funding for the office equipment? What are the customary practices in such cases? Would selling the information violate doctor and patient privacy and confidentiality? What does your boss expect you to do? What is the likely impact on your family of changing jobs?

Gather more information. Sell requested data to entrepreneur. Sell data that would not include personally identifiable information to entrepreneur. Do not sell data to entrepreneur.

Do not sell data to entrepreneur.



Ethical Decision-Making Matrices

139

SCENARIO 5-B  Accepting Money for Information (continued ) 7. What justifies my choice?

JUSTIFIED ■■

■■ ■■ ■■

8. How can I prevent this problem?

NOT JUSTIFIED

Obligation to protect doctors’ and patients’ privacy and confidentiality of medical records. Preserve professional integrity. Respect the law. Demonstrate loyalty to employer, unless asked to push legal boundaries.

■■ ■■ ■■

Sell requested information to entrepreneur. Violate privacy and confidentiality. Break trust of doctors and patients.

Determine sources for alternate funding that will not compromise the law/ethics.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

140

Chapter 5   Compliance, Fraud, and Abuse

SCENARIO 5-C  Retrospective Documentation to Avoid Suspension Steps

Information

1. What is the question?

Should the HIM medical record analyst report the doctor’s retrospective completion of the record?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■ ■■

Medical record was not completed at time of patient discharge. Medical record completed retrospectively. Doctor completing the medical record did not perform history and physical.

TO BE GATHERED ■■

■■

■■

■■

■■ ■■

Were the consultants’ notes complete enough to accurately complete the medical record? Could the patient suffer from possible inaccuracies in her medical record? Would allowing the doctor to complete charts in this manner constitute a violation of the standards of The Joint Commission? What are the customary practices in such cases? What does your supervisor expect you to do? What is the likely impact on your family of changing jobs?

4. What are the values?

Patient: Values accurate documentation as basis of receiving quality care.

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

HIM Professional(s): Truth, integrity, accuracy, reliability, and fairness (must comply with Joint Commission standards); loyalty to employer; avoid harm (inaccurate documentation may harm the patient); disclosing the indiscretions of the doctor will harm his career and his family; personal values (promote the welfare of family by avoiding loss of job).

STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue. 5. What are my options?

Healthcare Professional(s): Promote welfare of patients through accurate documentation for future care; compliance with Joint Commission standards. Administrators: Benefit patients and keep from harm; promote welfare of facility; maximize efficiency without compromising Joint Commission standards. Society: Compliance with Joint Commission standards.

■■ ■■

■■

6. What should I do?

Allow doctor to complete forms retrospectively and using notes from consultants. Require that doctor complete the history and physical in a timely fashion and warn about inappropriate retrospective documentation. Discuss noncompliance with HIM and medical staff leadership.

Require that doctor complete the history and physical and report to superiors.



Ethical Decision-Making Matrices

141

SCENARIO 5-C  Retrospective Documentation to Avoid Suspension (continued ) 7. What justifies my choice?

JUSTIFIED ■■

■■ ■■ ■■ ■■

8. How can I prevent this problem?

■■ ■■

NOT JUSTIFIED

Obligation to comply with Joint Commission standards. Preserve professional integrity. Support accuracy of the medical record. Respect the law. Demonstrate loyalty to employer, unless asked to push legal boundaries.

■■

■■

■■

■■

Allow doctor to complete form retrospectively. Lack of compliance with the law and Joint Commission standards. Not fair to other doctors who follow the rules. Not fair to patient with potentially inaccurate record.

Determine if system changes are needed. Discuss standards and the values that support them with colleagues.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

142

Chapter 5   Compliance, Fraud, and Abuse

SCENARIO 5-D  Coder Assigns Code Without Physician Documentation Steps

Information

1. What is the ethical question?

Should the director comply with the CFO’s demands by making use of incomplete information?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■ ■■

Medical records are incomplete. CFO demands 72-hour turnaround.

TO BE GATHERED ■■

■■

■■ ■■

Is the CFO aware of legal, financial, and ethical ramifications for inaccurate coding? Would the HIM director be held liable for inaccurate coding? What are the customary practices here? What is the likely impact on HIM director’s family of changing jobs?

4. What are the values?

Patient: Values accurate documentation as basis of receiving quality care and reimbursement.

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

HIM Professional(s): Truth, integrity, accuracy, and reliability (code accurately and reliably rather than maximize speed); fairness (follow the rules and obey the law); loyalty to employer; avoid harm (inaccurate documentation may harm the patient); closing the facility will harm patient, healthcare workers, and their families; personal values: promote welfare of family by preventing loss of job; preserve personal integrity.

STAKEHOLDERS

Healthcare Professional(s): Promote welfare of patients through accurate documentation for future care.

Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue.

Administrators: Benefit patients and keep from harm; promote welfare of facility; maximize speed of reimbursement without compromising accuracy of coding.

5. What are my options?

Comply with CFO’s directive.

Society: Follow rules of reimbursement equally for all.

Do not comply with CFO’s directive and report the threat/violation to a superior. 6. What should I do?

Do not comply with CFO’s directive and report the threat/violation to a superior.

7. What justifies my choice?

JUSTIFIED ■■ ■■ ■■ ■■

Support accuracy of the medical record. Preserve professional integrity. Respect the law. Demonstrate loyalty to employer, unless asked to push legal boundaries.

NOT JUSTIFIED ■■ ■■

■■

■■

■■

8. How can I prevent this problem?

■■ ■■ ■■

Comply with CFO’s directive. Make special exception to the rules to maximize speed of reimbursement. Allow doctor to leave incomplete medical records. Miscoding could compromise patients’ future treatment. Set precedent for future violations.

Determine if system changes are needed. Discuss standards and the values that support them with colleagues. Evaluate institutional integrity at job interview and when ethical problems arise.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

Ethical Decision-Making Matrices

143

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

CHAPTER 6

Coding

© kentoh/Shutterstock

Linda Holtzman, MHA, RHIA, CCS, CCS-P, CPC, COC Rosalind Holtzman, RN, BA, BSN

situations, whether related to documentation, workplace pressures, cases of outright fraud and abuse, or other quandaries. Guided by and in accordance with applicable legal mandates, professional standards and ethical codes, reputable sources for coding guidelines, and their own personal and professional integrity, coders need to be able to determine, justify, and defend the most appropriate course of action, cognizant of the potential consequences. This chapter cites key coding mandates, guidelines, and directives that inform ethical decision making; illustrates a variety of ethical challenges coders may encounter; and offers a guided approach to resolving them.

Learning Objectives On completing this chapter, the reader should be able to: ■■

■■

■■

■■

■■

■■

■■

■■

Recognize ethical implications inherent in professional coding practice. Identify three main categories of codingrelated challenges. Identify and apply professional coding standards delineated in the American Health Information Management Association’s Code of Ethics and Standards of ­Ethical Coding. Cite mandated governmental statutes that pertain to coding. Cite potential legal pitfalls related to unethical practices. Identify mandated sources for coding directives and resources, and judge the credibility of others. Recognize varied and sometimes competing interests of all stakeholders in health care as applied to ethical quandaries. Understand key steps to follow when faced with an ethical conundrum.

Scenario 6-A  Blood Loss Anemia You are a hospital inpatient coder. In coding a particular record, you see that the patient lost a high volume of blood during a lengthy procedure. You know that this particular procedure generally involves extensive blood loss. Laboratory test results reveal that the patient’s hemoglobin/ hematocrit values dropped quickly and significantly. Physician orders reveal that the physician is monitoring the blood values closely and the patient has received a transfusion of two units of blood. This clinical picture is suggestive of acute blood loss anemia, although the physician has

Introduction Given the competing demands and interests of the many stakeholders in health care, ethical issues are inherent in coding. Regardless of their place of practice, coders must anticipate assessing and responding to ethically challenging

(continued )

145

146

Chapter 6  Coding ■■

not specifically documented anemia as a diagnosis. You know that if acute blood loss anemia is coded as a secondary diagnosis, the case will group to a higherweighted Diagnosis Related Group (DRG) and the hospital will receive additional reimbursement, which seems fair for the additional hospital resources involved. Should you code acute blood loss anemia? This initial Scenario, and two more, will be addressed at the end of the chapter.

Ethical challenges are inherent in coding. These challenges are rooted in the competing demands and interests of the many stakeholders in our healthcare system, including patients, physicians, hospitals, payers, administrators, statisticians, device manufacturers, and many others. They are also a natural byproduct of the continual evolution of medicine. Coders are routinely faced with determining the most appropriate course of action, whether in identifying valid diagnoses and procedures, selecting codes, querying providers, or other related activities in light of competing demands and interests and, similar to other professionals, must provide ethical leadership (Flite & Harman, 2013). The ability to skillfully recognize, weigh, and resolve these challenges is imperative for coding professionals. Legal mandates form the foundation for this process, which then informs general ethical standards, specific coding standards, and credible sources for coding guidance. Skilled coders learn to navigate ethical challenges and dilemmas using legal, professional, ethical, and coding guidelines in combination with their own professional judgment and experience, seeking additional help and guidance as needed in concert with providers and institutions. This chapter provides a framework for approaching ethical concerns, utilizing the coder’s professional toolbox. This includes: ■■ ■■

■■

Recognizing potential ethical concerns Understanding mandated governmental and professional guidelines Maintaining and upholding professional integrity and standards while balancing competing interests

■■ ■■

Recognizing resources and avenues available to guide coding decisions Recognizing potential legal pitfalls Promoting provider and institutional practices that diminish and prevent potential ethical concerns

Ethical actions are more than “doing the right thing.” In truth, the working definition of ethics for coders could easily be: “Everybody wants to do the right thing, but many times it is not clear just what the right thing is.” As a fundamental element of the healthcare system in terms of data collection, insurance coverage, and provider reimbursement, coding must simultaneously be as accurate, complete, and expedient as possible. Issues can range from incomplete or inconsistent documentation to concerns about healthcare fraud and abuse. Coding is an integral part of the healthcare system, just as ethical decisions are an integral part of coding. You will find hypothetical but real-worldbased examples throughout this chapter. Each will highlight potential ethical concerns and dilemmas, with a focus toward understanding the issues and determining a course of action. There are also three Scenarios reflecting realworld issues. These will be addressed at the end of the chapter using a decision matrix designed to help you navigate and resolve ethical challenges.

Coding Systems ICD–International Classification of Diseases. ICD diagnosis codes are used by all providers, and ICD procedure codes are used by hospitals for inpatients. The system is maintained by the ICD Coordination and Maintenance (C&M) Committee, a federal panel. CPT–Current Procedural Terminology. CPT contains codes for physician procedures and services. It is also used by hospitals for outpatient procedures, as well as free standing outpatient facilities such as laboratories, imaging centers, and ambulatory surgery centers. CPT is a proprietary product of the American Medical Association (AMA).

The Function of Coding 147



HCPCS–Healthcare Common Procedure Coding System. HCPCS supplements CPT with codes for items such as drugs and durable medical equipment. HCPCS is maintained by the CMS HCPCS Workgroup.

It is vital to understand that there is frequently more than one “right” answer or choice (Forrestal, 2013). Professional integrity requires not only judgment but the courage to make and stand behind decisions, decisions reached through careful professional analysis for which you will be held accountable both legally and otherwise. Although this chapter cannot give you “the answer,” ideally the principles and guidance here will help prepare you to better determine those answers for yourself.

The Function of Coding Coding is the means by which clinical information—­the diagnoses, services, treatments, and procedures documented by healthcare providers in the medical record—is translated into data. By reading and analyzing the medical record, coders assign and/or validate codes that most accurately and appropriately capture each patient’s condition and the care given. Codes serve as the universal language connecting the clinical and administrative segments of health care. In short, codes make the administrative and financial wheels of the healthcare system go round. Coding is sometimes dismissed merely as paperwork or bureaucracy, which it is to some extent. However, coding encompasses far more: “The collection of accurate and complete coded data is critical to healthcare delivery, research, public reporting, reimbursement, and policymaking” (Cassidy, 2012). Coding directly impacts how the health of a community, or a nation, is seen and where resources are directed, because codes are used for statistical measurements such as clinical outcomes and quality of care assessments. It impacts patients in terms of whether their services are covered and paid for, because codes are used by insurers to adjudicate if the services are medically necessary and

if the patient’s benefit plan will pay for the treatments. And it impacts providers’ livelihoods, because payers use codes to determine the specific amounts they will reimburse for the services rendered. Understanding that lives and livelihoods are at stake is part of the challenge for coders, as is recognizing the legitimate interests of businesses and payers. Ethics are at play in all of the environments and capacities in which coders work. This includes settings such as hospitals, insurance companies, physicians’ offices, and clinics, and positions with groups such as vendors, review organizations, and consulting companies. Some ethical quandaries span the spectrum of coding work; others are intrinsic to particular environments. Example: Inform the Hospital? A coder auditor for an insurance company reviews a case retrospectively and realizes that the hospital assigned the wrong procedure code. The coder also realizes that if the correct code had been assigned, the reimbursement to the hospital would double. Should the coder inform the hospital? The coder asks coworkers what they think, and they say, “Look, it’s not our job to increase reimbursement to providers—that’s their job. Our job is to look after the interests of our members, the companies whose employees we cover. If you change the code and the payment goes up, their insurance premiums are going to go up too.” An increase in premiums is a legitimate concern. However, the key issue from an ethical standpoint is accuracy, regardless of whether this favors the hospital or the payer. Ethics are not contingent on who employs the coder. Coverage and reimbursement are the primary sources of ethical concerns and challenges for coders. The issue is not payment per se. Payment is a reality in health care and, by itself, does not compromise coding. But whenever money is at stake, it can be a source of pressure and concern. Healthcare providers need to be properly compensated for their professional endeavors. This is, after all, their livelihood, and they incur expenses in providing care that require appropriate and just compensation. Rather, the issue

148

Chapter 6  Coding

is ensuring that payment is accurate, and that is based on correctly assigned codes supported by documentation and coding mandates and guidelines.

Legal Foundation and Framework for Ethical Coding Scenario 6-B  Thoracic Aortogram You work as a coder for a large radiology group. About six months ago, the group installed a new electronic medical record system that includes handy documentation templates for common imaging procedures. Recently, it occurred to you that you have been assigning the CPT code for thoracic aortogram much more frequently than in the past. That is, you notice that when an abdominal aortogram and lower extremity angiography are performed— for example, to work up the cause of a foot ulcer—the procedure reports seem to routinely document that a thoracic aortogram was also performed. You further notice that in virtually all of these cases, no findings are documented from a thoracic aortogram or findings are uniformly given as negative. You know that a separate CPT code for thoracic aortogram generates additional payment to the radiologist. But you do not know enough about these situations clinically to know whether a thoracic aortogram is appropriate. Perhaps the radiologists were not aware previously that thoracic aortogram needed to be documented separately and the template has helped them improve their documentation. But you wonder if perhaps the radiologists have placed too much reliance on the template and the system is generating documentation for thoracic aortogram when it was not actually performed, or was just cursory, or was not truly necessary. Should you pursue your misgivings further? This second Scenario, and one more, will be addressed at the end of the chapter.

Aortography Thoracic aortogram–Imaging of the upper aorta from the heart to the diaphragm, including the aortic arch. Abdominal aortogram–Imaging of the lower aorta, from below the diaphragm to the bifurcation at the legs.

Federal legal mandates form the foundation— the ground floor—for the environment in which coding decisions are made. Coders must be well versed in the legal dictates that apply to their profession. This is vital for legal reasons, and to fully recognize and respect the potential legal and professional consequences that can ensue if these mandates are violated, intentionally or otherwise. One key piece of legislation is the federal False Claims Act. The False Claims Act actually dates from the American Civil War, spurred by unscrupulous contractors supplying the Union army at federal expense. For coders, the key provision of the act (31 U.S.C. §§ 3729) is this: a) Any person who (1) knowingly presents, or causes to be presented, to an officer or employee of the United States Government . . . a false or fraudulent claim for payment or approval; (2) knowingly makes, uses, or causes to be made or used, a false record or statement to get a false or fraudulent claim paid or approved by the Government . . . is liable to the United States Government for a civil penalty of not less than $5,000 and not more than $10,000, plus 3 times the amount of damages. . . . b) For the purposes of this section, the terms “knowing” and “knowingly” mean that a person, with respect to information (1) has actual knowledge of the information; (2) acts in deliberate ignorance of the truth or falsity of the information; or (3) acts in reckless disregard of the truth or falsity of the information, and no proof of specific intent to defraud is required. Example: Fraudulent Coding A hospital coder disagrees with coding guidelines for sepsis. When sepsis is initially



Legal Foundation and Framework for Ethical Coding suspected but is then ruled out later during the stay, no code is assigned for sepsis for the simple reason that it did not in fact exist. Because sepsis cannot be coded, the case remains in a lower-level DRG. However, the hospital has already expended significant resources on monitoring and presumptive treatment by the time sepsis is ruled out. The coder feels the hospital should be recognized and compensated for the resources expended and assigns a code for sepsis even when it is documented as having been ruled out. Though perhaps the coder’s feelings are understandable, this is outright fraud.

Coding and Payment Elements DRGs–Diagnosis Related Groups. DRGs are the prospective payment system used by Medicare to reimburse hospitals for inpatient admissions. DRGs are also used by many other payers. Principal Diagnosis–The first-listed diagnosis, this represents the diagnosis determined, after study, to be chiefly responsible for the patient’s admission. It is not necessarily the most severe or costly diagnosis the patient had. The definition is part of the UHDDS -  Uniform Hospital Discharge Data Set, which hospitals are required to use to report inpatient data elements in a standardized manner.

In sum, the False Claims Act imposes liability on any person who submits a claim to the federal government that he or she knows, or should know, is false. Take a moment to consider the last phrase: from the law’s point of view, intent is irrelevant. It matters only if the claim is wrong, and ignorance is not a defense. Example: Sequencing Rules A hospital coder consistently sequences respiratory failure as the principal diagnosis when patients are admitted for respiratory failure due to poisoning, even though there is a published coding guideline that requires poisoning to be sequenced first. The incorrect sequencing leads to assignment of a higher-weighted DRG for payment. The discrepancy comes to light, and

149

the coder claims not to have been aware of the coding guideline. This may well be true. But it is the coder’s job to know and remain current with coding guidelines. Another key statute is the Social Security Act. This is the founding legislation for Medicare and it is periodically updated. The Health Insurance Portability and Accountability Act, known as HIPAA, amended the Social Security Act specifically to address coding issues (42 U.S.C. §§ 1320a). As with the False Claims Act, no specific proof of intent to defraud is required. Any person who engages in a pattern or practice of presenting or causing to be presented a claim for an item or service that is based on a code that the person knows or should know will result in a greater payment to the person than the code the person knows or should know is applicable to the item or service actually provided . . . shall be subject . . . to a civil money penalty of not more than $10,000 for each item . . . an assessment of not more than 3 times the amount claimed for each such item.

Fraud and Abuse Fraud–Fraud is knowingly submitting false statements or making misrepresentations of fact to obtain a federal healthcare payment for which no entitlement would otherwise exist. Abuse–Abuse describes practices that either directly or indirectly result in unnecessary costs to the Medicare Program. Abuse includes any practice that is not consistent with the goals of providing patients with services that are medically necessary, meet professionally recognized standards, and are priced fairly. OIG–Office of the Inspector General. An agency within the US Department of Health and Human Services, the OIG’s programs are intended to detect and prevent fraud and abuse. DOJ–Department of Justice. The DOJ is a federal department. It is headed by the US Attorney General and includes the FBI.

150

Chapter 6  Coding

HIPAA also created the Healthcare Fraud and Abuse Control Program to combat Medicare and Medicaid fraud and abuse. The program is enforced through two federal agencies, the Office of the Inspector General (OIG) and the Department of Justice (DOJ). OIG and DOJ have the power to enforce not only federal but state and local laws regarding fraud and abuse, and to perform investigations and audits related to payment for healthcare services (Department of Health and Human Services & Department of Justice, 2014). What does all this mean for coders and ethics? The point of this section is not to scare readers, although it probably has. It is to make sure that coders understand the intersection of law and ethics, the legal landscape in which coders operate, and the implications of ethical decision making. There is a difference between legality and ethics. Legality refers to the law of the land, actions that are either legally permissible or not legally proscribed. Ethics refers to the code of conduct that guides decisions, based on moral principles and professional values. There are serious legal consequences for unethical acts, including both civil and criminal penalties. Ethical coding requires deft and skilled decision making that honors and respects competing demands while upholding professional integrity. It is also important to be aware that the occasional inadvertent error or difference of opinion does not constitute fraud or abuse. In real terms, concerns arise when patterns of inappropriate coding are present. It is understood that “errors and random differences of opinion” are natural. It is only when there is a pattern of an inappropriate coding or DRG assignment that you need to be concerned about fraud charges (Prophet, 1997). The inherent complexity of coding is recognized; in pursuing and punishing fraud and abuse, it is not the policy of the DOJ to levy fines and penalties for honest billing mistakes. However, honest mistakes can become subject to legal action if patterns of inappropriate coding are discerned. There is also a distinction between “gaming” the healthcare system versus “navigating” it.

Example: Gaming Versus Navigating A coder in a physician’s office reads in the procedure report that the surgeon has implanted a deep brain stimulation system for epilepsy, but without specifying the particular type of epilepsy. The coder knows that deep brain stimulation is covered only for certain types of epilepsy. Without specificity, the claim is likely to be denied and the patient will be responsible for the entire bill. If the coder simply assigns a code for a specific type of epilepsy known to be covered, that would be gaming the system. If the coder queries the physician to ask if greater specificity can be provided on the type of epilepsy, without “leading” the physician to the “right” type, that is navigating the system (American Health Information Management Association [AHIMA], 2008). The outright illegal and unethical nature of gaming the system is absolute. Navigating the system, within ethical boundaries, is the coder’s job.

Ethical Foundations and Ethical Standards The American Health Information Management Association (AHIMA) serves as the premier professional organization for coders. AHIMA oversees credentialing and certification and provides resources for coding practice and continuing education. As such, AHIMA establishes and provides essential professional guidelines and resources for confronting ethical challenges in coding. These include the general AHIMA Code of Ethics (see Appendix 6-A at the end of this chapter) and the more specific Standards of Ethical Coding (see Appendix 6-B at the end of this chapter). Both the Code of Ethics and the Standards of Ethical Coding enumerate key principles, each followed by guidelines for interpreting that principle and examples for applying them. The full texts should be diligently studied in detail and regularly

Ethical Foundations and Ethical Standards 151

revisited for reinforcement. Selected principles and related concepts are highlighted here.

AHIMA Code of Ethics The Code of Ethics is relevant to all HIM ­professionals, including credentialed coders. It lays out 11 fundamental ethical principles. For example, principle 4 states: “An HIM professional shall refuse to participate in or conceal unethical practices or procedures and report such practices.” Each principle is then further delineated regarding ethical obligations. Guidelines illustrating principle 4 include these two: 4.3 An HIM professional “shall be knowledgeable about established policies and procedures for handling concerns about colleagues’ unethical behavior. These include policies and procedures created by AHIMA, licensing and regulatory bodies, employers, supervisors, agencies, and other professional organizations.” Example: One ethical course of action when aware of possible unethical behavior by a colleague would be to contact the organization’s compliance officer. 4.8 An HIM professional “shall not participate in, condone, or be associated with dishonesty, fraud and abuse, or deception [including] . . . assigning codes without physician documentation [or] . . . coding an inappropriate level of service.” Example: As it relates to physician documentation, this guideline applies to the epilepsy example above. Another example would be assigning the level of a physician office visit code based only on the relative time expended rather than on the key components as required by the code definition, such as a problem-focused history versus a comprehensive history. The Code of Ethics makes clear that it cannot guarantee ethical behavior or address all ethical issues. Instead, it “offers ethical guidelines

to which an HIM professional can aspire and by which actions can be judged” and notes that “ethical behaviors result from a personal commitment to engage in ethical practice.”

AHIMA Standards of Ethical Coding Although the Code of Ethics informs all HIM professionals, the Standards of Ethical Coding focus specifically on the ethical values and behaviors of coders: The AHIMA Standards of Ethical Coding are intended to assist coding professionals and managers in decision-­ making processes and actions, outline expectations for making ethical decisions in the workplace, and demonstrate coding professionals’ commitment to integrity during the coding process, regardless of the purpose for which the codes are being reported. They are relevant to all coding professionals and those who manage the coding function, regardless of the healthcare setting in which they work or whether they are AHIMA members or nonmembers. There are 11 standards, each further elucidated by guidelines and, for some standards, illustrated by examples of potential pitfalls and actions both ethical (e.g., using appropriate and current coding resources and tools) and unethical (e.g., miscoding to avoid conflicts) to help clarify the standard. Here we will look at each standard in more detail and consider examples of each. The examples given below are illustrations of practical situations that coders may encounter, and are analyzed in the context of the Standards of Ethical Coding. The J icon indicates ethical behavior, and the N icon indicates unethical behavior. Each standard will now be examined. Standard 1: Coding professionals shall apply accurate, complete, and consistent coding practices for the production of high-quality healthcare data. J Writing an internal coding guideline to resolve conflicts between coding sources, to ensure that all coders in the group

152

Chapter 6  Coding

handle the scenario consistently and to document the basis for the coding practice to external reviewers N Instituting incentive payments to staff coders based solely on productivity without corresponding quality standards Standard 2: Coding professionals shall report all healthcare data elements (e.g., diagnosis and procedure codes, Present On Admission indicator, discharge status) required for external reporting purposes (e.g., reimbursement and other administrative uses, population health, quality and patient safety measurement, and research) completely and accurately, in accordance with regulatory and documentation standards and requirements and applicable official coding conventions, rules, and guidelines. J Considering and applying the rules given in CPT guidelines and the National Correct Coding Initiative (NCCI) policy manual for separately coding a diagnostic cardiac catheterization together with an endomyocardial biopsy N Assigning a CPT code that is “close enough” to the procedure performed because the physician refuses to submit an unlisted (i.e., miscellaneous) CPT code to the payer, since unlisted codes require special processing and often result in delayed or unpredictable payment

Coding and Payment Elements NCCI–National Correct Coding Initiative. NCCI comprises policies on what procedures are considered integral to other primary procedures, backed by a set of CPT code edits. NCCI is managed by CMS, and has also been adopted by most other payers. POA–Present on Admission. POA status is recorded for virtually all inpatient diagnosis codes on hospital bills. Some complication codes do not result in a higher-level DRG assignment if the complication arose during the hospital stay, on the grounds that it could have been prevented.

Standard 3: Coding professionals shall assign and report only the codes and data that are clearly and consistently supported by health record documentation in accordance with applicable code set and abstraction conventions, rules, and guidelines. J Verifying diagnosis codes suggested by the Computer-Assisted Coding software by thorough review of documentation and application of relevant coding guidelines, rather than simply accepting what is offered (AHIMA, 2010) N Assigning a diagnosis code for urinary tract infection (UTI) based only on a positive urine culture and an order for antibiotics, without a documented diagnosis from the physician of UTI Standard 4: Coding professionals shall query provider (physician or other qualified healthcare practitioner) for clarification and additional documentation prior to code assignment when there is conflicting, incomplete, or ambiguous information in the health record regarding a significant reportable condition or procedure or other reportable data element dependent on health record documentation (e.g., Present on Admission indicator). J Querying the physician on the clinical significance of a positive urine culture and an order for antibiotics without an associated diagnosis, while not prompting any predetermined outcome (i.e., without “leading”) N Sending queries only to those physicians who are friendly, while avoiding querying physicians who are difficult to deal with but whose documentation is even worse Standard 5: Coding professionals shall refuse to change reported codes or the narratives of codes so that meanings are misrepresented. J Refusing to change the description of a CPT code in the office’s encoding system even though staff physicians complain that the formal definition is outdated and does not reflect the terminology currently in vogue

Ethical Foundations and Ethical Standards 153

N Changing a code on a denied claim at the request of the business office to avoid invoking a payer edit Standard 6: Coding professionals shall refuse to participate in or support coding or documentation practices intended to inappropriately increase payment, qualify for insurance policy coverage, or skew data by means that do not comply with federal and state statutes, regulations, and official rules and guidelines. J When faced with two conditions, either of which could be sequenced as principal diagnosis, and after ensuring that both conditions equally meet the definition of principal diagnosis, selecting the condition that provides optimal payment to the hospital N Yielding to pressure from hospital administration to refrain from coding postoperative complications to avoid making the hospital’s statistics “look bad” Standard 7: Coding professionals shall facilitate interdisciplinary collaboration in situations supporting proper coding practices. J Actively working with Clinical Documentation Improvement (CDI) staff to ensure that heart failure is always specifically documented as systolic or diastolic, to enable assignment of the most precise diagnosis codes N Requiring coding staff to “make do” with incomplete or nonspecific documentation to expedite billing and avoid conflict with the medical staff Standard 8: Coding professionals shall advance coding knowledge and practice through continuing education. J Holding an in-service with all coding staff to review annual changes in NCCI policy even though this is time consuming N Not budgeting for continuing education for all coding staff and not allowing coders to use work time to attend educational seminars

Standard 9: Coding professionals shall refuse to participate in or conceal unethical coding practices or procedures. J Alerting the business office to rebill a payer when an internal audit reveals coding errors that have resulted in overpayment N Turning a blind eye to a colleague’s practice of routinely recording a Present on Admission status of Yes for at least one secondary complication on all cases, resulting in higher-weighted DRGs and higher payment Standard 10: Coding professionals shall protect the confidentiality of the health record at all times and refuse to access protected health information not required for ­coding-related activities (examples of coding-related activities include completion of code assignment, other health record data abstraction, coding audits, and educational purposes). J Using encryption for electronic medical records that are accessed by coders working from home N Inviting other coders in the department to view the medical record for a local celebrity’s face lift Standard 11: Coding professionals shall demonstrate behavior that reflects integrity, shows a commitment to ethical and legal coding practices, and fosters trust in professional activities. J Maintaining coding credentials by completing the annual self-assessment required by AHIMA N Bringing dishonor to the coding profession by being named as a participant in a Medicare billing scam in a national news story The ethical standards embody core values for all coding professionals. The guidelines and examples are not meant as a comprehensive list of all possible situations that can occur. Rather, they provide a framework for conduct and decision making. They can help to inform and support decisions, augmented by professional

154

Chapter 6  Coding

experience and judgment. Living and working by these standards can often require persistence and tenacity. Even more, it can demand strength of character and, sometimes, significant personal courage. Ultimately, it is up to coders themselves to internalize and apply these standards, and to wrestle with challenges and decisions in ways that reflect and uphold professional integrity.

Sources for Coding Direction Ethical standards make clear that codes must be assigned in accordance with applicable coding conventions, rules, and guidelines. Although this may appear straightforward, the multiplicity of coding sources raises issues of credibility and relative standing. Coders must be able to assess, apply, and justify use of each source, both within their organization and to outside reviewers. Not all coding sources are created equal in terms of reliability and trustworthiness. Given the vast array of sources, coders seeking guidance need to consider two key questions in determining which sources they should follow to resolve coding conundrums.

Mandated Sources Somewhat surprisingly, there are really only two sources that are mandatory, in the sense that they are legally required. The first source is the coding instructions given directly in the coding manuals themselves. When HIPAA codified use of ICD, CPT, and HCPCS codes as standard code sets in the year 2000, these instructions were a de facto part of how the codes were defined. The second is the ICD Official Guidelines for Coding and Reporting, whose use was also codified by HIPAA for the 9th edition of ICD and later extended to the 10th edition (Department of Health and Human Services Official Guidelines, 2009). The Official Guidelines are jointly developed and maintained by four organizations, each with a key interest in ensuring accurate data. They are known as the Cooperating Parties for ICD and include the AHA, AHIMA, CMS, and NCHS. Needless to say, mandated sources are the gold standard, and relying on their direction to resolve a coding issue is unassailable.

Coding Sources AHA–American Hospital Association. A trade group for hospitals, AHA serves as a national clearinghouse for ICD coding issues. CMS–Centers for Medicare and Medicaid Services. CMS is the federal agency that administers Medicare, the largest payer in the US. NCHS–National Center for Health Statistics. NCHS is an agency within the federal Centers for Disease Control and Prevention and is tasked with tracking the health of the nation.

Credible Sources Beyond the mandated sources, coding guidance is available from many other sources. Some are highly trustworthy, others less so. The ethical issue for the coder is to identify and apply those which are most authoritative. Relying on lowerlevel sources carries the risk of inaccurate code assignment and payment with their attendant consequences. As a rule of thumb, the most credible sources are those closest to the code sets. For CPT coding, for example, the American Medical Association (AMA) has great credibility in issuing guidelines because CPT codes are created through a process managed by the AMA. Guidelines issued by medical specialty societies, such as the American College of Cardiology and the American Academy of Neurology, also have high credibility because the societies are generally the authors of new CPT codes for their specialties. For ICD coding, directions issued by any of the Cooperating Parties are highly credible by virtue of the Parties’ role in maintaining the HIPAA-mandated Official Guidelines. For example, coding manuals published by AHA and AHIMA are considered quite reliable. Similarly, minutes from meetings of the ICD Coordination and Maintenance (C&M) Committee often contain instructions for interim coding before new codes are created, and



Main Ethical Challenges

these are credible because the C&M Committee is chaired by CMS and NCHS. Likewise, for HCPCS, sources cited by CMS are credible, as are published summaries of meetings of the CMS HCPCS Workgroup. The further down the hierarchy, the less credible and less authoritative a source is. Although a particular consultant or a proprietary coding reference may be respected, its guidance does not carry the same weight. This is not to say that lower-level sources cannot be genuinely useful. For example, many device manufacturers issue coding guides. Device manufacturers cannot be seen as impartial sources, but, at the very least, manufacturers know what they make. The coder may find these guides of real value, but must also take responsibility for personally verifying the codes suggested. Some lower-level sources also provide footnotes citing higherlevel sources. This is also useful, as long as the coder personally verifies the citations. Credible sources sometimes contradict each other. This presents a special challenge. For example, when conflicting guidelines are issued by different specialty societies on the same topic, one way to rank them is to identify which society has a seat on the AMA CPT Advisory Committee, which puts that society closer to the code set. Payers are in a special category. Although many do employ professional coders, payers may nonetheless have requirements for coverage and claims processing that are inconsistent with mandated or otherwise highly credible coding guidelines. This can create ethical dilemmas for coders who work for physicians, hospitals, and other providers. Example: Payer Requirement When a patient is seen solely for administration of chemotherapy, the ICD Official Guidelines for Coding and Reporting require that an encounter code be sequenced as the principal diagnosis, with the code for the underlying malignancy sequenced as a secondary diagnosis. However, a particular payer does not accept encounter codes and requires that the underlying malignancy be sequenced as the principal diagnosis instead. Following coding guidelines means the patient’s

155

legitimate chemotherapy claim will be denied by the payer. Following payer requirements means violating a HIPAAmandated coding guideline. Options for resolving this dilemma are addressed later in the chapter.

Main Ethical Challenges Scenario 6-C  Revise the Analysis? You are a coding consultant and are working with a small startup company that manufacturers a single medical device. The product looks quite promising clinically and will help treat a disorder for which few other treatments are available. The company is gearing up to promote the product heavily, and there is also talk that a major device manufacturer may be interested in buying the startup. However, in a coding analysis you performed for the company, you recommended use of codes that will result in low payment to hospitals and physicians. This is a real barrier to increasing sales and may cause the major device manufacturer to offer a disappointingly low bid for the startup. The CEO of the startup, who is a physician, is being pressured by the company’s investors and asks you to revisit your analysis, to remove or soften the more negative sections and to find alternate codes that might be applicable. The CEO hints vaguely that, otherwise, the company may terminate your contract and reach out to another consultant who is more willing to be “flexible.” Should you revise your coding analysis? This third Scenario, and the two before it, will be addressed at the end of the chapter.

AHIMA’s Code of Ethics and Standards of Ethical Coding spell out the values and ideals to which coders should aspire. All members of the healthcare system likewise are called to act according to professional standards and ideals. In a best-case scenario, everyone works

156

Chapter 6  Coding

in good faith within an integrated and interdependent system. Reality is more complicated. In particular, coding plays a key role as an interface between patient care and provider reimbursement. Coders are tasked with translating healthcare services into data, following specific rules for assigning and validating the codes used to determine coverage and payment. Potential pressures come with the territory. For facility- or officebased coders, the need for complete and precise charting may vie with the need for timely processing and productivity. Mandates and guidelines for coding may be unclear or may conflict with each other. Personalities may also be an issue; some physicians or colleagues may prove to be difficult or intimidating to work with. And some clinicians or colleagues may indeed be overlooking, or worse, deliberately sanctioning, unethical practices. Although ethical issues may span the spectrum, there are three main areas that pose challenges for coders. These areas are upcoding, unbundling, and evading medical necessity requirements. Each is defined below and illustrated by one or two simple examples. A  more complex example then follows, along with discussion on possible courses of action.

Upcoding Upcoding occurs when a provider codes and bills for a higher level of care than that which was actually provided, resulting in higher payment or inflated clinical data (Federal Bureau of Investigation, 2008). Example: Upcoding a Sports Physical A teenage patient is seen in the physician’s office for a high school sports physical. The physician had seen the patient a few months prior for an ear infection and was familiar with her general health status. Now for the sports physical, the physician performs a cursory examination and engages the patient in small talk about basketball while completing the school form. The coder assigns a CPT code for a Preventive Medicine visit. In this situation, using a Preventive Medicine code constitutes upcoding. By definition, all

Preventive Medicine visits must involve a comprehensive history and examination. According to published coding guidelines, a regular office visit code must be used when a lower-level history and examination are performed instead. Example: Upcoding Pneumonia A patient is admitted with pneumonia. The coder notes a sputum culture that is positive for the bacterium Staphylococcus aureus. Although there is no documentation from the physician linking the sputum culture result to the pneumonia, the coder assigns an ICD diagnosis code specific for S. aureus pneumonia. This groups to a higherweighted DRG for respiratory infections, rather than a lower-weighted DRG for simple pneumonia. This constitutes upcoding because only the physician can judge the clinical significance of laboratory findings and establish an association with the diagnosis. Perhaps the sputum ­culture shows nothing more than a contaminant. The coder may, and should, query the p ­ hysician about the significance of the sputum culture. But the coder may not make assumptions about it. Example: Cerebral Edema with Stroke The coder works at a hospital with a large stroke unit that has been losing money for several quarters. Based on a report from a major consulting company, hospital administration has made it clear that they believe the fault largely lies with the coding staff for failing to code secondary diagnoses that would result in higher-weighted DRGs and higher payments. In particular, to obtain higher DRGs, an expectation has now been established that coders should assign a code for cerebral edema whenever this finding is documented on imaging. The coder knows that some level of cerebral edema is generally present with ischemic stroke. It does not necessarily influence treatment or length of stay and is generally not of distinct clinical significance unless it progresses to compress adjacent areas of the brain, causing the patient’s neurologic status to deteriorate further.



Main Ethical Challenges

The coder is being asked to engage in upcoding by basing code assignment on imaging alone for the express purpose of increasing payment. HIPAA-mandated coding guidelines require that abnormal findings must be clinically significant to be coded, and UHDDS definitions further require that secondary diagnoses must affect patient care to be coded. Establishing the significance of a radiologic finding is the purview of each patient’s physician, not administrators. If the coder complies, she may be complicit in an improper practice. If she does not, she may risk the stroke unit’s financial health, and perhaps her own job. What might the coder do? ■■

■■

■■

■■

The coder could go ahead and code cerebral edema, relying on administration’s direction to shield her from any consequences should the practice later be questioned. However, this option relies on administration to be accountable for its own instruction and does not relieve the coder of personal responsibility. The coder could quietly resist by coding cerebral edema only when she feels its significance has been clearly established within the narrative of the medical record. This may expose her to additional pressure, especially if she is the only coder who does not comply. The coder could openly resist, enlisting the support of her coding colleagues, citing coding guidelines, and taking the matter to higher levels such as the coding supervisor, the HIM director, or, as necessary, the hospital’s compliance department. There is safety in numbers, but the coder may be branded as a troublemaker. However, she may be able to counter this by noting that she has used proper channels. The coder could query the responsible neurologist for every case to determine if the cerebral edema was clinically significant, and assign a code only when the neurologist confirms that it was. This may annoy the neurologists but may also spur them to document clinical significance more clearly. The coder may also be able to develop a guideline with the Department of Neurology that would help to bring clarity and consistency to coding cerebral edema while respecting coding guidelines.

157

Unbundling Unbundling occurs when component parts of a procedure or service are coded and billed separately, rather than using a single comprehensive code that encompasses all aspects of the care provided (NCCI, 2015). Coding and billing the components separately results in a higher total payment than assigning and billing the single comprehensive code. Example: Unbundling Meniscectomy A patient undergoes an arthroscopic medial meniscectomy of the left knee in an ambulatory surgery center. While in the medial compartment of the knee, the surgeon also performed synovectomy of the inflamed synovium as well as debridement of the articular cartilage. The coder assigns the CPT code for arthroscopic meniscectomy of the knee as well as codes for arthroscopic synovectomy and arthroscopic debridement. This constitutes unbundling in two ways. First, the CPT code for medial meniscectomy is defined to include debridement of articular cartilage. Second, there is an NCCI policy prohibiting assigning a code for synovectomy separately when it is performed in the same compartment of the knee. Only the CPT code for arthroscopic meniscectomy should be assigned. Example: Electrocautery and Cryocautery The coder works at an ambulatory surgery center. A patient has been having cervical bleeding on and off, and undergoes electrocautery of a cervical lesion as well as cryocautery of other areas of the cervix. These two techniques have two different CPT codes. The CPT codes are NCCI-edited with each other, but an override is permitted using a modifier. Should the coder override the edit and assign both codes? Although there are general NCCI policies about treating contiguous areas, the NCCI policy manual does not articulate a reason for this particular edit, so the coder is not sure of the rationale behind it. The coder could be engaged in unbundling if you override the NCCI edit. The fact that the

158

Chapter 6  Coding

edit exists indicates that one code could be integral to the other code. On the other hand, if the coder does not override the edit, he could be depriving the ambulatory surgical center of legitimate payment. The fact that an override is permitted indicates that there are at least some circumstances when it is appropriate to code both. What might the coder do? ■■

■■

■■

The coder could go ahead and override the edit, being sure to document his reasoning for doing so in case he is questioned about it later. The coder could code the primary technique only and refrain from coding the other technique separately, and then seek more information on the purpose of the edit by writing to NCCI to inform his coding practice in the future. Similarly, the coder could refrain from coding both techniques separately for now, but seek further direction from a credible coding source.

Evading Medical Necessity Requirements Medical necessity is the key to insurance coverage. All payers, including Medicare, have policies outlining the circumstances under which specific treatments are considered clinically appropriate and eligible for payment. A simple example here is breast augmentation. When performed as a cosmetic procedure, this is not deemed medically necessary and is not covered or paid. But when performed as part of breast reconstruction following trauma or breast cancer surgery, it is typically considered restorative and covered as medically necessary. The previous example of epilepsy with deep brain stimulation also illustrates medical necessity requirements. Deep brain stimulation is usually considered medically necessary only for specific types of epilepsy, and only the physician can provide the documentation to support these codes. Assigning and submitting codes based on what will be covered rather than what is supported by the documentation in each patient’s medical record can enable coverage and payment where it is truly not appropriate. Medical policy is operationalized through codes. In other words, the payer policy will state

that a particular procedure code is considered medically necessary and covered only for specific diagnoses, given as codes. To be transparent, most payers post their policies online and delineate the covered codes. Example: Evading Medical Necessity Requirements for Lab Tests A laboratory routinely uses a code for anemia for all patients for whom a complete blood count has been ordered and performed to “rule out” anemia. In other words, the test is performed to determine if the patient has anemia. The laboratory knows that blood tests with a diagnosis code for anemia are rarely denied, so assigning a code for anemia ensures smooth payment. Coding “rule-out” conditions as if the condition already exists evades medical necessity requirements. For some patients with chronic anemia, the diagnosis may be known in advance. But for most patients, the diagnosis of anemia is established as a result of the complete blood count. The condition prompting the laboratory test, such as fatigue or gastrointestinal bleeding that has led the physician to consider anemia as a possible diagnosis, should be coded instead. Example: Septoplasty Versus Rhinoplasty The coder works for a large surgical group. She reviews an operative report that gives the title of the procedure performed as “septoplasty.” The body of the operative report describes removal of a piece of septal cartilage. However, most of the report seems to be describing osteotomies and rasping of the nasal dorsum as well as cartilage grafting of the nasal tip. These maneuvers appear to be more consistent with a rhinoplasty (“nose job”). The coder searches the History & Physical (H&P) for evidence of prior trauma to the nose, but it appears that the procedure was elective and primarily related to aesthetic issues. The history does mention a small septal deviation but also notes that the patient’s breathing is not impaired. The surgeon is very prominent in the surgical group and is known to dislike being “harassed” by coders.

Making a Decision and Making Your Case 159

There is a discrepancy between what is given in the title of the operative report and what is supported by the body of the report and the H&P. This gives the appearance of trying to evade medical necessity requirements in order to ensure payment, by characterizing the surgery as a septoplasty, which is usually covered, rather than a rhinoplasty, which is typically not covered. The coder’s task is to reconcile this discrepancy. Ideally, this could be accomplished by querying the surgeon, noting the discrepancy, and asking the surgeon to identify and confirm all procedures performed. However, compounding the issue is the fact that the surgeon is known to be difficult to approach. What might the coder do? ■■

■■

■■

■■

The coder could go ahead and query the surgeon, and this may well resolve the discrepancy. It is also possible that the surgeon may take umbrage and either refuse to answer or imply that the coder’s job may be at risk if she persists. The coder could do nothing, despite her misgivings. This may, however, expose her to legal risk, especially if this practice proves to be a pattern. The coder may opt to use back channels to garner the needed information—for example, by asking the surgeon’s physician assistant or nurse practitioner to provide the necessary details or to themselves approach the surgeon. They may assist, or they may decline, which leaves the coder where she started. If available, the coder could refer the matter to the facility’s Clinical Documentation Improvement department.

The examples in this section illustrate the competing interests that may be in play and that contribute to the ethical dilemmas coders inevitably face over time. As seen here, these can include legal and financial issues. There may also be workplace pressures, such as dealing with difficult personalities and concerns about job security. Making a decision, especially making an ethical decision, includes recognizing the potential consequences of both action and inaction. So far, we have highlighted some of the resources that can help to clarify these issues and suggest courses of action. Now we apply these to taking action—making a decision and

backing it up, in concert with professional, legal, and ethical guidelines. Resolving coding dilemmas needs to be both reactive—finding ways to navigate a particular situation—and proactive— exploring strategies that prevent the dilemma from either occurring or persisting.

Making a Decision and Making Your Case Eight key steps form the decision matrix that can guide coders in resolving ethical challenges. Each step pinpoints the fundamental issue involved and the requisite information to be collected and considered before making a decision. As we have seen, it is vital to recognize the many factors in play and the potential consequences of each decision, not only for coders but for all other stakeholders. Moreover, as noted earlier, a valid case could be made for more than one “right” answer for a particular situation, all within a framework of professional integrity and ethical principles. Take note that decisions must be defensible. You must be able to support, justify, and stand by your actions. We will discuss each of the eight steps, then demonstrate how to use them by expanding on the three Scenarios introduced earlier in this chapter. Step 1: What is the question? Because ethical issues can often be clouded, it is essential to identify and focus on the core ethical issue that must be addressed. For clarity, you should be able to express the issue in a single sentence. Examples of core ethical issues: ■■

■■

■■

■■

Should I code a condition that is present from all appearances but is not specifically documented? Should I report a coworker for a potential ethical violation? Should I engage with a physician who is known to be difficult to deal with? Should I override the NCCI edit?

Step 2: Determine Your “Gut” Reaction Your gut reaction is a snapshot of your own values. Determining what this is enables you to identify your own biases, so you can bear them

160

Chapter 6  Coding

in mind while attempting to analyze the situation objectively. In addition, considering your gut reaction helps you to understand that not everyone involved shares your biases, and may help you to recognize why they do not. This can be a factor in building support for a particular course of action later. Examples of gut reactions: ■■ ■■

■■

■■

Never override NCCI edits; it is too risky. Engaging with that physician is more trouble than it is worth. The decision makers are at a higher level than me, and they can see the complete picture, so it is appropriate to follow their instructions. I am inclined to agree because this person has always been fair and honest with me in the past.

Step 3: Determine the Facts This step concerns both what you already know and what you must find out. Here you will need to gather all the background information necessary to see the whole picture. There is no judgment in this step. It relates strictly to collecting data that will later inform your choice. Examples of essential facts: ■■

■■

■■

■■

The relevant coding guidelines, clinical factors, and related edits, as well as the relative credibility of their sources. The customary practices for this particular situation. For example, determine if this issue has arisen in the past and how it was handled. Who the other stakeholders are and how they will be impacted. For example, will claims be denied (rightly or wrongly), will the patient be impacted directly, or will the amount of the payment be affected? Whether the scenario is addressed in professional ethical standards, as well as whether it has legal ramifications and what they are.

Step 4: Determine the Values Examine the values, obligations, and interests of all parties to bring out the full complexity of the ethical challenge. Some values will be shared, but others may be at cross purposes. When conflict arises between them, you will need to weigh the competing values and then judge which take precedence. Examples of values:

■■

■■

■■

■■

Society has a general interest in cost containment, and patients have a specific interest in keeping their personal costs down. Providers, in turn, have a legitimate interest in receiving optimal reimbursement for their services. The primary mission of all those in the healthcare field is to serve the medical needs of patients. This can be lost in the hustle and bustle of daily activity, but all of health care ultimately revolves around this value. Healthcare institutions have a natural and valid interest in maintaining their financial viability, and so do individuals. For example, an individual’s job may well be at risk over an ethical stance. Core values such as integrity, honesty, truth, and fairness constitute a central foundation for societal, professional and personal character.

Step 5: Determine Your Options Lay out the various courses of action that you can take, as well as the potential repercussions of each. Many times, options are not mutually exclusive and can be pursued in tandem. Some options may also be staged—for example, refraining from overriding an NCCI edit in a current case while seeking clarification of the rationale for the edit for the future. Others may need to be pursued in order of escalating leverage and gravity, if other attempted courses prove ineffective or unproductive. Ultimately there are so-called nuclear options. These options, once done, cannot be undone. Before exercising a nuclear option, you must be as certain as possible that the situation warrants the consequences for everyone involved. Examples of options: ■■

■■

■■

Do nothing. This is always an option and is sometimes a reasonable response—for example, when confronted with a minor or “one-time-only” infraction. Survey coding colleagues, including online communities, for their advice to determine if their actions in similar situations can serve as a model. Query the physician to clarify the documentation and clinical matters, such as the nature of a diagnosis or procedure, and the clinical significance of findings. This

Making a Decision and Making Your Case 161



■■

■■

■■

■■

may include using back channels such as approaching other clinicians associated with the physician and involved in the case, such as Physician Assistants and Nurse Practitioners, if the physician is unavailable or uncooperative. Involve the Clinical Documentation Improvement staff to intercede with the physician to facilitate query responses or address persistent shortfalls in documentation. Contact the institution’s compliance office either for guidance on the appropriate course of action or to report a possible wrongdoing. Leave the job and seek employment elsewhere (nuclear option). Report potential fraud to the OIG (nuclear option).

Step 6: Decide What to Do It is time to make a decision. After identifying the core ethical issue, considering your gut reaction, gathering the facts, identifying the values involved, and weighing the options, choose one and move forward with it. While it may seem obvious, this is a critical step. It is possible to defer making a decision indefinitely, tempted by a seeming need to gather more facts or to identify additional options, for example. But this is the equivalent of making a decision to do nothing. It is also ultimately untenable. As noted, ethical challenges are inherent in coding, and it is your professional responsibility to deal with them. At the same time, it is incumbent on you to limit the risks to yourself and others as you move forward. You will not only be held accountable for your decision, you may also be called upon to support it. It cannot be overstated that it is in your best interest to thoroughly document the bases for your rationale and all of your actions. Finally, remember that there may be more than one “right” decision, as shown below. Examples of decisions: ■■

There is a conflict between coding guidelines and payer requirements related to diagnosis code sequencing for a particular scenario. After several frustrating calls with the payer representative, you decide to follow the payer’s dictates. You are aware that you are violating mandated coding

■■

guidelines. You choose to do so as a practical measure, to ensure that the claim is processed, the provider is paid for its services, and the patient does not receive a bill. You feel that you have done your very best, and the responsibility for the incorrect sequencing lies with the payer. There is a conflict between coding guidelines and payer requirements for the diagnosis code for a particular scenario. After several frustrating calls with the payer representative, you decide to follow the mandated coding guidelines. You choose to do so knowing that the payer’s disregard for the guidelines will cause an appropriate claim to be denied. Because this will result in hardship for the hospital and for the patient, you also alert the business office to begin preparing to appeal the expected denial.

In making either decision, you should be sure to retain a written copy of the payer’s policy requiring incorrect codes and should document all calls and interactions you have had with the payer during which you attempted to explain the coding guidelines. To ensure transparency as well as institutional support for your decision, you should review the situation with your supervisor. To ensure consistency going forward, you should also ask that the issue be addressed at the next coder staff meeting. Step 7: Justify Your Choice Lay out the rationale for your decision. As a matter of course, you should always be prepared to both explain and defend your choice, drawing on the facts of the case, the ethical standards and values at play, and the consequences of the available options. Be certain you have ­clarity on these points, as you may well be called on to support your decision under scrutiny or ­challenge from others. Examples of reasons that justify the option chosen: ■■

■■

■■

The option is supported by credible coding guidelines. The option does not carry undue legal risk or exposure. Although it does not serve the interests of all stakeholders, the option is in the best interest of the patient.

162

Chapter 6  Coding

This step also includes recognizing and rejecting reasons that do not constitute a justification for the choice. Examples of reasons that do not justify the option chosen: ■■

■■

■■

The option is a common practice, but the reasons why it a common practice are not known and not questioned. Fear of being ignored or mistreated inhibits querying to clarify inadequate documentation. An influential or highly placed person insists on a course of action despite your misgivings.

Step 8: Determine How to Prevent This Problem in the Future This step is often neglected but can benefit you most in the long term. The preceding steps are designed to help you deal with an existing ethical issue. Recognize that this is reactive, and use your experience to be proactive. Apply the knowledge and tools gleaned from wrestling with an ethical issue toward preventing the same or similar issues from recurring. Examples of preventive steps: ■■

■■

■■

Working with the clinical department, develop and disseminate an internal coding guideline for handling this gray area consistently and appropriately going forward. Refuse to work with this particular vendor in the future, regardless of whether it is the least costly. Work to turn an adversary into an ally by explaining the rationale for a particular course of action, including providing documentation for the mandates you—and they—are obligated to follow, such as the relevant coverage policy or the legal statute, if timely payment is to ensue.

One of the best preventive steps you can take is to assiduously cultivate and maintain a reputation as an individual of sterling integrity and ethical probity. Although ethical challenges are inherent in coding and will always need to be dealt with, some can be averted. With an impeccable reputation, other stakeholders may more readily respect your principled positions and may be more likely to refrain from drawing you into ethically questionable situations.

Conclusion With the ethical issues inherent to coding, ethical decision making relies on professional knowledge and personal integrity. Legal mandates and professional standards provide the foundation for coders to recognize the nature of ethical challenges in their work. This makes it essential for coders to be well versed in these elements and know how to act in accordance with them. Equally important, coders must remain abreast of coding directives and be able to assess the credibility of their sources. Using this foundation, coders can respond to ethical challenges by following a systematic approach for identifying the facts, values, and options that guide decision making while appreciating the implications for all stakeholders. This approach offers critical guidance, but ultimately, coders must be prepared to exercise professional judgment and have the personal courage to address ethical challenges. Knowing that a given situation may very well have more than one “right” answer, coders must be able to justify and stand by their decisions and actions with integrity and accountability.

KEY TERMS Abuse AHIMA Standards of Ethical Coding Cooperating Parties Credentialing False Claims Act Fraud Medical necessity Office of the Inspector General (OIG) Query Unbundling Upcoding

CHAPTER SUMMARY ■■

As an integral component of healthcare administration, coding practices must uphold professional integrity while deftly balancing the competing values and interests of healthcare stakeholders.

References 163 ■■

■■

■■

■■

It is incumbent on HIM professionals to be well versed in, and to act in accordance with, the legal mandates and ethical and professional codes that guide coding practice, and to remain abreast of new and updated coding directives. These resources include the AHIMA Code of Ethics and Standards of Ethical Coding as well as authoritative coding guidelines and directives. Three main areas of coding-related ethical challenges are upcoding, unbundling, and evading medical necessity. In addressing ethical concerns, it is important to be both reactive (resolving an existing problem) and proactive (preventing recurrences of the problem). As such, following the eight steps delineated in the decision matrix helps to identify the core issue, pertinent facts and values, and possible options and justification for determining a course of action. Coders must be prepared to exercise both professional judgment and personal courage in addressing ethical challenges, maintaining their professional integrity while recognizing the values and interests in play, including the potential consequences for all involved.

REFERENCES American Health Information Management Association [AHIMA]. (2008). Managing an effective query process. Journal of AHIMA, 79(10), 83–88. Available from http://library.ahima.org/xpedio/ groups/public/documents/ahima/bok1_040394 .hcsp?dDocName=bok1_040394. American Health Information Management Association [AHIMA]. (2010). Automated coding workflow and CAC practice guidance. Journal of AHIMA, 81(7), 51–56. Available from http://library.ahima.

org/xpedio/groups/public/documents/ahima/ bok1_047691.hcsp?dDocName=bok1_047691. Cassidy, Bonnie S. (2012, October 15). Defining the core clinical documentation set for coding compliance. Available from http://library.ahima.org/xpedio/groups/ public/documents/ahima/bok1_049822.pdf. Centers for Medicare and Medicaid Services. (2015, January 1). General correct coding policies: Introduction. Chapter 1 in National correct coding initiative policy manual for Medicare services. Available from http://www.cms.gov/Medicare/Coding/NationalCorrectCodInitEd/index.html. Department of Health and Human Services. (2009, January 16). HIPAA administrative simplification: Modifications to Medical Data Code Set standards to adopt ICD–10–CM and ICD–10–PCS. 74 Fed. Reg. 3328–3362. Department of Health and Human Services & Department of Justice. (2014, February). Health care fraud and abuse control program: Annual report for fiscal year 2013, 1. Available from https://oig.hhs.gov/publica tions/docs/hcfac/FY2013–hcfac.pdf. Federal Bureau of Investigation. (n.d.). Financial crimes report to the public fiscal year 2008. Available from http://www.fbi.gov/stats-services/publications/ fcs_report2008. Flite, C. A., & Harman, L. B. (2013). Code of ethics: Principles for ethical leadership. Perspectives in Health Information Management, 10, 1d. Available from http://www.ncbi.nlm.nih.gov/pmc/articles/ PMC3544144/. Forrestal, E. (2013). Leading by design. Perspectives in Health Information Management, 1–24. Available from http://perspectives.ahima.org/leading-by-design/#. VJ5QKl5–AA. ICD official guidelines for coding and reporting. (n.d.). Available from http://www.cdc.gov/nchs/data/icd/ICD 10cmguidelines_2015%209_26_2014.pdf. Prophet, S. (1997). Fraud and abuse implications for the HIM professional. Journal of AHIMA, 68(4), 52–56. Available from http://library.ahima. org/xpedio/groups/public/documents/ahima/ bok2_000355.hcsp?dDocName=bok2_000355.

APPENDIX 6-A

American Health Information Management Association Code of Ethics

Preamble The ethical obligations of the health information management (HIM) professional include the safeguarding of privacy and security of health information; disclosure of health information; development, use, and maintenance of health information systems and health information; and ensuring the accessibility and integrity of health information. Healthcare consumers are increasingly ­c oncerned about security and the potential loss of privacy and the inability to control how their personal health information is used and disclosed. Core health information issues include what information should be collected; how the information should be handled, who should have access to the information, under what conditions the information should be disclosed, how the information is retained and when it is no longer needed, and how is it disposed of in a confidential manner. All of the core health information issues are performed in compliance with state and ­federal regulations, and employer policies and procedures. Ethical obligations are central to the professional’s responsibility, regardless of the employment site or the method of collection, storage, and security of health information.  In addition, sensitive information (e.g., genetic, adoption, drug, alcohol, sexual, health, and behavioral information) requires special attention to prevent misuse.   In the world of business and interactions with consumers, expertise in the protection of the information is required.

Purpose of the American Health Information Management Association Code of Ethics The HIM professional has an obligation to demonstrate actions that reflect values, ethical principles, and ethical guidelines. The A ­ merican Health Information Management Association (AHIMA) Code of Ethics sets forth these values and principles to guide conduct.  (See also  AHIMA Vision, Mission, Values) The code is relevant to all AHIMA members and CCHIIM credentialed HIM professionals [hereafter referred to as certificants], regardless of their professional functions, the settings in which they work, or the populations they serve. These purposes strengthen the HIM professional’s efforts to improve overall quality of healthcare. The AHIMA Code of Ethics serves seven purposes: ■■ ■■

■■

■■

■■

■■

Promotes high standards of HIM practice. Identifies core values on which the HIM mission is based. Summarizes broad ethical principles that reflect the profession’s core values. Establishes a set of ethical principles to be used to guide decision-making and actions. Establishes a framework for professional behavior and responsibilities when professional obligations conflict or ethical uncertainties arise. Provides ethical principles by which the general public can hold the HIM professional accountable.



The Code of Ethics and How to Interpret the Code of Ethics ■■

Mentors practitioners new to the field to HIM’s mission, values, and ethical principles.

The code includes principles and guidelines that are both enforceable and aspirational. The extent to which each principle is enforceable is a matter of professional judgment to be exercised by those responsible for reviewing alleged violations of ethical principles.

The Code of Ethics and How to Interpret the Code of Ethics Principles and Guidelines The following ethical principles are based on the core values of the American Health Information Management Association and apply to all AHIMA members and certificants.  Guidelines included for each ethical principle are a non-inclusive list of behaviors and situations that can help to clarify the principle. They are not meant to be a comprehensive list of all situations that can occur. I. Advocate, uphold, and defend the individual’s right to privacy and the doctrine of confidentiality in the use and disclosure of information. A health information management professional shall: 1.1. Safeguard all confidential patient information to include, but not limited to, personal, health, financial, genetic, and outcome information. 1.2. Engage in social and political action that supports the protection of privacy and confidentiality, and be aware of the impact of the political arena on the health information issues for the healthcare industry. 1.3. Advocate for changes in policy and legislation to ensure protection of privacy and confidentiality, compliance, and other issues that surface as advocacy issues and facilitate informed

165

participation by the public on these issues. 1.4. Protect the confidentiality of all information obtained in the course of professional service. Disclose only information that is directly relevant or necessary to achieve the purpose of disclosure. Release information only with valid authorization from a patient or a person legally authorized to consent on behalf of a patient or as authorized by federal or state regulations. The minimum necessary standard is essential when releasing health information for disclosure activities. 1.5. Promote the obligation to respect privacy by respecting confidential information shared among colleagues, while responding to requests from the legal profession, the media, or other non-healthcare related individuals, during presentations or teaching and in situations that could cause harm to persons. 1.6. Respond promptly and appropriately to patient requests to exercise their privacy rights (e.g., access, amendments, restriction, confidential communication, etc.). Answer truthfully all patients’ questions concerning their rights to review and annotate their personal biomedical data and seek to facilitate patients’ legitimate right to exercise those rights. II. Put service and the health and welfare of persons before self-interest and conduct oneself in the practice of the profession so as to bring honor to oneself, peers, and to the health information management profession. A health information management professional shall: 2.1. Act with integrity, behave in a trustworthy manner, elevate service to others above self-interest, and promote high standards of practice in every setting.

166

Chapter 6  Coding

2.2. Be aware of the profession’s mission, values, and ethical principles, and practice in a manner consistent with them by acting honestly and responsibly. 2.3. Anticipate, clarify, and avoid any conflict of interest, to all parties concerned, when dealing with consumers, consulting with competitors, in providing services requiring potentially conflicting roles (for example, finding out information about one facility that would help a competitor), or serving the Association in a volunteer capacity. The conflicting roles or responsibilities must be clarified and appropriate action taken to minimize any conflict of interest. 2.4. Ensure that the working environment is consistent and encourages compliance with the AHIMA Code of Ethics, taking reasonable steps to eliminate any conditions in their organizations that violate, interfere with, or discourage compliance with the code. 2.5. Take responsibility and credit, including authorship credit, only for work they actually perform or to which they contribute. Honestly acknowledge the work of and the contributions made by others verbally or written, such as in publication. A health information management professional shall not: 2.6. Permit one’s private conduct to interfere with the ability to fulfill one’s professional responsibilities. 2.7. Take unfair advantage of any professional relationship or exploit others to further one’s own personal, religious, political, or business interests. III. Preserve, protect, and secure personal health information in any form or medium and hold in the highest regards health information and other information of a confidential nature obtained in an official capacity, taking into account the applicable statutes and regulations. A health information management professional shall: 3.1. Safeguard the privacy and security of written and electronic health

information and other sensitive information. Take reasonable steps to ensure that health information is stored securely and that patients’ data is not available to others who are not authorized to have access. Prevent inappropriate disclosure of individually identifiable information. 3.2. Take precautions to ensure and maintain the confidentiality of information transmitted, transferred, or disposed of in the event of termination, incapacitation, or death of a healthcare provider to other parties through the use of any media. 3.3. Inform recipients of the limitations and risks associated with providing services via electronic or social media (e.g., computer, telephone, fax, radio, and television). IV. Refuse to participate in or conceal unethical practices or procedures and report such practices. A health information management professional shall: 4.1. Act in a professional and ethical manner at all times. 4.2. Take adequate measures to discourage, prevent, expose, and correct the unethical conduct of colleagues. If needed, utilize the  Professional Ethics Committee Policies and Procedures  for potential ethics complaints. 4.3. Be knowledgeable about established policies and procedures for handling concerns about colleagues’ unethical behavior. These include policies and procedures created by AHIMA, licensing and regulatory bodies, employers, supervisors, agencies, and other professional organizations. 4.4. Seek resolution if there is a belief that a colleague has acted unethically or if there is a belief of incompetence or impairment by discussing one’s concerns with the colleague when feasible and when such discussion is likely to be productive. 4.5. Consult with a colleague when feasible and assist the colleague in taking











The Code of Ethics and How to Interpret the Code of Ethics remedial action when there is direct knowledge of a health information management colleague’s incompetence or impairment. 4.6. Take action through appropriate formal channels, such as contacting an accreditation or regulatory body and/or the AHIMA Professional Ethics Committee if needed. 4.7. Cooperate with lawful authorities as appropriate. A health information management professional shall not: 4.8. Participate in, condone, or be associated with dishonesty, fraud and abuse, or deception. A non-inclusive list of examples includes: ■ Allowing patterns of optimizing or minimizing documentation and/or coding to impact payment ■ Assigning codes without physician documentation ■ Coding when documentation does not justify the diagnoses or procedures that have been billed ■ Coding an inappropriate level of service ■ Miscoding to avoid conflict with others ■ Engaging in negligent coding practices ■ Hiding or ignoring review outcomes, such as performance data ■ Failing to report licensure status for a physician through the appropriate channels ■ Recording inaccurate data for accreditation purposes ■ Allowing inappropriate access to genetic, adoption, health, or behavioral health information ■ Misusing sensitive information about a competitor ■ V i o l a t i n g the privacy of individuals Refer to the AHIMA Standards for Ethical Coding for additional guidance. 4.9. Engage in any relationships with a patient where there is a risk of exploitation or potential harm to the patient.















167

V. Advance health information management knowledge and practice through continuing education, research, publications, and presentations. A health information management professional shall: 5.1. Develop and enhance continually professional expertise, knowledge, and skills (including appropriate education, research, training, consultation, and supervision). Contribute to the knowledge base of health information management and share one’s knowledge related to practice, research, and ethics. 5.2. Base practice decisions on recognized knowledge, including empirically based knowledge relevant to health information management and health information management ethics. 5.3. Contribute time and professional expertise to activities that promote respect for the value, integrity, and competence of the health information management profession. These activities may include teaching, research, consultation, service, legislative testimony, advocacy, presentations in the community, and participation in professional organizations. 5.4. Engage in evaluation and research that ensures the conf identiality of participants and of the data obtained from them by following guidelines developed for the participants in consultation with appropriate institutional review boards. 5.5. Report evaluation and research findings accurately and take steps to correct any errors later found in published data using standard publication methods. 5.6. Design or conduct evaluation or research that is in conformance with applicable federal or state laws. 5.7. Take reasonable steps to provide or arrange for continuing education and staff development, addressing current knowledge and emerging developments related to health information management practice and ethics.

168

Chapter 6  Coding

VI. Recruit and mentor students, staff, peers, and colleagues to develop and strengthen professional workforce. A health information management professional shall: 6.1. Provide directed practice opportunities for students. 6.2. Be a mentor for students, peers, and new health information management professionals to develop and strengthen skills. 6.3. Be responsible for setting clear, appropriate, and culturally sensitive boundaries for students, staff, peers, colleagues, and members within professional organizations. 6.4. Evaluate students’ performance in a manner that is fair and respectful when functioning as educators or clinical internship supervisors. 6.5. Evaluate staff’s performance in a manner that is fair and respectful when functioning in a supervisory capacity. 6.6. Serve an active role in developing HIM faculty or actively recruiting HIM professionals. A health information management professional shall not: 6.7. Engage in any relationships with a person (e.g. students, staff, peers, or colleagues) where there is a risk of exploitation or potential harm to that other person. VII. Represent the profession to the public in a positive manner. A health information management professional shall: 7.1. Be an advocate for the profession in all settings and participate in activities that promote and explain the mission, values, and principles of the profession to the public. VIII. Perform honorably health information management association responsibilities, either appointed or elected, and preserve the confidentiality of any privileged information made known in any official capacity. A health information management professional shall: 8.1. Perform responsibly all duties as assigned by the professional

association operating within the bylaws and policies and procedures of the association and any pertinent laws. 8.2. Uphold the decisions made by the association. 8.3. Speak on behalf of the health information management profession and association, only while serving in the role, accurately representing the official and authorized positions of the association. 8.4. Disclose any real or perceived conflicts of interest. 8.5. Relinquish association information upon ending appointed or elected responsibilities. 8.6. Resign from an association position if unable to perform the assigned responsibilities with competence. 8.7. Avoid lending the prestige of the association to advance or appear to advance the private interests of others by endorsing any product or service in return for remuneration. Avoid endorsing products or services of a third party, for-profit entity that competes with AHIMA products and services.  Care should also be exercised in endorsing any other products and services. IX. State truthfully and accurately one’s credentials, professional education, and experiences. A health information management professional shall: 9.1. Make clear distinctions between statements made and actions engaged in as a private individual and as a representative of the health information management profession, a professional health information association, or one’s employer. 9.2. Claim and ensure that representation to patients, agencies, and the public of professional qualifications, credentials, education, competence, affiliations, services provided, training, certification, consultation received, supervised experience, and other relevant professional experience are accurate. 9.3. Claim only those relevant professional credentials actually possessed

and correct any inaccuracies occurring regarding credentials. 9.4. Report only those continuing education units actually earned for the recertification cycle and correct any inaccuracies occurring regarding CEUs. X. Facilitate interdisciplinary collaboration in situations supporting health information practice. A health information management professional shall: 10.1. Participate in and contribute to decisions that affect the well-being of patients by drawing on the perspectives, values, and experiences of those involved in decisions related to patients. 10.2. Facilitate interdisciplinary collaboration in situations supporting health information practice. 10.3. Establish clearly professional and ethical obligations of the interdisciplinary team as a whole and of its individual members. 10.4. Foster trust among group members and adjust behavior in order to establish relationships with teams. XI. Respect the inherent dignity and worth of every person. A health information management professional shall: 11.1. Treat each person in a respectful fashion, being mindful of individual differences and cultural and ethnic diversity. 11.2. Promote the value of self-determination for each individual. 11.3. Value all kinds and classes of people equitably, deal effectively with all races, cultures, disabilities, ages and genders. 11.4. Ensure all voices are listened to and respected.

The Use of the Code Violation of principles in this code does not automatically imply legal liability or violation of the law. Such determination can only be made in the context of legal and judicial proceedings. Alleged violations of the code would be subject to a peer

The Use of the Code

169

review process. Such processes are generally separate from legal or administrative procedures and insulated from legal review or proceedings to allow the profession to counsel and discipline its own members although in some situations, violations of the code would constitute unlawful conduct subject to legal process. Guidelines for ethical and unethical behavior are provided in this code. The terms “shall and shall not” are used as a basis for setting high standards for behavior. This does not imply that everyone “shall or shall not” do everything that is listed. This concept is true for the entire code. If someone does the stated activities, ethical behavior is the standard. The guidelines are not a comprehensive list. For example, the statement “safeguard all confidential patient information to include, but not limited to, personal, health, financial, genetic and outcome information” can also be interpreted as “shall not fail to safeguard all confidential patient information to include personal, health, financial, genetic, and outcome information.” A code of ethics cannot guarantee ethical behavior. Moreover, a code of ethics cannot resolve all ethical issues or disputes or capture the richness and complexity involved in striving to make responsible choices within a moral community. Rather, a code of ethics sets forth values and ethical principles, and offers ethical guidelines to which a HIM professional can aspire and by which actions can be judged. Ethical behaviors result from a personal commitment to engage in ethical practice. Professional responsibilities often require an individual to move beyond personal values. For example, an individual might demonstrate behaviors that are based on the values of honesty, providing service to others, or demonstrating loyalty. In addition to these, professional values might require promoting confidentiality, facilitating interdisciplinary collaboration, and refusing to participate or conceal unethical practices. Professional values could require a more comprehensive set of values than what an individual needs to be an ethical agent in one’s own personal life. The AHIMA Code of Ethics is to be used by AHIMA members and certificants, consumers, agencies, organizations, and bodies (such as licensing and regulatory boards, insurance providers, courts of law, government agencies,

170

Chapter 6  Coding

and other professional groups) that choose to adopt it or use it as a frame of reference. The AHIMA Code of Ethics reflects the commitment of all to uphold the profession’s values and to act ethically. Individuals of good character who discern moral questions and, in good faith, seek to make reliable ethical judgments, must apply ethical principles. The code does not provide a set of rules that prescribe how to act in all situations. Specific applications of the code must take into account the context in which it is being considered and the possibility of conflicts among the code’s values, principles, and guidelines. Ethical responsibilities flow from all human relationships, from the personal and familial to the social and professional. Further, the AHIMA Code of Ethics does not specify which values, principles, and guidelines are the most important and ought to outweigh others in instances when they conflict.

Code of Ethics 2011 Ethical Principles Ethical Principles: The following ethical principles are based on the core values of the American Health Information Management Association and apply to all AHIMA members and certificants. A health information management professional shall: 1. Advocate, uphold, and defend the individual’s right to privacy and the doctrine of confidentiality in the use and disclosure of information. 2. Put service and the health and welfare of persons before self-interest and conduct oneself in the practice of the profession so as to bring honor to oneself, their peers, and to the health information management profession. 3. Preserve, protect, and secure personal health information in any form or medium and hold in the highest regards health information and other information of a confidential nature obtained in an official capacity, taking into account the applicable statutes and regulations.

4. Refuse to participate in or conceal unethical practices or procedures and report such practices. 5. Advance health information management knowledge and practice through continuing education, research, publications, and presentations. 6. Recruit and mentor students, peers and colleagues to develop and strengthen professional workforce. 7. Represent the profession to the public in a positive manner. 8. Perform honorably health information management association responsibilities, either appointed or elected, and preserve the confidentiality of any privileged information made known in any official capacity. 9. State truthfully and accurately one’s credentials, professional education, and experiences. 10. Facilitate interdisciplinary collaboration in situations supporting health information practice. 11. Respect the inherent dignity and worth of every person. Reprinted with permission from the American Health Information Management Association. Copyright © 2011 by the American Health Information Management Association. All rights reserved. No part of this may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association. Adapted with permission from the Code of Ethics of the National Association of Social Workers.

RESOURCES National Association of Social Workers. Code of Ethics. 1999. Available online on the NASW web site. AHIMA.  Code of Ethics, 1957, 1977, 1988, 1998, and 2004. Available from http://library.ahima.org/ AHIMA. Standards for Ethical Coding. 2008. Available from http://library.ahima.org/ Harman, L.B., ed. Ethical Challenges in the Management of Health Information, 2nd ed. Sudbury, MA: Jones and Bartlett, 2006. McWay, D.C. Legal and Ethical Aspects of Health Information Management, 3rd ed. Clifton Park, NY: Cengage Learning, 2010. Revised & adopted by AHIMA House of Delegates— (October 2, 2011)

APPENDIX 6-B

American Health Information Management Association Standards of Ethical Coding

Introduction The Standards of Ethical Coding are based on the American Health Information Management Association’s (AHIMA’s) Code of Ethics. Both sets of principles reflect expectations of professional conduct for coding professionals involved in diagnostic and/or procedural coding or other health record data abstraction. A Code of Ethics sets forth professional values and ethical principles and offers ethical guidelines to which professionals aspire and by which their actions can be judged. Health information management (HIM) professionals are expected to demonstrate professional values by their actions to patients, employers, members of the healthcare team, the public, and the many stakeholders they serve. A Code of Ethics is important in helping to guide the decision-making process and can be referenced by individuals, agencies, organizations, and bodies (such as licensing and regulatory boards, insurance providers, courts of law, government agencies, and other professional groups). The AHIMA Code of Ethics (available on the AHIMA web site) is relevant to all AHIMA members and credentialed HIM professionals and students, regardless of their professional functions, the settings in which they work, or the populations they serve. Coding is one of the core HIM functions, and due to the complex regulatory requirements affecting the health information coding process, coding professionals are frequently faced with ethical challenges. The AHIMA Standards of Ethical Coding are intended to assist coding professionals and managers in decision-making processes and actions, outline expectations for making ethical decisions in the workplace, and demonstrate coding professionals’ commitment to integrity

during the coding process, regardless of the purpose for which the codes are being reported. They are relevant to all coding professionals and those who manage the coding function, regardless of the healthcare setting in which they work or whether they are AHIMA members or nonmembers. These Standards of Ethical Coding have been revised in order to reflect the current healthcare environment and modern coding practices. The previous revision was published in 1999.

Standards of Ethical Coding Coding professionals should: 1. Apply accurate, complete, and consistent coding practices for the production of high-quality healthcare data. 2. Report all healthcare data elements (e.g. diagnosis and procedure codes, present on admission indicator, discharge status) required for external reporting purposes (e.g. reimbursement and other administrative uses, population health, quality and patient safety measurement, and research) completely and accurately, in accordance with regulatory and documentation standards and requirements and applicable official coding conventions, rules, and guidelines. 3. Assign and report only the codes and data that are clearly and consistently supported by health record documentation in accordance with applicable code set and abstraction conventions, rules, and guidelines. 4. Query provider (physician or other qualified healthcare practitioner) for clarification and additional documentation prior to code assignment when there is

172

5.

6.

7.

8. 9.

10.

11.

Chapter 6  Coding conflicting, incomplete, or ambiguous information in the health record regarding a significant reportable condition or procedure or other reportable data element dependent on health record documentation (e.g. present on admission indicator). Refuse to change reported codes or the narratives of codes so that meanings are misrepresented. Refuse to participate in or support coding or documentation practices intended to inappropriately increase payment, qualify for insurance policy coverage, or skew data by means that do not comply with federal and state statutes, regulations and official rules and guidelines. Facilitate interdisciplinary collaboration in situations supporting proper coding practices. Advance coding knowledge and practice through continuing education. Refuse to participate in or conceal unethical coding or abstraction practices or procedures. Protect the confidentiality of the health record at all times and refuse to access protected health information not required for codingrelated activities ( examples of coding-related activities include completion of code assignment, other health record data abstraction, coding audits, and educational purposes). Demonstrate behavior that reflects integrity, shows a commitment to ethical and legal coding practices, and fosters trust in professional activities.

Revised and approved by the House of ­Delegates 09/08 All rights reserved. Reprint and quote only with proper reference to AHIMA’s authorship.

Resources (updated April 2013) AHIMA Code of Ethics ICD-9-CM Official Guidelines for Coding and Reporting AHIMA’s position statement on Quality Health Data and Information

AHIMA’s position statement on Consistency of Healthcare Diagnostic and Procedural Coding AHIMA Practice Brief titled “Managing an Effective Query Process”

How to Interpret the Standards of Ethical Coding The following ethical principles are based on the core values of the American Health Information Management Association and the AHIMA Code of Ethics and apply to all coding professionals. Guidelines for each ethical principle include examples of behaviors and situations that can help to clarify the principle. They are not meant as a comprehensive list of all situations that can occur. 1. Apply accurate, complete, and consistent coding practices for the production of high-quality healthcare data.    Coding professionals and those who manage coded data shall: 1.1. Support selection of appropriate diagnostic, procedure and other types of health service related codes (e.g. present on admission indicator, discharge status). Example: Policies and procedures are developed and used as a framework for the work process, and education and training is provided on their use. 1.2. Develop and comply with comprehensive internal coding policies and procedures that are consistent with official coding rules and guidelines, reimbursement regulations and policies and prohibit coding practices that misrepresent the patient’s medical conditions and treatment provided or are not supported by the health record documentation. Example: Code assignment resulting in misrepresentation of facts carries significant consequences. 1.3. Participate in the development of institutional coding policies and ensure that coding policies

complement, and do not conflict with, official coding rules and guidelines. 1.4. Foster an environment that supports honest and ethical coding practices resulting in accurate and reliable data.    Coding professionals shall not: 1.5. Participate in improper preparation, alteration, or suppression of coded information. 2. Report all healthcare data elements (e.g. diagnosis and procedure codes, present on admission indicator, discharge status) required for external reporting purposes (e.g. reimbursement and other administrative uses, population health, public data reporting, quality and patient safety measurement, research) completely and accurately, in accordance with regulatory and documentation standards and requirements and applicable official coding conventions, rules, and guidelines.    Coding professionals shall: 2.1. Adhere to the ICD coding conventions, official coding guidelines approved by the Cooperating Parties,1  the CPT rules established by the American Medical Association, and any other official coding rules and guidelines established for use with mandated standard code sets. Example: Appropriate resource tools that assist coding professionals with proper sequencing and reporting to stay in compliance with existing reporting requirements are available and used. 2.2. Select and sequence diagnosis and procedure codes in accordance with the definitions of required data sets for applicable healthcare settings. 2.3. Comply with AHIMA’s standards governing data reporting practices, including health record documentation and clinician query standards. 3. Assign and report only the codes that are clearly and consistently supported by health record documentation in accordance with applicable code set conventions, rules, and guidelines.

How to Interpret the Standards of Ethical Coding



173

   Coding professionals shall: 3.1. Apply skills, knowledge of currently mandated coding and classification systems, and official resources to select the appropriate diagnostic and procedural codes (including applicable modifiers), and other codes representing healthcare services (including substances, equipment, supplies, or other items used in the provision of healthcare services).

Example: Failure to research or confirm the appropriate code for a clinical condition not indexed in the classification, or reporting a code for the sake of convenience or to affect reporting for a desired effect on the results, is considered unethical. 4. Query provider (physician or other qualified healthcare practitioner) for clarification and additional documentation prior to code assignment when there is conf licting, incomplete, or ambiguous information in the health record regarding a significant reportable condition or procedure or other reportable data element dependent on health record documentation (e.g. present on admission indicator).    Coding professionals shall: 4.1. Participate in the development of query policies that support documentation improvement and meet regulatory, legal, and ethical standards for coding and reporting. 4.2. Query the provider for clarification when documentation in the health record that impacts an externally reportable data element is illegible, incomplete, unclear, inconsistent, or imprecise. 4.3. Use queries as a communication tool to improve the accuracy of code assignment and the quality of health record documentation, not to inappropriately increase reimbursement or misrepresent quality of care.

174

Chapter 6  Coding

Example: Policies regarding the circumstances when clinicians should be queried are designed to promote complete and accurate coding and complete documentation, regardless of whether reimbursement will be affected.    Coding professionals shall not: 4.4. Query the provider when there is no clinical information in the health record prompting the need for a query. Example: Query the provider regarding the presence of gram-negative pneumonia on every pneumonia case, regardless of whether there are any clinical indications of gram-negative pneumonia documented in the record. 5. Refuse to change reported codes or the narratives of codes so that meanings are misrepresented.    Coding professionals shall not: 5.1. Change the description for a diagnosis or procedure code or other reported data element so that it does not accurately reflect the official definition of that code. Example: The description of a code is altered in the encoding software, resulting in incorrect reporting of this code. 6. Refuse to participate in or support coding or documentation practices intended to inappropriately increase payment, qualify for insurance policy coverage, or skew data by means that do not comply with federal and state statutes, regulations and official rules and guidelines.    Coding professionals shall: 6.1. Select and sequence the codes such that the organization receives the optimal payment to which the facility is legally entitled, remembering that it is unethical and illegal to increase payment by means that contradict regulatory guidelines.    Coding professionals shall not: 6.2. Misrepresent the patient’s clinical picture through intentional

incorrect coding or omission of diagnosis or procedure codes, or the addition of diagnosis or procedure codes unsupported by health record documentation, to inappropriately increase reimbursement, justify medical necessity, improve publicly reported data, or qualify for insurance policy coverage benefits. Examples: A patient has a health plan that excludes reimbursement for reproductive management or contraception; so rather than report the correct code for admission for tubal ligation, it is reported as a medically necessary condition with performance of a salpingectomy. The narrative descriptions of both the diagnosis and procedures reflect an admission for tubal ligation and the procedure (tubal ligation) is displayed on the record. A code is changed at the patient’s request so that the service will be covered by the patient’s insurance.    Coding professionals shall not: 6.3. Inappropriately exclude diagnosis or procedure codes in order to misrepresent the quality of care provided. Examples: Following a surgical procedure, a patient acquired an infection due to a break in sterile procedure; the appropriate code for the surgical complication is omitted from the claims submission to avoid any adverse outcome to the institution. Quality outcomes are reported inaccurately in order to improve a healthcare organization’s quality profile or pay-for-performance results. 7. Facilitate interdisciplinary collaboration in situations supporting proper coding practices.    Coding professionals shall: 7.1. Assist and educate physicians and other clinicians by advocating proper documentation practices, further specificity, and re-sequence or include diagnoses or procedures



How to Interpret the Standards of Ethical Coding when needed to more accurately reflect the acuity, severity, and the occurrence of events.

Example: Failure to advocate for ethical practices that seek to represent the truth in events as expressed by the associated code sets when needed is considered an intentional disregard of these standards. 8. Advance coding knowledge and practice through continuing education.    Coding professionals shall: 8.1. Maintain and continually enhance coding competency (e.g., through participation in educational programs, reading official coding publications such as the Coding Clinic for ICD-9-CM, and maintaining professional certifications) in order to stay abreast of changes in codes, coding guidelines, and regulatory and other requirements. 9. Refuse to participate in or conceal unethical coding practices or procedures.    Coding professionals shall: 9.1. Act in a professional and ethical manner at all times. 9.2. Take adequate measures to discourage, prevent, expose, and correct the unethical conduct of colleagues. 9.3. Be knowledgeable about established policies and procedures for handling concerns about colleagues’ unethical behavior. These include policies and procedures created by AHIMA, licensing and regulatory bodies, employers, supervisors, agencies, and other professional organizations. 9.4. Seek resolution if there is a belief that a colleague has acted unethically or if there is a belief of incompetence or impairment by discussing their concerns with the colleague when feasible and when such discussion is likely to be productive. Take action through appropriate formal channels, such as contacting an accreditation or regulatory body and/or the AHIMA Professional Ethics Committee.



175

9.5. Consult with a colleague when feasible and assist the colleague in taking remedial action when there is direct knowledge of a health information management colleague’s incompetence or impairment.    Coding professionals shall not: 9.6. Participate in, condone, or be associated with dishonesty, fraud and abuse, or deception. A non-­exhaustive list of examples includes: ■■ Allowing inappropriate patterns of retrospective documentation to avoid suspension or increase reimbursement ■■ Assigning codes without supporting provider (physician or other qualified healthcare practitioner) documentation ■■ Coding when documentation does not justify the diagnoses and/or procedures that have been billed ■■ Coding an inappropriate level of service ■■ Miscoding to avoid conflict with others ■■ Adding, deleting, and altering health record documentation ■■ Copying and pasting another clinician’s documentation without identification of the original author and date ■■ Knowingly reporting incorrect present on admission indicator ■■ Knowingly reporting incorrect patient discharge status code ■■ Engaging in negligent coding practices 10. Protect the confidentiality of the health record at all times and refuse to access protected health information not required for coding-related activities (examples of coding-related activities include completion of code assignment, other health record data abstraction, coding audits, and educational purposes).    Coding professionals shall: 10.1. Protect all confidential information obtained in the course of professional service, including personal,

176

Chapter 6  Coding

health, financial, genetic, and outcome information. 10.2. Access only that information necessary to perform their duties. 11. Demonstrate behavior that ref lects integrity, shows a commitment to ethical and legal coding practices, and fosters trust in professional activities.    Coding professionals shall: 11.1. Act in an honest manner and bring honor to self, peers, and the profession. 11.2. Truthfully and accurately represent their credentials, professional education, and experience.



11.3. Demonstrate ethical principles and professional values in their actions to patients, employers, other members of the healthcare team, consumers, and other stakeholders served by the healthcare data they collect and report.

1

The Cooperating Parties are the American Health Information Management Association, A ­ merican Hospital Association, Centers for Medicare & ­Medicaid Services, and National Center for Health Statistics. Source: AHIMA House of Delegates. “AHIMA Standards of Ethical Coding.” (September 2008).



Ethical Decision-Making Matrices

177

Ethical Decision-Making Matrices Let’s now return to our three Scenarios, proceeding through the matrix to arrive at an ethical decision for each. Remember that the matrix is a tool, not a dictate, and these Scenarios may

have more than one “right” answer. Be sure to consider each step, and keep in mind that you must be able to support, justify, and stand by your decision and actions.

SCENARIO 6-A  Blood Loss Anemia Steps

Information

1. What is the question?

Should acute blood loss anemia be coded based on a clinically consistent picture but without a documented diagnosis?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have? Query the physician. This looks like blood loss anemia, but I’m not a physician.

3. What are the facts?

KNOWN ■■

■■ ■■

■■ ■■

■■

■■

■■

The laboratory values are consistent with anemia. The patient lost a lot of blood. The physician is monitoring the blood values closely. The patient received blood transfusions. Physician documentation does not contain a diagnosis of anemia, let alone blood loss anemia. Hospital payment will be affected depending on whether or not blood loss anemia is coded. ICD Official Guidelines for Coding and Reporting, as well as multiple coding directives issued by the Cooperating Parties for ICD, prohibit coders from making clinical judgments. AHIMA Standards for Ethical Coding direct the coder to query the physician if documentation is incomplete or ambiguous regarding a significant condition.

TO BE GATHERED ■■

■■

■■

■■

■■

Are the amount of blood lost and the lowered hemoglobin/hematocrit values inherent to the procedure? Did the monitoring indicate the physician was concerned, or was it routine? Were the blood transfusions a direct treatment for blood loss anemia, or are they expected with this type of procedure? Has this issue been dealt with before, via an internal coding guideline, for example? Is this physician usually responsive to queries?

(continued)

178

Chapter 6  Coding

SCENARIO 6-A  Blood Loss Anemia (continued ) 4. What are the values? Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

■■

■■

■■

The hospital has a legitimate interest in being appropriately compensated for the resources expended. Coders must understand their scope of expertise and not extend this beyond their purview. Coders code; only physicians diagnose. Orderly business practice requires that coders follow the established rules for clarifying documentation.

STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue. 5. What are my options?

■■ ■■ ■■

Code blood loss anemia and move on. Don’t code blood loss anemia and leave it at that. Query the physician or an appropriate alternate clinician.

6. What should I do?

Query the physician on the clinical significance of the laboratory values and treatment, given the clinical context. This must be done without “leading” the physician to a diagnosis of blood loss anemia, offering multiple options and always including the option to state that the laboratory values are not clinically significant.

7. What justifies my choice?

JUSTIFIED ■■

■■

■■

8. How can I prevent this problem?

■■

■■

NOT JUSTIFIED

Not querying places the hospital at a financial disadvantage, while coding blood loss anemia without querying violates both ethical standards and coding guidelines. Querying respects the physician’s primacy in clinical matters. The option of querying is the course of action sanctioned by coding guidelines.

■■

■■

Although querying will cause a delay in payment, this is not a valid reason for proceeding without a query. Even if the physician is not responsive, the attempt should still be made.

Involve Clinical Documentation Improvement staff to educate physicians to specifically document blood loss anemia as a diagnosis when present and clinically significant, and also to document when blood loss anemia is inherent in particular clinical contexts. Regularly reinforce coding guidelines with the coding staff.

The ethical decision-making matrix is a tool to help you organize complex, ethical problems; however, there is no simple fill-in-the-boxes approach to ethical decision-making. The objective is to follow each step and not move from the question directly to what should be done or how to prevent it next time. If you

skip steps, you will not fully understand all the values and options for action. Also, the matrix provided is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.



Ethical Decision-Making Matrices

179

SCENARIO 6-B  Thoracic Aortogram Steps

Information

1. What is the question?

Are you and the practice involved in a pattern of improper documentation, coding, and billing?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have? This makes me nervous. I don’t know enough about this clinically to make a judgment, but something doesn’t feel right here.

3. What are the facts?

KNOWN ■■

■■

■■

■■

■■

4. What are the values? Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

■■

■■ ■■ ■■

■■

There’s been a change in documentation practices regarding this procedure. Sudden and substantial changes in billed codes are often a red flag for external reviewers, so it’s likely that this will eventually draw additional scrutiny. If reviewers find this practice improper, you could be considered complicit in billing abuse. Physician payment is impacted by increased coding and billing for thoracic aortogram. Recoupment of payments for thoracic aortograms that the payer deems unnecessary or unsupported could dramatically impact the practice’s viability. AHIMA Standards for Ethical Coding do not allow coders to participate in or support documentation practices intended to inappropriately increase payment.

TO BE GATHERED ■■

■■

■■

■■

Has there actually been an increase in billing for thoracic aortograms, or does it just seem that way? Assuming there has truly been an increase in billing aortograms, was it deliberate—eg. due to improved documentation—or was it inadvertent, for example due to misuse of the template? Were true thoracic aortograms actually performed for these patients? Is there a clinical reason for performing a thoracic aortogram for all of these patients, including those whose problems are in their feet, anatomically distant from the thoracic aorta?

Fraud and abuse are serious charges that can irreparably destroy reputations and lives, even if found to be untrue. Whistleblowing takes a personal toll, even if allegations are found to be true. Taking part in improper billing, even if you do not instigate it, is plainly wrong. If thoracic aortograms are being performed unnecessarily, the patients are being exposed to an unnecessary procedure and additional risk. Additional payments that may not be appropriate are a burden on the healthcare system.

STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue. (continued)

180

Chapter 6  Coding

SCENARIO 6-B  Thoracic Aortogram (continued) 5. What are my options?

■■ ■■

■■ ■■ ■■ ■■

Do nothing and keep coding thoracic aortograms whenever documented. Speak informally to an unaffiliated radiologist to obtain a clinical perspective on the appropriateness of performing thoracic aortograms in these cases. Consult your colleagues on whether they have dealt with similar issues and what steps they took. Discuss your concerns with the head of the practice. Refer the matter to the compliance office along with data and examples. Contact the OIG with your concerns.

6. What should I do?

Several options are appropriate here and can be taken in sequence. Speak to the unaffiliated radiologist and learn if your concerns are clinically unfounded. Speak to your colleagues to learn from their experiences. If your concerns are validated, take this further, most likely to the compliance office. Document your actions at every step.

7. What justifies my choice?

JUSTIFIED ■■

■■

■■

■■

■■

8. How can I prevent this problem?

■■

■■

NOT JUSTIFIED

Patient health and safety may be compromised if aortograms are unnecessary. Doing nothing exposes you, your coworkers, and the practice itself to what could be serious legal risk. If your concerns are unfounded, you have the assurance that the issue was properly reviewed, in case external reviewers later raise questions. If your concerns are reasonable and you pursue the matter further, it will be because you have supported and validated them both clinically and from a compliance perspective. Referring the matter to the compliance office provides institutional support as well as a standardized method for pursuing what could be serious improprieties.

■■

■■

■■

Lack of clinical knowledge does not preclude you from seeking out others who have the necessary knowledge. If there is truly a problem here, claiming to simply be a cog in the wheel will not protect you from repercussions. Going directly to the head of the practice, particularly doing so alone, risks creating ill will and exposure without necessarily leading to resolution.

Together with the compliance office, work with the electronic medical record vendor to restructure the templates to make them less prone to inadvertent abuse. Hold an educational workshop with the physicians to review the proper use of the templates, audit risks and consequences, and legal environment.

The ethical decision-making matrix is a tool to help you organize complex, ethical problems; however, there is no simple fill-in-the-boxes approach to ethical decision-making. The objective is to follow each step and not move from the question directly to what should be done or how to prevent it next time. If you

skip steps, you will not fully understand all the values and options for action. Also, the matrix provided is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.



Ethical Decision-Making Matrices

181

SCENARIO 6-C  Revise the Analysis? Steps

Information

1. What is the question?

Should you alter the analysis?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have? My conclusions are valid. If the company’s product has genuine clinical value, it should be able to overcome initial payment problems.

3. What are the facts?

KNOWN ■■

■■

Your conclusions are well researched and well supported by the coding literature. The device provides a treatment for patients with few other options.

TO BE GATHERED ■■

■■

4. What are the values? Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

■■ ■■ ■■

■■

■■

Is there new information, from either a clinical perspective or a coding perspective,that might cause you to change your conclusions? Could loss of this client lead to significant lost income or loss of reputation for the consulting company that employs you?

Given that the device is its only product, the startup company’s viability could be at stake. Low payment may prevent a promising therapy from reaching patients who need help. You have an obligation not to mislead investors, as well as the major medical device manufacturer, by painting an overly rosy picture. You also have an obligation to the client to make clear their level of risk and exposure, whether it is welcome or not. Your professional integrity is being tested. Are you for hire, or are you for sale?

STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue 5. What are my options?

■■

■■

■■ ■■

■■

6. What should I do?

Review the coding literature for new guidelines that have been released since the initial analysis, to see if any changes to the analysis are in fact warranted. Change the report to soft-pedal the negative aspects of the initial analysis and find alternate codes. Decline to change the analysis, and explain your reasons for doing so. Invite the company to put the matter to another consultant, to compare the recommendations and the basis for them. Alert the company to other possible avenues for additional payment related to new technology and costly devices.

Review the coding literature for recent changes as a matter of course, to verify that your conclusions remain valid. Assuming they do, hold your ground and explain why. Be open to and welcome a second analysis by another professional colleague, as it tests your confidence in your own conclusions and may well serve to validate your analysis. Certainly, encourage and assist the company in pursuing possibilities for additional payment. (continued)

182

Chapter 6  Coding

SCENARIO 6-C  Revise the Analysis? (continued) 7. What justifies my choice?

■■

■■

■■

■■

8. How can I prevent this problem?

NOT JUSTIFIED

JUSTIFIED

■■

■■

Your professional integrity and reputation will be diminished by altering the analysis without a credible reason to do so, and this may compromise you in the future. Investment is known to be a high-risk activity, and the investors assumed that risk. Changing the analysis exposes you to legal risk for encouraging inaccurate codes. The company will have to focus on proving the product clinically while working toward payment solutions, such as creation of new codes or reassignment of the existing codes to a higher-level DRG.

■■

■■

Loss of this business may hurt, but this is not the kind of business you would want to deal with anyway. You cannot control what the CEO of the company chooses to share with the investors, but you do control the accuracy of your work.

When first dealing with potential clients, make clear up front that your recommendations are made impartially based on knowledge, experience, and research, and not on the possible commercial implications. Refuse to work with clients whose objective is for you to justify favorable codes rather than make a determination on accurate codes.

The ethical decision-making matrix is a tool to help you organize complex, ethical problems; however, there is no simple fill-in-the-boxes approach to ethical decision-making. The objective is to follow each step and not move from the question directly to what should be done or how to prevent it next time. If you

skip steps, you will not fully understand all the values and options for action. Also, the matrix provided is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

CHAPTER 7

Quality Management

© kentoh/Shutterstock

Patrice L. Spath, MA, RHIT Fameka B. Leonard, RN, MSN

Learning Objectives

Scenario 7-A  Inaccurate Publicly Reported Performance Data

After completing this chapter, the reader should be able to: ■■

■■

■■

■■

Identify the common ethical issues in healthcare quality management (QM). Identify the ethical issues confronting professionals involved in QM activities. Identify the professional and organizational standards of behavior and personal values that influence the ethical decisions of professionals involved in QM activities. Identify common responses to ethical issues that may be presented to professionals who are involved in QM activities.

You work as the quality director in the corporate office of a for-profit home healthcare company. One day you notice that the company’s patient care performance data posted on its website are inaccurate. The data make the organization’s performance quality look better than it actually is. You ask the chief executive officer (CEO) about the data, and she says, “I’m aware of the discrepancies, but we don’t want the public to lose faith in us.” Questions 1. How do you respond to the CEO?

Introduction Today’s rapidly changing healthcare environment is creating new ethical issues for healthcare professionals who have quality management responsibilities. Rising costs, scarce resources, the hierarchical nature of healthcare organizations, and conflicting values are introducing both challenges and opportunities into the workplace. This chapter draws on current literature and case studies depicting typical ethical dilemmas faced by healthcare professionals involved in quality management activities. The scenarios and the standards for ethical decision making explored in this chapter are intended to help professionals sort out the ethical issues that they may have to deal with during the performance of quality management activities.

2. What is your most ethical course of action?

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter.

Quality Management

183

Healthcare organizations have long been involved in quality management activities aimed at improving the quality and safety of patient care services. To support these activities, data are gathered to measure performance. The

184

Chapter 7   Quality Management

measurement results are reported and analyzed to identify improvement opportunities. Projects are carried out for the purpose of achieving everbetter quality and patient safety. Historically, a variety of professionals have helped support and advance healthcare quality and patient safety. In the 1850s Florence Nightingale, considered the founder of modern nursing, gathered and reported data on hospital sanitation practices that led to improvements and reductions in patient mortality (Rehmeyer, 2008). The Florence Nightingale Pledge, developed in 1893, is the basis for the current code of ethics for many healthcare professions (American Nurses Association, n.d., para. 1): I solemnly pledge myself before God and in the presence of this assembly, to pass my life in purity and to practice my profession faithfully. I will abstain from whatever is deleterious and mischievous, and will not take or knowingly administer any harmful drug. I will do all in my power to maintain and elevate the standard of my profession, and will hold in confidence all personal matters committed to my keeping and all family affairs coming to my knowledge in the practice of my calling. With loyalty will I endeavor to aid the physician in his work, and devote myself to the welfare of those committed to my care. Florence Nightingale Pledge, created in 1893 by a committee led by Lystra Gretter.

This statement, written more than 100 years ago, contains many professional standards that are still operational today: taking a pledge to act ethically, being faithful to a professional code of conduct, abstaining from inappropriate behaviors such as drug abuse, maintaining patient confidentiality, being loyal to professional colleagues, and putting patient welfare first. Often called the father of modern medicine, William Osler, M.D., championed physician performance review and improvement during his tenure as a clinician and professor of medicine at Johns Hopkins University from 1889 to 1905. When speaking to the medical community in New Haven, Osler suggested medical societies “should represent a clearinghouse

in which every physician . . . would receive his intellectual rating, and in which he could find out his professional assets and liabilities” (Osler, 1903). Osler’s professional and personal ethics are best summed up by what he espoused as one of his personal ideals: “Act the Golden Rule (do unto others as you would like to have done unto you) toward my professional brethren and the patients committed to my care” (Millard, 2011). In the 1940s, medical record librarians routinely served on hospital medical staff committees charged with reviewing the quality of record documentation (Seltze, 1948). Record librarians helped select cases for morbidity and mortality reviews, analyzed records for completeness, and provided regular reports on the number of incomplete or inadequate records (Hill, 1948). It appears that little was written in the earlier years of the profession about the ethical decisions that may have been required of health information management (HIM) professionals involved in QM activities; however, in 1946 Eleanor F. Hull, medical record librarian at Fullerton Hospital in Fullerton, California, wrote, “To work with our doctors . . . requires a person who by study and thought keeps herself in touch with changing times; a person of kindness and culture, sympathetic and honest, courteous and honorable” (Hull, 1946, p. 76). These same personal and professional traits are just as important today as HIM professionals collaborate with all caregivers to advance quality and patient safety improvement efforts (AHIMA Task Force on Healthcare Quality and Patient Safety, 2011). Healthcare organizations have legal, regulatory, and social responsibilities to provide high-quality patient care services and prevent unintended harm. To fulfill these responsibilities, they have implemented a wide range of QM activities that are much more comprehensive than the review functions supported by nurses, physicians, and HIM professionals in the past. Today, QM activities encompass a wide variety of functions, including institution and medical staff performance monitoring and evaluation activities, utilization management, risk management, infection control, and patient safety improvement. In addition, people with a wide variety of professional backgrounds are employed in QM positions at all levels in healthcare organizations.

QM professionals are anyone supporting or directly involved in the organization’s various QM activities. Sometimes their responsibilities are limited to data collection and reporting, but in many instances they are intimately involved in the design of performance measurement studies, initiation of improvement activities, development of risk reduction strategies, interaction with external regulatory and accreditation groups, and/or physician credentialing and peer review activities. Caregivers rely on the expertise of QM professionals and others to assist them in judging the quality of patient care and the competence of people providing that care. A number of recent changes in the healthcare industry are challenging the traditional values of nurses, physicians, HIM professionals, and other people involved in quality and patient safety management activities. Alterations in healthcare delivery configurations and reimbursement systems, increased litigation, and greater quality and price transparency have affected QM and have created an environment that is ripe for ethical dilemmas. An ethical dilemma occurs when a person must decide whether to do something that, although beneficial to him or her or the organization, may be considered unethical. Ethical dilemmas require an ethical decision-making process, which involves investigating the facts involved, considering the values of the several stakeholders that might be part of the problem and/or the solution, investigating ethical and unethical choices, and considering prevention options for the future (Glover, 2006, pp. 35–38). Ethical questions surrounding these QM activities have become more difficult as the complexity and competitiveness of healthcare services have increased. This chapter describes the common QM ethical issues that healthcare organizations face today. The professional standards, organizational rules of conduct, and personal values influencing ethical behavior for those involved in QM activities are presented.

Milestones that Created QM Ethical Questions With the passage of the Medicare law in 1965, a new source of revenue became immediately

Quality Management

185

available to healthcare organizations. Hospitals and skilled nursing facilities were required to have utilization review (UR) programs to ensure that Medicare dollars were spent only on medically necessary services. By the late 1970s, it became apparent that these UR programs were ineffective in controlling rising costs, largely because there was no financial incentive for organizations to limit the number of services provided to Medicare patients. The lack of monetary penalties for noncompliance created a “don’t ask, don’t tell” environment. In the late 1960s, the courts began to hold healthcare facilities accountable for the actions of practicing physicians, and by the early 1970s, healthcare organizations and individual physicians experienced an increased number of lawsuits and higher monetary awards to plaintiffs. Commonly referred to as the “medical malpractice crisis,” the events of the 1970s led to an increase in the secrecy surrounding peer review activities. Fear of litigation and the potential for misinterpretation of committee decisions by juries in malpractice cases caused some organizations to limit documentation of quality problems or to fabricate committee minutes. The 1980s brought yet another crisis to the healthcare industry, this time a financial one. In response to growing concerns about the rising cost of healthcare services, the Medicare prospective payment system (PPS) was implemented and private health plans enacted significant cost-control measures. At this same time, healthcare payers and regulators began in earnest to promote comparative measurement initiatives, many of which included public release of the results in report-card-style commentaries. One of the most significant public data releases occurred in 1986, when the Centers for Medicare and Medicaid Services (CMS) (formerly known as the Health Care Financing Administration) calculated the 1985 raw death rates for hospitalized Medicare patients and allowed hospital-specific information to be made public. Almost immediately, public releases of other types of provider-specific comparative performance measurement data increased, and consumers began to demand access to mortality and complication rates. Groups such as the

186

Chapter 7   Quality Management

Joint Commission on Accreditation of Healthcare Organizations (now known as The Joint Commission) and the National Committee for Quality Assurance (NCQA) started sharing organization-specific accreditation results with the public. Healthcare organizations were for the first time being asked to provide data that consumers could use to judge an organization’s performance. The Institute of Medicine’s December 1999 report, To Err Is Human, rekindled the public’s desire for provider-specific performance information (Kohn, Corrigan, & Donaldson, 1999). The report called for the establishment of a nationwide mandatory reporting system to gather information about adverse medical events that resulted in death or serious harm to a patient. In 2001 the new Patient Safety Standards of The Joint Commission expanded reporting expectations. Standard [RI.2.2] stated that “patients, and when appropriate, their families are informed about the outcomes of care, including unanticipated outcomes” (American Society for Healthcare Risk Management [ASHRM], 2001, p. 6). This disclosure was to be done by the responsible physician or his or her designee. These many demands for increased transparency changed the healthcare environment from “don’t ask, don’t tell” to “do ask . . . but we’re not sure if we want to tell.” The ethical dilemma of truth telling arises when healthcare organizations are asked to accurately report performance results, reveal accreditation deficiencies, report adverse patient events, or admit mistakes. Truthful reporting of this information might cause the organization to be financially penalized or be characterized as providing poor-quality patient care. The first decade of the 21st century brought many changes to health care that potentially created more truth-telling ethical dilemmas for QM professionals, such as public reporting of performance data and financial penalties for complications that develop during a patient’s hospital stay. Passage of the 2003 Medicare reform law created new financial pressures intended to increase public access to hospital performance data. Hospitals voluntarily reporting to CMS

the results of quality measures for heart attack, heart failure, and pneumonia began to receive a slightly larger increase in their Medicare reimbursement rates than hospitals choosing not to report their data. Today the CMS Hospital Inpatient Quality Reporting Program is still voluntary, but hospitals choosing not to report their quality data to CMS are subject to a 2 percent reduction in Medicare payments. Quality measure results are publicly available on the Hospital Compare website (www.hospitalcompare.hhs.gov). The Affordable Care Act of 2010 broadened the ability of CMS to use a hospital’s performance results to calculate its payment rates (CMS, 2012a). To ensure the data submitted by hospitals are accurate, CMS conducts validation studies that involve reviews of hospital medical records. In fiscal year 2014, records at a random sample of 400 hospitals were reviewed and up to 200 hospitals were selected for targeted reviews based on criteria such as abnormal data patterns or unusually large increases in their quality measurement scores (CMS, 2012a). Similar CMS performance measurement requirements, including publicly reported results and value-based purchasing initiatives, are under way in skilled nursing and renal dialysis facilities, home health, and ambulatory care. The Deficit Reduction Act of 2005 produced another reimbursement change affecting quality and patient safety activities. Medicare no longer allows higher payment for hospitalized patients with complications considered to be a hospitalacquired condition (HAC). An HAC is a condition that has been designated as one that “could reasonably have been prevented through the application of evidence-based guidelines” (CMS, 2014, para. 1). Three HAC examples are iatrogenic (illness caused by medical examination or treatment) pneumothorax with venous catheterization, diabetic ketoacidosis, and stage IV pressure ulcer. To help CMS identify HACs, hospitals are required to report whether the condition, such as diabetic ketoacidosis, was present on admission or developed during the patient’s hospitalization (CMS, 2012b). Private insurance plans have followed the lead of CMS with denial of additional payments to care for hospitalized patients who develop an HAC.



Ethical Issues Facing QM Professionals

Transitions Bring Ethical Challenges Economic tensions, downsizing, competition, and shifting social values are placing more demands on healthcare leaders. These forces may influence leaders to ask QM professionals to compromise their professional or personal ethics. QM professionals may face pressures to conceal information that could be potentially damaging to the organization, remain silent about quality-of-care concerns, falsify documentation or performance data, or underreport adverse patient incident data. As public and private payers demand more accountability and transparency, an organization’s leaders must set challenging performance expectations. Ethical conflicts can be particularly problematic when these organization-wide expectations are tied to executive performance bonuses or other employee benefits. The 2014 revelations of secret waiting lists in the Veterans Affairs (VA) Healthcare system highlight what can occur if the leaders’ performance expectations cannot easily be met. Rather than report patient wait times for appointments that were longer than required by VA leadership in Washington, DC, top management at some VA facilities may have instructed staff to falsify appointment requests to ensure that wait times stayed within the 14-day performance requirement (Bronstein & Griffin, 2014). Investigations into these charges revealed that VA leaders also failed to respond to employee complaints about other hazards to patient health and safety, such as improper patient scheduling and understaffing of medical facilities (Schwartz, 2014).

Scenario 7-B  Audit Results Indicate Inappropriate Health Care You work as the quality manager in a multispecialty clinic. A new physician joins the clinic. Within three months you discover several cases in which this physician’s practices appear inappropriate (e.g., ordering of unnecessary tests, failure to perform appropriate diagnostic studies, failure to use generally accepted

187

treatments). A few cases are so obvious that even a layperson would doubt the physician’s judgment. Nurses and clinical staff in the clinic are also talking about this physician’s questionable practices. You do two studies to substantiate the problems, and give the data to the administrator and the medical director. Both times, these people fail to take any action, saying that they don’t think the new physician is a problem. Questions 1. How do you proceed? Analyze the situation and propose your most ethical course of action. 2. Do other people in the clinic with concerns about the physician’s practices have a duty to act on their concerns?

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter. Some of the ethical questions facing QM professionals have no easy answers, especially when individuals must choose between continued employment and “standing firm” on ethical standards. People and organizations need to develop a standard to follow and possess the will to uphold it, an ongoing struggle for both. This struggle is evidenced by recent studies suggesting that hospitals aggressively pursuing programs to reduce surgical complications could experience a negative cash flow due to shorter hospital stays and fewer reimbursable services (Krupka, Sandberg, & Weeks, 2012; Eappen et al., 2013). Doing the right thing for patients may be the wrong thing for the financial health of the organization. The chapter ends with some specific actions that can be taken by QM professionals to enable ethical conduct in support of the organization’s QM activities.

Ethical Issues Facing QM Professionals QM professionals generally lack control over the ethical practices of people in positions of power in the organization. When suggestions

188

Chapter 7   Quality Management

made by the organization’s leaders or physicians appear to violate ethical professional or business conduct, QM professionals are placed in a difficult situation. Some of these conflicts can be extremely troublesome because of the potential for patient harm. For example, if the organization’s leaders consciously chose to overlook recurrent patient management mistakes made by an incompetent physician resulting in frequent infections following surgery or misreading of radiology reports, the QM professional may be faced with several questions: ■■

■■

■■

■■

■■

■■

■■

■■

What can I do other than repeatedly bringing the physician’s mistakes to the attention of administrative and medical staff leadership? Should I take the risk of being a whistleblower? What is my obligation to protect future patients from the physician’s incompetent behavior? Is it wrong for me to accept the leaders’ decision that nothing needs to be done about the problem? Will I be shunned by colleagues for bringing the physician’s behavior to the attention of the organization’s compliance officer or risk manager? Should I risk loss of my job or disciplinary action by discussing the issue directly with the organization’s governing board chair? What if the leaders can provide me with compelling and logical reasons for not taking any action, such as “This physician is well respected by his patients” or “This physician brings the most revenue to the hospital”? If I know about a situation that is unsafe for patients, am I bound by my professional standards to act, regardless of what the organization’s leaders might suggest?

Given the very real threats that may be associated with any action beyond continued collection and reporting of information about the physician’s mistakes to the organizations’ leaders, the QM professional could be faced with a profound ethical dilemma. Of course, there is always the option of leaving the problem behind by changing employers.

But this choice does not change the fact that future patients may be unnecessarily injured or killed by an incompetent physician. It is not an appropriate ethical choice to change employers without taking some definitive action to protect patient safety. QM professionals faced with such “life-or-death” ethical situations must consider their professional standards as well as their moral obligation to stop neglect or abuses that threaten the well-being of patients.

Scenario 7-C  Reporting HospitalAcquired Conditions You have been newly hired as the quality manager for the Finance and Information Services Division in a large hospital. One of your assignments is to work with the HIM department coders to ensure diagnosis and procedure codes are accurately assigned. When reviewing a detailed coding audit report, you notice that a number of patient records initially included codes indicating the patient had experienced a hospital-acquired condition (HAC). However, after the records were reviewed by the medical adviser for the HIM department, the HAC codes were changed or removed before the patient’s bill was submitted to Medicare for payment. You personally review the records in question and find that the patients did in fact experience an HAC (the conditions were not present on admission). By inaccurately reporting these conditions as being present on admission the hospital may have gotten a higher Medicare payment, and the hospital’s quality performance data to be publicly reported on the Medicare website will make the hospital look better than it should. All patients received the appropriate treatment for their hospitalacquired condition. Questions 1. Does the failure to report accurate information place the hospital in jeopardy? Do the rewards outweigh the risks?



Ethical Standards Affecting QM Activities

2. What safeguards could be put in place to prevent this situation from occurring in the future? 3. What are some of the ethical dilemmas that this situation presents? 4. Would your course of action be different if you were the hospital’s compliance officer?

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter.

Ethical Standards Affecting QM Activities Standards of conduct that define how QM professionals should behave are influenced by professional ethics, organizational values, and personal convictions about right and wrong. These principles will not always dictate a single ethically acceptable course of action. In some instances, professionals working in QM roles may be faced with conflicting messages. At times, a person’s desire to be honest may clash with the desire for a job. At other times, a person’s wish to act for the good of the patient must be balanced against the wishes of other stakeholders, such as the physician or facility administrator. When there is a conflict between ethical standards and values, a person should follow an ethical decision-making process to arrive at the best ethical decision.

Quality and Professional Ethics People who provide healthcare services have a legal, professional, and ethical duty to ensure the safety of patients—that is, the duty to protect healthcare recipients from being harmed by the effects of healthcare services. People working in health care are bound by legal standards and professional ethical principles to do whatever they can to promote a patient-safe environment. This may include taking action to safeguard patients when their health or welfare may be

189

adversely affected by the incompetent, unethical, illegal, or inappropriate practices of another person. The legal standards affecting various clinical disciplines are found in state medical licensure laws. Licensure is the process by which an agency of government grants permission to persons meeting predetermined qualifications to engage in a given occupation and/or to use a particular title. Licensure is conducted under a state board. Often, these boards include representatives from the respective profession who have been nominated or recommended by their state professional society/association and then appointed by the state governor. The legal precedent for medical licensure was begun by physicians as a way to raise the level of competence of physicians and lessen competition from other health providers (Derbyshire, 1969). Texas was the first state to pass a physician licensure law in 1873, and by the end of the 19th century all states had medical licensure laws. The nursing profession soon followed the lead of physicians, and by 1923 every state had a nurse registration act (Lesnik & Anderson, 1947). Since that time, several clinical disciplines, such as physical therapists and pharmacists, have established state licensure requirements. State licensure laws for medical occupations are intended to protect the health, safety, and welfare of the public by ensuring that only competent individuals are permitted to practice within the state. Regulation of medical professionals is viewed as being in the public interest—something that benefits society in general, not just the members of the profession. State medical licensure laws contain a legal definition of the profession and scope of practice. Although state regulations do not contain ethical codes, the regulations do define what is considered inappropriate professional behavior. For example, the Texas statutes regulating the practice of professional nursing state that a nurse may be subject to denial of license or disciplinary action for “failure to care adequately for a patient or conform to the minimum standards of acceptable nursing practices in a manner that, in the board’s opinion, exposes a patient or other person unnecessarily to risk of harm” (Texas Board of Nursing, 2013, p. 35). In addition, the Texas statute requires that any nurse

190

Chapter 7   Quality Management

failing to adequately care for a patient should be reported to the nursing board by other nurses or the healthcare facility where he or she works. Similar statements are found in the state licensure laws governing all medical professions. It is clear that people holding a license that allows them to be employed in a medical occupation are expected to act in a manner that does not jeopardize patient safety and help to ensure others in their profession act in a similar manner.

■■

Code of Ethics Specific ethical principles that influence the actions of healthcare professionals involved in QM activities are found in the code of ethics statements of the associations to which people belong. The ethical codes of several of these organizations are summarized below. ■■

■■

■■

The Code of Ethics for the National Association of Healthcare Quality (NAHQ, 2013) states that QM professionals will inform employers or clients of possible positive and negative outcomes of management decisions in an effort to facilitate informed decision making. The NAHQ Code of Ethics also states that QM professionals must adhere to the standards of practice for healthcare professionals, which include a primary commitment to the health, wellbeing, and safety of patients. Members of the American Society for Healthcare Risk Management (ASHRM) are expected to adhere to a code of professional ethics and conduct that states that risk management professionals should enhance the overall quality of life, dignity, safety, and well-being of every individual needing health care (ASHRM, 2013). In addition, risk managers are expected to “communicate honestly and factually with patients and their families, as well as colleagues and others” (ASHRM, 2013, p. 1). QM professionals belonging to the American Society for Quality (ASQ) are expected to “hold paramount the safety, health, and welfare of the public in the performance of their professional duties” (ASQ,  n.d., para.  2). This organization represents

quality professionals from many industries. Thus, protecting the public welfare means something different to a QM professional working in the automotive industry versus one working in a healthcare facility. Although the intent of the ASQ Code of Ethics is honorable, the terminology found in the code may not always apply to the healthcare environment. Members of the Healthcare Compliance Association (HCCA) are bound by a code of ethics that emphasizes the professional’s obligations to the public, including specific recommendations covering ethical conflicts involving employer decisions. According to the code (HCCA, n.d., p. 3): If, in the course of their work, healthcare compliance professionals become aware of any decision by their employing organization which, if implemented, would constitute misconduct, adversely affect the health of patients, residents, or clients, or defraud the system, the professional shall: (a) refuse to consent to the decision; (b) escalate to the highest governing authority, as appropriate; (c) if serious issues remain unresolved after exercising “a” and “b”, consider resignation; and (d) report the decision to public officials when required by law.

■■

The ethical integrity of American Health Information Management Association (AHIMA) members is guided by the AHIMA Professional Code of Ethics, although this code does not specifically mention the duty to protect patients from harm. It does state that HIM professionals should put service and the health and welfare of persons before self-interests, which implies that protecting patients from harm is an ethical principle for AHIMA members (AHIMA, 2011). The AHIMA Code of Ethics does have a statement related to performance measurement activities, indicating that HIM professionals should not hide or ignore review outcomes.



Ethical Standards Affecting QM Activities ■■

The Code of Professional Conduct of the National Association of Medical Staff Services (NAMSS) requires its members to protect the “safety of patients and other members of the health care team through credentialing processes that meet industry standards and understanding of regulatory requirements” (NAMSS, 2014, para. 4). Medical staff service professionals credentialed by NAMSS are expected to “safeguard the public and to promote quality patient care through the support of the health care organization and its functions” (NAMSS, 2014, para. 5).

In 2013 the World Health Organization (WHO) published ethical decision-making guidance for people involved in patient safety research. This paper combined the expertise of research ethics specialists and patient safety and quality improvement authorities from around the world. Although much of the report focuses on ethical issues involving formal research studies, it does address a situation that could be faced by any QM professional—while gathering data from a patient’s record, the reviewer discovers a potentially harmful adverse event. According to the WHO report, if the reviewer has “sufficient expertise and experience to interpret the situation appropriately,” then he or she has “a duty to intervene” if all of the following criteria are present (WHO, 2013, p. 27): ■■

■■

■■

■■

There is a high probability an incident has occurred; Intervening could reverse some of the negative medical effects of the incident; Nothing suggests that an intervention has already occurred in response to the (potential) incident; Severe or irreversible harm to the patient is likely without intervention.

The report also suggests that staff lacking sufficient expertise and experience to interpret the situation should “seek advice from more experienced professionals” (p. 27).

Organizational Values The QM professional is bound by professional standards and by employers’ values and ethical

191

principles. In many organizations, these values and principles are found in written standards of conduct. Virtually every healthcare organization has an ethics code of behavior and some type of code of conduct. This became more common after The Joint Commission issued new leadership standards in 2009 requiring management of disruptive behaviors. Disruptive behavior encompasses any action that might reasonably be construed by others as destructive or abusive to individuals, to health professional relationships in the organization, or to operations (Governance Institute, 2009). In addition to a statement that disruptive behavior is not tolerated, the code of conduct often includes definitions and examples of unacceptable behavior, potential consequences, method of reporting, and a statement that the organization will not retaliate against employees who make good faith reports regarding potential violations of laws, regulations, or policies.

Scenario 7-D  Disclosure of an Unanticipated Outcome You are the risk manager in a community hospital. You receive an incident report of a retained foreign object discovered during surgery. The patient in question has had multiple admissions and surgeries at your hospital following a motor vehicle accident in which he was left paralyzed from the waist down. The patient has a long-standing relationship with his surgeon and trusts him highly. The incident report completed by one of the operating room (OR) assisting nurses indicates that at the start of the patient’s most recent surgery for abdominal adhesions the surgeon found a sponge in the patient’s abdomen—a sponge that could only have been inadvertently left there during a previous surgery, because nothing like it is currently being used in the OR. In accordance with the hospital policy governing disclosure of mistakes to patients, you interview the surgeon to determine whether the patient

192

Chapter 7   Quality Management

had been told about the retained foreign object (the sponge) that occurred during his previous surgery. The surgeon states that he does not believe the patient should know because the problem is fixed and there is no need to upset the patient. The surgeon’s rationale for not telling the patient is inconsistent with the hospital’s disclosure policy, which supports the honest disclosure of medical errors to patients and their families. Questions 1. What ethical dilemmas may you be facing in this situation? 2. What if the retained foreign object had not caused any harm to the patient? Would it be ethical to withhold the information from the patient? 3. What if you are aware of other cases in your hospital when patients were not informed of medical mistakes? Would it be ethical to withhold information from this patient also? 4. Would your course of action be different if the surgeon had not been the patient’s longtime doctor?

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter. Generally, the rules of conduct found in healthcare organizations address ethical issues in the care and treatment of patients, marketing, admission, transfer, discharge, billing practices, and relationships with other providers and groups. The ethical value statements of most healthcare facilities include a declaration of the organization’s commitment to quality and/or patient safety. For example, the code of conduct for HCA-The Healthcare Company (2014) states that the organization is committed to providing patients with “quality care that is sensitive, compassionate, promptly delivered, and cost effective” (p. 4).

The public health department (PHD) of the county of Santa Barbara, California, states it is “committed to preventing, detecting, and correcting any improper or unethical conduct or conduct that does not conform to federal and state law, payor program requirements and PHD’s business practices” (Santa Barbara County, 2013, para. 1). The PHD code of conduct policies cover QM-related activities, such as meeting medical necessity/quality of care requirements, billings, mandatory reporting, and clinician credentialing. The fact that organizations have a code of conduct may have little effect on whether or not employees adhere to it. For instance, in most healthcare organizations, allowing a known impaired professional to continue to care for patients is not permitted, yet studies have shown that only 37 percent of nurses who work with a colleague suspected of being impaired due to drug or alcohol abuse will report that concern to supervisors (Kunyk & Austin, 2010).

Personal Convictions Personal moral beliefs also influence ethical decision making during the performance of QM activities. Most people have convictions about what is right and wrong that are based on religious beliefs, cultural roots, family background, and personal experiences. These personal beliefs influence people’s choices when they decide how to act when presented with an ethical question. Rarely do professional ethical standards and organizational codes of ethics conflict with a person’s core beliefs or values. It seems unlikely that a person would choose a profession or work for an employer that had ethical standards in conflict with his or her personal values. However, the QM professional may face new ethical dilemmas if the circumstances change. For example, the quality director in an outpatient clinic may personally disagree with a newly hired doctor who chooses to perform abortions. If the person’s core beliefs or values cause him or her to disagree with the universal ethical principles held by the profession or the employer, it may be time to change occupations.



Moral Courage Regardless of the professional code of ethics and ethical principles a QM professional may be bound by, there could be times when doing the right thing requires moral courage. Individuals with moral courage act on their ethical values even in the face of adversity or personal risk (Murray, 2010). Moral courage can be seen in a risk manager (described in Scenario 6–D), who, when under pressure to accept the surgeon’s rationale for not disclosing important information to a patient, refers the situation to the medical staff president rather than remain silent. In a 2010 ethics survey of more than 10,000 U.S. physicians, just slightly more than 5 percent of the respondents answered “Yes” or “It depends” to the question “Are there times when it’s acceptable to cover up or avoid revealing a mistake if that mistake would potentially or likely harm the patient?” (Medscape, 2010). QM professionals employed by these respondents might face pressure to act in ways that conflict with their ethical principles. More than half of 1,700 hospital workers surveyed in 2004 reported having “occasionally witnessed broken rules, mistakes, lack of support, incompetence, poor teamwork, disrespect, and micromanagement. Many had seen some of their colleagues cutting corners, making mistakes, and demonstrating serious incompetence. However, fewer than one in ten fully discussed their concerns with their coworkers or their boss” (Maxfield, Grenny, McMillan, Patterson, & Switzler, 2005, p. 3). QM professionals working in facilities where reporting of quality concerns is the exception rather than the rule might feel compelled to go along with the prevailing culture. Lack of concern by colleagues who do not have the moral courage to take action is a known barrier to morally courageous behavior (Lachman, Murray, Iseminger, & Ganske, 2012). Ideally, healthcare organizations support the importance of following ethical principles and create an expectation that morally courageous behavior will occur when personnel face ethical dilemmas that threaten deeply held values pertinent to the work environment (Purtilo, 2000).

Making Ethical Decisions

193

Scenario 7-E  Failure to Check Physician’s Licensure Status You work as a medical staff coordinator at a 100-bed community hospital. The one neurologist you have on staff, Dr. Robbins, has to leave town expectedly to care for his ailing mother. He hires a part-time neurologist to cover for him until he returns. The medical staff president requests that you expedite the new neurologist’s appointment to the medical staff, saying that one way to do this is to forgo checking the physician’s current licensure status. He also tells you not to bother checking the National Practitioner Data Bank because “Dr. Robbins personally assured me that his replacement hasn’t had any lawsuits and that he is a competent practitioner.” The medical staff president suggests that you indicate on the application that these steps were done even when they were not. “Besides,” he says, “Dr. Robbins’s replacement is only going to be seeing patients at the hospital for a short time.” Questions 1. What is the best for patients? 2. What is best for the hospital? 3. What is best for the organized medical staff? 4. What is your next course of action?

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter.

Making Ethical Decisions Every action has implications or consequences. When faced with an ethical decision, people have an obligation to consider the implications of their decision. But knowing the implications and being committed to act ethically is not always enough, especially when unnecessary

194

Chapter 7   Quality Management

harm to the patient or oneself may be one of the consequences. The process of ethical decision making requires that QM professionals perceive the ethical implications of decisions, evaluate the facts, and then select the best choice without unduly harming other people. In some instances, professionals involved in QM activities have a narrow scope of responsibility, and their authority is limited. However, the ethical person must be concerned with what is right to do, not with what he or she has a right to do. The code of ethics of most professional organizations implies that QM professionals have an obligation to protect the health and welfare of patients, although it is not always specifically stated. All healthcare professionals involved in QM activities, regardless of their professional license or credential, are ethically obligated to apply their knowledge in ways that benefit society. When there are competing values, QM professionals must ask what impact their decision will have on the quality of care for patients.

QM Situations Raising Ethical Questions The healthcare environment is changing rapidly. Organizational pressures to share performance data with the public and maintain high marks on regulatory/accreditation surveys and performance reviews are testing the “truth-telling” ethics of QM professionals. Increasing economic constraints and societal issues such as physician-assisted suicide are likely to challenge “patient-protection” ethics. What appeared yesterday to be a clear-cut decision could easily become a situation in which people are being asked to compromise their professional integrity by supporting a potentially unethical leadership decision. People involved in QM activities must be alert to the insidious changes that are occurring in the healthcare environment and society; otherwise, they may not rightfully view some situations as being ethical dilemmas. It is quite likely that QM professionals will be facing more “tough calls” in the future. That is why it is important to explore the issue of ethical decision making in the performance of QM activities. To aid in this discussion, this chapter has

presented a variety of ethical decision-making scenarios. Completed decision-making matrices for each scenario appear at the end of the chapter. The alternatives, rationale, and probable consequences are located at the end of this chapter. Further analysis of all these situations can be facilitated by the following discussion questions. Such analysis will help QM professionals to be more sensitive to their ethical roles in the performance of QM functions. It will also improve decision-making capabilities in the presence of ethical dilemmas and help clarify what someone “ought” to do if confronted with similar situations. 1. What precisely must be decided by the QM professional in this scenario? 2. Are any of the listed alternatives clearly impractical, illegal, or improper? If so, eliminate the action as a choice. 3. Do any of the listed alternatives require the sacrifice of any ethical principle? 4. Is the full range of ethically justifiable actions listed? If not, add additional actions, with a rationale and with consequences that are likely to occur if the action is taken. 5. Do the consequences of the alternatives appear plausible? Are the consequences likely to occur? What other consequences might happen? 6. Is there a statement in the relevant professional code of ethics that provides some guidance for the decision maker in this situation? 7. Is there a statement in the ethical codes of quality-related organizations that provides some guidance for the decision maker in this situation? 8. What do you consider the best course of action? After choosing the best course of action, see if you answer “yes” to each of the following questions: ■■ If you take this action, are you treating others as you would want to be treated? ■■ Would you be comfortable if your reasoning and decision were made public? ■■ Are you practicing what is preached by the ethical standards of your profession?



Enabling Ethical Conduct

Enabling Ethical Conduct Ethics can sometimes seem very abstract and hypothetical. It may be viewed as something that is nice to think about when time permits, but that may be pretty far down the list when there are important things to be done. Nevertheless, when you cut through all the theory, making ethical decisions is really about what QM professionals do. The profession must constantly seek out ways of encouraging and enabling its members to follow their good intentions in the complex and sometimes contradictory healthcare environment. Likewise, organizations that employ individuals for QM duties must foster a working environment and culture that enable these excellent and knowledgeable individuals to practice ethically.

Role of the Profession Quality improvement applies to all people who are involved in the delivery of health care, not just licensed clinical professionals. QM professionals have a duty to improve the quality of patient care and protect the public from physical or emotional harm. For instance: ■■

■■

■■

■■

■■

■■

Coding specialists are obligated to report patient care practices that vary from accepted guidelines when they are discovered during the review of patient records. Data analysts are responsible for taking action when inaccurate patient record entries, which could compromise patient outcomes, are found. Patient safety managers have an ethical duty to do something when it is discovered that patients’ abnormal diagnostic reports are not reviewed by clinic physicians in a timely manner. Risk managers should report hazardous conditions that could cause patients or employees to be injured. Senior executives are responsible for protecting patients from an incompetent practitioner. Informatics specialists who support electronic health record systems can and should help to protect patient safety.

195

The culture of ethics must be ingrained into professional training and advanced through organization membership. This culture of ethics should be instilled right from the start, with professionals receiving ethics training in their basic educational preparation. Most business schools now offer special courses in business ethics, and ethics education is a regular part of the training of clinical practitioners. Educational training programs for nurses strongly emphasize ethics instruction (Lang, 2007). Ethics education is also part of the core curriculum for HIM programs at all academic levels accredited by the Commission on Accreditation for Health Informatics and Information Management Education (CAHIIM). In health systems offering leadership development opportunities, managerial ethics is one of the commonly taught leadership skills (McAlearney, 2008). After the practitioner enters the workplace, professional groups must continue to emphasize the importance of ethical principles. Associations can promote ethics in a number of ways. For instance, the members of the ASQ receive a copy of the ASQ Code of Ethics with their annual membership renewal. The ASQ code is published periodically in society journals, is available on the society’s website, and is included in every certification and recertification package. The National Society of Professional Engineers (NSPE) regularly publishes case situations that raise ethical questions common to engineering practice and research. The Board of Ethical Review of the NSPE describes the ethical issues involved in each case, and the board offers an opinion on whether the action of the engineer complied with the NSPE Code of Ethics (NSPE, 2014). In the healthcare industry, associations representing physicians, nurses, and other clinical professionals routinely support ethics research and training. The healthcare professions also use many of the same techniques used to promote ethics in private industry. For example, during the development of the 2011 AHIMA Code of Ethics, efforts were already under way to create membership awareness and ethics training initiatives. At national and state conferences, AHIMA members openly discuss some of the “tough calls” facing HIM professionals. The

196

Chapter 7   Quality Management

American Nurses Association Center for Ethics and Human Rights (http://www.nursingworld. org/ethics) provides resources for nurses to assist them in addressing ethical challenges involving the quality of care provided to patients and families. All professional associations whose members are involved in QM activities can, and should, be promoting a culture of ethics and patient care quality within their membership.

Role of the Employer Professional ethics and personal integrity require explicit attention from the profession as well as the organizations that employ QM professionals. The organization’s code of conduct sets forth what is expected of employees and, in turn, what they can expect from the organization. Many healthcare organizations have an ethics officer, ombudsperson, or ethics committee to whom QM professionals can turn to for advice when confronted with an ethical dilemma involving patient care. Organizational ethical questions are often directed to the risk manager or compliance officer. However, if the senior leaders lack a commitment to ethical conduct, it can be challenging for QM professionals to function effectively. Recent data from the Veterans Health Administration suggests that VA facilities experiencing significant problems related to patient safety also scored low in staff perceptions of overall ethics quality in the organization (Fox, 2013).

Conclusion An ethical dilemma occurs when key factors within a situation lead to different decisions and each of the decisions is equally valid. The situations presented this chapter’s case scenarios represent ethical dilemmas because no one action for any of the cases is the clear correct choice. If faced with an ethical dilemma, QM professionals must consider the positive and negative consequences connected with each possible action. Consider who will be helped by what you do. Who will be hurt? What kind of benefits

and harms are involved? Some “goods” (like preventing patient injuries) are more valuable than others (like a pay raise for good performance). Consider the effect of the actions over the long term as well as the short term. Hiding the fact that an adverse event harmed a patient may bring short-term gains (continued accreditation), but over the long term, patients may be hurt if problem-prone patient care processes are not fixed. Once you have narrowed the list of possible actions down to two or three, it is time to consider the actions themselves. How do they measure up against the ethical principles of your profession and the values of your employer? Do any of the actions “cross the line” in terms of simple decency? If there is a conflict between ethical principles and the rights of patients, what action is least problematic for all stakeholders? In 1946, Eleanor Hull wrote about how important it was for HIM professionals to be honest and honorable in their dealings with physicians. In the same article, she also wrote about loyalty. According to Ms. Hull, the record librarian “must have the loyalty to see that the rules of the staff and the administrator are carried out, but not the blind loyalty which will not permit her to suggest changes when they are needed” (Hull, 1946, p. 75). This premise holds true today for everyone involved in QM activities. QM professionals are obligated to act when quality or patient safety is threatened by the decisions or actions of an individual or an organization. Saying “It’s not my job” is something that Florence Nightingale, Dr. William Osler, and Ms. Hull would not have done, and it should not be the QM professional’s response today. In the performance of healthcare QM activities, those involved may have to balance economic, professional, and social pressures and select the best alternative. Although there may be several ethical responses to a situation, all are not equal. Making ethical choices is complex because in many circumstances there is a multitude of competing interests and values. Often the decision maker must prioritize competing standards and values and choose the right thing to do. Because most people’s decisions are based on imperfect information and “best guess” predictions, it is inevitable that some ethical choices

References 197

will be wrong. Occasionally, decisions will fail to produce the intended consequences or will produce unforeseen results. Remember, ethical practice is not just “doing the right thing.” It is an ongoing personal effort to develop and strengthen problem-solving and ethical decision-making skills.

■■

KEY TERMS Adverse event Certification Compliance officer Disclosure Disruptive behavior Ethical dilemma Guidelines Hospital-acquired condition (HAC) Iatrogenic License Licensure Moral courage Outcome Patient safety Peer review Performance measurement Quality Quality improvement Quality management (QM) Risk management Utilization management Whistleblower

CHAPTER SUMMARY ■■

■■

Economic tensions, downsizing, competition, and shifting social values that are placing more demands on healthcare leaders may influence those leaders to ask people involved in QM functions to compromise their professional or personal ethics in order to get the job done. QM professionals may face pressures to conceal information that could be potentially damaging to the organization, remain silent about qualityof-care concerns, falsify documentation, or underreport adverse patient outcome data. QM professionals faced with such ethical dilemmas must consider their professional

■■

■■

■■

standards as well as their moral obligation to stop neglect or abuses that threaten the well-being of patients. The ethical codes of most healthcare associations representing people involved in QM activities (NAHQ, ASHRM, ASQ, HCCA, AHIMA, NAMSS) do not explicitly address the subject of patient protection. However, a commitment to quality of patient care is implied in all of these codes. The process of ethical decision making requires that QM professionals perceive the ethical implications of decisions, evaluate the facts, and then select the best choice without unduly harming other people. When there are competing values, QM professionals must ask what impact their decision will have on patients’ quality of care. In some instances, professionals involved in QM activities have a narrow scope of responsibilities, and their authority is limited. However, the ethical person must be concerned with the right thing to do, not with what he or she has a right to do. In all instances in which patient safety is threatened by the decisions or actions of an individual or an organization, the QM professional is obligated to act. Within organizations, QM professionals may seek advice regarding ethical decision making from various sources, including an ethics committee and compliance officer. In some instances, particularly difficult situations involving quality of care or patient safety may require the QM professional to have the moral courage to speak up.

REFERENCES AHIMA Task Force on Healthcare Quality and Patient Safety. (2011). Practice brief: HIM functions in healthcare quality and patient safety. JAHIMA, 82(8), 42–45. American Health Information Management Association [AHIMA]. (2011). AHIMA code of ethics. Chicago: Author. Retrieved June 2014 from http://library.ahima.org/xpedio/groups/ p u b l i c / d o c u m e n t s / a h i m a / b o k 1 _ 0 2 4 2 7 7. hcsp?dDocName=bok1_024277. American Nurses Association. (n.d.). Florence Nightingale pledge. Retrieved June 2014 from http://

198

Chapter 7   Quality Management

nursingworld.org/FunctionalMenuCategories/ AboutANA/WhereWeComeFrom/FlorenceNightingalePledge.aspx. American Society for Healthcare Risk Management [ASHRM]. (2001). Perspective on disclosure of unanticipated outcome information. Chicago, IL: Author. American Society for Healthcare Risk Management [ASHRM]. (2013). Healthcare risk management code of professional conduct. Retrieved June 2014 from http:// www.ashrm.org/ashrm/about/governance/files/ Code_of_Conduct_2013.pdf. American Society for Quality [ASQ]. (n.d.). Who we are: Code of ethics. Retrieved June 2014 from http://asq. org/about-asq/who-we-are/ethics.html. Bronstein, S., & Griffin, D. (2014, May 1). A fatal wait: Veterans languish and die on a VA hospital’s secret list. CNN.com. Retrieved May 2014 from http://edition.cnn.com/2014/04/23/health/ veterans-dying-health-care-delays/. Centers for Medicare and Medicaid Services (CMS). (2012a, August 1). Fact sheet: CMS makes changes to improve quality of care during hospital inpatient stays. Retrieved May 2014 from http://www.cms.gov/ apps/media/press/factsheet.asp?Counter=4422. Centers for Medicare and Medicaid Services. (2012b, October). Fact sheet: Hospital-acquired conditions (HAC) in acute inpatient prospective payment system (IPPS) hospitals. Retrieved May 2014 from http://www.cms. gov/Medicare/Medicare-Fee-for-Service-Payment/ HospitalAcqCond/downloads/HACFactSheet.pdf. Centers for Medicare and Medicaid Services (CMS). (2014, February 2). Hospital acquired conditions (present on admission indicator). Retrieved May 2014 from http://www.cms.gov/Medicare/MedicareFee-for-Service-Payment/HospitalAcqCond/index. html?redirect=/HospitalAcqCond. Derbyshire, R. (1969). Medical licensure and discipline in the United States. Baltimore, MD: Johns Hopkins University Press. Eappen, S., Lane, B. H., Rosenberg, B., Lipsitz, S. A., Sadoff, D., Matheson, D., … Gawande, A. (2013). Relationship between occurrence of surgical complications and hospital finances. JAMA, 309(15), 1599–1606. Fox, E. (2013). Evaluating ethics quality in health care organizations: Looking back and looking forward, AJOB Primary Research, 4(1), 71–77. Retrieved June 2014 from http://www.tandfonline.com/doi/pdf/1 0.1080/21507716.2012.756836. Glover, J.J. (2006). Ethical decision-making guidelines and tools. In L.B. Harman (Ed.) Ethical challenges in the management of health information (2nd ed). Sudbury, MA: Jones and Bartlett Publishers. Governance Institute, The. (2009). Leadership in healthcare organizations: A guide to Joint Commission leadership standards. San Diego, CA: Author. Retrieved

June 2014 from http://www.jointcommission.org/ assets/1/18/wp_leadership_standards.pdf. HCA-The Healthcare Company. (2014). Code of conduct. Retrieved June 2014 from http://hcaethics.com/ ethics/code/Code%20Revisions%20CLEAN.pdf. Healthcare Compliance Association (HCCA). (n.d.). Code of ethics for healthcare compliance professionals. Retrieved June 2014 from http://www.hcca-info. org/Portals/0/PDFs/Resources/HCCACodeOfEthics.pdf. Hill, F. T. (1948). The professional audit to control efficiency. In A. C. Hayden (Ed.), Medical record administration (pp. 233–240). Chicago, IL: American Hospital Association. Hull, E. F. (1946). Both sides are to blame if M.R.L. spells N.A.G. Modern Hospital, 67(12), 75–76. Kohn, L. T., Corrigan, J. M., & Donaldson, M. S. (Eds.). (1999). To err is human: Building a safer health system. Washington, DC: National Academy Press. Krupka, D. C., Sandberg, W. S., & Weeks, W. B. (2012). The impact on hospitals of reducing surgical complications suggests many will need shared savings programs with payers. Health Affairs (Millwood), 31(11), 2571–2578. Kunyk, D., & Austin, W. (2010). Nursing under the influence: A relational ethics perspective. Nursing Ethics, 19(3), 380–389. Lachman, V., Murray, J., Iseminger, K., & Ganske, K. (2012). Doing the right thing: Pathways to moral courage. American Nurse Today, 7(5), 24–28. Lang, N. M. (2007). Health care quality improvement: A nursing perspective. In B. Jennings (Ed.), Health care quality improvement: Ethical and regulatory issues. Garrison, NY: The Hastings Center. Lesnik, M., & Anderson, B. (1947). Legal aspects of nursing. Philadelphia, PA: J. B. Lippincott. Maxfield, D., Grenny, J., McMillan, R., Patterson, K., & Switzler, A. (2005). Silence kills. Study sponsored by the American Association of Critical-Care Nurses, and VitalSmarts LLC. Retrieved June 2014 from http://www.silenttreatmentstudy.com. McAlearney, A. S. (2008). Executive leadership development in U.S. health systems: Exploring the evidence. Chicago, IL: American College of Healthcare Executives. Retrieved June 2014 from http://www.ache.org/ pubs/research/McAlearney_HMRA_Report.pdf. Medscape. (2010). Physician ethics survey: Physicians’ top 20 ethical dilemmas. Retrieved June 2014 from http:// www.medscape.com/features/slideshow/public/ ethical-dilemmas. Millard, M. W. (2011). Can Osler teach us about 21stcentury medical ethics? Proceedings (Baylor University Medical Center), 24(3), 227–235. Retrieved May 2014 from http://www.ncbi.nlm.nih.gov/pmc/articles/ PMC3124909/. Murray, J. S. (2010). Moral courage in healthcare: Acting ethically even in the presence of risk. OJIN:

References 199 The Online Journal of Issues in Nursing, 15(3), Manuscript 2. Retrieved June 2014, from http://www. nursingworld.org/mainmenucategories/ethics standards/courage-and-distress/moral-courageand-risk.html. National Association for Healthcare Quality [NAHQ]. (2013). Code of ethics and standards of practice for healthcare quality professionals. Retrieved June 2014 from http://www.nahq.org/Quality-Community/content/codeethicspractice.html. National Association of Medical Staff Services [NAMSS]. (2014). Code of professional conduct. Retrieved June 2014 from http://www.namss.org/ Membership/EthicsResourcesCodeofConduct.aspx. National Society of Professional Engineers [NSPE]. (2014). Board of ethical review cases. Retrieved June 2014 from http://www.nspe.org/resources/ethics/ ethics-resources/board-of-ethical-review-cases. Osler, W. (1903). On the educational value of the medical society. Boston Medical and Surgical Journal, 148(11), 275–279. Purtilo, R. B. (2000). Moral courage in times of change: Visions for the future. Journal of Physical Therapy Education, 14(3), 4–6.

Rehmeyer, J. (2008, November 26). Florence Nightingale: The passionate statistician. Science News. Retrieved June 2014 from https://www.sciencenews.org/article/ florence-nightingale-passionate-statistician. Santa Barbara County. (2013). Public health department compliance program. Retrieved June 2014 from http:// www.countyofsb.org/phd/phdcompliance.aspx. Schwartz, F. (2014, July 8). Agency examines 67 claims of retaliation against VA whistleblowers. Wall Street Journal. Retrieved July 2014 from http://online.wsj. com/articles/agency-examines-67–claims-of-retaliation-against-va-whistleblowers-1404855963. Seltze, W. B. (1948). The role of the hospital superintendent in record room control. In A. C. Hayden (Ed.), Medical record administration (pp. 55–65). Chicago, IL: American Hospital Association. Texas Board of Nursing. (2013). Nursing practice act, nursing peer review, and nurse licensure compact. Retrieved June 2014 from https://www.bon.texas. gov/laws_and_rules_nursing_practice_act.asp World Health Organization (WHO). (2013). Ethical issues in patient safety research: Interpreting existing guidance. Retrieved June 2014 from http://apps.who.int/iris/ bitstream/10665/85371/1/9789241505475_eng.pdf

200

Chapter 7   Quality Management

Ethical Decision-Making Matrices SCENARIO 7-A  Inaccurate Performance Data Reported to the Public Steps

Information

1. What is the question?

Should you report the inaccuracies to the proper parties?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

The performance data posted on the website are inaccurate. The CEO has advised you to do nothing further.

TO BE GATHERED ■■

■■

■■ ■■

Would you be guilty of fraud if you did nothing further? What are the possible repercussions of attempting to have the data corrected? What are the customary practices in such cases? What is the likely impact on self and family of changing jobs?

4. What are the values?

Patient: Values accurate information.

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

QM Professional(s): Truth, integrity, accuracy (promote disclosure of accurate information); fairness (follow the rules and obey the law); protect committee deliberations; refuse to participate or conceal unethical practices; report violations of practice standards to the proper authorities; be honest; personal values (promote welfare of self and family by avoiding loss of job).

STAKEHOLDERS

Healthcare Professional(s): Affiliate with organizations committed to honest and ethical practices.

Administrators: Promote welfare of organization; maximize profits without compromising truth Patient, family, HIM professional(s), telling. healthcare professional(s), Society: Support accuracy of publicly disseminated data. administrators, society, and others appropriate to the issue. 5. What are my options?

■■ ■■

Do nothing. Report the inaccuracies to the proper parties.

6. What should I do?

Report the inaccuracies to the proper parties (e.g., compliance officer, chair of governing board, HMO accreditation organization).

7. What justifies my choice?

JUSTIFIED ■■ ■■ ■■ ■■ ■■

8. How can I prevent this problem?

■■ ■■ ■■ ■■

Uphold obligation to tell the truth. Support accuracy of disseminated data. Preserve professional integrity. Respect the law. Demonstrate loyalty to employer, unless asked to push legal boundaries.

NOT JUSTIFIED ■■ ■■

■■

Do nothing. Tell a lie (unfair to providers and patients who will make decisions based on inaccurate information). Jeopardize professional integrity.

Determine if system changes are needed. Learn more about the quality control and dissemination of performance data. Discuss standards and the values that support them with colleagues. Evaluate organizational integrity at job interview and subsequently as ethical problems arise.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

Ethical Decision-Making Matrices

201

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

202

Chapter 7   Quality Management

SCENARIO 7-B  Audit Results Indicate Inappropriate Health Care Steps

Information

1. What is the question?

Should you report the physician’s conduct to a higher authority?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

A clinic physician routinely undertakes questionable patient care practices. The quality problems have been twice reported to superiors, and both times no action has been taken.

TO BE GATHERED ■■

■■ ■■ ■■

■■

Is the physician engaging in practices that could be detrimental to patients? What are the customary practices in such cases? What does your boss expect you to do? What is the likely impact on self and family of changing jobs? What is the likely impact on the physician if the audit results are reported to a higher authority?

4. What are the values?

Patient: Values good health and quality care.

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

QM Professional(s): Truth and integrity (report problems that may endanger patients); loyalty to employer; avoid harm (inappropriate treatment may harm the patient); reporting the physician may harm him and his family, as well as the supervisors and their families.

STAKEHOLDERS Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue. 5. What are my options?

Healthcare Professional(s): Promote welfare of patients through provision of appropriate care. Administrators: Benefit patients and keep from harm; promote welfare of facility; truth and integrity. Society: Enforce quality standards equally for all.

■■ ■■

■■ ■■

Ignore physician’s conduct. Continue to provide data substantiating the physician’s problems to the administrator and medical director. Report physician and superiors’ conduct to the compliance officer or chair of the governing board. Report physician’s performance problems to the State Board of Medical Examiners.

6. What should I do?

If facts indicate that the physician is putting patients in danger, report physician’s and superiors’ conduct to the compliance officer or chair of governing board. If no action is taken and the physician’s questionable patient care practices continue and these practices are putting patients in danger, report the situation to the State Board of Medical Examiners.

7. What justifies my choice?

JUSTIFIED ■■ ■■ ■■

Tell the truth. Maintain QM standards. Preserve professional integrity.

NOT JUSTIFIED ■■ ■■ ■■ ■■

8. How can I prevent this problem?

■■ ■■

■■ ■■

Ignore physician’s conduct. Loss of professional integrity. Violate QM standards. Endanger patient health.

Learn more about QM responsibilities and authority at the clinic. Request an addendum to your job responsibilities that allow you to bypass senior leaders and go directly to the governing board if you have concerns about quality or patient safety that are not being addressed by senior leaders. Discuss performance standards and the values that support them with colleagues. Evaluate institutional integrity at job interview and subsequently when ethical problems arise.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

Ethical Decision-Making Matrices

203

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

204

Chapter 7   Quality Management

SCENARIO 7-C  Reporting Hospital-Acquired Conditions Steps

Information

1. What is the question?

Should you report the inaccuracies to a higher authority?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN Patients’ hospital-acquired conditions have wrongly been coded as being present on admission.

TO BE GATHERED ■■

■■

■■

Would you be guilty of fraud if you did nothing further? Would this action be discovered by another mechanism? What are the possible repercussions of reporting these inaccuracies to a higher authority?

4. What are the values?

Patient: Values accurate medical history.

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

QM Professional(s): Truth, integrity, accuracy (promote disclosure of accurate information); fairness (follow the rules and obey the law); refuse to participate or conceal unethical practices; report violations of standards to the proper authorities; be honest; personal values (promote welfare of self and family by avoiding loss of job).

STAKEHOLDERS

Healthcare Professional(s): Value accurate billing and performance data information.

Administrators: Promote welfare of facility; protect organization’s reputation and maximize profits Patient, family, HIM professional(s), without compromising truth telling; promote honesty and integrity to protect organization from government audits and penalties. healthcare professional(s), administrators, society, and others Society: Support accuracy of billing claims databases and publicly disseminated performance data. appropriate to the issue. 5. What are my options?

■■ ■■ ■■ ■■

Do nothing. Clarify the reason for coding changes with the medical director. Seek advice from more experienced professionals. Escalate the issue to a higher administrative or physician level.

6. What should I do?

Report the inaccuracies to the proper parties (e.g., compliance officer, CEO, CFO).

7. What justifies my choice?

JUSTIFIED ■■ ■■ ■■

8. How can I prevent this problem?

■■ ■■ ■■ ■■

Tell the truth. Preserve professional integrity. Respect the law.

NOT JUSTIFIED ■■ ■■

Do nothing. Accept culture of dishonesty and fraud (knowledge of the event without action is complicit participation).

Determine if system changes are needed. Recommend a staged approach for the validation of HACs by multiple parties. Discuss standards and the values that support them with colleagues. Evaluate institutional integrity at job interview and subsequently as ethical problems arise.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

Ethical Decision-Making Matrices

205

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

206

Chapter 7   Quality Management

SCENARIO 7-D  Disclosure of an Unanticipated Outcome Steps

Information

1. What is the question?

Should you report the physician to a higher authority?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

During a recent surgery a retained foreign object from a previous surgery was discovered. The finding was not disclosed to the patient.

TO BE GATHERED ■■

■■

■■

■■

What is your organization’s policy on disclosure? What are the disclosure requirements of regulations and accreditation standards that affect your organization? What, if anything, was told to the patient by nurses or other healthcare professionals? What are the possible repercussions of the surgeon not telling the patient about the retained foreign object?

4. What are the values?

Patient: Values accurate medical history.

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

QM Professional(s): Truth, integrity, accuracy (promote disclosure of accurate information), fairness (follow the rules and obey the law); refuse to participate or conceal unethical practices; report violations of practice standards to the proper authorities; protect the organization against financial loss due to litigation of adverse and other events; be honest; personal values (promote welfare of self and family by avoiding loss of job).

STAKEHOLDERS

Healthcare Professional(s): Apply organization’s policies equally to all practitioners; engage patients and family members in the healthcare experience.

Patient, family, HIM professional(s), Administrators: Promote welfare of facility; advance a culture of safety and patient-centered care; healthcare professional(s), administrators, society, and others promote a systems view of adverse events; facilitate a trusting relationship with patients and the community served by the organization. appropriate to the issue. Society: Values honesty by health care practitioners; values patient-centered care. 5. What are my options?

■■ ■■ ■■ ■■

6. What should I do?

■■ ■■

7. What justifies my choice?

Disclose the information to the patient directly, if allowed by hospital policy. Escalate the issue to a higher administrative or physician level.

JUSTIFIED ■■ ■■ ■■

8. How can I prevent this problem?

Do nothing. Discuss the issue further with surgeon. Escalate the issue to a higher administrative or physician level. Disclose the information to the patient directly.

■■ ■■ ■■ ■■

Tell the truth. Preserve professional integrity. Do the right thing for the patient.

NOT JUSTIFIED Do nothing and allow the physician’s personal preference to overrule the organization’s policy.

Determine if system changes are needed. Provide training to physicians on hospital disclosure policies. Discuss unanticipated outcome events and disclosure techniques at safety committee. Discuss standards and the values that support them with colleagues.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

Ethical Decision-Making Matrices

207

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

208

Chapter 7   Quality Management

SCENARIO 7-E  Failure to Check Physician’s Licensure Status Steps

Information

1. What is the question?

Should you skip the background checks on the physician who will be covering for another physician for a short time?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

■■

A series of background checks are required to be appointed to the medical staff. The medical staff president is a friend of the neurologist hiring a short-term replacement. The medical staff president has advised you to forgo the usual background checks and to document that you did indeed conduct them.

TO BE GATHERED ■■

■■

■■

■■ ■■ ■■

What could be the consequences if the new physician has been involved in lawsuits? What could be the consequences if the new physician’s license is not current? Would foregoing the background checks and indicating that you performed them be legal? What are the customary practices in such cases? What does your boss expect you to do? What is the likely impact on self and family of changing jobs?

4. What are the values?

Patient: Values treatment by qualified, licensed professionals.

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

QM Professional(s): Truth, integrity, accuracy, and reliability (perform background checks on all physicians who apply for appointment to the medical staff); fairness (follow the rules and obey the law); loyalty to employer; avoid harm (inaccurate documentation could result in harm to patients and to the facility); personal values (promote welfare of self and family by avoiding loss of job).

STAKEHOLDERS

Healthcare Professional(s): Promote welfare of patients; value maintenance of institutional standards.

Administrators: Benefit patients and keep from harm; promote welfare of facility; maximize system Patient, family, HIM professional(s), efficiency without compromising truth telling; value fairness in applying rules for all. healthcare professional(s), Society: Allow only licensed, qualified professionals to treat patients. administrators, society, and others appropriate to the issue. 5. What are my options?

Conduct OR skip the background checks.

6. What should I do?

Conduct the background checks.

7. What justifies my choice?

JUSTIFIED ■■ ■■ ■■ ■■ ■■ ■■ ■■

Tell the truth. Protect welfare of patients and facility. Support accuracy of the appointment system. Preserve professional integrity. Follow rules equally for all. Respect the law. Demonstrate loyalty to employer, unless asked to push legal boundaries.

NOT JUSTIFIED ■■ ■■ ■■

■■

■■

■■

■■

Skip background checks. Tell a lie. Make special exception to the rules as a favor to the medical staff president. Unfair to others who applied for medical staff appointment. Failure to conduct background checks undermines the entire system. Place welfare of patients and facility in jeopardy. Jeopardize professional integrity.



Ethical Decision-Making Matrices

209

SCENARIO 7-E  Failure to Check Physician’s Licensure Status (continued ) 8. How can I prevent this problem?

■■ ■■ ■■ ■■ ■■

Determine if system changes are needed. Learn more about standard procedures for appointment to medical staff. Clarify your authority with your boss. Discuss standards and the values that support them with colleagues. Evaluate institutional integrity at job interview and subsequently as ethical problems arise.

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

CHAPTER 8

Research and Decision Support

© kentoh/Shutterstock

Susan White, PhD, RHIA, CHDA J. Michael Hardin, PhD

Learning Objectives

Introduction

After completing this chapter, the reader should be able to:

The roles of research specialists (RSs) and decision support specialists (DSSs) are intimately related to the use of various information technologies that gather and store data and perform sophisticated analyses. These roles are sometimes embedded in job titles such as health data analyst or data quality manager. The incorporation of new technologies to support the work of these specialists, particularly growth of electronic health records, makes it easy to track individuals, identify their characteristics, and pinpoint their preferences, inclinations, and medical conditions. Furthermore, the massive increase of information collection, storage, and retrieval associated with new technologies and industry demands for more information introduces a greater likelihood of data integrity concerns. RSs and DSSs have always been challenged in their work by ethical considerations with regard to informational privacy and data integrity. The purpose of this chapter is to discuss how these ethical considerations have expanded and what new challenges face these professionals given the current advances in the use of information technologies.

■■

■■

■■

■■

■■

■■

■■

Discuss the ethical responsibilities of research specialists (RSs) and decision support specialists (DSSs). Describe the importance of data and information governance in the roles of RSs and DSSs. Describe how advances in information technologies have intensified the ethical challenges in research and decision support. Identify how RSs and DSSs can meet their ethical responsibilities with regard to ensuring data integrity and confidentiality, with a focus on the impact of the Health Insurance Portability and Accountability Act (HIPAA). Describe the role of institutional review boards (IRBs). Discuss the ethical responsibility of the professional to maintain and enhance professional competence. Understand the job responsibilities of health information management (HIM) professionals in research and decision support roles.

211

212

Chapter 8   Research and Decision Support

Scenario 8-A  Designing a Survey to Bias the Results A research specialist (RS) has been asked to construct a survey instrument to obtain data about how patients feel after receiving a certain treatment modality. The RS designs a three-point ordinal with the rating categories of good, fair, and poor. The principal investigator of the study asks the research analyst to change the scale from a three-point to a five-point scale, with the categories of excellent, very good, good, fair, and poor. The RS can see that adding excellent and very good does not just break up the good category into three categories. Rather, it changes the whole sense of the scale, because people respond not only to the words in the scale, but also to their placement on the scale. The word “fair” is now on the negative side of the scale. Thus, one would expect considerably more people to give a rating of good or better with the five-point scale than with the three-point one (Fowler, 2013). Questions 1. What are the possible ethical implications of such a change? 2. What should the RS do?

Scenario 8-B  The Impact of Sample Selection Bias A decision support specialist is tasked with determining which of the hospital’s units has the best patient satisfaction scores by the hospital’s marketing director. The DSS knows that a random sample of patients receives a survey called the Hospital Consumer Assessment of Healthcare Providers and Systems (HCAHPS). The results of this survey are included in the Centers for Medicare and Medicaid Services (CMS) Value Based Purchasing Program and can affect

the amount of reimbursement received for treating Medicare patients (Centers for Medicare & Medicaid Services, 2013). The analyst provides the marketing director with the report showing the scores for the overall rating of the hospital. The average unit scores ranged from a low of 7.8 out of 10 for the critical care unit (CCU) to a high of 9.9 out of 10 for the obstetrics unit, with an overall average of 9.2 out of 10. Later in the week, the DSS read a press release stating that the average satisfaction score for the hospital was 9.9. Questions 1. What are the possible ethical implications of such a press release? 2. What should the DSS do?

Completed ethical decision-making matrices for the scenarios are provided at the end of the chapter. The information age brings with it new and more profound ethical issues related to the management of information. Uncovering ethical issues that grow out of information technology applications and providing ethical guidelines are the major challenges for business and business ethics in all sectors. In this era of big data with sophisticated ways of storing data and performing data analysis, the potential value of leveraging to improve the delivery of care carries with it a huge upside, but also the burden to ensure that the data and subsequent decisions are handled ethically. What data ought to be collected? How should these data be collected? How should they be reported? Who should be able to see and use information that has been collected, synthesized, and processed? Frequently, the people who have oversight in determining the answers to these questions are research specialists and decision support specialists. These positions may have alternative titles depending on the structure and type of organization. They may include: data quality manager, data integrity analyst, clinical informatics coordinator, health data analyst, or clinical data analyst (American Health Information Management Association [AHIMA], 2014). RSs and DSSs face

many ethical issues in the course of their work that can affect employees, patients, research subjects, and other members of the public. Examples of such issues are presented throughout this chapter as we discuss these professionals’ roles and special responsibilities. For example, the RS in Scenario 8-A constructed the scale according to her or his best scientific ability following standard practices for scale development and seeking to avoid response bias. In this case, the RS could ask the principal investigator for his or her reasons for wanting to change the scale. Perhaps the principal investigator is aware of other scales using such a five-point scale that have been accepted by other researchers in the area and are known to provide a more useful representation of patient responses. If such reasoning is true, then other scientific evidence would alleviate the RS’s concern. A possible compromise for the RS might be to suggest that only the extremes or anchor point labels of “excellent” and “poor” be placed on the scale, leaving the adjectives off the other three points (Weng, 2004). The guiding principle, however, should be to avoid response bias and to anticipate and to eliminate as many sources of response and measurement bias as possible. In this case both the number of categories and the category labels may result in measurement bias or compromise the reliability of the survey results. In essence, the RS should draw upon her or his scientific knowledge and training and seek to develop the best instrument possible to measure the particular patient effect under study (Streiner & Norman, 1989).

Roles of the RS and DSS RS and DSS professionals play important roles in contributing to the quality of patient care by ensuring data integrity and by applying information technology for data analysis. Studies show that the use of data throughout the healthcare organization is growing at a rapid rate, and the need for decision support and business intelligence analysts, likewise, continues to grow (Krohn, 2004a, 2004b). At the same time, RSs and DSSs must uphold ethical principles in the handling of personal health information. RSs create new knowledge by gathering and analyzing data. They work, for example, on clinical trials and outcomes research with scientific

Roles of the RS and DSS

213

and medical investigators. They are involved in research studies that are usually highly structured and follow a strict research methodology. The sample position description in Exhibit 8-1 for a research specialist illustrates possible responsibilities and skills of the RS role. DSSs analyze data to support strategic planning and operational improvements at the organizational level (Power, 2012). Unlike RSs, DSSs are not necessarily concerned with gaining new clinical and scientific knowledge. Rather, they are concerned with how data may be used to assist management activities and improve operations. They may be tasked with selecting a data source, querying the data, and finally producing a report based on the analysis of the data. DSSs must have subject matter knowledge as well as the technical and analytic skills to complete the analysis. AHIMA’s sample position description in Exhibit  8-2 for a decision support specialist illustrates the responsibilities and skills involved in the position. The DSS has a managerial as well as an analytic role. For example, the DSS will participate and assist in the design of a comprehensive program for the enterprise for decision support. This means that the DSS must be able to see the big picture of the organization’s strategic objectives and then be able to match information requirements to the strategic direction of the company. The analytic portion of the job is to analyze selected data and provide decision support overviews and demonstrations to a wide variety of audiences within the organization. Although their application areas may differ, RSs and DSSs must have essentially the same skills in manipulating and analyzing data. They both use computer software that includes database development, data analysis, graphics, and presentation tools specifically for assisting in conducting research, decision support, and business and marketing intelligence. They both are involved in development and maintenance of computer databases. Therefore, they must understand basic concepts about databases, including structure models, data modeling, and database normalization. They must also be familiar with data dictionary development and maintenance and how to perform storage, retrieval, and updating functions in a computer database. They must be familiar with statistical techniques to analyze and manipulate data and be proficient in computer languages

Chapter 8   Research and Decision Support

214

EXHIBIT 8-1  Sample Position Description for a Research Specialist Position Title: Research Data Analyst Immediate Supervisor: Department Director General Purpose: The Research Data Analyst ensures the quality of data collection, coordination, and analysis for clinical research projects. Responsibilities: ■■ Verifies, examines, and collects data ■■ Ensures that clinical data are quality assured, consistent, and relevant to project’s and the organization’s goals ■■ ■■ ■■ ■■

■■ ■■

■■ ■■ ■■ ■■

Ensures the integrity of the data and safe and proper management of study parameters Maintains expert knowledge of relevant FDA guidelines and other regulatory procedures Monitors protocol at study sites Retrieves data from numerous clinical databases within the organization as well as from proprietary and nonproprietary databases available through outside sources Uses structured query language and downloads data into the organization’s custom databases for review and analysis Manipulates and analyzes data by using statistical software, such as SPSS and SAS, and identifies and determines significant variances and trends for quality control Reviews proposed research design to ensure that the data collected are adequate to meet the project’s goals Prepares periodic progress and monitoring reports on study recruitment, data collection, and data quality Participates in team meetings Prepares and provides overviews, demonstrations, and presentations to wide variety of audiences

Qualifications: ■■ Master’s degree in health science or related field ■■ Baccalaureate degree in health information management, business, or closely related area ■■ Experience in health science and administration ■■ Certification as RHIA preferable Reprinted with permission from the American Health Information Management Association. Copyright © 1999 by the American Health Information Management Association. All rights reserved. No part of this may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association.

such as Structured Query Language (SQL) to query databases. Expertise includes report and presentation abilities and project management skills, including managing teams of people, identifying project tasks and priorities, developing timelines and milestones, and balancing resources (resource management). In addition, they must have a broad knowledge of the theory and practice in data administration, research design, statistical methods, decision making, and the visual display of quantitative information.

Because each of these positions has a complex relationship with health information management, both RSs and DSSs must have a strong foundation in computer and information ethics and regulatory issues affecting the handling and management of personal health information. This includes not only knowledge of ethical responsibilities in the critical areas of data acquisition, reporting, and access, but also the ability to apply a general framework for ethical analysis to HIM.



Ethical Responsibilities of the RS and DSS

215

EXHIBIT 8-2  Sample Position Description for a Decision Support Specialist Position Title: Decision Support Specialist Immediate Supervisor: Director, Decision Support General Purpose: The Decision Support Specialist coordinates data and research for senior managers at the corporate level of the integrated system. Responsibilities: ■■ Participating and assisting in the design of a comprehensive program to lend support and analysis to management ■■ Performing scientific and technical planning, direction, and analysis of selected surveillance systems used by management ■■ Investigating existing national data and performing descriptive and analytic studies using statistical techniques ■■ Providing ongoing data analysis to entity decision makers that is relevant to the healthcare market and assisting in problem solving, solution development, decision making, and strategic planning ■■ Recommending focus and direction of resources toward management goals ■■ Preparing and providing decision support overviews, demonstrations, and presentations to a wide variety of audiences ■■ Serving as technical expert advisor and consultant to collaborating organizations in the area of management goals Qualifications: ■■ Bachelor’s degree in health information management, business, health care, or information systems technology ■■ Certification as RHIA or RHIT ■■ Understanding of healthcare delivery systems and health science administration Reprinted with permission from the American Health Information Management Association. Copyright © 1999 by the American Health Information Management Association. All rights reserved. No part of this may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association.

Ethical Responsibilities of the RS and DSS RSs and DSSs, as HIM professionals, have the responsibilities outlined in the HIM profession’s code of conduct set forth by the AHIMA Code of Ethics (2011, Appendix 1-E) to ensure the integrity and the confidentiality of health information (Principles 1 and 3). Further, RSs in particular have responsibilities regarding the protection of human subjects that include special issues related to the confidentiality of research data. Because they are often directly collaborating with clinical investigators, they are, like those investigators, answerable to institutional review boards (IRBs), which are advisory boards composed of physicians, scientific colleagues, and concerned nonscientists (frequently administrators and private citizens) that have been set up by federal legislation to oversee

research on human subjects and ensure protection of those subjects from research abuses. Both RSs and DSSs must comply with regulatory requirements for handling personal health information. Many of the privacy and security standards resulting from the Health Insurance Portability and Accountability Act (HIPAA) affect how information is used and managed for research and analytical purposes. For example, in most cases an individual’s written authorization is required before personal data can be used for research purposes. We will first outline general responsibilities of RSs and DSSs regarding the management and control of information for integrity and confidentiality and then discuss the special issues facing the RS.

Ensuring Data Integrity and Confidentiality Ensuring data integrity and confidentiality are often part of a firm’s data governance policy.

216

Chapter 8   Research and Decision Support

According to the Data Governance Institute (2014), “Data Governance is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods.” The definition encompasses the entire data life cycle from collection to release. Data integrity usually refers to the entire set of characteristics associated with data quality; that is, how “good” the data are. Data integrity has been described in terms of six dimensions (Cash, 1994):

defects in composition that might affect the ability to identify and retrieve data appropriately. Methods should also be implemented to identify and rectify any potential security breaches. Security procedures should allow for authorized additions and deletions to the data, and edit checks should be conducted to ensure that correct domain values are entered into the database. As Kanaan and Carr (2009) have described, a data steward must be an overseer or guardian with final decision-making authority regarding the appropriate use and distribution of data. They outline eight critical responsibilities of the health data steward (Kanaan & Carr, 2009):

1. Content, including currency (whether data are up to date or current), relevance to the decision-making purpose, and accuracy (whether data are correct) 2. Scope (comprehensiveness) 3. Level of detail 4. Composition (issues involved in database structure and the definition of entities and attributes) 5. Consistency, including both semantic consistency (consistency in the definitions of data elements, such as “patient number,” across entity types, such as “patient” and “encounter”) and structural consistency (consistency in the business rules that define the relationships among data elements) 6. Reaction to change, which concerns how data elements are updated, deleted, or added to a database

1. Adherence to an appropriately determined set of privacy and confidentiality principles and practices 2. Appropriate use of information from the standpoint of good statistical practices (such as by not implying cause and effect when the data only point to correlation) 3. Limits on use, disclosure, and retention 4. Identification of the purpose for a specific use of the data 5. Application of “minimum necessary” principles 6. Verification of receipt by the correct recipient, wherever possible 7. Data de-identification (HIPAA-defined and beyond) 8. Data quality, including integrity, accuracy, timeliness, and completeness

Data stewardship is the obligation to protect data integrity and security. RSs and DSSs have responsibilities of data stewardship with regard to all six dimensions of data integrity. Data stewardship is even more important now because electronic health records are more common and there is a need to share data among systems to advance population health and disease management (Baird & Kanaan, 2009). These systems must guard against the contamination of data by user errors, program errors, and intentional manipulation that could harm patients. Methods should be in place to review data collection procedures and the data themselves for likely sources of errors and to apprehend and correct

Because decisions about patient care, employee and provider performance, organizational performance, competitive analysis, and strategic issues are made on the basis of the collection and analysis of data by RSs and DSSs, these specialists must be held to a high level of accountability. Lack of data integrity can profoundly affect large numbers of individuals in many ways. For example, if data are not accurate or up to date, then decisions made based on these data may be faulty. As such, they may affect the quality of patient care and the reputation and viability of healthcare organizations. For instance, let us say that an insurance company is benchmarking the mortality rates of hospitals by clinical services. The insurance company discovers that the respiratory service

at City Hospital has a 25 percent higher than average mortality rate than the same service at other similar hospitals. The insurance company concludes that City Hospital is providing less than optimal care in its respiratory service and sanctions the hospital on the basis of this analysis. Further examination of the data shows, however, that not all of the final diagnosis codes of these mortality cases coincide with those normally associated with a respiratory clinical service. The DSS discovers that many of the service codes were inaccurately assigned at the time of patient admission and that many of the mortality cases actually belong to another service. In a real example, faulty data contributed to the reporting of extraordinarily high rates of breast cancer in Marin County, California. Marin County, one of the wealthiest counties in the United States, was reported in 2003 to have one of the highest breast cancer rates in the country. Activists seized upon this data, and pollution was cited to explain the high cancer rate. But as it turned out, pollution was not the reason for the reportedly high rate. Instead it was found that the estimate used faulty data from the U.S. Census Bureau that dramatically undercounted the total population of women in Marin County by almost 20 percent. This undercount was the cause of the inflated breast cancer statistic (Whittemore, 2003). Data confidentiality has become a major concern for many patients. As the amount, diversity, and intimacy of health-related data recorded have increased, and as computerization has made it increasingly possible to link and transfer information from one database to another, opportunities to gain access to this information have multiplied. Meanwhile, more and more parties are seeking access to health data, including employers, schools, insurers, courts, and news media, with potentially drastic consequences for the individuals on whom these data are released. Because DSSs and RSs frequently have oversight for determining who should get what information, they play a crucial role in protecting patient health information from unauthorized access and use. Concerns regarding data integrity and confidentiality must be addressed in practices regarding data acquisition, reporting, and access. We will discuss each of these areas in more detail as follows.

Ethical Responsibilities of the RS and DSS

217

Data Acquisition and Integrity Acquisition of data, a principal task of both the RS and the DSS, seems as if it would be fairly straightforward. What possible ethical concerns could there be with capturing information required for the care and treatment of the patient or for the operation of the organization? One of the primary concerns dealing with data acquisition is the quality and generalizability of the data collected. How well data are collected determines to a large part the degree to which project results will have integrity. If data are collected using a non-random sampling distribution or sampled from an incomplete sampling frame, or if variables of interest are not carefully defined or are inaccurately entered in a database, then the outcomes of analysis will not be valid and reliable. That is, such results will not be truthful to the extent that they do not measure what they claim to measure and are not generalizable to a broader population. Therefore, the amount of care taken in the initial collection of data is a paramount consideration. Any errors at the initial point of collection will continue to infiltrate and possibly escalate problems of data integrity throughout the project. RSs and DSSs must carefully consider the previously listed dimensions of data integrity in any data collection effort. For example, with regard to content, are the data relevant (i.e., meaningful) to the decision-making purpose at hand? With regard to scope, are the data being collected comprehensive enough for the decision-making purposes for which they will be used? This is an important question in outcomes and evidence-based medicine, where the lack of comprehensive data may have grave consequences for decision making. The detail level at which the data are gathered is important, because collection of imprecise data may have significant ramifications and may lead to false conclusions. Many of the quality indicators included in value-based purchasing plans have specific inclusion and exclusion criteria that must be followed in order to produce rates that are comparable across facilities. For instance, the CMS measure for hospital-acquired catheter-­associated urinary tract infection (CAUTI) is based on the Centers

218

Chapter 8   Research and Decision Support

for Disease Control and Prevention (CDC) definitions and tracked through the National Healthcare Safety Network (NHSN) (Centers for Disease Control and Prevention, 2014). The definition of what type of event constitutes as CAUTI and which types of patients must be included and excluded from the measure must be carefully applied while identifying patients to be included in the calculation of the facility’s rate. If the DSS responsible for producing the data to be abstracted into the NHSN reporting system does not apply the criteria accurately, then the CAUTI rate will be in error and not comparable to the national and statewide rates computed by the CDC. Scenario 8-A at the beginning of this chapter raises an ethical issue related to data acquisition. A significant portion of research relies on surveys that use rating scales. It is therefore important that any rating scale used be both reliable and valid. However, there are many ways in which a rating scale can be biased, and researchers can intentionally bias the results of a study by choosing a particular type of rating scale (Friedman & Amoo, 1999). This practice may compromise the validity of a measurement tool or survey. The principal investigator may want the RS to change the rating scale because a much more favorable response to the treatment is likely to be given by patients if the five-point scale is used. The principal investigator is attempting to bias the response of the patients so that the treatment modality will have a higher chance of receiving a more favorable or positive rating. Although such an alteration, even if intentional, would not be outright fraud, it could unethically distort the pattern of patient responses, ultimately biasing decisions about the treatment’s adoption and use. If the principal investigator is trying to manipulate the scale to achieve a desired outcome, then he or she is behaving unscientifically and unethically. The RS should calmly and logically demonstrate to the principal investigator how the suggested changes are unscientific and, if solely changed for purposes of skewing the data, unethical. The RS may consider writing a memo to the principal investigator, thereby documenting his or her concerns for

the record. After discussions with the principal investigator, if he or she remains committed to such behavior, the RS must decide whether to report the principal investigator to the appropriate organizational authorities or to resign from the project. The RS should realize that by doing nothing or going along with the principal investigator, the RS can be held liable for misconduct or perhaps be placed in the position of being assigned the entire blame for the misconduct of the principal investigator (AHIMA, 2011, Principle 4). Patient-related data collection is not the only type of data collection engaged in by healthcare organizations. Provider information is also collected and used to make determinations about the quality of care that a physician or other healthcare professional supplies. RSs and DSSs must take the same care in determining data acquisition quality in these cases as when collecting patient-related data. The reliability and validity of patientsubmitted data is another issue that RSs and DSSs must address prior to using such data for reporting. Patient-submitted data is a relatively new data stream in health care. The reliability or reproducibility of the data collected should be assessed prior to its inclusion in research studies or decision support databases. Patientsubmitted data should be treated with the same reliability and validity tests as all other data sources.

Privacy and Confidentiality Today’s advanced technologies allow acquisition of data on healthcare consumers by “passive” means such as monitoring systems. For example, monitoring systems can track an individual’s use of a healthcare organization’s webpage. For what purposes is this information being collected? Is the information individually identifiable? Will personal information and/or the identification of individual preferences collected from such monitoring systems be subsequently used in ways that may annoy or inconvenience the individual? For example, will these data be used in marketing campaigns? Will they be used to individually identify persons who may use specific products or services that the company

provides? What are the ethical responsibilities to inform the public that individually identifiable information is being collected about them? RSs and DSSs must adhere to regulatory standards. Several HIPAA privacy standards address data collection and use. For example, most uses and disclosures of patient-specific information for research purposes require a written patient authorization, unless an alteration or waiver of authorization has been granted by an IRB or privacy board. Such an authorization, as defined by HIPAA, has several core elements and must include specific notifications to the patient authorizing release of information for research purposes. When gathering or using data for research purposes, RSs should ensure that appropriate authorizations have been obtained. Exhibit 8-3 provides an outline of HIPAA privacy rules that allow the use of protected health information for research purposes without the consent of the individual. A closely related issue is the use of monitoring systems to collect information on employees. For example, companies can monitor and archive electronic messages for future inspections. Sophisticated systems can measure the duration of telephone calls and the time it takes for an employee to perform a work task. Electronic identification badges that serve as door keys provide physical security for a business, but they also allow monitoring of the movements of employees. Before deciding on a course of action, the enterprise must weigh carefully the philosophical and practical questions. Does the employee’s right to privacy take precedence over the employer’s right to monitor its employees? The ethical situation here consists of defining a reasonable balance between, on the one hand, the employer’s property rights, protection of company assets, the need for access to business information, and the need to monitor for possible legal and liability problems and, on the other hand, the employee’s right to personal privacy (Baase, 1997). Certainly, the company should state in writing and during orientation sessions to employees that their performance may be monitored using any one of these methods. Today’s healthcare environment is extremely competitive. In addition to issues involving the

Ethical Responsibilities of the RS and DSS

219

collection of internal data, many companies are interested in the acquisition of competitive data. Moral norms, however, are sometimes ambiguous, so there is a gray area where it is difficult to differentiate industrial espionage from competitive analysis (Spinello, 1997). Certainly, healthcare enterprises must engage in competitive analysis and devote resources to business intelligence. These activities, however, should not be at the expense of ethical practice. DSSs may play an important role in gathering such data and must be concerned with the methods and techniques used for data acquisition.

Data from External Sources Another ethical concern relates to the collection of data from outside sources or external data banks. Organizations must ensure that data collected from external sources meet the same stringent ethical requirements as those imposed internally. For example, external data sources should be able to provide assurances that their data collection techniques have not been illegal or unethical.

Data Reporting As discussed earlier, there are many ways to introduce bias into data during data collection. The same is true for data reporting. There is a saying that it is easy to “lie with statistics.” In

EXHIBIT 8-3  HIPAA Privacy Standards Affecting Research To use or disclose protected health information without authorization by the research participant, a covered entity must: 1. Have documented IRB or privacy board approval 2. Demonstrate that the work is preparatory for research 3. Ensure that research is on protected health information of decedents 4. Use only limited data sets with a data use agreement 5. Provide a research use/disclosure statement with individual authorization Reproduced from Department of Health and Human Services. (2013, 06 05). Health Information Privacy. Retrieved 07 08, 2014, from HHS.gov: http://www.hhs.gov/ocr/privacy/ hipaa/understanding/special/research/index.html

220

Chapter 8   Research and Decision Support

other words, by using statistical or reporting techniques improperly, results may be manipulated to look better (or worse), depending on the result desired. Consider a simple example. Suppose that a research analyst is presenting data on central tendency (i.e., mean, median, and mode) regarding compliance of a specific clinical unit with documentation standards. The analyst has a close relationship with the chief of the service, so he or she might be motivated to look at how the results differ depending on which measure is used and might decide to use the measure (say, in this case, the median) that was most favorable to the service because of his or her friendship with the chief of the service. However, this course of action would not be ethical. Data should always be presented in a way that will provide for the most accurate interpretation of the findings. If several measures are needed to present the data accurately, then all of them should be used. For instance, reporting both the median and the mean would allow the influence of any potential outlier value to be evaluated by examining the difference between the two summary statistics. This approach would allow the end user to decide on the appropriate measure of central tendency.

Data Access RSs and DSSs, as professionals who may have security clearance to access a broad spectrum of data, must confront several ethical issues regarding data access. It is their responsibility to contribute to the development of policies and procedures with regard to these issues and to ensure that they are implemented properly. First, they have the responsibility to ensure that data in reports and analyses are released only to authorized individuals. For example, an analyst may be requested by a medical provider to do a trend analysis on a specific condition. The information requested may include not only clinical findings, but also information about other providers. If the requesting individual does not have clearance for this type of data, then it is the responsibility of the analyst to turn the request down. This would also be the case if an employer requested personally identifiable information about employees’ health records.

Second, they have a responsibility to ensure that patient data, particularly personally identifiable patient data, are released only for authorized purposes. The primary purpose of sharing patient data is to serve the needs of the patient in the current care encounter. But additional authorized purposes are, typically, to document and support the diagnosis and treatment the patient received, to substantiate charges for professional fees and ancillary tests, and to provide evidence in cases of legal dispute. Then, beyond purposes directly related to the patient’s care, is a series of secondary, larger purposes: education (both continuing education for the current providers and academic programs for the providers of the future), maintenance of quality of care, compliance with regulatory and accrediting agencies (including credentialing), planning for new services or new healthcare delivery systems, public health uses (reporting of communicable diseases), and medical and social research. For these larger purposes, information may typically be released, but not in a form that allows individual patients to be identified unless special circumstances require it. For example, consider the request of a facility administrator who wants information from the facility’s DSS on the demographics, including patient names, of all patients treated in the facility for the diagnosis of clinical depression in order to compile a report for management purposes. The DSS should not give the administrator access to that information. Normally, personally identifiable information coupled with specific diagnoses should not be used for decision support purposes. Policies and procedures should be in place that provide guidance on how such circumstances should be handled. A situation that raises a similar ethical issue is one in which administrators attempt to access data originally collected for one purpose in order to use them for an unrelated purpose. For example, consider a DSS at a hospital who helps to conduct a satisfaction survey of patients who have been hospitalized. On the survey instrument is the question “If you had to have another inpatient hospitalization, how likely would you be to choose this hospital again?” This type of data helps the hospital determine how good its services have been and provides opportunities to improve them.

Now suppose that the foundation arm of the hospital is mounting a fundraising campaign. The foundation knows that the hospital has gathered satisfaction information from patients and asks the DSS for a list of patients who provided high satisfaction ratings, on the assumption that patients who reported high satisfaction are more likely to give a charitable contribution to the hospital than those patients who reported low satisfaction. The ethical issue in this case is that the information collected is not being used for its original intended purpose, but is being used as a way to identify potential contributors to the hospital. Still another ethical issue concerns the secondary use of data by external parties. As Ware (1993) observed, “Traditional record-keeping privacy has taken a new face, namely, data about people are used not for the internal business purposes of the organization that collected them, but for the business purposes of whoever is willing to buy the data” (p. 195). Because of the intensely competitive nature of the environment and the value of information, policies and procedures should be in place that protect organizational and patient-related data from brokers who specialize in the buying, recombining, and selling of information. HIPAA privacy standards specifically address the de-identification of data for research purposes (Department of Health and Human Services, 2007b; Amatayakul, 2013). De-identified health information is information that does not identify an individual and for which there is no easy way to link the information back to a specific individual. Information that has been de-identified can be used and disclosed without an individual’s authorization. HIPAA explicitly states that de-identification of information can be performed in one of two ways. First, deidentification can be performed by a person with appropriate knowledge who oversees the process of de-identification and can verify that information has been de-identified. This person must use appropriate principles and methods to ensure that the information, used either alone or in combination with other information, cannot be linked back to an individual. The methods for de-identification of data in this manner must be documented along with the rationale

Ethical Responsibilities of the RS and DSS

221

that supports the determination. The second way that HIPAA allows de-identification of data is through removal of specific identifiers. Exhibit 8-4 provides a list of all the identifiers that must be removed in order for data to be considered de-identified.

Human Subject Research Because of the strict requirements for clinical and scientific research, RSs must be especially attentive to issues of data integrity in data acquisition and reporting. Errors in methods or reporting are often unintentional, such as transcription errors or data entry errors, such as the transposition of digits (95 vs. 59). However, numerous cases of intentional misconduct have been reported (Lynoe, Jacobsson, & Lundgren, 1999). Intentional misconduct ranges from improperly changing observation data to taking discarded research data, laundering it, and then including it in another research project. Thus, RSs must be concerned with avoiding both intentional and unintentional scientific misconduct.

Internal Review Board As stated earlier, RSs, as collaborators in human subject research, are answerable to IRBs, which were founded as a response to publicized abuses in research. The Tuskegee syphilis experiment provided a dramatic illustration of the need for controls over the use of human subjects in research projects. The study, conducted from 1932 to 1972, involved 399 black men in the later stages of syphilis and was expected to uncover how syphilis affected blacks as opposed to whites. It purported to test the theory that whites had more neurological complications than blacks, who were said to have more cardiovascular complications. How this knowledge would have changed the treatment is uncertain. It was known that penicillin was available and could have been used to treat the syphilis but was not used. The study was later described as an experiment that was an inefficient study using human beings as laboratory animals (Jones, 1993). In 1997, President Clinton delivered an apology to the eight remaining survivors

222

Chapter 8   Research and Decision Support

EXHIBIT 8-4  Identifier Removal Required for De-identification of Data The following identifiers of the individual or of relatives, employers, or household members of the individual, are removed: a. Names; b. All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: 1. The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and 2. The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000. c. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older; d. Telephone numbers; e. Fax numbers; f. Electronic mail addresses; g. Social security numbers; h. Medical record numbers; i. Health plan beneficiary numbers; j. Account numbers; k. Certificate/license numbers; l. Vehicle identifiers and serial numbers, including license plate numbers; m. Device identifiers and serial numbers; n. Web Universal Resource Locators (URLs); o. Internet Protocol (IP) address numbers; p. Biometric identifiers, including finger and voice prints; q. Full face photographic images and any comparable images; and r. Any other unique identifying number, characteristic, or code. Department of Health and Human Services.(2007) “Other Requirements Relating to Uses and Disclosures of Protected Health Information.” Federal Register. 45 CFR part 164.514.

of the experiment, stating, “The United States government did something that was wrong— deeply, profoundly, morally wrong. It was an outrage to our commitment to integrity and equality for all our citizens” (Clinton, 1997).

The atrocities of Nazi Germany were another grim example of cruel behavior toward human subjects. Physicians and scientists performed medical experiments in concentration camps against the subjects’ will. When this information became public, it stunned the research community. Those who prosecuted the war criminals at Nuremberg asked practical questions about experiments on humans, including whether they should be conducted at all. In the final analysis, the answer was that using human subjects could be justified “if a wall of protection” could be built around them. That wall of protection is provided by IRBs. Their determinations of adequate protection for potential research subjects are made with reference to three basic principles of ethical research (Layman & Watzlaf, 2009, p. 341): (1) beneficence (avoid harm, promote good), (2) justice (fairness), and (3) respect for persons (personal autonomy). Application of the standards involves a determination that a study is morally justified by (1) adequate design, (2) a favorable risk/benefit ratio, (3) equitable selection of subjects, and (4) informed consent by study subjects (i.e., assurance that when individuals give consent to participate in research or to release information, they have explained to them, and clearly understand, their rights as research subjects and the consequences, benefits, and risks that participation or release of information will involve) (Food and Drug Administration, 2014). The role of the IRB is to ensure that the institution has a set of policies and procedures that guide the conduct of research according to the following principles. According to the Code of Federal Regulations (21 C.F.R. §56), the researcher must: 1. Follow written procedures: a. For conducting its initial and continuing review of research and for reporting its findings and actions to the investigator and the institution; b. for determining which projects require review more often than annually and which projects need verification from sources other than the investigator that no material changes have occurred since previous IRB review;



Ethical Responsibilities of the RS and DSS c. for ensuring prompt reporting to the IRB of changes in research activity; and d. for ensuring that changes in approved research, during the period for which IRB approval has already been given, may not be initiated without IRB review and approval except where necessary to eliminate apparent immediate hazards to the human subjects. 2. Follow written procedures for ensuring prompt reporting to the IRB, appropriate institutional officials, and the Food and Drug Administration of: a. Any unanticipated problems involving risks to human subjects or others; b. any instance of serious or continuing noncompliance with these regulations or the requirements or determinations of the IRB; c. any suspension or termination of IRB approval. 3. Except when an expedited review procedure is used (see 56.110), review proposed research at convened meetings at which a majority of the members of the IRB are present, including at least one member whose primary concerns are in nonscientific areas. In order for the research to be approved, it shall receive the approval of a majority of those members present at the meeting.

As stated previously, a written authorization must be obtained from the patient before personally identifiable information is used for research purposes. Exhibit 8-5 provides a listing of all required authorization elements and notifications. An exception to this rule is when an IRB or privacy board has granted an alteration or waiver of the authorization. An alteration or waiver of an authorization means that the authorization for uses and disclosure of information has been waived or required elements altered for a specific situation. Specific conditions must be met before an IRB or privacy board grants an alteration or waiver of authorization. To be valid, an alteration or waiver must include the following: ■■

Identification of the IRB or privacy board granting the alteration or waiver

223

The date of the alteration or waiver A description of protected health information to be used or accessed ■■ A statement that the alteration or waiver has been reviewed and approved under normal or expedited review procedures as stipulated by HIPAA ■■ Signature of chair or other designee of the IRB or privacy board Eightcriteria must be satisfied for an alteration or waiver of authorization to be issued. These include documentation that: ■■ ■■

■■ ■■

■■

■■

■■

■■

■■

■■

Use and disclosure involve minimal risk. Use and disclosure do not adversely affect privacy rights or the welfare of the individuals. The research could not practicably be conducted without the waiver or alteration. The research could not be practicably conducted without access to and use of the protected health information. The privacy risks to individuals are reasonable to the anticipated benefits. An adequate plan to protect the identifiers from improper use and disclosure is in place. An adequate plan to destroy identifiers at the earliest opportunity is in place. There are adequate written reassurances that the protected health information will not be reused or disclosed to any person or entity, except as required by law, for authorized oversight of the research project or for other research for which the use or disclosure of protected health information would be permitted.

There are adequate written reassurances that the protected health information will not be reused or disclosed to any person or entity, except as required by law, for authorized oversight of the research project or for other research for which the use or disclosure of protected health information would be permitted. The RSs and DSSs must adhere to these rules and regulations. Researchers conducting any publicly funded study must submit a protocol to the IRB (including the study’s aims, significance, relation to prior research, design and methods, budget, and consent forms) and get the IRB’s

224

Chapter 8   Research and Decision Support

EXHIBIT 8-5  Required Authorization Elements and Notifications for Use and Disclosure of Information Authorizations Required authorization elements and notifications for use and disclosure of information authorizations must be written in plain language so that individuals can understand the conditions of the authorization and must include (Food and Drug Administration, 2014): 1. A statement that the study involves research, an explanation of the purposes of the research and the expected duration of the subject’s participation, a description of the procedures to be followed, and identification of any procedures that are experimental. 2. A description of any reasonably foreseeable risks or discomforts to the subject. 3. A description of any benefits to the subject or to others that may reasonably be expected from the research. 4. A disclosure of appropriate alternative procedures or courses of treatment, if any, that might be advantageous to the subject. 5. A statement describing the extent, if any, to which confidentiality of records identifying the subject will be maintained and that notes the possibility that the Food and Drug Administration may inspect the records. 6. For research involving more than minimal risk, an explanation as to whether any compensation and an explanation as to whether any medical treatments are available if injury occurs and, if so, what they consist of, or where further information may be obtained.

approval before the study begins. Any expansion or modification of approved protocols requires a new review, at least at the executive committee level. Then, once the study is begun, the research protocol is subject to annual review based on evaluation of findings and consent form use. All serious adverse events, whether expected or unexpected, must be submitted to the IRB for review. Serious but nonlife-threatening events are to be reported and documented. Reports of life-threatening events are required within 24 hours of the occurrence for committee review; reports of nonlife-threatening events, within five working days. Committee review can result in modification of the study, modification of the consent form, or suspension of enrollment in the study, up to and including suspension

of the study itself (Department of Health and Human Services, 2007a). Though the IRB creates, endorses, and enforces its policies, the RS puts them into practical application. As a member of the study team, the RS ensures that the information being collected matches the approval from the IRB review, that all of the IRB strictures regarding protection of privacy and confidentiality are met, and that patients are included in the study only if they have given informed consent and that all regulatory standards regarding information privacy are met. Ensuring appropriate informed consent involves ensuring not only that the signature of the patient on the informed consent form is obtained, but also that the form itself includes the elements required by law. For nonEnglish-speaking subjects, the requirements must be in a form that will be understood (Public Welfare and Human Services, Title 45, 46 C.F.R. §46.117).

Research Versus Clinical Record Special privacy and confidentiality issues arise regarding the relation of the research record to the clinical record. One such concern is the disposition of information gathered as part of a research protocol. Is this information part of the research database, or is it part of the clinical record? The simple answer is that it can be either or both. In academic medical centers (teaching hospitals), subjects are frequently solicited to participate in research, either for minimal-risk protocols or nonminimal-risk protocols. Data about the research subject are documented outside the usual clinical record as part of the research protocol. Although it is appropriate that this information be retained separately, its existence needs to be documented. A summary of subjects participating in a nonclinical event is useful for both clinical investigator and the clinician if the subject is admitted to the hospital or when a complication occurs. The information collected as part of the research protocol must be immediately available, and a note documenting the event and the extent of the complication must be included as part of the documentation in the patient’s medical record.

Of equal concern is the access of researchers to the medical record. Although secondary uses of the medical record to heal the sick through advancing science are important, RSs must ensure that the central principle of the Hippocratic Oath, “First, do no harm,” is respected. Thus, they will need to employ safeguards to indicate when clinical information is not authorized for use beyond direct clinical care. These must be maintained as part of the data architecture in system design. Meeting requirements for the ethical use of medical record information implies being able to block access to selected information for research while allowing that same information to be visible for patient care. The prospect of designing a system with such capabilities is daunting at best. Yet as long as we do not have such a system, we may be hampered in our ability to use information for research without specific authorization for each research encounter. Putting such a system in place will add a cost burden to both the design and implementation of the research project and may result in delays of outcome information as well. But, as suggested by Gary Ellis, director of the National Institutes of Health Office for Protection from Research Risks, we owe our best effort to citizens who contribute to the common good by participating in research studies (Ellis, 1999).

Medical Record Data in Retrospective Studies The use of medical record data in retrospective studies, often initiated years after the medical event, poses special research opportunities and ethical problems. For formal clinical trials and some other types of research, informed consent is routinely sought, the IRB supervises the research, and other protections are enforced. But for some other kinds of research—retrospective epidemiological studies, for example— neither notice nor explicit consent has always been required. Should the patients be contacted for release authorization in these longitudinal studies? Still another concern is the use of secondary data sources, such as indexes, registries, and

Ethical Responsibilities of the RS and DSS

225

reports that typically contain patient-identifiable data. Although these secondary sources are designed to locate relevant health information, they in and of themselves may contain sufficiently sensitive data that can identify an individual patient. A process must be in place to protect patient privacy with regard to secondary data sources as well as the source document, which is the medical record. It is in these areas that the greatest opportunity for ethical compromise may occur. The cost to the facility of creating a system to meet these requirements when little research is done may either seem prohibitive or receive such a low priority in terms of information technology support that the anxious researcher may simply circumvent the requirements and include patients in a study who have not given their approval. When this occurs, the IRB or institutional policies of IRB notification and review must be followed. If the facility does not have an IRB, then its ethics committee will be the appropriate review body to consider the issue. In the state of Minnesota, for example, the penalty for unauthorized disclosure of medical information is loss of license to the practitioner via sanctions by the Board of Medical Practice. The consequences are high and reflect the importance ascribed to the patient’s right to privacy. Federal legislation provides RSs some protection against the compelled disclosure of research information on socially sensitive topics such as mental health, alcohol use, drug use, and sexually transmitted diseases to “any federal, state, or local civil, criminal, administrative, legislative, or other proceedings” (Ellis, 1999, p. 282). Such information is often urgently sought by such parties as law enforcement, but it is potentially stigmatizing, and its disclosure may have such consequences as job loss or criminal prosecution. The federal Public Health Service Act allows the Assistant Secretary of Health to grant certificates of confidentiality to biomedical, behavioral, clinical, and other researchers who are investigating these topics. The certificates, by providing researchers with a legal defense for nondisclosure, aim to protect the privacy rights of people who participate in these important areas of research so that the research can continue.

226

Chapter 8   Research and Decision Support

Maintaining and Enhancing Professional Competence

affected by computing systems, and acknowledging and supporting proper and authorized uses of an organization’s information resource.

We have provided a general discussion of the ethical considerations involved in the roles of the RS and DSS. These were related primarily to activities involved with the management of information and the protection of human subjects. There is, however, another dimension to ethical practice by RSs and DSSs. The consumer of their work product, whether an employer, patient, or colleague, should be able to expect a certain minimum level of expertise based on current knowledge, industry best practices, and standards of the profession. As professionals, RSs and DSSs have an ethical responsibility to do a thorough and careful job, to minimize harm to the organization and individuals, and to not increase risk to the organization or individuals.

KEY TERMS Data governance Data integrity Data stewardship Informed consent Institutional review boards (IRBs) Project management Resource management Reliability SPSS Validity

CHAPTER SUMMARY ■■

Conclusion Advances in information technology coupled with the emergence of the information age bring new and more profound issues related to the ethics of information management. Centralization of data, large storage capacities, sophisticated analysis and data-mining tools, implementation of enterprise-wide intranets, and use of the Internet all contribute to this phenomenon. These are all tools and capacities on which RSs and DSSs rely in their daily work. Although the ethical responsibilities of these professionals may not have changed with the information age, the context in which these professionals practice is more complex and requires execution of good management practices and constant vigilance to support ethical responsibilities. As HIM professionals, RSs and DSSs need to embrace within their ethical responsibility an organizational leadership imperative to further best practices. This includes creating opportunities for members of the organization to know and understand the dimensions of ethical responsibility with regard to information management, articulating and supporting policies that protect the dignity of users and others

■■

■■

■■

■■

Research specialists (RSs) create new knowledge by acquiring and analyzing data. They work, for example, on clinical trials and outcomes research with scientific and medical investigators. Decision support specialists (DSSs) analyze data to support strategic planning and operational improvements on the organizational level. Unlike RSs, DSSs are not necessarily concerned with gaining new clinical and scientific knowledge. Rather, they are concerned with how data may be used to assist management activities. RSs and DSSs are stewards of data with specific responsibilities regarding data governance that they must consider in the areas of data acquisition, data access, and data reporting. Good management practice requires data policy development that encompasses all of these areas. For data collection and processing, policies, standards, and procedures should be in place to ensure data quality and security. It is important to consider the relevance, comprehensiveness, and precision of the data collected and the ways in which selection of measures may bias results. For access control, data must be protected from undesired or unauthorized access. Data should be made available only to

References 227

■■

■■

■■

■■

■■

users within the organization who can demonstrate a legitimate business need for them. The issue of legitimate business need must be defined through policy and procedure. With data reporting, as with data acquisition, there are many ways that bias can be introduced into data. Data should always be presented in a way that will provide for the most accurate and complete interpretation of the findings. RSs in particular have responsibilities regarding the protection of human subjects that include special issues related to the confidentiality of research data. Like the principal investigators with whom they collaborate, they are answerable to IRBs, institutions established by federal law to ensure that human subject research is beneficent and just and shows respect for persons. RSs ensure that the information being collected matches the approval from the IRB review that all of the IRB strictures regarding protection of privacy and confidentiality are met, and that patients are included in the study only if they have given informed consent. Both RSs and DSSs have an ethical obligation to maintain their competence and to perform their work in a thorough and responsible manner. Because their analyses may have a profound impact, these professionals must ensure that good practices of research design and data management are implemented. Both RSs and DSSs must monitor data and information governance to ensure that the data is valid and reliable and the interpretation of data is relevant, correct, and thorough.

REFERENCES Amatayakul, M. (2003). Another layer of regulations: Research under HIPAA. Journal of AHIMA, 74(1), 16A–D. Amatayakul, M. K. (2013). Electronic health records: A practical guide for professionals and organizations (5th ed.). Chicago, IL: AHIMA. American Health Information Management Association [AHIMA]. (1999). Vision 2006. Evolving HIM careers: Seven roles for the future. Chicago, IL: AHIMA.

American Health Information Management Association [AHIMA]. (2004a). Data for decisions: The HIM workforce and workplace. Recommendations to the AHIMA Board of Directors from the Center of Health Workforce Studies based on the HIM Workforce Research Study. Chicago, IL: AHIMA. American Health Information Management Association [AHIMA]. (2011). AHIMA code of ethics. Chicago, IL: AHIMA. American Health Information Management Association [AHIMA]. (2014). Career map. Retrieved July 2, 2014, from http://www.hicareers.com/ CareerMap/. Baase, S. (1997). A gift of fire: Social, legal, and ethical issues in computing. Upper Saddle River, NJ: Prentice Hall. Baird, S., & Kanaan, J. C. (2009). Health data stewardship: What, why, who, how: An NCVHS primer. Hyattsville, MD: National Committee on Vital and Health Statistics. Brandel, M. (2004, March 15). Data stewards seek data conformity. ComputerWorld. Retrieved October 2004 from http://www.computerworld.com/databasetopics/businessintelligence/datawarehouse/story/ 0,10801,91146,00.html?SKC=datawarehouse-91146. Burrington-Brown, J., & Wagg, D. G. (2003). Regulations governing research (AHIMA Practice Brief). Journal of AHIMA, 74(3), 56A–D. Cash, J. I. (1994). Building the information age organization. Homewood, IL: Richard D. Irwin. Centers for Disease Control and Prevention. (2014). Catheter-associated urinary tract infection (CAUTI) event. Atlanta, GA: Centers for Disease Control and Prevention. Centers for Medicare and Medicaid Services. (2013, April 10). HCAHPS: Patients’ perspectives of care survey. Retrieved July 8, 2014, from http://www.cms. gov/Medicare/Quality-Initiatives-Patient-Assessment-Instruments/HospitalQualityInits/HospitalHCAHPS.html. Clinton, W. J. (1997). Remarks by the president in apology for study done in Tuskegee. Retrieved July 8, 2014, from http://clinton4.nara.gov/textonly/New/Remarks/ Fri/19970516-898.html. Data Governance Institute. (2014). Data governance: The basic information. Retrieved July 2, 2014, from http:// www.datagovernance.com/adg_data_governance_ definition/. Department of Health and Human Services. (2007a, January 15). Guidance on reviewing and reporting unanticipated problems involving risks to subjects or others and adverse events. Retrieved July 8, 2014, from http://www.hhs.gov/ohrp/policy/advevnt guid.html. Department of Health and Human Services. (2007b). Other requirements relating to uses and disclosures of protected health information. 45 C.F.R. §164.514. Retrieved from http://www.gpo.gov/fdsys/pkg/

228

Chapter 8   Research and Decision Support

CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1sec164-514.pdf. Department of Health and Human Services. (2013, June 55). Health information privacy. Retrieved July 8, 2014, from http://www.hhs.gov/ocr/privacy/ hipaa/understanding/special/research/index. html. Ellis, G. B. (1999). Keeping research subjects out of harm’s way. Journal of the American Medical Association, 282(20), 1963–1965. Food and Drug Administration. (2014, June 25). A guide to informed consent—information sheet. Retrieved July 8, 2014, from www.fda.gov. Fowler, F. J. (2013). Survey research methods. (5th ed.). Newbury Park, CA: Sage. Friedman, H., & Amoo, T. (1999). Multiple biases in rating scale construction. Journal of International Marketing and Marketing Research, 24(3), 115–126. Harman, L. B. (2011). Ethical issues in health information management. Chapter 13 in M. L. Johns (Ed.), Health information management technology: An applied approach (3rd ed.). Chicago, IL: AHIMA. Johns, M. L. (1997). Information management for health professionals. Albany, NY: Delmar. Jones, J. H. (1993). Bad blood: The Tuskegee syphilis experiment. New York, NY: Free Press. Kanaan, S. B., & Carr, J. M. (2009). Health Data Stewardship: What, Why, Who, How - An NCVHS Primer. National Committee on Vital and Health Statistics.

Krohn, R. (2004a). Data analytics throughout the healthcare enterprise. Journal of Healthcare Information Management, 18(2), 15–18. Krohn, R. (2004b). JHIM Quick Study: Healthcare Business Intelligence and real-time decision support systems. Journal of Healthcare Information Management, 18(3), 14–16. Layman, E., Watzlaf, V. (2009) Health Informatics Research Methods: Principals and Practice. AHIMA Press. Chicago, IL. Lynoe, N., Jacobsson, L., & Lundgren, E. (1999). Fraud, misconduct or normal science in medical research: An empirical study of demarcation. Journal of Medical Ethics, 25, 501–506. Power, D. (2012, April 15). What is the job of a decision support analyst? DSSNews, 13(8). Spinello, R. A. (1997). Case studies in information and computer ethics. Upper Saddle River, NJ: Prentice Hall. Streiner, L., & Norman, G. R. (1989). Health measurement scales: A practical guide to their development and use. Oxford: Oxford University Press. Ware, W. H. (1993). The new faces of privacy. Information Society, 9, 195. Whittemore, A. (2003). Breast cancer in Marin County. Breast Cancer Research, 5(5), 232–234. Weng, L-J. (2004, December). Impact of the number of response categories and anchor labels on coefficient of alpha and test-retest reliability. Educational and Psychological Measurement, 54(6), 956–972.



Ethical Decision-Making Matrices

229

Ethical Decision-Making Matrices SCENARIO 8-A  Designing a Survey to Bias the Results Steps

Information

1. What is the question?

Should the research specialist insist on the original three-point ordinal?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN Visual bias will negatively affect the integrity of the data

TO BE GATHERED ■■

■■

■■ ■■

Would the alteration of the scale to a fivepoint ordinal constitute fraud? What are the customary practices in such cases? What is the RS’s supervisor expecting? What is the likely impact on the RS and family of changing jobs?

4. What are the values?

Patient: Benefits from improvements in service

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

HIM Professional(s): Integrity, accuracy, and reliability (RS has an ethical obligation to generate the most accurate data possible); personal values (promote welfare or self and family by avoiding loss of job; promote and participate in research).

STAKEHOLDERS

Researcher: Show the facility in the best light possible; maximize the positive value of the aggregate satisfaction scores.

Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue. 5. What are my options?

Healthcare Professional(s): Promote welfare of patients through provision of best possible care. Administrators: Benefit patients.

■■ ■■

Use five-point ordinal. Insist on three-point ordinal.

6. What should I do?

Insist on three-point ordinal.

7. What justifies my choice?

JUSTIFIED ■■ ■■

Preserve integrity of data. Preserve professional integrity.

NOT JUSTIFIED ■■ ■■ ■■

8. How can I prevent this problem?

■■ ■■ ■■

Use five-point ordinal. Compromise data integrity. Compromise professional integrity.

Review standards for preserving integrity of data and creating surveys. Discuss standards and the values that support them with colleagues. Evaluate institutional (or departmental) integrity at job interview and subsequently when ethical problems arise.

230

Chapter 8   Research and Decision Support

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.



Ethical Decision-Making Matrices

231

SCENARIO 8-B  The Impact of Sample Selection Bias Steps

Information

1. What is the question?

Should the Decision Support Specialist insist on reporting the overall satisfaction score of 9.1?

2. What is my “gut” reaction?

What is your first reaction to this case on an emotional level? What assumptions are you making? What biases do you have?

3. What are the facts?

KNOWN ■■

■■

Reporting the results of the OB unit as the overall satisfaction represents a sampling bias. A random sample of OB patients cannot be generalized to the entire patient population.

TO BE GATHERED ■■ ■■

■■ ■■

How widely distributed is the press release? Could it be edited to reflect the fact that it represents only OB satisfaction prior to wide release? What is the DSS’s supervisor expecting? What is the likely impact on the DSS and family of changing jobs?

4. What are the values?

Patient: Benefits from improvements in service.

Examine the shared and competing values, obligations, and interests of the many stakeholders in order to fully understand the complexity of the ethical problem(s).

HIM Professional(s): Integrity, accuracy, and reliability (DSS has an ethical obligation to generate the most accurate data possible); personal values (promote welfare or self and family by avoiding loss of job; promote and participate in research).

STAKEHOLDERS

Researcher: Show the facility in the best light possible. Maximize the positive value of the aggregate satisfaction scores.

Patient, family, HIM professional(s), healthcare professional(s), administrators, society, and others appropriate to the issue. 5. What are my options?

Healthcare Professional(s): Promote welfare of patients through provision of best possible care. Administrators: Benefit patients.

■■ ■■

Request a correction or retraction of the press release. Ignore the issue and let the release stand.

6. What should I do?

Request a correction or retraction.

7. What justifies my choice?

JUSTIFIED ■■ ■■

Preserve integrity of data. Preserve professional integrity.

NOT JUSTIFIED ■■

■■ ■■

8. How can I prevent this problem?

■■ ■■ ■■

■■

Allow a biased measure of satisfaction to be released to the public. Compromise data integrity. Compromise professional integrity.

Review standards for preserving integrity of data and creating surveys. Discuss standards and the values that support them with colleagues. Evaluate institutional (or departmental) integrity at job interview and subsequently when ethical problems arise. Ensure that the facilities information governance policy includes guidelines for public release of data.

232

Chapter 8   Research and Decision Support

The ethical decision-making matrix is a tool to help you organize complex ethical problems; however, there is no simple fill-in-the-box approach to ethical decision making. The objective is to follow each step of the process and not move from the question directly to what should be done or how to prevent it next time.

If you skip steps, you will not fully understand all of the values and options for action. Also, the matrix provided for each scenario is not the only way to examine the problem. You can make an equally compelling ethical argument for a different decision—just be sure to follow all the steps of the matrix.

CHAPTER 9

Public Health and Informatics

© kentoh/Shutterstock

Babette J. Neuberger, JD, MPH Eric S. Swirsky, JD, MA

respect for the individual’s privacy. This chapter explores the use of patient data to assess and protect the health of the population at local, state, national, and international levels. It raises the difficult question of when the government’s need to know should prevail over the interests of the individual and his or her desire to keep personal information solely within the provider– patient relationship. A theoretical framework is provided for addressing difficult policy choices about when patient information ought to be reported to health authorities. The chapter also explores emerging issues in global health and the use of social media in public health activities.

Learning Objectives After completing this chapter, the reader should be able to: ■■

■■

■■

■■

■■

■■

Comprehend the evolution of public health informatics and the opportunities and challenges associated with establishing a national infrastructure for public health data. Describe how the government uses private medical information in protecting the public’s health. Apply ethical arguments germane to public uses of personal health data, and identify distinctions between public values and traditional clinical medical ethics. Analyze the ethical dimensions of a proposed policy concerning government access to private medical information. Participate more meaningfully in public debate about government uses of private health data, as well as government financing of a global public health infrastructure. Advocate more persuasively for policy measures using well-reasoned arguments.

Scenario 9-A  Gun Control and Reporting Mental Health Status Gun control has become an intense political topic within the state due to a recent mass shooting at a middle school in the state’s capital. The governor has asked the secretary of the Department of Human Services (DHS)—your boss—for her support on a proposed bill to regulate and restrict firearm ownership. Under the bill, DHS would be responsible for maintaining a new registry. The secretary has some reservations about supporting the bill and

Introduction Government access to, and use of, patient information is critical for protecting the public’s health. At the same time, it raises ethical challenges to doctor–patient confidentiality and

(continued )

233

234

Chapter 9   Public Health and Informatics

asks you, as the agency’s chief information officer, for your advice. The facts are as follows. In the aftermath of the shooting, the governor partnered with state law enforcement agencies and several legislators representing the middle school’s district to draft a bill entitled the Firearm Owner Identification (FOID) Mental Health Reporting System, which would require qualified clinicians and healthcare professionals to report patients whom they determine to be: 1. A “clear and present danger” in that they communicate a serious threat against a reasonably identifiable third person or themselves or otherwise demonstrate threatening physical or verbal behavior; 2. “Intellectually disabled,” meaning that the individual’s intellectual functioning and adaptive behavior are “significantly subaverage” as a result of a disability that manifested before the age of 18; or 3. “Developmentally disabled,” meaning conditions that result in impairments similar to those caused by, and require services similar to those required by, intellectual disabilities, and which manifest before the age of 18 and are expected to continue indefinitely. Data in the FOID Mental Health Reporting System would be cross-referenced with state and local police data and used to restrict people with a qualifying condition from obtaining a “Firearm Owner Identification Card” allowing them to legally possess firearms. The new reporting requirements would apply to clinical psychologists, clinical social workers, licensed clinical professional counselors, physicians, psychiatrists, registered nurses, and marriage and family therapists practicing at public or private mental health or developmental disability facilities. If an aforementioned provider determines that a person has a qualifying condition (i.e., a person presents a clear and present danger, is intellectually disabled, or is developmentally disabled as described in the law), then the provider is required to report that person’s name, address, date of birth,

gender, race, physical description, and the determination made through an online system to be administered by DHS within the time frame established in the law. No official diagnosis is required; all the provider needs to do is click the box in the online reporting system to indicate which of the three qualifying conditions the subject is determined to have according to his or her professional judgment. To encourage reporting and protect providers, the proposed bill has provisions that maintain confidentiality of the reporting provider’s identity, and protect providers and their employers from criminal, civil, or professional liability for reporting or failing to report, except for willful or wanton misconduct. To guarantee proper use of the registry, the bill stipulates the registry’s use is restricted to that necessary to determine a person’s eligibility to possess a firearm. The proposal has sparked public debate and divisions in the state capital. The Coalition for Firearm Reporting, a coalition of concerned citizens from across the state, is lobbying forcefully in favor of the bill. The group’s media campaign has focused on reports of the deadly school shooting and other gun-related tragedies involving people with mental disabilities that have occurred in other states. They contend that current events warrant the passage of the law, and that law enforcement needs all the help it can get in curbing gun violence; mandated reporting would allow officials to take preventive measures by denying lawful access to those whom they believe pose a threat to themselves and the public at large. Reporting would further allow law enforcement to investigate gun owners and revoke FOID cards as necessary. The Alliance to End Disability Discrimination, a disability advocacy group, has argued equally vociferously (if not as publicly) against the bill. The group argues that the proposed requirements not only deny disabled persons their constitutional rights but also unjustifiably stigmatize them; the bill is premised on the notion that there is a correlation or causal relationship (continued )

Introduction

between disability and gun violence. They see the inclusion of the intellectually and developmentally disabled as an attempt to appease and shift attention away from the powerful pro-gun lobby and argue that the law effectively scapegoats the disability community. Moreover, they argue that the disabled may have a greater need for selfdefense and that the law will frustrate the efforts of law-abiding citizens to protect themselves. The governor and the State Attorney’s Office have supported the bill publicly. They see the new reporting requirements as a commonsense reform with proper oversight. The number of gun-related deaths has been rising in the state, and the governor would like to sign the bill into law before next year’s gubernatorial election. The director of the Department of Public Health has expressed strong opposition to the bill but has done so behind closed doors so as not to break ranks publicly. In his opinion, the inclusion of the intellectually and developmentally disabled persons is arbitrary and dangerous. He believes that if passed, the law would have one or both of the following results: people will be discouraged from seeking much-needed medical treatment, and/or otherwise law-abiding citizens will obtain firearms through other means and impede law enforcement’s ability to track gun ownership. As her chief of staff, the secretary has turned to you for counsel. Questions 1. Would you advise the secretary of the Department of Human Services to support the bill or not? 2. How do you go about determining the correct course of action in this emotionally charged debate? What tools or information do you require to reach a decision? 3. Does the proposed rule create an ethical conflict between the DHS and the population it serves? Between those living with disabilities and society? Examine the proposed rule from the competing perspectives of the patient,

235

provider, the secretary of the Department of Human Services, and the public as you think about what action you would advise the secretary to take. 4. What ethical issues are involved in this scenario? What ethical principles might guide you as you advise the health director in making this extraordinarily difficult decision? How do you weigh the competing values, interests, and ethical principles in coming to your decision? Source: The legislation for this case is based on the Illinois Firearm Owners Identification Card Act, 430 IL Compiled Stat. 65, as amended by The Firearm Concealed Carry Act, Illinois Public Act 98-0063.

A completed ethical decision-making matrix for the scenario is provided at the end of the chapter. This chapter explores government access to and use of patient information to protect the public’s health. Although health information management (HIM) professionals think primarily of the clinical uses of patient information, such data also are essential to protecting the health of the public. For example, medical records of a tuberculosis (TB) patient are used by the medical team to establish an appropriate treatment regime for the patient. The hospital administration may use such data to ensure compliance with infection control guidelines for the facility. Public health researchers may map the aggregated data of all TB cases within a city, looking for a correlation between TB and high-risk groups, such as the city’s homeless population and/or HIV-infected population. The research results may be used by public health authorities to design intervention measures to prevent TB from spreading further. All of these uses depend initially on the proper diagnosis, coding, and documenting of the patient’s medical condition. With the emergence of biomedical informatics, the ability to capture large data sets in an electronic format has improved, and data

236

Chapter 9   Public Health and Informatics

have become more centralized and accessible. The field of public health has responded to this data explosion by increasingly relying upon the collection, coordination, and analysis of data to carry out its mission. HIM professionals play a vital role in this exciting field. As you read through this chapter, you will see that HIM professionals have professional duties and many of the skills that are required in public health. Readers are likely to identify a broad range of positions that could best be filled by those who are educated in the management of health information. But even if you work in a more traditional HIM setting, such as a hospital or outpatient health clinic, you will discover that the work you do is integrally related to, and will significantly affect, the ability of public health officials to guard the public’s health. By learning how local, state, and federal governments use patient data, and the emergence of the public health information infrastructure, you will gain a new appreciation of the importance of ensuring data quality, completeness, and accuracy. This chapter also challenges you to think about the HIM professional’s role as a patient advocate and the ethical tensions that can exist between and within the competing duties of preserving personal rights and promoting of public good. It provides you with tools to help you decide whether to support or oppose public policies requiring the sharing of private medical information. This chapter’s opening scenario exemplifies an ethical challenge to an HIM professional in public health. What follows is an introduction to the field of public health and government uses of patient data and technology at the local, state, and federal levels. Relevant ethical principles are then explained and discussed, and then related back to the opening scenario as we explore the process of ethical analysis and some of the moral implications of public health interventions. The chapter continues with a discussion of two emerging issues: social justice and governmental responses to global infections and pandemics, and the opportunities and challenges of social media use for public health activities. The chapter concludes with a discussion of the HIM professional’s role as a patient advocate within the policy arena, and

a second scenario is presented giving students further opportunity to practice skills of ethical reasoning.

Public Health Information: An Overview Generally speaking, public health encompasses all those activities that we as a society undertake to ensure conditions in which people can be healthy. Such conditions include clean air, clean water, and proper sanitation; a safe work environment that is free from physical and chemical stressors; a healthy food supply; access to medical care and preventive diagnostic screenings; a good diet; and participation in physical exercise. To completely understand public health, one must think broadly about all those who are involved with accomplishing its mission. The systems for public health delivery include not only an extensive array of public actors, encompassing local, county, state, and federal health departments and environmental agencies; public health clinics and hospital systems; clinical laboratories; and school nursing programs, but also the efforts of a multitude of private actors, persons, and institutions delivering the services and care that are essential to ensuring the health and well-being of our populace. A large component of this latter group is, of course, private medical care providers. Though public health and medicine are integrally related, there are essential differences between them. Historically, medical care was focused on the care, treatment, and/or cure of diseased individuals. More recently, we have witnessed a shift in focus, with greater interest and attention paid to prevention in addition to cure, due in some measure to a restructuring of the financing of medical care in the United States. Nevertheless, it is still safe to say that the medical profession’s primary focus is on the individual; its concern is the dyadic, provider-to-patient relationship. In contrast, the field of public health has prevention as its primary focus, with particular attention paid to populations rather than to individuals. To address the mission of public health and promote conditions in which people can be healthy, the government’s role

is to assess information on community health, develop policy based on evidence-based science, and to ensure the community will have access to the services necessary to achieve public health goals (Institute of Medicine, 1988, pp. 7–8). The differences between public health and medicine are underscored by the different ways they view patient information. Confidentiality has long been considered an essential component of the doctor–patient dyad because it is foundational to trust in the clinical relationship; there is a presumptive duty not to disclose protected health information. This exchange is a core element of medicine’s social contract— patients expect to have their confidentiality and dignity preserved, while medicine expects trust and autonomy to exercise professional judgment for the benefit of the patient. However, patients and providers are not the only parties to this contract. As a self-regulating profession, medicine has an important relationship with the government that manifests in a number of expectations and obligations, including the duty to promote the public good and comply with laws and regulations (Cruess & Cruess, 2008). As we will explore in this chapter, these duties come into conflict when an individual’s health status endangers the public welfare and the provider has a professional obligation to report that status to the appropriate authority.

The Evolution of Public Health and Government Access to Private Medical Information The first large-scale advances in public health were made in the 1800s, during what was known as the “Great Sanitary Movement.” During this period, enormous advances occurred in the eradication of the conditions that gave rise to such diseases as malaria, typhoid fever, cholera, yellow fever, dysenteries, and summer diarrheas. Prior to the 1800s, diseases and contagions were largely accepted as the norm, and ill health was generally seen as evidence of a person’s poor moral character. Public health measures were primarily directed at separating diseased individuals from the rest of the population through isolation and quarantine laws (Institute of Medicine, 1988).

Public Health Information: An Overview

237

The Great Sanitary Movement coincided with an unprecedented influx of rural Americans and immigrants into cities and industrial towns seeking work. The numbers overwhelmed the capacity of urban areas to absorb and serve the needs of the newly arrived. The first wave of migration to urban areas occurred in the 1830s. Between 1860 and 1910, the number of Americans living in urban areas rose from 19 to 45 percent (Rosen, 1971). Overcrowded urban areas were an ideal breeding ground for infectious diseases of all kinds, as reports by investigators of the time vividly show (Rosen, 1972). The contagions that thrived there affected the rich and poor alike, causing an outcry for a public response and undermining the assumption that the ill were morally deficient. Two early crusaders, Edwin Chadwick in London and Lemuel Shattuck in Massachusetts, published reports that called attention to the need for improved sanitation and other social measures that could reduce the spread of disease (Chave, 1984; Rosenkrantz, 1974). Shattuck’s 1850 report of the Massachusetts Sanitary Commission recommended a decennial census, standardized reporting of diseases and death, and called for health data to be collected by age, sex, occupation, socioeconomic level, and locality, as a way to alleviate illness and death related to the living conditions of the time (Thacker, Qualters, & Lee, 2012). Simultaneous with the call for social improvements, in the late 1870s Robert Koch discovered the role of bacterium in spreading infectious diseases. The convergence of these events led to sweeping improvements to the conditions affecting the public’s health. Inadequate public health measures such as quarantine and isolation were supplemented with rigorous attention to improved systems of sanitation, provision and supervision of sanitary water supplies, sewage disposal facilities, better control of sanitary conditions affecting the food supply, and better housing codes that eliminated crowded tenement structures in the industrial cities (Rabe, 1990). Centralized registry data revealed that high rates of morbidity continued to predominate among children and the poor, resulting in the establishment of home nursing programs and school-based

238

Chapter 9   Public Health and Informatics

clinics in the larger metropolitan areas (Institute of Medicine, 1988). Also during this period, the science of epidemiology became an integral discipline of state and local health departments. The term epidemiology is defined as “the study of the occurrence and distribution of health-related events, states and relevant processes in specified populations, including the study of the determinants influencing such processes, and the application of this knowledge to control relevant health problems” (Porta, p. 95). Overall, there was a dramatic shift from reaction to planned prevention. By the end of the 1800s, 40 states and several cities had established health departments, many with laboratories to detect infectious disease agents (Institute of Medicine, 1988). The period between the 1870s and the early 1900s witnessed a rapid growth in the systematic reporting of communicable diseases at the local, state, and ultimately the national level. By 1901 all state and municipal laws required reporting of infectious diseases, such as smallpox, tuberculosis, and cholera, to local authorities (Thacker, Qualters, & Lee, 2012). Census taking and public health surveying were revolutionized in 1890 with the introduction of Herman Hollerith’s punch-card tabulating machine, the first practical application of computer technology to medicine (Shortliffe & Blois, 2014). The technology assisted with the tabulation of population data, reducing the time and cost of data processing. By 1925, all states had begun participating in national morbidity reporting (Thacker, Qualters, & Lee, 2012). With the introduction of mandated reporting came the ability of government to institute more aggressive infection control strategies. An historical account of Brighton, England’s 1889 Infectious Disease Notification Act illustrates the intrusive impact such laws had on those who succumbed to infectious diseases. The Act provided town health officials with extensive authority to gather patient information; inspect their homes and impose isolation measures. At the end of an illness those who were confined at home were subjected to far-reaching and costly disinfection measures of their dwellings and personal belongings. Patients who could

not successfully be isolated at home were moved to hospitals, where deaths occurred frequently because of cross-infection by other diseases (Eyler, 1986). Mandatory reporting laws were not accepted without controversy. The laws offended notions of individual rights and liberties, threatening both the right of individuals to convalesce privately and the right of physicians to practice their profession without state interference. Physicians protested that the laws forced them to divulge their patients’ information thus violating the ancient Hippocratic Oath. Doctors objected to being used as a tool to further the public’s interest at potentially grave expense to their patients because, for many patients, quarantine or removal to a hospital resulted in serious financial difficulties, devastating social stigma, or death. Those opposing the laws further argued that due to the fear of public exposure, notification laws would deter patients from calling in a physician, thereby adding to the disease burden. (For an interesting historic account of the development and controversies surrounding disease notification laws, see Mooney, 1999.) Although compliance was initially quite low, notification laws slowly gained acceptance (Lerner, 1993). The change was due in some measure to the growing credibility and influence of public health as a profession, as well as the health authorities’ demonstrated success in controlling epidemics by taking early preventive measures when provided with timely data. Health authorities now engage in a broad array of activities designed to ensure healthy conditions for the populace. Activities include the delivery of personal health services, environmental regulation and sanitation measures, surveillance (the systematic and ongoing collection and analysis of data such as the occurrences of diseases, deaths, events, procedures, and/or risk factors for purposes of protecting the public’s health), clinical laboratory investigation and services, immunization programs, maternal and child health interventions, and health education and health promotion campaigns designed to promote healthier lifestyles and nutritional habits. Although the scope and extent of public health activities at



Public Health Information: An Overview

all levels of government ebb and flow in relation to the level of public resources committed to such activities, certain programs and services are provided more frequently by local health departments (LHDs), as presented in Exhibit 9-1. Governmental access to a range of individual medical and other health-related data is pivotal to modern public health efforts. Data are used to calculate birth rates, identify conditions during pregnancy and congenital malformation, tabulate causes of death, and provide other indices of public health. State and federal governments maintain registries that capture and compile statistical data in a centralized database, enabling population-based research and analysis. Most common are disease registries, specifically cancer and tumor registries, and more infrequently exposure registries. Other, less common registries capture events as diverse as mental retardation, strokes, accidents, and enteric diseases. The data come from public agencies, medical care providers, and medical institutions that are required by law to submit

EXHIBIT 9-1  Local Health Department Activities According to a 2013 survey conducted by the National Association of County and City Health Officials (NACCHO), the most frequent activities provided directly by LHDs are: ■■ Adult and childhood immunizations ■■ Communicable/infectious disease surveillance (primarily for tuberculosis, sexually transmitted diseases [STDs], and HIV/AIDs) ■■ Tuberculosis treatment ■■ Environmental health surveillance ■■ Food service establishment inspections ■■ Food safety education ■■ Schools/day care center inspections ■■ Population-based nutrition services NACCHO 2013 National Profile of Local Health Departments Washington, DC., http://www.naccho.org/topics/­infrastructure/ profile/upload/2013-National-Profile-of-Local-Health-­ Departments-report.pdf, p. 36

239

patient information about the event. Disease registries serve as a rich resource for patient tracking, detection of trends in the rate of diseases, and epidemiologic studies to detect causal relationships between exposure and disease. Another significant data source is the information reported to government by medical providers in compliance with aforementioned state reportable diseases and conditions statutes. A reportable disease (sometimes referred to as a notifiable disease) is one for which regular, frequent, and timely information on individual cases is considered necessary for the prevention and control of that disease (Friis & Sellers, 1999). A common example is the outbreak of an apparent food-borne illness among children and adults attending a company picnic. Healthcare providers who treat the stricken individuals are legally required to report the illness to health authorities. The data are shared among local and state health officials as needed to investigate and contain the outbreak. The list of notifiable diseases varies by state; it also varies over time. Exhibit 9-2 illustrates a typical state mandatory reporting law for diseases and health conditions. Data collected with identifiers, including registry data and reports of notifiable diseases, raise ethical concerns because the data include patient identifiers such as the patient’s name, age, sex, race, ethnicity, and address; the name and address of the responsible physician; and other information needed by health departments to permit record linkages and/or to locate patients for follow-up investigations. Further, the information is reported to the government without the patient’s permission, raising some concerns that will be discussed later in this chapter. In addition to reporting at the local and state levels, all 50 state health departments, as well as the health departments of New York City, the District of Columbia, and the five U.S. territories, submit information on a weekly basis to the U.S. Centers for Disease Control and Prevention (CDC). These data are submitted in aggregate form; that is, without personal identifiers. Aggregated data allow the federal government to track national trends, to monitor the incidence and prevalence of diseases and

240

Chapter 9   Public Health and Informatics

EXHIBIT 9-2  Mandatory Reporting Laws for Diseases and Health Conditions in the State of Colorado (6 CCR 1009-1) Colorado regulations require healthcare providers, including attending physicians, laboratories, coroners, hospital administrators, and persons in charge of other institutions licensed by the Colorado Department of Public Health and Environment (such as nursing homes and day care centers); persons in charge of schools (including school nursing staff); and any “other persons either treating or having knowledge of a reportable disease,” to report an array of diseases and conditions to the health department. Most reports must be filed within 24 hours of learning about a confirmed or suspected case. The occurrence of a single case of any unusual disease or manifestation of illness that the healthcare provider determines or suspects may be caused by or related to a chemical, radiological, bioterrorist agent, or terrorist incident must be reported immediately by telephone to the state or local health department by the healthcare provider and the hospital, emergency department, clinic, healthcare center, and laboratory in which the person is examined, tested, and/or treated. The same immediate reporting is required for any unusual cluster of illnesses that may be caused by or related to a chemical, radiologic, or bioterrorist agent or incident, which includes, but is not limited to, anthrax, plague, smallpox, tularemia, botulism, viral hemorrhagic fever, and brucellosis. The following diseases and conditions (confirmed or suspected) must be reported within 24 hours: ■■ Active tuberculosis disease ■■ Animal bites by dogs, cats, bats, skunks, or other wild carnivores ■■ Anthrax ■■ Botulism ■■ Cholera ■■ Diphtheria ■■ Group outbreaks, including food poisoning ■■ Hepatitis A ■■ Measles (rubeola) ■■ Meningitis or other invasive disease caused by Haemophilus influenzae ■■ Meningitis or other invasive disease caused by Neisseria meningitides ■■ Pertussis ■■ Plague ■■ Poliomyelitis ■■ Rabies in human (suspected) ■■ Rubella ■■ Severe Acute Respiratory Syndrome (SARS) ■■ Smallpox ■■ Syphilis (first-degree, second-degree, or early latent) ■■ Typhoid fever Other diseases and conditions must be reported within seven days. For certain diseases (those designated with an asterisk), reports are based on the physician’s diagnosis, whether or not laboratory tests have confirmed the doctor’s findings. The following diseases and conditions must be reported within seven days: ■■ AIDS and HIV Infection ■■ Bites by animals not included in the previous list ■■ Brucellosis*



Public Health Information: An Overview

EXHIBIT 9-2  Mandatory Reporting Laws for Diseases and Health Conditions in the State of Colorado (6 CCR 1009-1) (continued ) ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■

Campylobacteriosis Chancroid Chlamydia trachomatis Cryptosporidiosis Cyclospora Encephalitis* Escherichia coli O157:H7* and shiga-toxin-producing Escherichia coli Giardiasis* Gonorrhea, any site Hantavirus Healthcare-associated infections Hepatitis B* Hepatitis C* Hepatitis, other viral Hemolytic uremic syndrome if