Introduction to Healthcare

and Public Health in the US

Lecture d
Regulating Healthcare
This material (Comp1_Unit6d was developed by Oregon Health and Science University, funded by the Department of Health
and Human Services, Office of the National Coordinator for Health Information Technology under Award Number
IU24OC000015.
Regulating Healthcare
Learning Objectives
Describe the role of accreditation, regulatory bodies, and professional
associations in healthcare in the US. (Lecture a)
Describe the basic concepts of law in the United States: the legal system,
sources of law, classification of laws, the court system, and the trial
process. (Lecture b)
Describe legal aspects of medicine involving the Affordable Care Act,
professional standards in healthcare, medical malpractice, Tort reform, and
Medicare and Medicaid Fraud and Abuse (Lecture c)
Describe key components of the Health Insurance Portability and
Accountability Act (HIPAA) and current issues of privacy and patient safety
in the US (Lecture d)
Discuss the need for quality clinical documentation for the use of the health
record as a legal document, communication tool and a key to prove
compliance for healthcare organizations. (Lecture e)

2
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
Health Insurance Portability and
Accountability Act
Improves portability of health insurance
New employer plan may not limit coverage due to pre-existing
condition
If health insurance is lost, improves access to group health plan
Protects from discrimination based on health status
Combats fraud, abuse, and waste in healthcare
Promotes use of health savings accounts
Improves access to long-term care
Simplifies the administration of medical insurance

3
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
HIPAA Privacy & Security
Privacy requirements
What health information must be protected
http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/in
dex.html
Security requirements
How to protect the information
http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.
html


4
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
HIPAA Covered Entities
6.7 Figure: Flowchart for determining whether an entity is a HIPAA covered health provider or not. (CMS.gov, nd.)

5
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
HIPAA Covered
Entities (contd)
Health plans
Insurance companies
Health maintenance organizations (HMOs)
Company insurance plans
Government agencies that pay for healthcare
Health care clearinghouses
Billing services
Repricing companies
Community health management information systems
Value-added networks that perform clearinghouse functions
6
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
HIPAA Privacy Rule
Applies to protected health information
All individually identifiable health information is
protected
Held or transmitted by a covered entity or its
business associates
In any form or medium, whether electronic,
paper, or oral




7
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
Individually Identifiable
Information
Physical or mental health condition
Provision of healthcare
Payment
and
Identifies the individual, or there is a reasonable
basis to believe the information can be used to
identify the individual
8
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
Privacy Rule Requirements
Notify patients of privacy rights
Allow patients to see their medical records
Implement privacy procedures
Train employees
Designate an individual to be responsible for
seeing that privacy procedures are adopted and
followed
Keep patient records secure
9
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
HIPAA Security Rule
Requires covered entities to use security
measures to protect health information
Does not require use of any specific technology
Establishes minimum standards
If state laws require more rigorous
safeguards, the state law must be followed
10
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
HIPAA Security Rule:
General Guidelines
Ensure the confidentiality, integrity, and
availability of health information
Anticipate threats to the security and integrity
of the information, and protect against them
Protect against reasonably anticipated,
impermissible uses or disclosures of health
information
Ensure compliance by the workforce
11
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
HIPAA Enforcement
and Penalties
Enforced by Office of Civil Rights of the US
Department of Health and Human Services
Violations can result in civil fines and criminal
penalties
$4.3 million civil penalty in 2010
$1.3 million for failure to give patients access
to medical records
$3 million for failure to cooperate with
investigation
12
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
Patient Safety
To Err is Human (Institute of Medicine, 1999)
Reported that:
44,000 to 98,000 people die in hospitals each year as
a result of preventable medical mistakes
Mistakes cost hospitals $17 billion to $29 billion yearly
Individual errors are not the main problem
Faulty systems, processes, and other conditions lead
to preventable errors


13
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
Medical Mistakes Today
Affected 1 in 3 hospital patients in one study
In 2008, harms to patients from medical errors
cost $17.1 billion
Errors can result in medical malpractice lawsuits
42% of doctors are sued at some point
Hospital malpractice suits alone could top
$8.6 billion in 2011
Suffering from medical errors: not measurable
14
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
The Joint Commission
Safety Initiatives
Sentinel Event Policy
Unexpected death, unexpected serious
physical or psychological injury, or the risk of
such an event
Patient Safety Advisory Group
Panel of experts who recommend National
Patient Safety Goals
Also address newly developing safety issues
15
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
The Joint Commission
Safety Initiatives (contd)
Universal Protocol for Preventing Wrong Site,
Wrong Procedure and Wrong Person Surgery
Pre-surgery verification
Site marking
Time out before an incision is made
The Speak Up Initiative
Encourages patients to participate in their care
Free patient education materials


16
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
Agency for Healthcare
Research and Quality (AHRQ)
6.8 Table: The bottom of the AHRQ home page, which can be found at AHRQ dot gov. (AHRQ.gov, nd.)
17
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture c
National Healthcare Quality Report
Effectiveness
Timeliness
Efficiency
Patient safety
Access to care
Patient centeredness

6.9 Table : Listing the attributes of Quality & Patient Safety.
(AHRQ, nd.)
18
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture c
AHRQ: Health IT
6.10 Figure (left). Menu from the AHRQ web page on Health It Technology, Best Practices Transforming Quality, Safety, and Efficiency
(AHRQ,gov, ND)
6.11 Figure (right). Menu of articles on background information and the latest evidence on key topics from the field of health IT. (AHRQ.gov,
nd.)
19
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
Regulating Healthcare
Summary Lecture d
Patient privacy and safety are high priorities for all
people employed in the healthcare industry
HIPAA has rules for the privacy and security of
patient health information
The Joint Commission supports initiatives for
reducing medical errors
The Agency for Healthcare Research and Quality is
an important source of information about how to
keep patients safe and maintain the privacy of their
health information
20
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
Regulating Healthcare
References Lecture d
References
Agency for Healthcare Research and Quality. 2010 National Healthcare Quality Report. Publication No. 11-0004.
February 2011. http://www.ahrq.gov/qual/nhqr10/nhqr10.pdf. Accessed April 13, 2011.
Agency for Healthcare Research and Quality. Health information technology [portal].
http://healthit.ahrq.gov/portal/server.pt?open=514&objID=5664&parentname=CommunityPage&parentid=50&mod
e=2. Accessed April 13, 2011.
American Medical Association. Understanding the HIPAA standard transactions: the HIPAA Transactions and Code
Set Rule. 2009. http://www.ama-assn.org/resources/doc/psa/hipaa-tcs.pdf. Accessed April 12, 2011.
Centers for Medicare and Medicaid Services. Are you a covered entity?
http://www.cms.gov/HIPAAGenInfo/06_AreYouaCoveredEntity.asp. Accessed April 13, 2011.
Gamble M. Frequency, severity of medical malpractice claims to rise in 2011. Beckers Hospital Review. October
13, 2010. http://www.beckershospitalreview.com/hospital-financial-and-business-news/frequency-severity-of-
medical-malpractice-claims-to-rise-in-2011.html. Accessed April 13, 2011.
Institute of Medicine. To Err is Human: Building a Safer Health System. November 1, 1999.
http://www.iom.edu/Reports/1999/To-Err-is-Human-Building-A-Safer-Health-System.aspx. Accessed April 13,
2011.
Kane CK. Medical liability claim frequency: a 20072008 snapshot of physicians. American Medical Association.
2010. http://www.ama-assn.org/ama1/pub/upload/mm/363/prp-201001-claim-freq.pdf. Accessed April 13, 2011.

21
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
Regulating Healthcare
References Lecture d (continued)
References
Reinberg S. Hospital errors may be far more common than suspected. HealthDay. April 7, 2011.
http://www.usnews.com/mobile/articles_mobile/report-hospital-errors-may-be-far-more-common-than-suspected.
Accessed April 13, 2011.
The Joint Commission. http://www.jointcommission.org. Accessed April 13, 2011.
US Department of Health and Human Resources. HHS imposes a $4.3 million civil money penalty for violations of
the HIPAA Privacy Rule. February 22, 2011. http://www.hhs.gov/news/press/2011pres/02/20110222a.html.
Accessed April 12, 2011.
US Department of Health and Human Resources. Understanding health information privacy.
http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html. Accessed April 12, 2011.


22
Health IT Workforce Curriculum
Version 3.0/Spring 2012
Introduction to Healthcare and Public Health in the US
Regulating Healthcare
Lecture d
Charts, Tables, Figures
6.7 Figure: Adapted from http://www.cms.gov/HIPAAGenInfo/Downloads/CoveredEntitycharts.pdf. CMS (nd.)
Acquired from http://www.cms.gov. Last accessed Jan. 2012.
6.8 Table: The bottom of the AHRQ home page, which can be found at http://www.ahrq.gov/ AHRQ (nd.). Last
accessed Jan. 2012.
6.9 Table: Listing the attributes of Quality & Patient Safety. AHRQ.gov (nd.). From the bottom of the AHRQ home
page, which can be found at http://www.ahrq.gov/. Last accessed Jan. 2012.
6.10 Figure (left): AHRQ.gov (nd.)
http://healthit.ahrq.gov/portal/server.pt?open=514&objID=5664&parentname=CommunityPage&parentid=50&mod
e=2. From the AHRQ website, http://www.ahrq.gov/ . Last accessed Jan. 2012.
6.11 Figure (right). Menu of articles on background information and the latest evidence on key topics from the
field of health IT. http://healthit.ahrq.gov/portal/server.pt/community/knowledge_library/653/key_topics/5664. From
the AHRQ website, http://www.ahrq.gov/ . Last accessed Jan. 2012.