in
pt
C r ac
io n
APRIL 2015
g E nc
y
r
Welcome
TO THE DIGITAL EDITION OF THE
JOURNAL AHIMA
OF
Ad Space
NAME
1
Cover
18
Cracking Encryption
Despite benefits, technology
still not widely used to combat
multi-million dollar breaches
By Mary Butler
Presidents Message
Creating an Environment of Trust for
Patients and Consumers
10
pg. 36
Spiders have been busy creating webs on the federal privacy rules. ONCs new
Chief Privacy Officer intends to help the nation dust off these regulations.
Features
24
28
36
Bulletin Board
14
17
Inside Look
New Technology Creates New
Privacy, Security Challenges
60
Calendar
61
Keep Informed
62
Volunteer Leaders
66
68
Addendum
Follow the ONC Road
40
44
By Grant Gillis
Standards Strategies
Security, Privacy, and Safety
Standards in Canadian Healthcare
48
42
Coding Notes
Quizzes
56
23
58
Cracking Encryption
Domain: Privacy and Security
26
50
59
http://journal.ahima.org
Medical Devices Face
Cyber Security Threats
With all the focus on
data breaches and lack of
encryption, other cyber
security threats loom almost
unnoticed.
tinyurl.com/AHIMALinkedInGroup
twitter.com/ahimaresources
youtube.com/AHIMAonDemand
feeds.feedburner.com/JournalOfAhima
AHIMA CEO
EDITORIAL DIRECTOR
EDITOR-IN-CHIEF
ASSISTANT EDITOR/
ADVERTISING COORDINATOR Sarah Sheber
ASSOCIATE EDITOR
Mary Butler
CONTRIBUTING EDITORS
Sue Bowman, MJ, RHIA, CCS, FAHIMA
Patricia Buttner, RHIA, CDIP, CCS
`
Angie Comfort, RHIA, CDIP, CCS
Angela Rose, MHA, RHIA, CHPS, FAHIMA
Julie Dooling, RHIA, CHDA
Melanie Endicott, MBA/HCM, RHIA, CCS, CCS-P, CDIP,
FAHIMA
Katherine Downing, MA, RHIA, CHP, PMP
Deborah Green, MBA, RHIA
Jewelle Hicks
Lesley Kadlec, MA, RHIA
Carol Maimone, RHIT, CCS
Paula Mauro
Anna Orlova, PhD
Kim Osborne, RHIA, PMP
Harry Rhodes, MBA, RHIA, CHPS, CDIP, CPHIMS, FAHIMA
Maria Ward, MEd, RHIT, CCS-P
Diana Warner, MS, RHIA, CHPS, FAHIMA
Lydia Washington, MS, RHIA
Lou Ann Wiedemann, MS, RHIA, CHDA, CDIP, CPEHR,
FAHIMA
Jill A. Blacketer
ADVERTISING REPRESENTATIVES
Network Media Partners
Jeff Rhodes
(410) 584-1940; Fax: (410) 584-8353
jrhodes@networkmediapartners.com
Brittany Shoul
(410) 584-1941; Fax: (410) 316-9865
bshoul@networkmediapartners.com
AHIMA OFFICES
233 N. Michigan Ave., 21st Floor
Chicago, IL 60601-5800
(312) 233-1100; Fax: (312) 233-1090
1730 M St., NW, Suite 502
Washington, DC 20036
(202) 659-9440; Fax: (202) 659-9422
AHIMA ONLINE: www.ahima.org
JOURNAL OF AHIMA: journal@ahima.org
JOURNAL OF AHIMA MISSION
The Journal of AHIMA serves as a professional development tool
for health information managers. It keeps its readers current on
issues that affect the practice of health information management.
Furthermore, the Journal contributes to the field by publishing work
that disseminates best practices and presents new knowledge.
Articles are grounded in experience or applied research, and they
represent the diversity of health information management roles and
healthcare settings. Finally, the Journal contains news on the work
of the American Health Information Management Association.
EDUCATIONAL PROGRAMS
The Commission on Accreditation for Health Informatics and
Information Management Education (www.cahiim.org) accredits
degree-granting programs at the associate, baccalaureate, and
masters degree levels.
AHIMA recognizes coding certificate programs approved by the
Approval Committee for Certificate Programs. For a complete list of
AHIMA-approved coding programs and HIM career pathways go to
www.hicareers.com.
Journal of AHIMA (ISSN 1060-5487) is published monthly, except for the combined issue of November/December, by the American Health Information Management Association, 233 North Michigan
Avenue, 21st Floor, Chicago, IL 60601-5800. Subscription Rates: Included in AHIMA membership dues is a subscription to the Journal. The annual member subscription rate is $22.00 for active and
graduate members, and $10.00 for student members. Subscription for nonmembers is $100 (domestic), $110 (Canada), $120 (all other outside the U.S.). Postmaster: Send address changes to Journal
of AHIMA, AHIMA, 233 North Michigan Avenue, 21st Floor, Chicago, IL 60601-5800. Notification of address change must be made six weeks in advance, including old and new address with zip code.
Periodicals postage is paid in Chicago, IL, and additional mailing offices.
Notice of Policy
Editorialviews expressed in articles contributed to the Journal of AHIMA are those of the author(s) and do not necessarily reflect the policies and opinions of the Association, editorial review
board, or staff. Articles are not to be construed as endorsing any particular product or service. Advertisingproducts, services, and educational institutions advertised in the Journal do not imply
endorsement by the Association.
Copyright 2015 American Health Information Management Association Reg. US Pat. Off.
Ad Space
NAME
7
We Code with Confdence.
Ovation Coding Services is built on the
foundation of continuous quality improvement
and combines Outsourced Coding, Quality Audit
Services and Intelligent Coding Analytics to
create the ultimate coding solution. The result
is zero coding backlog, guaranteed quality,
reduced costs, and eliminates worry over coding
resources, or shortage-driven cost increases.
Outsourced Coding
2000+ dedicated FTE coding team
4 million+ charts per month | 48 hour turnaround
Presidents Message
Ad Space
vs. Audit Relief
Audit Chaos
High volumes of audit requests arrive
and are delivered to various departments.
NAME
9
DEPT.
DEPT.
DEPT.
DEPT.
DEPT.
Inundated departments
process the requests
using different methods..
No communication
between
departments,
no one knows
what the other
is doing.
Constant phone calls, faxes, and visits
from third-party vendors distract
staff and increase HIPAA concerns.
!!!
healthport.com 800.737.2585
Although there are many electronic health record (EHR) vendors in the marketplace, just a few of these vendors dominate the market share for physician
practices in the US, according to a report from SK&A. Epic took the top spot
at 11.6 percent, followed by eClinicalWorks at 10.2 percent. The top 10 EHR
vendors by overall physician practice market share are depicted in the chart
below. The report, Physician Office Usage of Electronic Health Records Software, listed the 20 top vendors by overall market share.
41.4 percent
20%
10%
0%
30%
40%
50%
Source: SK&A. Physician Office Usage of Electronic Health Records Software. February 2015. www.skainfo.
com/health_care_market_reports/EMR_Electronic_Medical_Records.pdf.
While physicians and other eligible professionals (EPs) have long complained
about the prospect of financial penalties for failure to attest to the meaningful use EHR Incentive Program,
new data shows they have less to worry about than previously thought.
In data presented at the most recent
Office of the National Coordinator for
Health IT (ONC) Health IT Policy Committee meeting, the Centers for Medicare and Medicaid Services (CMS)
said 36,782 EPs attested to stage
2 through February 1. An additional
71,519 EPs are scheduled to attest to
stage 2, because they have already attested to stage 1 for at least two years,
CMS Elisabeth Myers, from the Office
of eHealth Standards and Services,
told the committee.
Whats more, estimated penalties are
also expected to be lower than antici-
https://itunes.apple.com/us/
app/sutter-health-mobile-app/
id920850488?ls=1&mt=8
https://myhealth.stanfordhealthcare.
org/myhealth
An app developed in-house for iOS by
Stanford Health Care engineers, MyHealth, connects iPhones and iPads
with Epics EHR system as well as Apples HealthKit. Available for free from
the Apple App Store, MyHealth also
supports Stanford Health Cares ClickWell Care service.
Contributor Acknowledgement
The authors of this article would like to acknowledge Joel
White, executive director of the Health IT Now Coalition, who
contributed to this article by providing insight into how the
cromnibus could affect HIM professionals.
The AHIMA Advocacy and Policy Team (advocacyandpolicy@ahima.org)
is based in Washington, DC.
Journal of AHIMA April 15/15
Meetings
Advanced ICD-10-PCS Skills Workshops
For those looking to refine their code set skills, these workshops
provide three days of in-depth hands-on training in the ICD-10-PCS
coding system and its application.
AHIMA ICD-10 Academy: Building Expertise in Coding
This dynamic training program provides coding proficiency through
expert instruction and hands-on exposure to coding exercises on
both the ICD-10-CM and ICD-10-PCS code sets.
Find multiple dates and locations for workshops and academies by
visiting ahima.org/events.
Data Summit: Beyond ICD-10
The 2015 AHIMA Data Summit: Beyond ICD-10 is a must-attend
industry event dedicated to exploring multiple healthcare datas
connections, leading the documentation journey, and how
classification and terminologies (including ICD-10) provide more
specificity to that data.
To register, visit ahima.org/events.
Online Education
AHIMA Learning Opportunities with CEUs include:
ICD-10 A&P Focus Courses and Assessments
ICD-10 Coding Practice Cases
ICD-10-CM Collection
ICD-10-PCS Collection
ICD-10 Coding Proficiency Assessments
ICD-10 Readiness and Post-Training Assessments
Clinical Documentation for ICD-10 by Specialty:
Principles & Practice
For more information, visit ahima.org/education/onlineed.
Webinars
10IC
D-1
0IC
-10
D-1
ICD
0IC
D-1
10IC
CD
0IC
D-1
-10
D0
#ICD10MATTERS
MX10766
Publications
ICD-10-PCS Code Book ,
2015 Draft
Consulting Editor
Anne B. Casto, RHIA, CCS
Prod. No. AC222014
Price: $110
Member Price: $89.95
Downloadable Resources
2015 Edition
ICD-10-PCS
An Applied Approach
2015
Basic
ICD-10-CM/PCS
and ICD-9-CM
Coding
-10ICD-10ICD-10ICD-10ICD-10ICD-10ICD
10ICD-10ICD-10ICD-10ICD-10ICD-10ICD-
Were looking
out for ICD-10
and you!
Inside Look
Notes
1. Postscapes.com. Fourth Annual
Internet of Things Awards. http://
postscapes.com/internet-of-thingsaward/2014/index.
2. Federal Trade Commission. Internet of
Things: Privacy and Security in a Connected World. January 2015. www.ftc.
gov/system/files/documents/reports/
federal-trade-commission-staff-reportnovember-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf.
Journal of AHIMA April 15/17
io n
pt
C r ac
in
g E nc
y
r
Cracking Encryption
IN MOVIES AND on television lately, Hollywood has made encryption and decryption look exciting, glamorous, and worldsaving. The film The Imitation Game and the BBC show The
Bletchley Circle chronicle how British code breakers decrypted
military strategy codes from the Nazi encryption tool called
Enigma. History buffs know that decryption technology and
the military advantage it provided shortened World War II by
an estimated two years, saving untold thousands of lives.
Encryption and decryptionparticularly encryptionis
still a high stakes game today when it comes to protecting valuable data like personal health information.
Cracking Encryption
Hackers and thieves, the enemies of secure health data, are waging a war against hospitals, insurers, Wi-Fi networks, and patients
whose information is stored and transmitted by those entities.
The last several years have seen massive data breaches compromising the protected health information (PHI) of millions
of people. In January, the thieves who hacked insurer Anthem,
gained access to the names, birthdates, medical ID/Social Security numbers, addresses, employment information, and income
data of an estimated 80 million peoplethe largest breach to
date as of press time. And in August 2014, a group of Chinese
hackers breached Community Health Systems network, which
stored the patient data of 4.5 million people. These breaches
came shortly after the Federal Bureau of Investigation warned
healthcare providers that hackers were expected to target facilities in the healthcare industry due to lax security practices.
One of the best tools for fighting breaches is data encryption,
which health information management (HIM) professionals
define as the process of transforming text into an unintelligible
string of characters that can be decrypted when it reaches a secure destination.1
While encryption cant prevent every kind of breach out
there, it can lessen the blow when data is stolen by preventing sanctions from the government. If an encrypted device is
stolen, the information is considered inaccessible by hackers
and the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) waives monetary penalties. In other
words, encryption is a get out of jail free card of sorts when
done properly.
But even with perks like thatas well as preventing the loss
of millions of dollars in fines and credibility with the public
healthcare entities have been slow to jump on the encryption
bandwagon. Much of that is due to myths surrounding encryption. Healthcare organizations are concerned that encryption
will slow down a number of operations, such as electronic
health record (EHR) system functions, web portal communications, and business processes. Another concern is costthough
the costs of encrypting databases, mobile devices, data at rest
(data thats stored), and cyber insurance policies vary broadly.
Encryption also doesnt come with an easy or readily measurable return on investment, which can make it hard to justify
during budget negotiations. Finally, for privacy officers, HIPAA
is frustratingly vague on encryption requirements. Chris Apgar,
CISSP, CEO of Apgar Solutions, which helps healthcare organizations perform HIPAA Security Rule risk analyses and build security response plans, notes that while the HIPAA Security Rule
talks about encrypting laptops versus encrypting e-mail, its not
specific about how to do it.
But the rewards of having stringent data protection programswhether through encryption alone or encryption
combined with other measuresare enormous as long as an
organization knows what to encrypt, can identify why theyre
encrypting, and can see through the myths.
The healthcare industry is coming around to encryption, slowly but surely, security experts say. With an increasing number
of data breaches occurring as the result of stolen laptops, encryption is getting a second look from many providers. According to a 2014 Bitglass analysis of HHS breach reports, 68
percent of healthcare data breaches since 2010 were the result
of lost or stolen files or devices. Forty-eight percent of breaches
involved a laptop, desktop, or mobile device.2
Cracking Encryption
Graphic credit: Sharon Lewis, MBA, RHIA, CHPS, CPHQ, FAHIMA, Primeau Consulting.
Usually there is software or another mechanism that deidentifies the data in the original message so that only individuals who have a keysuch as a password or another
multifactor authenticatorcan decrypt the data.
Health data security experts say that data sent around
and within the same organization (a closed network) usually doesnt need to be encrypted. But if its being transmitted outside of an organization, especially if its PHI, it
should be encrypted.
There are also different levels of encryption, and the
strength is determined by a mathematical algorithmdepending on the algorithm, the encrypted data may or may
not be considered secure. Healthcare organizations can
look to organizations such as the National Institute of Standards and Technology (NIST) to provide recommendations
for the level of encryption needed to protect various devices.
Encryption strength is measured in bits. For example,
encryption strength for a laptop and its disk size might be
56 bits, which can be cracked in three days by someone
who doesnt have the key or passcode. On the other hand,
it could take six months of quantum computing to crack
something employing 128-bit encryption, such as a large
database, according to Apgar.
But as other experts have noted, encryption only works when
the people using the data are properly trained. For instance,
with some encryption technologies data on a laptop is only encrypted when the laptop is closed or shutdown. If a user walks
away from the laptop the data is not secure until the system
automatically signs the user out after a set period of time.
In essence disk encryption technologies can be bypassed
if an attacker gets a hold of the computer while it is sleeping
or waiting for a password prompt. The attack exploits RAM
chips in laptops that arent cleared of data when the laptop is
turned off, Bowen says.
To be certified for stage 2 of the meaningful use EHR Incentive Program, eligible professionals or hospitals must
conduct or review a security risk analysis that includes
addressing the encryption/security of data stored in certified EHR technology, according to the programs final
rule. For providers working on meaningful use, encryption should be a priority.
If Im using an EHR system, entering or updating patient
records in the electronic system, then encryption should
be seamless to the user, Bowen says. They would be
viewing the application inside a secure network, and once
they hit save it would push that data to a database that
automatically encrypts the data when it is no longer being
accessed or used.
Cracking Encryption
couple steps to retrieve it. But overall Waugh described the process as not too painful.
Elisa Gorton, RHIA, CHPS, MAHSM, assistant director of HIM
and privacy officer at St. Vincents Medical Center in Bridgeport, CT, says the cost of encryption and the potential for slower
e-mail sending and receiving are the price organizations may
pay for securing their systems. At St. Vincents, e-mails leaving
the organization are automatically scanned as they leave their
internal e-mail system. The system will detect certain wording
and numbering conventions that could be, or are, Social Security numbers or phone numbers, credit card numbers, account
numbers, medical record numbers, etc. The system then sends
an automatic reply back to the sender informing them that the
e-mail did not transmit. The organization has a policy and procedure for encrypting such e-mails and when they are encrypted the email is transmitted. Gortons organization also encrypts
mobile devices owned by the hospital.
St. Vincents e-mail security program is robust, but Gorton
knows there are weaknesses in any organization. She says that
in the back of her mind shes always worried about a person
who uses their own personal mobile device for work. I think
thats always going to be pretty much where I see our greatest
risk right now, she says.
Cracking Encryption
devicessuch as morphine IV lines, insulin pumps, pacemakers, and heart and oxygen monitorsand manipulate
the operation of those devices.
There is a large risk out there for life and limb for patients
hooked to these devices and decisions that are made on information rendered in them, Frederick explains. Historically with medical devices the device manufacturers have
resisted providing malware protection, or secure network
connectivity.
This leaves medical devices vulnerable to cyber terrorism. All
it would take is for one hacker to install a malicious code causing one of these devices to malfunction. Although this might
sound paranoid, it helps put encryption in perspective.
We have been talking about security and encryption in the context of a breach, and people having their personal information stolen. When it comes to healthcare that is probably the best case
scenario for what could happen in a breach, Frederick says.
Notes
1. AHIMA. Pocket Glossary of Health Information Management Technology. Chicago, IL: AHIMA Press, 2012.
2. Bitglass. The 2014 Bitglass Healthcare Breach Report:
Is Your Data Security Due for a Physical? http://pages.
bitglass.com/rs/bitglass/images/WP-Healthcare-Report-2014.pdf.
Reference
WinMagic Data Security. Data Encryption Demystified: Seven
Common Misconceptions and the Solutions That Dispel
Them. http://docs.media.bitpipe.com/io_10x/io_104841/
item_535783/WM_Data_Encryption_Demystified_White_
Paper_20120316.pdf.
Mary Butler (mary.butler@ahima.org) is associate editor at the Journal
of AHIMA.
Instituting an
Enterprise-wide
PHI Disclosure
Management
Strategy
By Collette Zeiour, RHIA, and Mariela Twiggs, MS, RHIA, CHP, FAHIMA
Notes
1. The Advisory Board Company. One in 10 Americans Has
Been Affected by a Large Health Data Breach. The Daily
Briefing. June 17, 2014. www.advisory.com/Daily-Briefing/2014/06/17/One-in-10-Americans-has-been-affected-by-a-large-health-data-breach.
2. Department of Health and Human Services. Health Information Privacy: Case Examples and Resolution Agreements.
www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/.
Collette Zeiour (czeiour@ejgh.org) is director of HIM for East Jefferson General Hospital. Mariela Twiggs (mtwiggs@mrocorp.com) is national director
of training and compliance for MRO.
Ad Space
NAME
27
LEARN
MORE
TO EARN
MORE...
HOW TO FURTHER YOUR HIM EDUCATION, AND WHAT IT GETS YOU
By Lisa A. Eramo
SKILLS,
MONEY,
JOB SECURITY,
RESPECT,
CAREER
SATISFACTION,
OPPORTUNITIES,
MOBILITY,
WISDOM,
PRIDE,
dential because of his knack for analytics and to identify himself as an expert in this area.
2. Interview others in the profession and within the organization to get your bearings and hear real stories. Talk
with other professionals before making the leap into higher
education or pursuing a specialty credential. Most HIM professionals are very approachable and more than happy to
share their educational and professional journeys, Parker
says. Ask them if you can shadow them for a day. Also consider asking management staff about the types of credentials
and degrees that could benefit you the most within the organization, she adds. Are there any upcoming organizational
changes for which a credential might be helpful?
3. Move at your own pace. Pursuing additional education
or credentials can be extremely difficult for those with family
and work obligations. Its a lot to juggle, Marc says. Not
everyone can hammer out a degree in one or two years. Take
the time you need to get it done. Edmonson agrees. As
long as youre working toward it and taking one class at a
time, youll get there eventually, she says.
However, its important to stay focused and not use a lack
of free time as an excuse to delay education, says Lusk. We
need to encourage people that theres never going to be a
good time to do it. You just need to get started, she says.
4. Never forget the importance of networking. Even
once youve got the credential or degree, youve still got to
work at finding and maintaining professional connections.
Networking essentially enhances the return on investment of
the degree or credential, Parker says. Its not just about what
you knowits about who you know as well. Its incredibly
important to engage in internships and attend AHIMAs local
and national meetings, she adds.
could occur in the next five to 10 years given the rapid evolution of the profession.
Specific masters degrees that may appeal to HIM professionals run the gamut. Theres the traditional masters degree
in health services management, but there are also masters degrees in education, strategic leadership, organizational leadership, health administration, or health informatics. Some HIM
professionals are even pursuing a masters in business administration. Others may pursue a legal degree or masters degree in
Juris Prudence, or even a PhD.
2,500
5,000
7,500
10,000
12,500
15,000
he got a job working in a lab using data analytics to develop predictive models for diseases. He decided to obtain his masters
degree in biomedical sciences with a minor in biomedical informatics to advance his position from that of clinical researcher to
senior clinical researcher.
After realizing that he wanted to perform his own research
rather than assist others with their projects, he decided to take
some time off work to pursue his PhD in health informatics with
a minor in cognitive science. Ultimately, his passion for teaching landed him his current job as an assistant professor in the
department of health informatics and information management at the College of St. Scholastica, where he says having a
PhD will help him pursue tenure track. Marc, who also serves
as the health informatics graduate program director, says many
students view a graduate program as a way to explore different
job opportunities.
What I think an advanced degree does for you is expose
you to the depth and breadth of the profession so when you
leave the program, you understand all of the angles and components, he says. When you graduate, you have more confidence in terms of knowing where you want your career to go.
Oftentimes, new graduates become pigeonholed within one
aspect of HIM and may not even realize what other opportunities are available, Marc says. Other professionals may feel as
though theyve hit a plateau in their careers. Despite their frus-
D I S C E R N I N G
tration, they may feel as though they dont have the ability to
move in a new directionparticularly in the direction of the
emerging field of healthcare analytics. Statistics and analytics
are terms that scare a lot of people, Marc says. But Ive had students who go through these classes, and it just clicks. They get it.
They say, I can see myself doing this.
Marc says he often tells his students that having an advanced
degree helps the most with career mobility. Students could
probably pursue a job and get an entry level position in the
field, but if they want to progress within that position faster or
get the manager or director type of role, thats where the advanced degree really helps. You can come into this profession
with an advanced degree, he adds. This is particularly true for
career changers or those who may not have a whole lot of direct HIM experience.
Katherine Lusk, RHIA, MHSM, had been working as an assistant vice president of patient information services when the
large health system in which she worked purchased 12 physician practices. Although her RHIA credential provided her with
valuable skills related to registration and scheduling, she says
she needed a different breadth of knowledge when it came time
to integrate the physician practices. Lusk thought about pursuing an MBA but was more interested in the system integration. I thought it was important for me to understand from a
big picture the integration with external provider groups, she
Identities
MPI Clean-Up
Ongoing MPI Management
Algorithm Optimization
Data Integrity Consulting Services
www.JustAssociates.com | 303-693-4727
| ANALYZING | IMPROVING | OPTIMIZING
32/Journal of AHIMA April 15
ADVANCING
agement and project management. It also helps me communicate with higher level management. I understand the workflow
and processes, and I know how to interject and give suggestions
for how to make things better.
In addition to working full-time at UC Health, Edmonson also
teaches classes online and in person. She hopes to eventually
pursue a masters degree in the event that she decides to teach
full-time in a university setting.
THE BEST
PRODUCTIVITY
SOFTWARE
UNIQUE KEY FEATURES
TO SPEED UP TEXT INPUT
Call 1 800 355 5251
34/Journal of AHIMA April 15
Link
Earning HIM Cred
journal.ahima.org
Ad Space
NAME
35
Visit our
booth #8103
at HIMSS15
Clearing
the HIPAA
Cobwebs
NEW ONC CHIEF PRIVACY OFFICER LUCIA SAVAGE
FOCUSES ON BALANCING PRIVACY AND SECURITY
WITH EXPANDING INTEROPERABLE EHR EXCHANGE
By Chris Dimick
JAHIMA: What needs to change at the state and federal level to foster more health information exchange?
Savage: We have a situation where HIPAA is really a floor,
it is the basic rule and states are not only allowed to, but do,
enact laws that are more privacy-protected than HIPAA. And
those enactments come because of real experiences real
people have had where bad things have happened to them.
For example, because their personal information, health or
not, has been used in a way they didnt anticipate. One older
example is at one time children [were] being sent home from
school because their parents were HIV positive. So we have
enacted these rules to protect peoples privacy in these special circumstances after very robust public debate in state
legislature.
The problem we have is while those rules are philosophically
aiming at the same things, the words used on the page vary so
much that we cant efficiently use machine learning because
we are worried that if we program it to meet the rule of state A,
we wont quite meet the philosophically similar but contentdifferent rule of state B.
And so I think we have some work to do to harmonize how
we deploy these special protections [at the state level]. Im in no
way saying they should be removed. Im saying lets harmonize
them so that we can take advantage of computerized abilities
to capture, consent, tag data with consent, persist that choice
through the data. And if you think about something like telemedicine, where the intent is to have a provider in one state and
a patient in another state, you have got to figure out a way to
have the patients expectations and the providers understanding match across the state line.
JAHIMA: As EHRs developed, a lot of interoperability issues
came with the technology. But there was once a time when
privacy was one of the big issues hindering interoperability.
Savage: That is right, and ONC has done some task support on that, even the HISPC work before HITECH that really
documents the nature of the problem and even documents
potential solutions. And Im really hoping to go back to that
as a discussion point.
I think now that we have had such a great run of getting
physicians to adopt electronic health record systems and we
are moving toward how do we make those systems exchange
data for healthcare, it gives us a new chance to look at this
in light of what now science is telling us about how effective
coordinated care can be, and what we can do on the social
determinants of health to improve health in communities,
keep people out of the emergency room that dont belong
there, etc.
There is a really important part of this that we cant lose sight
of. A key part of this privacy formula is the patient or person
whose data are collected needs to understand what is happening to it. If we have harmonized laws, it is easier to explain
privacy rights to a person. And we have a situation where we
have many different languages and different levels of literacy in
America. The easier it is to explain the easier it is to get that word
out in our diverse population.
Operational Assessments
Temporary HIM Management
Coding Validation Audits and Coding Support
Scanning and Transcription Analyses
Scanning Software & Project Operations
Management
CAC Guidance & RFP Management
CAC Implementation Management
ICD-10 Coder and Physician Education
ICD-10 Project Management (Limited)
ICD-10 DRG Shift/Documentation Analysis
800-274-1214
www.FirstClassSolutions.com
www.Cortrak.com
Journal of AHIMA April 15/39
Where to Begin
with Cyber Defense
By Sharon Lewis, MBA, RHIA, CHPS, CPHQ, FAHIMA, and Kevin B. McDonald, HCISPP, CHPSE
Resource
Ponemon Institute. Fourth Annual Benchmark Study on
Patient Privacy and Data Security. March 12, 2014. www.
ponemon.org/blog/fourth-annual-benchmark-study-onpatient-privacy-and-data-security.
Sharon Lewis (slewis@primeauconsultinggroup.com) is principal and
chief privacy officer for Primeau Consulting Group. Kevin McDonald
(kmcdonald@noloki.com) is chairman of the Orange County Sheriff/Coroners technology advisory council and president of Noloki Healthcare IT
and Compliance.
Journal of AHIMA April 15/41
formation relating to an identified or identifiable natural person. In other words, personal information is anything that allows anyone to link information to a specific person. Examples
include physical or e-mail addresses, phone numbers, bank
information, video images, and, of course, health information.
Because these rights belong to individuals, they exist without
regard to where personal data about them is located, including
information within the custody of their employers, third party email, social media providers, healthcare providers, or insurers.
AFFORDABLE
ICD-10
... we delivered!!!
v
Lowest
priced,
best
value
ICD-10s
of any
publisher!
Teach staff
w Professional Version On Sale $54995
w Designed to teach others
or clients!
w Includes: Power Point Slides, Instructors Manual,
Seminar DVD Set, Workbook, & Code Book
w Individual Version On Sale $24995
st!
Low CEU Co
w Designed to teach yourself (12 CEUs)
w Includes: Seminar DVD Set, Workbook, & Code Book
www.channelpublishing.com
SS10015
IN THE LARGE community of standards development organizations (SDOs) that are focused on healthcare and health informatics, the International Organization for Standardization
(ISO) Technical Committee (TC) 215 Health Informatics (ISO/
TC 215) is one of the leading forums. As mandated by ISO, the
scope of ISO/TC 215 is broad:
Standardization in the field of health informatics, to facilitate
the coherent and consistent interchange and use of health-related
data, information, and knowledge to support and enable all aspects of the health system.1
Founded in 1998 and now covering such domains as architecture, frameworks and models, semantic content, security, safety,
and privacy, ISO/TC 215 has more than 25 years invested in consensus building and requirements development. The committee
has worked with public and private sector experts to enable the
development of health information technology (HIT) standards.
ISO/TC 215 now has more than 50 countries participating in and
observing its standards development activities, and collaborates
with 29 other ISO technical committees. It works closely with
the International Electrotechnical Commission and International Telecommunication Union, and hosts the Joint Initiative
Council, comprising various HIT standards development organizations, such as Integrating the Healthcare Enterprise (IHE),
Health Level Seven (HL7), and the International Health Terminology Standards Development Organisation (IHTSDO).
The benefits of standards that aim to ensure the security, safety, and
privacy of PHI are extremely important for healthcare information
systems development and professional competence.
through its Electronic Health Record Infostructure (EHRi) Privacy
and Security Conceptual Architecture. This robust, well-detailed
scheme describes a secure systems design for EHRs in Canada.
The conceptual architecture works to ensure that the privacy of
patients is protected and that the confidentiality, integrity, and
availability of their PHI is maintained in an ongoing fashion.
Within this conceptual architecture, ISO security, privacy, and
patient safety standards play an important role in point-of-service solutions. For all provincial and territorial jurisdictions, as
well as many crown agencies and commissions in healthcare,
the standard ISO/IEC 27799 Health Informatics Information
Security Management in Health Using ISO/IEC 27002 is widely
recognized as the foundational standard for security for EHRs
and all clinical and eHealth related solutions.
Based on the standard ISO/IEC 27002 Information Technology Security Techniques Code of Practice for Information Security Controls, which is the international standard
providing global guidance for any organizations information
security standards and information security management
practices, ISO/IEC 27799 provides more specific guidance in
support of implementation of ISO/IEC 27002 in health informatics. In particular, ISO/IEC 27799 specifies the appropriate controls for the management of PHI, thereby sustaining a
requisite level of security corresponding to an organizations
circumstances and maintaining the confidentiality, integrity,
and availability of PHI.
In conjunction with ISO/IEC 27799, many Canadian jurisdictions also use a variety of ISO/TC 215 security standards for
their EHR requirements. For example, requirements from the
standard ISO/IEC 18028 Information Technology Security
Techniques IT Network Security have been used in many
network environments to adapt and extend existing IT security
management guidelines by specifying the necessary operations
and mechanisms to implement network security safeguards
and controls in a comprehensive manner.
Also, to help manage the growing need to audit accesses to
PHI, the standard ISO 27789 Health Informatics Audit Trails
for Electronic Health Records specifies a common framework
for audit trails for EHRs, in terms of audit trigger events and
audit data, to keep the complete set of PHI auditable across information systems and domains. These ISO/TC 215 standards
are supplemented by an array of security specifications from
the IEC, HL7, as well as integration profiles from the IHE.
On the privacy side, the 10 principles as originally specified
by the Organization of Economic Cooperation and Development (OECD) are closely followed as a national standard
through CAN/CSA-Q830 Model Code for the Protection of
iso_technical_committee.htm?commid=54960.
2. International Organization for Standardization. ISO/
TC 215 Health Informatics Business Plan Version 3.
June 7, 2013. http://isotc.iso.org/livelink/livelink/
fetch/2000/2122/687806/ISO_TC_215__Health_informatics_.pdf?nodeid=1001750&vernum=-2.
3. COACH: Canadas Health Informatics Association.
Guidelines for the Protection of Health Information:
2013 Edition. www.coachorg.com/en/practices/2013_
Main_Edition.asp.
4. Canada Health Infoway. Electronic Health Record Infostructure (EHRi), Privacy and Security Conceptual
Architecture. Version 1.1. June 2005. www.infoway-inforoute.ca/index.php?option=com_googlesearchcse&n=
30&Itemid=1307&cx=012561371923227377403%3Ae3ijz6
nmumi&cof=FORID%3A11&ie=ISO-8859-1&q=4.%09Ca
nada+Health+Infoway.+Privacy+%26+Security+Architec
ture%2C+Version+1.1.+2005&hl=en&cr=countryCA.
Notes
Grant Gillis (ggillis@coachorg.com) is a member of the Canadian Standards Mirror Committee, ISO/TC 215 Health Informatics, and is executive director, forums and practices, with COACH: Canadas Health Informatics Association.
Focus On
Missed Revenue
1.866.427.7828
W W W. H C S S TAT. CO M
46/Journal of AHIMA April 15
Ad Space
NAME
47
Chargemaster
Review
Capture
Charge
Review
and
Consulting
Special Projects
Editors note: This is the second in a series of four articles that discuss the eight Information Governance Principles for Healthcare.
Integrity Principle
The principle of integrity states that an information governance (IG) program should be constructed and managed such
that the organization has a reasonable and suitable guarantee
of authenticity and reliability. In healthcare, integrity of information means that an organization has the ability to prove
that information is authentic, timely, accurate, and complete.
This is a fundamental expectation from patients, providers,
and other stakeholders such as regulatory agencies.
This principle recognizes that an information governance program should include:
Adherence to the organizations policies and procedures
Appropriate workforce training on information management and governance
Reliability of information
Admissibility of records for litigation purposes
Acceptable audit trails
Reliability of systems that control information
Why are these elements important for good information governance? Consistent practices that assure the quality of information must be integrated into every step in the information
lifecycle. For example, it is critical that organizations determine
their responsibilities and processes for both internally created
information as well as that which is received from external
sources. The latter, however, might include taking additional
steps that are necessary to identify and classify the information
before adding it to a patients health record.
Adherence to IG policies and procedures helps an organization not only comply with regulatory and legal requirements,
but more importantly, assure patient safety and care quality. In
addition, workforce training empowers individuals to comply
with those policies and emphasizes their importance.
Audit trails document activities related to information, and
therefore reinforce the reliability and integrity of that information. Likewise, information cannot be reliable unless the technology infrastructure on which it is created, used, maintained,
and stored is reliable. Therefore, an organization should monitor its infrastructure for deficiencies, and when necessary take
appropriate action to correct problems and mitigate risks.
Integrity provides trust that the information is authentic. An
authentic record is one that is proven to:
Be what it purports to be
Has been sent, received, or created by the person or system purported to have done so
Has been sent, received, or created at the time purported
The principle of integrity seeks to assure the trustworthiness of information through the development and implementation of information governance processes and procedures
Protection Principle
The principle of protection states that an IG program must
provide the appropriate levels of protection from breach, corruption, and loss for information that is private, confidential,
secret, classified, essential to business continuity, or otherwise
requires protection. Given the intensely personal, sensitive,
and life sustaining nature of health information, the principle of
Protection has a special emphasis in healthcare.
Many healthcare organizations have established privacy and
information security programs, and these should be integrated
into the overall information governance program.
Protection takes various forms and may include:
Active management of, and restriction of access to, information according to context
Prevention of unauthorized information disclosure by
clearly defining policies, creating safeguards, and then
monitoring them to prevent leakage
Securing final disposition of information, regardless of
source or media
Audit programs to validate whether sensitive information is handled in accordance with organizational policies and procedures and in compliance with applicable
laws and practices
Link
Read the Full IGPHC Principles
www.ahima.org/topics/infogovernance
PRACTICE BRIEF
practice guidelines for managing health information
THE ADVANCEMENT OF technology has changed the practice of medicine. It has evolved the physician-patient relationship from solely a face-to-face interaction into real-time online
encounters, from e-mails to virtual appointments. Patient portals represent such a technological advancement, leading the
charge and breaking new barriers in patient communication.
Patient portals, which are becoming commonplace within
healthcare organizations, provide online access to a patients
healthcare information. An increased awareness and need for
the appropriate management of the protected health information
(PHI) flowing in and out of patient portals is critical to the overall
confidentiality, privacy, and security of that information. For the
purpose of this Practice Brief, a patient portal is defined as secure,
convenient 24-hour online access to a patients health information from any location. A patient portal may or may not include
electronic communication between the patient and the provider.
Patient portals can empower and engage patients and families to actively manage their healthcare. The meaningful use
EHR Incentive Program, which requires the adoption and use
of a patient portal, is a strong driving factor for the implementation and management of patient portals within a healthcare
setting, which provides financial incentives for the meaningful
use of certified electronic health record (EHR) technology. With
the right portal build and the implementation of appropriate
policies and procedures, healthcare organizations can provide
easy-to-use self-service patient tools that enhance patient communications and engagement.
This Practice Brief will provide recommended practices for the
implementation and management of patient portals, including
the phases of implementation, ongoing operational considerations, and legal and regulatory requirements.
Stakeholders Involved
To provide for the most comprehensive and effective portal, it
will be necessary to develop a taskforce to represent the stakeholders that will be affected:
50/Journal of AHIMA April 15
S
enior leadership: Provide support and sponsorship of
the project.
Health information management (HIM) professional:
Provide knowledge of the organizations data and information, data integrity, privacy and security, and EHR systems.
Physicians/clinicians: Help determine what information will
be displayed and when (i.e., what data needs to be manually
reviewed before posting, and an appropriate delay period).
Privacy and security officer(s): Ensure organizational
policies, processes, and education is in place to prevent
inappropriate access and disclosure.
Patient advocates: Speak on behalf of caregivers, patients,
and personal representatives in a range of delivery settings
to meet the expectations of patient interactions (i.e., appointments, profile updates, billing, and communication).
Risk management/legal counsel/compliance: Ensure overall compliance with all applicable laws and requirements.
Information technology: Program and maintain the software,
interfaces, etc. to support the portal, including safeguarding
protected health information (PHI) as obligated by organizational policies and procedures and federal regulations.
Marketing: Review and promotion of organizational and
patient information materials as well as providing support for any organizational branding needs.
Practice Brief
Practice Brief
Practice Brief
Proxy Accounts
Proxy access to the patient portal is granting access to someone
other than the patient.5 One of the primary goals of a patient portal is to provide patients convenient access to their own health
information. There are many examples of situations where someone besides the patient may need access to PHI and the patient
portal is an excellent mechanism to provide that access.
Some examples of proxy access are:
An adult child or a caregiver of an elderly parent/patient
Home health aide to a chronically ill patient
A healthcare power of attorney responsible for the healthcare of an incapacitated patient
Anyone else designated by the patient (spouse, partner, etc.)
The patient must first be informed of the risks associated with
granting proxy access to their patient portal. The covered entity
(CE) is not liable for information accessed, redisclosed, or printed out by a third party with proxy access previously requested
by the patient.
Practice Brief
Health Literacy
As patients increasingly engage in portal use, healthcare organizations must recognize health literacy concepts. The Department
of Health and Human Services (HHS) defines health literacy as a
complex phenomenon involving skills, knowledge, and the expectations that health professionals have of the publics interest
in and understanding of health information and services.10
Challenges or limitations with health literacy do not negate
patient interest in the connectivity and engagement offered by
portals. Therefore, in the spirit of preparedness, healthcare organizations must proactively and continuously evaluate resources
and processes related to portal support and account for variances
in health literacy among patients. Organizations should allocate
educational resources for patients related to information content,
information navigation, and technical support.
It is important to consider disparities that may arise related
to intellectual or physical disabilities, generational diversity, or
language barriers. A thoughtful plan is necessary to enhance
patient portal access to promote health equity and improve outcomes for all patients.
Some other issues and challenges that may need to be considered include:
The timing of providing results. Providing immediate,
direct patient access to test results is advisable when they
relate to a known condition which has been thoroughly
discussed with and explained to the patient by the provider and access to ongoing results enables the patient to
modify treatment. It is not advisable if the results are indicative of a new diagnosis, in which case a delay should
be built into the records process to enable the patient/
provider discussion to take place prior to giving a patient
access to his or her results. Capabilities for feeding information into the portal should be explored. Some portal
systems have the ability to suspend data release by a specified amount of time (i.e., 24 to 72 hours), or the data may
have to be processed manually.
Interoperability: For portals that are comprised from multiple components of an EHR and/or multiple EHRs, there
are challenges related to interoperability that include:
-- Master Patient Index (MPI) issues (i.e., different Medical Record Numbers (MRNs) in different systems)
-- Selecting which system to send information from
-- Preventing wrong data selection and breaches
Practice Brief
D
esignating HIM staff to approve registration and remove
access where needed
Working with project leadership to develop a plan for advertising the portal with signage and by developing flyers
for patients that can be placed in waiting areas and distributed at check-in
Considering relocation of HIM staff to patient care areas
to assist with sign-up during the early post-implementation period
Developing talking points for clinical staff to use to encourage patients to register for and use the portal
Developing policies and procedures for routing messages
and guidelines for the timeliness of responses, including
a plan for timing release of lab results and other information to patients
Participating in pilot testing of the portal and accuracy of
the information to ensure privacy standards are met
Designating HIM staff to assist patients with portal questions and to help with troubleshooting; consider appointing a patient portal representative within the HIM department to direct calls from patients
Helping to educate patients about what is appropriate to
communicate via the portal, how and when providers will
use messaging, and when to check the portal for lab results or appointment reminders
Encouraging patients to utilize the portal to obtain electronic copies of their health information, review lab results, and correspond with clinical staff
Responding quickly to any reports of documentation errors and providing patients with the necessary paperwork
to request corrections and amendments
Engaging patients through a patient portal can maintain or
even increase patient loyalty to an organization while improving overall communication. It is essential that HIM leaders get
involved early in the selection and implementation process and
remain committed to ensuring the ongoing use and expansion
of the patient portal.
Notes
1. Eramo, Lisa A. Patient Portals: Express Lane on the
Health Information Highway. Journal of AHIMA 83, no. 9
(September 2012): 24-28.
2. Greene, Adam. Patient Portals Pose New Security Issues.
Healthcare IT News. October 29, 2013. www.healthcareitnews.com/news/patient-portals-pose-new-security-issues.
3. Centers for Medicare and Medicaid Services. Frequently
Asked Questions. July 24, 2013. https://questions.cms.
gov/faq.php?faqId=7735.
4. Sherek, Penny D. and Emmlee Gray. Case Study: Managing Pediatric Health Information in a Patient Portal.Journal of AHIMA85, no. 4 (April 2014): 46-47.
5. Green-Shook, Sheila. Parental Proxy Access via Web
Portals: Ensuring Compliance and Quality Documenta-
Prepared By
Kevin Baldwin, MPH, CPHIMS
Benjamin W. Burton, JD, MBA, RHIA, CHP
Cary Cothran, CHP
Dana DeMasters, RN, MN, CHPS
Reginald Grady, MSHI, RHIA, CHPS
Aviva Halpert, RHIA, CHPS
Judi Hofman, BCRT, CHPS, CAP, CHP, CHSS
Lesley Kadlec, MA, RHIA
Rosann M. ODell, D.H.Sc., MS, RHIA, CDIP
Sandra Pearson, MHA, RHIA
Deanna Peterson, MHA, RHIA, CHPS
Dan Rode, MBA, CHPS, FHFMA, FAHIMA
Angela Rose, MHA, RHIA, CHPS, FAHIMA
Peg Schmidt, RHIA, CHPS
Acknowledgments
Charlotte S. Barrett, MBA, FACHE, RHIA
Sally Beahan, MHA, RHIA
Susan Clark, RHIT, CHTS-IM, CHTS-PW
Marlisa Coloso, RHIA, CCS
Funmilola Daniel, MBA, CHTS-TS, CHTS-TR
Katherine Downing, MA, RHIA, CHPS, PMP
Elisa Gorton, MAHSM, RHIA, CHPS
Leah A. Grebner, PhD, RHIA, CCS, FAHIMA
Vickie Griffin, RHIT, CCS
Mary Johnson, RHIA
Seth J. Katz, MPH, RHIA
Michele Kruse, MBA, RHIA, CHPS
Lela McFerrin, RHIA
Kelly McLendon, RHIA, CHPS
Melanie Meyer, MHA, RHIT, CCS, PMP
Laurie Miller, RHIT, CCS-P
Harry B. Rhodes, MBA, RHIA, CHPS, CDIP, CPHIM, FAHIMA
Lou Ann Wiedemann, MS, RHIA, CDIP, CHDA, CPEHR,
FAHIMA
The information contained in this practice brief reflects the consensus opinion of the professionals who developed it. It has not been validated through scientific research.
Journal of AHIMA April 15/55
Coding Notes
Coding Notes
Notes
1. Kloss, Linda L. Leading Innovation in Enterprise Information Governance. Journal of AHIMA 84, no. 9 (Sept
2013): 34-38.
2. Davis, George et al. Irregular Billing Patterns: Are They
Indicative of Payment Errors? Compliance Today 10, no.
3 (March 2008): 50-55.
3. Eramo, Lisa. Dont Deny the Denials. Journal of AHIMA
85, no. 6 (June 2014): 30-33.
4. Workgroup for Electronic Data Interchange. ICD-10
Critical Metrics. October 5, 2012. www.wedi.org/docs/
resources/wedi_impact_assessment_swg_white_paper_
icd10_metrics_revised_111412-pdf.pdf?Status=Master.
5. Ibid.
6. Ibid.
7. Eramo, Lisa. Dont Deny the Denials.
Mary H. Stanfill (mstanfill@uasisolutions.com) is vice president of HIM
consulting services at United Audit Systems, Inc.
Journal of AHIMA April 15/57
Coding Notes
WITH JUST SIX months until the implementation of ICD-10CM and ICD-10-PCS, now is the time for HIM professionals to
re-evaluate the state of their facilitys implementation plan and
make any necessary adjustments to ensure a successful transition. Previous delays may have slowed down training and planning, but this final stretch to October 1, 2015 still provides time
for organizational preparation.
The ICD-10-CM/PCS Transition: Planning and Preparation
Checklist offers a comprehensive plan that can be followed
to help foster a successful transition to ICD-10-CM/PCS. This
document is available in AHIMAs HIM Body of Knowledge
at www.ahima.org, and provides specific guidance that addresses all areas of an organization that are impacted by the
transition to ICD-10.
Review of this document indicates that now is the time for golive preparation with training and planning in full swing. Preparation, education, and testing will be beneficial in mitigating
potential implementation issues, allowing for a smoother ICD10 transition. Each phase of this implementation plan provides
information for specific target audiences primarily affected by
the tasks in that phase.
The focus now is on the necessary tasks related to go-live and
final implementation on October 1. While this phase provides
information for several target audiences, this article focuses on
a few of the more critical areas.
Coding Notes
Reference
Bowman, Sue and Ann Zeisset. ICD-10-CM/PCS Transition:
Planning and Preparation Checklist. May 2014. http://bok.
ahima.org/PdfView?oid=300536.
Kathryn DeVault (kathy.devault@uasisolutions.com) is manager of HIM
consulting services at United Audit Systems, Inc.
Calendar
SUNDAY
MONDAY
TUESDAY
WEDNESDAY
THURSDAY
FRIDAY
SATURDAY
10
11
Oncology
Service Coding
with ICD-10CM/PCS
CSA MEETINGS:
ILLINOIS, Springfield, IL
MAINE, Brewer, ME
SOUTH DAKOTA , Sioux Falls, SD
WEST VIRGINIA, Parkersburg, WV
12
13
14
15
16
17
18
CSA MEETINGS:
IOWA, Altoona, IA
ARKANSAS, Fort Smith, AR
KANSAS, Junction City, KS
MONTANA, Missoula, MT
CSA MEETINGS:
IDAHO, Boise, ID
NEW MEXICO, Albuquerque, NM
NORTH DAKOTA, Bismarck, ND
19
20
21
22
23
24
25
WEBINAR:
An Introduction
to Logical
Observation
Identifiers
Names and
Codes (LOINC)
CSA MEETINGS:
MISSOURI, St. Charles, MO
NEBRASKA, Kearney, NE
CSA MEETINGS:
ALABAMA, Cullman, AL
WASHINGTON, Spokane, WA
CSA MEETINGS:
NEW HAMPSHIRE,
Lebanon, NH
LOUISIANA,
CSA MEETINGS:
NORTH CAROLINA, Greensboro, NC
26
27
28
WEBINAR:
Using
Healthcare
Statistics in
ACOsModel
Building and
Risk/Payment
Infrastructures
29
CSA MEETINGS:
ALASKA, Anchorage, AK
MINNESOTA, Red Wing, MN
Advanced ICD-10-PCS
Skills Workshop,
Seattle, WA
Monroe, LA
30
May 1
May 1
May 1
A Look Ahead
Keep Informed
MAY
35
67
68
78
1113
1113
12
1214
1215
1415
1415
1416
15
1819
1820
2022
21
2729
2729
2729
June 3-5
June 4
June 4-5
June 4-5
This two-day meeting provides a concise and focused review of the federal HIPAA Privacy and
Security Rules and offers an optional third day for
those preparing to sit for the Certified in Healthcare
Privacy and Security (CHPS) exam. The training
will provide in-depth examples and exercises, best
practices, and operational aspects of implementing
the rules, while covering the five domains within the
privacy and security program. For more information
visit www.ahimastore.org/ProductDetailMeeting.
aspx?ProductID=18189.
Nominating Committee
Jill A. Finkelstein, MBA, RHIA, CHTS-TR
(954) 418-0938
jfinkelstein@browardhealth.org
Fellowship Committee
Mona Y. Calhoun, MEd, MS, RHIA, FAHIMA
(301) 352-0304
mcalhoun@coppin.edu
Envisioning Collaborative
Laura W. Pait, RHIA, CDIP, CCS
(336) 946-1750
lpait@novanthealth.org
House Leadership
Elizabeth A. Delahoussaye, RHIA, CHPS
(865) 659-5059
edelahoussaye@iodincorporated.com
AHIMA volunteers also make valuable contributions as facilitators for Engage Online Communities. To locate the facilitator(s), go to a particular community, click on the Members tab, then click on the
community administrator link.
Indiana
Deborah Grider, CDIP, CCS-P
McCordsville, IN
(317) 908-5992
deborahgrider@mac.com
Nevada
Gregory Schultz, RHIA
North Las Vegas, NV
(702) 526-8361
gschultz00@aol.com
South Dakota
Sheila Hargens, MSHI, CMT
Parkston, SD
(605) 928-3741
sheila.hargens@avera.org
Alaska
Janie Batres, RHIA, CDIP
Anchorage, AK
(907) 252-7228
janieleigh44@hotmail.com
Iowa
Mari Beth Schneider Lane, MS, RHIA
Sheldon, IA
(712) 324-5061
mlane@nwicc.edu
New Hampshire
Jean Wolf, RHIT, CHP
Gorham, NH
(603) 466-5406
jean.wolf@avhnh.org
Tennessee
Lela McFerrin, RHIA
Chattanooga, TN
(423) 493-1637
lela.mcferrin@hcahealthcare.com
Arizona
Christine Steigerwald, RHIA
Gilbert, AZ
(480) 292-8293
Christine.Steigerwald@bannerhealth.com
Kansas
Julie Hatesohl, RHIA
Junction City, KS
(785) 210-3498
phoebehat@cox.net
New Jersey
Carolyn Magnotta, RHIA
New Egypt, NJ
(609) 758-8890
magnottac@deborah.org
Texas
Terri Frnka, RHIT
Bryan, TX
terrifrnka@yahoo.com
Arkansas
Marilynn Frazier, RHIA, CHPS
Ozark, AR
(479) 667-5153
mfrazier@ftsm.mercy.net
Kentucky
Diba Thakali, RHIA
Lexington, KY
(859) 979-3049
diba.thakali@bhsi.com
New Mexico
Vicki Delgado, RHIT
Albuquerque, NM
(505) 948-6711
vicki.delgado@kindredhealthcare.com
California
Shirley Lewis, DPA, RHIA, CCS, CPHQ
Upland, CA
(909) 608-7657
shirley.lewis5@verizon.net
Louisiana
Lisa Delhomme, MHA, RHIA
Rayne, LA
(337) 277-5544
delhomme@louisiana.edu
New York
Sandra Macica, RHIA
Saratoga Springs, NY
(518) 584-0389
s.macica@elsevier.com
Colorado
Melinda Patten, CDIP, CHPS
Aurora, CO
(720) 777-6657
melinda.patten@childrenscolorado.org
Maine
Nora Brennen, RHIT
Topsham, ME
(207) 751-1853
Nora.Brennen@va.gov
North Carolina
Jolene Jarrell, RHIA, CCS
Apex, NC
jolene@drgreview.com
Connecticut
Elizabeth A. Taylor, MS, RHIT
East Hartford, CT
(860) 364-4417
liz.taylor@sharonhospital.com
Maryland
Sarah Allinson, RHIA
Baltimore, MD
(410) 499-7281
sarahballinson@gmail.com
Delaware
Marion Gentul, RHIA, CCS
Lewes, DE
(302) 827-1098
mgs60mga@yahoo.com
Massachusetts
Walter Houlihan, MBA, RHIA, CCS
Springfield, MA
(413) 322-4309
Walter.Houlihan@bhs.org
District of Columbia
Jeanne Mansell, RHIT, CHTS-CP, CHTS-PW,
CHTS-IM, CHTS-IS, CHTS-TS, CHTS-TR
Washington, DC
(202) 421-5172
jeanne87@hotmail.com
Michigan
Thomas Hunt, RHIA
Owosso, MI
(989) 725-8279
thunt@davenport.edu
Florida
Anita Doupnik, RHIA
Tampa, FL
(813) 907-9380
anita.doupnik@nuance.com
Minnesota
Jean MacDonell, RHIA
Grand Rapids, MN
(612) 719-3697
jean.macdonell@granditasca.org
Georgia
Allyson Welsh, MHA/INF
Decatur, GA
Allysonwelsh@gmail.com
Mississippi
Phyllis Spiers, RHIT
Carriere, MS
(601) 347-6318
pspiers@forrestgeneral.com
Hawaii
Marlisa Coloso, RHIA, CCS
Wailuku, HI
(808) 442-5509
mcoloso@hhsc.org
Missouri
Angela Talton, RHIA, CCS
Florissant, MO
(314) 276-4180
afranks@swbell.net
Idaho
Mona P. Doan, RHIT, CCS-P
Boise, ID
(208) 484-7076
monadoan@hotmail.com
Montana
Vicki Willcut, RHIA
Kalispell, MT
(406) 756-4758
vwillcut@krmc.org
Illinois
Teresa Phillips, RHIA
Effingham, IL
(217) 347-2806
teri.phillips@hshs.org
Nebraska
Shirley Carmichael, RHIT
Fairbury, NE
(402) 729-6854
shirley.carmichael@jchc.us
Utah
Vickie Griffin, RHIT, CCS
Bountiful, UT
vickie.griffin@Parallon.com
Vermont
Charmaine S. Vinton, RHIT, CCS, CPC
West Chesterfield, NH
(603) 357-0170
cvinto@bmhvt.org
Virginia
Darcell Campbell, RHIA
Hampton, VA
(757) 788-0052
DACampbell@cox.net
North Dakota
Tracey Regimbal, RHIT
Grand Forks, ND
traceyregimbal@hotmail.com
Washington
Sheryl Rose, RHIT
Spokane, WA
(509) 624-4109
sherylrose622@hotmail.com
Ohio
Pamela Greenstone, MEd, RHIA
Mason, OH
(513) 403-9014
Pamela.Greenstone@uc.edu
West Virgnia
Kathy Johnson, RHIA
Sinks Grove, WV
(304) 772-5312
kjohnson@care-communications.com
Oklahoma
Christy Hileman, MBA, RHIA, CCS
Mustang, OK
(405) 954-2824
christy.hileman@faa.gov
Wisconsin
Susan Casperson, RHIT
Cecil, WI
(715) 853-1370
susan.casperson@thedacare.org
Oregon
William Watkins, RHIA
Oregon City, OR
(503) 867-5173
william.w.watkins@kp.org
Wyoming
Kimberle Johnson, RHIA
Gillette, WY
(307) 682-1251
kim.johnson@ccmh.net
Pennsylvania
Laurine Johnson, MS, RHIA, FAHIMA
Sarver, PA
(724) 295-9429
ljohnson@peakhs.com
Puerto Rico
Brunilda Velazquez, RHIA, CCS
Guayanilla, PR
(787) 505-1433
Rhode Island
Patti Nenna, RHIT
Bristol, RI
(401) 253-1686
pnenna@cox.net
South Carolina
Karen B. Farmer, RHIT
Greenville, SC
(864) 277-1982
kfarmer@ghs.org
Advertising Index
AHIMA................................................................. 16, 65, 70
Channel Publishing.........................................................43
212.368.6200 www.qualcodeinc.com
HealthPort......................................................................... 9
DIRECTOR LEVEL
MRO.................................................................................. 1
MANAGER LEVEL
QualCode, Inc.................................................................64
Health Language
Textware Solutions-Instant Text.....................................34
VHC................................................................................. 47
64/Journal of AHIMA April 15
INTERACTIVE
AND ENGAGING
ONLINE COURSE
Ad
Space HIPAA
Make
Easy to Understand
ConvenientLearn at your
own pace
HOUSE
65
Courses include:
The Pillars of a Privacy Program
Rights and Responsibilities
Safeguarding Personal Health
Information
MX10826
Exclusively Specializing
in HIM for
almost 25 years!
We assist both
job seekers and employers
in the following specialties:
Executive Level | Consultants
Coders | Auditors | CDI
Directors | Managers | Vendors
Contact us in confidence:
Doug Ellie or
Perry Ellie, MA, RHIA, Fellow AHIMA
Careers@HIMjobs.com
800-248-6989
66/Journal
66
/ Journal of AHIMA April 15
15
Upcoming Issues:
May
Informatics
June
ICD-10-CM/PCS
July
Clinical Documentation
Improvement
Journal
Journal of
of AHIMA
AHIMA April
April 15/67
15 / 67
Where
We Are
94%
78%
of non-federal acute
care hospitals use a
certified EHR to
collect electronic
data about patients.1
of office-based
physicians use an
EHR system to
collect electronic
patient data.1
1 in 3
Number of consumers
burdened with providing their
own health information when
seeking care for a medical
problem (such as a test
2
result or medical history).
62%
STATE LINE
Most states have different laws and regulations making it
difficult to share health information across state lines.
The typical primary
care physician has to
coordinate care with
229
other
physicians
working in 117 practices.7
IN
Where We
Are Going
YEARS
51%
DETERMINANTS OF HEALTH
Social
Taking a leisurely
Diet and
Exercise
Misinterpretation
Lack
and differences in
of
existing privacy laws trust
80%-90%
17 years
for evidence to go from
4
research to practice.
14%
of office-based
providers
electronically
share patient information
with other providers.9
1 in 8
Environmental
IN
Health
Care System
Economic
YEARS
Public Health Pl
IN
YEARS
Healthier
People
Smarter
Spending
EA
OUS L RNING C
U
Y
TIN
Research Rd
E
CL
10
CO
N
Better
Care
LEARNING
HEALTH
SYSTEM
Sources:
1. ONC Report to Congress, October 2014.
http://www.healthit.gov/sites/default/files/rtc_adoption_and_exchange9302014.pdf.
2. http://www.healthit.gov/sites/default/files/consumeraccessdatabrief_9_10_14.pdf.
3. http://healthit.gov/sites/default/files/oncdatabrief17_hieamonghospitals.pdf.
4. Balas, E.A. and S.A. Boren. Yearbook of Medical Informatics, 2000.
5. http://dashboard.healthit.gov/quickstats/pages/FIG-Hospital-Electronic-Query-Capability.php.
Privacy Blvd
6. Pham, H.H. et al. Care patterns in Medicare and their implications for pay for performance.
New England Journal of Medicine 2007;356:1130-1139.
http://www.nejm.org/doi/full/10.1056/NEJMsa063979.
7. Pham, H.H. et al. Primary care physicians links to other physicians through Medicare patients:
the scope of care coordination. Annals of Internal Medicine, 2009; 150:236-42.
8. Pew Research Center. Tracking for Health. January 2013. Accessed from:
http://www.pewinternet.org/files/old-media//Files/Reports/2013/PIP_TrackingforHealth%20
with%20appendix.pdf.
9. Health Affairs, August Issue; first author: Furukawa, M.
AWARD
Grace W. Myers
The Grace W. Myers Award honors an
organizations outstanding achievement
in health information management.
JOURNAL AHIMA
OF
CODING AND
ICD-10-CM/PCS
GUIDE
2015
Journal of AHIMA April 15/71
CONTENTS
3M Health Information Systems................................................. 73
H.I.M. On Call.......................................................................... 79
HRS........................................................................................80
IMEDX.....................................................................................80
Care Communications............................................................... 73
IOD Incorporated...................................................................... 81
Career Step............................................................................. 75
Kiwi-Tek..................................................................................84
Channel Publishing................................................................... 75
Cymetrix . . ................................................................................ 76
MedData, Inc...........................................................................85
DocuCoders............................................................................. 76
RecordsOne............................................................................. 87
Stat Solutions..........................................................................83
Administrative
Consultant
Service, LLC
www.acsteam.net
info@care-communications.com
www.carecommunications.com
73
CODING ADVICE
FROM THE
CODING EXPERTS
digital
75
AFFORDABLE
ICD-10
Take Control of
Your Coding Needs
... we delivered!!!
EDUCATIONAL PARTNER.
corporatetraining.careerstep.com
1-888-989-7512
www.channelpublishing.com
JS10045-CBG
800.308.4940
www.cymetrix.com
Remote Coding
Hospital and professional
Backll, ICD-10 support, complete
department outsourcing
Code Auditing
DocuCoders
outpatient
ICD-10
Planning, education and implementation
Computer Assisted Coding (CAC)
implementation
Revenue integrity post go-live
Strategic Consulting
HIM workow analysis and operational
assessments
At Your Service!
Strategic consulting
Interim HIM and coding leaders
www.docucoders.com
850.213.3153
eCatalyst brings together the best coding and
audit experts to drive signicant results for
your HIM department and your bottom line.
Call: 623-236-3336
Visit: www.eCatalystHealth.com
Email: info@eCatalystHealth.com
77
Operational Assessments
Temporary HIM Management
Coding Validation Audits and Coding
Support
Scanning and Transcription Analyses
Scanning Software Implementation Project
Management
Scanning Operations Management
CAC Guidance & RFP Management
CAC Implementation Management
ICD-10 Project Management (Limited)
ICD-10 DRG Shift/Documentation Analysis
www.icd-10online.com
(866) 429-3067
800-274-1214
www.FirstClassSolutions.com
www.Cortrak.com
SEE OUR DISPLAY AD ON PAGE 39.
Who Cares?
Who cares how coding and transcripton
services aect your report quality, patent care,
physician satsfacton, and billing?
We do and thats what makes us dierent.
Call today to learn how FutureNet cares for
how you care for healthcare.
800.200.5440
5440
www.FNEHR.com
takes coding
on a new path.
W E K N O W W H AT M AT T E R S .
Q U A L I T Y. S E R V I C E . P E AC E O F M I N D.
H.I.M. ON CALL
knows the way.
866-HIA-CODE | hiacode.com
79
Choose experience.
Choose excellence.
Choose HRS.
Remote Coding Solutions
Domestic, international or hybrid options
Temporary staff or complete outsource
Dual coding Hospital & Professional
Strategic Consulting
Clinical documentation gap analysis
CDI program tune-up Change management
Workflow analysis HIM operations evaluation
ICD-10 Readiness
Documentation audits Dual coding reviews
End-to-end test coding
Gap analysis Readiness assessments
Coder and non-coder training
AHIMA-approved ICD-10 trainers
800.329.0365
www.HRScoding.com
Bringing Precision
to the Process
At iMedX, we understand the growing
complexity resulting from the changes in
healthcare coding requirements. We can help
by ensuring that your receivables are not
negatively impacted by any coding delays.
Acute Care
Inpatient
Observation
Clinics
Emergency Department
81
WWW.PRECYSE.COM | 1-866-PRECYSE
Keep using
your current
ICD-9 sofware
and keep
getng paid.
It is no surprise that Diagnosis
Billing Codes are changing
upgrading your Billing System
to ICD-10 can be costly.
Make
Maxim your
HIM Partner!
We offer customized
solutions including:
Remote and on-site coding support
Auditing services
Clinical documentation improvement
HIM departmental outsourcing
Facility wide ICD-10 training
Maxim provides only the highest quality HIM
talent and services to help you achieve your
HIM goals. Take advantage of our expertise
and call us today!
WEST 866-316-8773
www.maximhealthinformationservices.com
83
Faster Turnaround
Optimal Compensation
Cost-Efective BPO
Quality Focused
ICD-10 Certifed
Maximum Compliance
ICD-10 Y93.D
Activities involving
arts and handcrafts
800-835-7474
meddata.com/ahima
85
Outsourced Coding
2000+ dedicated FTE coding team
4 million+ charts per month | 48 hour turnaround
87
F17.21,
Nicotine
dependence,
cigarettes
m 3-5 mins to 30
Cuts code lookup time from
seconds!
ggles
Avoids reimbursement snaggles
ed to
with coding workfow routed
most specifc code
J40.0,
Unilateral
emphysema
M13.16,
Monoarthritis,
not elsewhere
classifed, knee
M84.472P,
Pathological fracture, left ankle, subsequent
encounter for fracture with malunion
ICD-10 Y93.D
Activities involving
arts and handcrafts
800-835-7474
meddata.com/ahima