•Reimbursement for individual encounters
•Data must be extracted from individual records and entered into databases
•They may be reported to the state and become part of state- and federal-level databases used to set health policy and improve healthcare.
•Ensuring compliance with the laws, regulations, and accreditation standards that affect its content and use
Patient identifiable data
•he health record consists entirely of patient-identified data
•In other words, every fact recorded in the record relates to a particular patient identified by name.
•Registries are an example of patient-identified data on groups of patients
3. Population Health Reporting
For example: internal users include medical staff and administrative and management staff.
•States have laws that cases of patients w/ diseases such as tb and AIDS must be reported to the state dept of health.
•Fed govt collects data from the states on vital events such as births and deaths.
1. Bob Smith is a 56-year-old white male. This is an example of what type of data?
2. Which of the following is an example of how an internal user utilizes secondary data?
3. Secondary data is used for multiple reasons including:
Instructions: Indicate whether the following statements are true or false (T or F).
5. __F__ A patient health record contains aggregate data.
6. _T___ Secondary data provide information that is not easily collected from individual health records.
7. __T__ Administrative and management staff members are internal users of secondary data.
8. _F___ Medical staff members are external users of secondary data.
•These numbers enable the facility to quickly retrieve health information for specific patients.
•Having this information in the MPI avoids the duplication of record numbers
•Each patient’s diagnoses are converted from a verbal description to a numerical code, usually using the International Classification of Diseases
•The patient’s diagnosis codes are entered into the facility’s health information system as part of the discharge processing of the patient’s health record
•Because each patient is listed with the health record number, which may be linked back to the patient’s name, the disease index is considered patient-identifiable data
•Index reports can usually be produced using data from the facility’s existing databases
•Registries often require more extensive entry of data from the patient record
•Follow-up information might include rate and duration of survival and quality of life over time.
•According to the National Cancer Registrars Association (NCRA), the first hospital cancer registry was founded in 1926 at Yale-New Haven Hospital
•Cancer registries were developed as an organized method to collect these data
•The data may be facility based (for example, within a hospital or clinic) or population based (for example, from more than one facility within a state or region)
•Information on the industrial or occupational history of the individuals with the cancers (to the extent such information is available from the same record)
•Administrative information, including date of diagnosis and source of information
•Pathological data characterizing the cancer, including site, stage of the neoplasm, incidence, and type of treatment
•In the cancer registry, all cancer cases except skin cancer might meet the definition for the cases to be included
•In addition to information on malignant neoplasms, data on benign and borderline brain/central nervous system tumors must be collected by the National Program of Cancer Registries (CDC n.d.)
•During the discharge procedure, coders and/or discharge analysts can easily earmark cases of patients with cancer for inclusion in the registry
•Additional methods may include reviews of pathology reports and lists of patients receiving radiation therapy or other cancer treatments to determine cases that have not been found by other methods
•The population-based registry has a responsibility to ensure that all cases of cancer have been identified and reported to the central registry.
•This number consists of the first digits of the year the patient was first seen at the facility, and the remaining digits are assigned sequentially throughout the year
•The first case in the year, for example, might be 10-0001. The accession number may be assigned manually or by the automated cancer database used by the organization
•This listing of patients in accession number order provides a way to ensure that all cases have been entered into the registry.
•Stage at the time of diagnosis
•There are currently several staging systems.
•This system uses computer algorithms to describe how far a cancer has spread (AJCC 2009)
•After the initial information is collected at the patient’s first encounter, information in the registry is updated periodically through the follow-up process.
•Sometimes, however, it receives follow-up information from its reporting entities
•These entities usually submit information to the central registry electronically
•The annual report includes aggregate data on the number of cases in the past year by site and type of cancer
•It also may include information on patients by gender, age, and ethnic group
Often a particular site or type of cancer is featured with more in-depth data provided
•Other reports are provided as needed
•On an annual basis, the registry attempts to obtain information about each patient in the registry, including whether he or she is still alive, status of the cancer, and treatment received during the period
•Additionally, the patient’s physician may be contacted to determine whether the patient is still living and to obtain information about the cancer
•In addition, contact information from the patient’s health record may be used to request information from the patient’s relatives
•The information obtained through follow-up is important to allow the registry to develop statistics on survival rates for particular cancers and different treatment methodologies
•Those who do follow up usually receive the information from the reporting entities such as hospitals, physician offices, and other organizations providing follow-up care
•One of the requirements of this process is the existence of a cancer registry as part of the program
•When the ACS surveys the cancer program, part of the survey process is a review of cancer registry activities
•NAACCR has developed standards for data quality and format and works with other cancer organizations to align their various standards sets
•The CDC collects data from the NPCR state registries
•The National Cancer Registrars Association (NCRA) has worked with colleges to develop formal educational programs for cancer registrars
•Eligibility requirements for the certification examination include a combination of experience and education (NCRA 2009)
•A traumatic injury is a wound or other injury caused by an external physical force such as an automobile accident, a shooting, a stabbing, or a fall
•Information collected by the trauma registry may be used for performance improvement and research in the area of trauma care
•Trauma registries may be facility based or may include data for a region or state.
•In addition, the registrar may look at deaths in services with frequent trauma diagnoses—such as trauma, neurosurgery, orthopedics, and plastic surgery—to find additional cases
•Information on the injury
•Care the patient received before hospitalization (such as care at another transferring hospital or care from an emergency medical technician who provided care at the scene of the accident and/or in transport from the accident site to the hospital)
•Status of the patient at the time of admission
•Patient’s course in the hospital
•Diagnosis and procedure codes
•Abbreviated Injury Scale (AIS)
•Injury Severity Score (ISS)
•It may be assigned manually by the registrar or generated as part of the database from data entered by the registrar
•The ISS is an overall severity measurement calculated from the AIS scores for patients with multiple injuries (Trauma.org 2009)
•An annual report is often developed to show the activity of the trauma registry
•Other reports may be generated as part of the performance improvement process, such as self-extubation (patients removing their own tubes) and delays in abdominal surgery or patient complications
•Some hospitals report data to the National Trauma Data Bank (ACS Trauma Programs 2009).
•When follow-up is done, emphasis is frequently on the patient’s quality of life after a period of time
•Unlike cancer, where physician follow-up is crucial to detect recurrence, many traumatic injuries do not require continued patient care over time
•Thus, follow-up is often not given the emphasis it receives in cancer registries.
•As part of its requirements, the ACS states that the level I trauma center must have a trauma registry (ACS 2009)
•The American Trauma Society (ATS), for example, provides core and advanced workshops for trauma registrars
•It also provides a certification examination for trauma registrars who meet their education and experience requirements through its Registrar Certification Board
•Certified trauma registrars have earned the credential CSTR (certified specialist in trauma registry)
•Often population based, these registries serve a variety of purposes. •For example, they provide information on the incidence of birth defects to study causes and prevention of birth defects, to monitor trends in birth defects, to improve medical care for children with birth defects, and to target interventions for preventable birth defects, such as folic acid to prevent neural tube defects.
•After the initial Persian Gulf War, for example, some feared an increased incidence of birth defects among the children of Gulf War veterans
•The Department of Defense subsequently started a birth defects registry to collect data on the children of these veterans to determine whether any pattern could be detected.
•Some registries limit cases to those with defects found within the first year of life
•Others include those children with a major defect that occurred in the first year of life and was discovered within the first five years of life
•Still other registries include only children who were live born or stillborn babies with discernible birth defects
•In addition to information from hospitals and physicians, cases may be identified from rehabilitation centers and children’s hospitals and from vital records such as birth, death, and fetal death certificates
•Codes for diagnoses
•Status at birth, including live born, stillborn, aborted
•Whether the infant was a single birth or one in a multiple birth
•Mother’s use of alcohol, tobacco, or illicit drugs
•Father’s use of drugs and alcohol
•Family history of birth defects
•Patients whose diabetes is not kept under good control frequently have numerous complications
•In some instances, there may be further definition by age
•Some diabetes registries, for example, only include children with diabetes
•Office or clinic is the main location for diabetes care
•Thus, data about the patient to be entered into the registry are available at these sites rather than at the hospital.
•Diagnosis code numbers for diabetes, •Billing data for diabetes-related services, Medication lists for patients on diabetic medications, or
•Identification of patients as the physician sees them
•The plans can provide information to the office or clinic on enrollees who are diabetics
•This test is used to determine the patient’s blood glucose for a period of approximately 60 days prior to the time of the test. •Moreover, facility registries may track patient visits to follow up with patients who have not been seen in the past year
•Another report might concern patients who have not been tested within a year or have not had a primary care provider visit within a year
•Registry data also might be used to investigate risk factors for diabetes.
•Follow-up is aimed primarily at ensuring that the diabetic is seen by the physician at appropriate intervals to prevent complications
•In some cases, implant registries have been developed in response to such events
•For example, there have been questions about the safety of silicone breast implants and temporomandibular joint implants
•A number of federal laws have been enacted to regulate medical devices, including implants
•The Safe Medical Devices Act of 1990 was passed and then amended through the Medical Device Amendments of 1992
•Implant registries can help in complying with the legal requirement for reporting for the sample of facilities required to report
•Device brand name and common name
•Product model, catalog, serial, and lot numbers
•Brief description of the event reported to the manufacturer and/or the FDA
•Where the report was submitted (for example, to the FDA, manufacturer, or distributor)
•Thus, these data items also should be included in the implant registry to facilitate reporting
•Follow-up is important to track the performance of the implant
•When patients are tracked, they can be easily notified of product failures, recalls, or upgrades
•Some organ transplant registries maintain databases of patients who need organs
•When an organ becomes available, a fair way then may be used to allocate the organ to the patient with the highest priority
•Post-transplant information also is kept on organ recipients and donors
•Registry of the National Marrow Donor Program (NMDP)
•Information about the patient is provided to the registry
•When an organ becomes available, information about it is matched with potential donors
•For donor registries, donors are solicited through community information efforts similar to those carried out by blood banks to encourage blood donations
•Patient’s status codes regarding medical urgency
•Patient’s functional status
•Whether the patient is on life support
•Histocompatibility (compatibility of donor and recipient tissues)
•Organ procurement and consent process
•Medications the donor was taking
•Other donor history
•Information on organ recovery
•For living donors, the information collected might include complications of the procedure and length of stay in the hospital
•Graft status and
•Treatment, such as immunosuppressive drugs
•Follow-up is carried out at intervals throughout the first year after the transplant and then annually after that
•These immunizations are so important that the federal government has set several objectives related to immunizations in Healthy People 2010, a set of health goals for the nation
•These include increasing the proportion of children and adolescents that are fully immunized (objective 14-24) and increasing the proportion of children in population-based immunization registries (objective 14-26)
•To accomplish this goal, registries collect information within a particular geographic area on children and their immunization status
•This central location for immunization data also relieves parents of the responsibility of maintaining immunization records for their children
•Some registries limit their inclusion of patients to those seen at public clinics, excluding those seen exclusively by private practitioners
•Registry personnel may review birth and death certificates and adoption records to determine which children to include and which children to exclude because they died after birth
•In some cases, children are entered electronically through a connection with an electronic birth record system.
•Patient name (first, middle, and last)
•Patient birth date
•Patient birth order
•Patient birth state/country
•Mother’s name (first, middle, last, and maiden)
•Vaccine lot number
•Other items may be included as needed by the individual registry
•Immunization registries also can provide automatic reporting of children’s immunization to schools to check the immunization status of their students
•Reminders may include a letter or postcard or telephone calls
•Autodialing systems may be used to call parents and deliver a prerecorded reminder
•Maintaining up-to-date addresses and telephone numbers is an important factor in providing follow-up
•Registries may allow parents to opt out of the registry if they prefer not to be reminded.
•Establish a registry record within six weeks of birth for each newborn child born in the catchment area.
•Enable access to and retrieval of immunization information in the registry at the time of the encounter.
•Receive and process immunization information within one month of vaccine administration.
•Protect the confidentiality of healthcare information.
•Ensure the security of healthcare information.
•Exchange immunization records using Health Level Seven (HL7) standards
•Automatically determine the routine childhood immunization(s) needed, in compliance with current ACIP (Advisory Committee on Immunization Practices) recommendations, when an individual presents for a scheduled immunization
•Automatically identify individuals due/late for immunization(s) to enable the production of reminder/recall notifications
•Automatically produce immunization coverage reports by providers, age groups, and geographic areas
•Produce official immunization records
•Promote the accuracy and completeness of registry data
•Other commonly kept types of registries are HIV/AIDS and cardiac registries
•Data collected for healthcare administrative purposes are discussed in the next subsection
•HIM managers may provide information for these databases through data abstraction or from data reported by a facility to state and local entities
•They also may use these data to do research or work with other researchers on issues related to reimbursement and health status
•Other administrative databases assist in the credentialing and privileging of health practitioners.
•Demographic data on the patient
•Data on the provider
•Information on Medicare coverage for the claim
•Charges broken down by specific type of service, such as operating room, physical therapy, and pharmacy charges
•International Classification of Diseases diagnosis and procedure codes
•Contains information on professional review actions taken against physicians and other licensed healthcare practitioners, which healthcare organizations are required to check as part of the credentialing process
•It was developed to provide a database of medical malpractice payments, adverse licensure actions, and certain professional review actions (such as denial of medical staff privileges) taken by healthcare entities such as hospitals against physicians, dentists, and other healthcare providers as well as private accrediting organizations and peer review organizations (NPDB 2010).
•Denial of medical staff privileges, or
•Loss of medical license
•The reporting entity, and
•The judgment or settlement
•Information about physicians and other healthcare providers must be provided (National Practitioner Data Bank Final Rule 2010)
•Monetary penalties may be assessed for failure to report
•Exclusions from participation in federal or state healthcare programs
•Any other adjudicated actions or decisions defined in the HIPDB regulations
•The subject of the final adverse action, •The nature of the act, and
•A description of the actions on which the decision was based
•Only federal and state government agencies and health plans are required to report
•Access to the data bank is limited to these organizations and to practitioners, providers, and suppliers who may only query about themselves.
•The Statewide Planning and Research Cooperative System (SPARCS) in New York is an example of this type of administrative database. It combines UB-04/837 Institutional data with data required by the state of New York
•One of the duties of public health agencies is surveillance of the health status of the population within their jurisdiction
•Possible high-risk populations
•Survival statistics, and
•Trends over time
•Physical examinations of individuals, and •Reviews of health records
•The HIM manager may have input in these databases through data provided from health record
•To a large extent relies on data from patients’ health records
•The National Ambulatory Medical Care Survey
•The National Survey of Ambulatory Surgery
•The National Nursing Home Survey
•The National Home and Hospice Care Survey
•Obtained from state or other discharge databases
•Data included are:
-The patients’ reasons for visit
-Therapeutic and preventive services,
-Ambulatory surgical procedures, and
-In addition to information on the visit
-And time spent with the physician.
•Patient demographic characteristics •Source of payment
•Information on anesthesia given
•The surgical and nonsurgical procedures on patient visits of hospital-based and freestanding ambulatory surgery centers
•Information is gathered through an interview process
•The staff member uses the resident’s health record for reference during the interview.
Number of visits
Reason for discharge, and
Types of services provided.
•Patient information is obtained from the caregiver most familiar with the patient’s care
•The caregiver may use the patient’s health record in answering the interview questions.
•It allows the CDC to monitor trends from disease reporting at the local and state levels to look for possible bioterrorism incidents
•Table 9.1 summarizes the national databases
Content: Data on the patient and visit
Data Source: State discharge databases and Office-based physician records
Method of collection: Abstract
Content: Data on the facility, current and discharged residents
Data Source: Administrator and Nurse caregiver
Method of collection: Interview
Content: Data on patient, visit and method of payment
Data Source: ER dept and outpatient clinic records
Method of collection: Abstract
Content: Facility and patient data
Data Source: Administrator, caregiver
Method of collection: Interview
Content: Possible bioterrorism incidents
Data Source: Local and state public health departments
Method of collection: Electronic surveillance
•There also may be statewide databases/registries that collect extensive information on particular diseases and conditions such as birth defects, immunizations, and cancer
•Responsibility for the collection of vital statistics rests with the states
•The states share information with the National Center for Health Statistics (NCHS)
•The actual collection of the information is carried out at the local level
•For example, birth certificates are completed at the facility where the birth occurred and then are sent to the state
•From the vital statistics collected, states and the national government develop a variety of databases.
•In this database, the information from birth certificates is compared to death certificates for infants under one year of age who die
•This database provides data to conduct analyses for patterns of infant death
•The National Survey of Family Growth, and the National Death Index (CDC 2009b)
•Similar databases using vital statistics data as a basis are found at the state level
•Birth defects registries, for example, frequently use vital records data with information on the birth defect as part of their data collection process
•The trial proceeds according to a protocol, which is the list of rules and procedures to be followed
•Clinical trials databases have been developed to allow physicians and patients to find clinical trials
•A patient with cancer or AIDS, for example, might be interested in participating in a clinical trial but not know how to locate one applicable to his or her type of disease
•The National Library of Medicine has developed the database, which is available on the Internet for use by both patients and practitioners at www.clinicaltrials.gov
•Brief summary of the purpose of the study
•Criteria for patient participation
•Location of the trial and specific contact information
Additional information (may help a patient decide whether to consider a particular trial)
•Research study design
•Phase of the trial
•Disease or condition and drug or therapy under study
•Recruiting status indicates whether subjects are currently being entered in the trial or will be in the future or whether the trial is closed to new subjects
•What other treatments are allowed during the trial or must be completed before entering the trial
•Age is a frequent eligibility criterion (Clinicaltrials.gov 2009)
•Study design includes the research design being followed
3. Phase III studies look at effectiveness and side effects and make comparisons to other available treatments in larger populations
4. Phase IV studies look at the treatment after it has entered the market
•The National Cancer Institute sponsors PDQ (Physician Data Query), a database for cancer clinical trials. These databases contain information similar to Clinicaltrials.gov
•Although Clinicaltrials.gov has been set up for use by both patients and health practitioners, some databases are more oriented toward practitioners
•AHRQ looks at issues related to the efficiency and effectiveness of the healthcare delivery system, disease protocols, and guidelines for improved disease outcomes
•Data may be reported by the facilities to a state agency or to the state hospital association, depending on state regulations
•The data then are reported from the state to AHRQ, where they become part of the HCUP databases.
•The State Inpatient Database (SID), which includes data collected by states on hospital discharges
•The State Ambulatory Surgery Database (SASD), which includes information from a sample of states on hospital-affiliated ASCs and, from some states, data from freestanding surgery centers
•State Emergency Department Databases include data from hospital-affiliation emergency departments (EDs)
•Abstracts for visits that do not result in a hospitalization
•The Kids Inpatient Database (KID) is made up of inpatient discharge data on children younger than 19 years old
•Data elements include demographic information, information on diagnoses and procedures, admission and discharge status, payment sources, total charges, LOS, and information on the hospital or freestanding ambulatory surgery center.
•Is the best-known database from the NLM. It includes bibliographic listings for publications in the areas of medicine, dentistry, nursing, pharmacy, allied health, and veterinary medicine
•HIM managers use MEDLINE to locate articles on HIM issues as well as articles on medical topics necessary to carry out quality improvements and medical research activities
•Provides a way to integrate biomedical concepts from a variety of sources to show their relationships
•This process allows links to be made between different information systems for purposes such as electronic health record systems
•UMLS is of particular interest to the HIM manager because medical vocabularies such as the International Classification of Diseases, Ninth Revision, Clinical Modification (ICD-9-CM), Current Procedural Terminology (CPT), and the Healthcare Common Procedure Coding System (HCPCS) are among the items included
•This is patient-specific rather than aggregate data and is used primarily for patient care
•Some researchers have looked at the amount of data available through the health information exchanges as a possible source of data to aggregate for research
•Special attention needs to be paid to whether patients included in the HIE need to provide individual consent to be included when the data is aggregated for research and other purposes
•Aggregated data can be deidentified to add another layer of protection for the patient’s identity
•These measures are secondary data because they are taken from patient medical records
•Facilities must determine how to collect these measures and how to aggregate the data for reporting purposes
•It is, therefore, extremely important that the data accurately reflect the quality of care provided by the facility
1. Which of the following indexes is an important source of patient health record numbers?
2. After the types of cases to be included in a registry have been determined, what is the next step in data acquisition?
3. What number is assigned to a case when it is first entered in a cancer registry?
4. What are the patient data such as name, age, address, and so on called?
5. What type of registry maintains a database on patients injured by an external physical force?
6. In addition to collecting patient data, what activities do many types of registries engage in?
7. Why is the MEDPAR File limited in terms of being used for research purposes?
8. Which of the following acts mandated establishment of the National Practitioner Data Bank?
9. I started work today on a clinical trial. I need to familiarize myself with the rules and procedures to be followed. This information is called the:
10. An advantage of HCUP is that it:
1. Manual versus Automated Methods of Data Collection
2. Vendor Systems versus Facility-Specific Systems
3. Data Stewardship issues associated with secondary data use
4. Data quality issues
•Abstracting is the process of reviewing the patient health record and entering the required data elements into the database. •In some cases, the abstracting may be done initially on an abstract form
•The data then would be entered into the database from the form. In many cases, it is done directly from the primary patient health record into a data collection screen in the computerized database system.
•In some cases, providers such as hospitals and physicians send information in electronic format to the registry or database
•The National Discharge Survey from the National Center for Health Statistics uses information in electronic format from state databases
•As the electronic health record (EHR) develops further, less and less data will need to be manually abstracted since they will be available electronically through the EHR.
•A facility-specific system is an information system developed within the facility for its own use
•It may be part of the facility health information system
•It is important that either type of product is able to incorporate demographic and other pertinent information from the facility HIS system
•In this way, time is saved and data integrity between the registry information and the HIS system is maintained
•It is much more difficult for patients to determine what information about them is maintained in secondary databases than it is to view their primary health records. •Such concerns have led to increasing emphasis on data stewardship
• These uses include (but are not limited to) data collection, viewing, storage, exchange, aggregation, and analysis” (NCVHS 2009)
•Data stewardship encompasses the concepts of data quality, security, confidentiality, and uniformity. Issues involve the rights of stakeholders to access, use, and control the data maintained about their care
•It is important for HIM professionals to migrate these skills from the paper to the electronic environment to maintain their leadership in this area
•Decisions concerning new treatment methods, healthcare policy, and physician credentialing and privileging are based on these databases. Incorrect data will likely result in serious errors in decision making
•It is important that facilities and providers pursue clinical documentation improvement to ensure the quality of the primary data source necessary for quality secondary data
2. Consistency of the Data
3. Comprehensiveness of the Data
4. Timeliness of the Data
5. Data Security
6. Data confidentiality:
•Entities not covered by HIPAA
7. Data definitions and standards
8. Rights of Stakeholders to Rights of Access, Use, and Control
9. Data Exchange and Interoperability
•For example, in a cancer registry, the stage of the neoplasm must be recorded accurately because statistical information on survival rates by stage is commonly reported.
•Several methods may be used to ensure validity. One method is to incorporate edits in the database
•An edit is a check on the accuracy of the data, such as setting data types
•If a particular data element, such as admission date, is set up with a data type of date, the computer will not allow other types of data, such as name, to be entered in that field
•Other edits may use comparisons between fields to ensure accuracy. For example, an edit might check to see that all patients with the diagnosis of prostate cancer are listed as males in the database
•Reliability is frequently checked by having more than one person abstract data for the same case
•The results are then compared to identify any discrepancies
•This is called an interrater reliability method of checking
•Several different people may be used to do the checking
•In a cancer registry, for example, physician members of the cancer committee may be called on to check the reliability of the data
•Missing data may prevent the database from being useful for research or clinical decision making
•To avoid missing data, some databases will not allow the user to move to the next field without making an entry in the current one, especially for fields considered crucial
•Looking at a variety of sources in case findings is a way to avoid missing patients who should be included in a registry.
•Data timeliness means that healthcare data should be up-to-date
•Data must also be available within a time frame helpful to the user
•Factors that influence decisions may change over time, so it is important that the data reflect up-to-date information.
•Data security usually refers to efforts to control access to health information. •HIPAA security regulations apply to data in some registries and other secondary data sources
•Only data maintained by healthcare facilities that bill for patient care services must follow the HIPAA security regulations
•These regulations require policies in the areas of administrative, technical, and physical security
•Tokens such as identification badges also may be used
•Moreover, the facility may establish levels of access to the computer system. •In this case, each user would be allowed access to only certain parts of the system. •Only those parts of the system to which the users have access appear on the screen. In addition, a record of all transactions in the system, called an audit trail, is maintained and reviewed for instances of unauthorized access.
•For example, a computer malfunction can cause data to be erased or lost. •Backing up the data on electronic media such as tapes or disks is commonly done to avoid such losses
•The backup must be done frequently, and the backup media must be kept away from the site where the main system is kept
•If the backup were kept on-site, it would be vulnerable to the same destruction affecting the main system from sources such as fire and flood.
•Reports and printouts from the system should not be left where they can be seen. •When they are no longer needed, they should be destroyed
•They may alter or destroy data
•Facilities must use antivirus software to combat viruses
•Moreover, they must keep the antivirus software up-to-date because new viruses appear regularly
•An AIDS registry, for example, might want to use an encryption method to protect patient-identifiable information.
•Entities not covered by HIPAA
•Therefore, the patient does not have to sign an authorization for release of protected health information (PHI) to be included in the registry
•Reporting of notifiable diseases to the state also comes under “healthcare operations” and does not require patient authorization for release (In Confidence 2003)
•Release of information to requestors other than the state will depend on the requestor
•Data may be released to internal users, such as physicians for research, without the patient’s consent as well because research also comes under “healthcare operations.”
•External users, such as the American College of Surgeons, collect aggregate data from facilities, so individual patient authorization is not required
•Information about patients that may be included in registries or other secondary data sources and reported to outside entities must be included in the facility’s Notice of Privacy Practices given to patients on their initial encounters. •Through this mechanism, patients are made aware that data about them may be reported to outside entities.
•Central registries would be an example of registries that are not covered under HIPAA. In such cases, the general norms for data confidentiality should be followed
•The criteria for including a patient in a registry must have a clear definition. •Definitions for terms such as race, for example, must include the categories to be used in determining race
•If uniform terms are not used, the data will not be consistent
•Also, it will be impossible to make comparisons between systems if uniform terms have not been used for all data
•A data dictionary in which all data elements are defined helps ensure that uniform data definitions are being followed
•With the primary data source—the patient health record—the consensus was that the facility owned the patient record while the patient controlled its use
•This consensus has broken down, however, with extensive use of data from the primary data source in secondary data banks that were unknown to patients, much less under their control.
•Emphasis has switched to the rights of stakeholders regarding access, use, and control of both primary and secondary data
•In the field of health data, the main stakeholders are patients and providers. •In looking back at the four main purposes of collecting secondary data, it is evident that researchers and governments are also stakeholders in this arena
•Transparency refers to the degree to which patients included in secondary data sets are aware of their inclusion
•In its report, Toward a National Framework for the Secondary Use of Health Data, the American Medical Informatics Association (2006) has recommended that full disclosure be the policy for all secondary uses of data
•Patients have a limited right to determine who has access to their primary data
•This right is limited by laws and regulations allowing access to data by governments, researchers, and other legitimate users of the data
•Patients may or may not be aware that their information is available for access
•It is important for patients to have an opportunity to know that their data may be involved in data exchange and to have the opportunity to “opt in” or “opt out” of such an exchange
1. Using uniform terminology is a way to improve:
2. Which of the following is a true statement about data stewardship?
3. A threat to data security is:
4. What is used to check the quality of data entered into an information system?
5. Data security refers to:
7.__T__ One advantage to a vendor system is that purchasers can find out about the system’s performance from other users.
8.__F__ With regard to data quality, validity refers to the consistency of the data.
9.__F__ The record of transactions in a computer system is called the audit security.
10.__T__ Among the HIM professional’s traditional roles is that of maintaining the confidentiality of health data