Getting Up to Date on Release of Information
With the passing of the American Recovery and Reinvestment Act’s (ARRA’s) and the Health Information Technology for Economic and Clinical Health (HITECH) Act’s privacy modifications, breach notification requirements, and new enforcement rules, the release of information (ROI) landscape is changing. To help healthcare organizations and HIM professionals navigate their way through new legislative components and industry practices, AHIMA’s Release of Information Toolkit: A Practical Guide for the Access, Use, and Disclosure of Protected Health Information, has been revised to incorporate various types of disclosures of protected health information (PHI) and to reflect today’s practices.
The purpose of this toolkit is to help an individual develop an effective ROI process across any setting. It is to be used as a framework and reference guide to ensure disclosures of PHI are made in accordance with all state and federal regulations in a timely manner to guarantee the integrity of the PHI is maintained.
Developed by a group of AHIMA volunteers, the toolkit includes examples of routine process workflows, successful management practices, federal and state laws, and associated costs. Also included are sample policies and procedures, certification form and return request letter, a sample ROI job description, and a “to charge or not to charge” table.
The toolkit is free to AHIMA members. To access the full toolkit, available as a digital download, visit https://www.ahimastore.org/ProductDetailBooks.aspx?ProductID=16469. The following excerpt provides an overview of e-discovery in relation to ROI.
The term e-discovery (electronic discovery) is often used to refer to the 2006 amendments to the Federal Rules of Civil Procedure. These imposed specific requirements for handling electronically stored information (ESI) during litigation in federal court. Preparing for the rules governing the discovery of electronic information and the legal process will require healthcare organizations to re-evaluate the management of electronically stored information. Today, this means an organization must consider not only the ESI stored in workstations, servers, e-document management systems, and the like, but also on mobile devices used by clinicians, USB drives, and other forms of electronic storage media.
Furthermore, an essential part of responsible information stewardship is an awareness of what metadata exists. In other words, what data exists about the data being stored (for example, when it was created and by whom it was created). This helps to place the ESI within the context of why it was created in the first place. As noted by AHIMA, metadata can “validate and quantify the authenticity, reliability, usability, and integrity of information over time and enable the management and understanding of electronic information (physical, analog, digital).”
To successfully manage e-discovery, health organizations must develop a well-defined plan for managing and preparing for litigation. Collaboration among legal counsel, health information management, and information technology professionals is essential to successfully manage the e-discovery process.
AHIMA’s guidance on “Litigation Response Planning and Policies for E-Discovery” identifies five key steps to developing a litigation response plan and process:
• Conduct an evaluation of applicable rules
• Identify a litigation response team
• Analyze issues, risks, and challenges
• Develop organizational policy and procedures
• Develop a system for ongoing monitoring and evolution