On March 11, the World Health Organization declared the novel coronavirus that causes COVID-19 a pandemic. Up-to-date, transparent, and accurate information is an essential resource for the healthcare experts and governments around the globe working to mitigate the spread of the disease.

Everybody in every community will play a role in fighting COVID-19. To that end, we have assembled AHIMA’s Practice Councils to provide advice, updates, and best practices health information management (HIM) professionals can use to help their organizations respond more effectively to the crisis.

The post will be updated with best practices that have been shared with the Journal of AHIMA. If you have a story, best practice, or update, please send it to Journal@AHIMA.org.


During the Ebola outbreak, the Department of Health and Human Services released a bulletin titled: “HIPAA Privacy in Emergency Situations,” which would be pertinent information.

Raymound Mikaelian, MSHI, RHIA, Coding Operations Manager, Health Information Management, Kaiser Permanente; Data Use, Governance, and EHR Structure Practice Council

*added 3/18


Adhere to the official coding guidelines. Coding of COVID-19 cases should be reviewed to ensure the coding is accurate, as this may impact data and reporting downstream, even outside of the organization. If COVID-19 cases are captured via discrete fields in the EHR, validation should be done to ensure coding and clinical documentation are aligned, which maintains the integrity of the health record.

Raymound Mikaelian, MSHI, RHIA, Coding Operations Manager, Health Information Management, Kaiser Permanente; Data Use, Governance, and EHR Structure Practice Council

*added 3/17


The spread of COVID-19 is a good reminder for those in the coding profession to refine their processes around viruses and other issues that have the potential to change coding processes. When a new illness is on the horizon across the country, leaders should be proactive about how to standardize processes within their organizations. Best practices, per the Centers for Disease Control and Prevention, include:

  • Only code confirmed cases of COVID-19; suspected, possible, or probable cases should be reported with codes explaining only the reason for encounter.
  • The guidance from CDC reviews the correct reporting of pneumonia, bronchitis, acute respiratory distress syndrome, lower and other respiratory infections associated with COVID-19.
  • The guidance also reviews the distinction between reporting possible exposure to COVID-19 versus exposure to confirmed cases of COVID-19.

Charniece Martin, MBA, RHIA, CCS, CCS-P, Revenue Integrity Analyst, Northwestern Medicine, Chicago, IL; Member, AHIMA Health Information Technologies and Innovation Practice Council 


It is imperative that health information management professionals be involved in the collection of data that will assist in controlling this pandemic. Data can help to measure not only outcomes but also trends. Through the screening process (point of entry) into the healthcare system, patients are asked where they have traveled in the last two weeks. This may include not only places abroad but within their local community. Gathering this data in the health record provides a quick and easy way to collect data and look for trends. Here in New York that data helps to isolate high-risk areas. HIM staff were provided with the entire ligature on how to code appropriately as soon as that guidance was available. This too will help in the collection of data. There should also be a way to collect the testing for the virus in the laboratory department.

Katherine Kozlowski, RHIA, CCS, CDIP; Member, AHIMA The Data Use, Governance, and EHR Structure Practice Council


If HIM team members have to work remotely, they need to have broadband. If they don’t, perhaps that can be reimbursed, and they can order it. Also, HIM departments need to consider the security implications of using a home computer with no encryption, file sharing, and other applications or services that could compromise privacy and security. Each organization needs to issue security and privacy rules of the road when sending anyone home and have IT’s input into the controls mandated.

Kelly McLendon, RHIA, CHPS, Managing Director, CompliancePro Solutions, LLC, Batavia, OH; Member, AHIMA Privacy & Security Practice Council

*added 3/18


At the University of Utah Health’s health information department, we have instituted a “work from home” policy effective immediately through the end of May. All in-house meetings have been cancelled and are done via Skype or webinars. As the inpatient coding supervisor, I met with my team today and strongly encouraged that all airline travel and out-of-state travel not be taken until things have calmed down. We have also talked to our team about social media posts. We have asked our team to not make any jokes or share any posts that promote hysteria or panic or are seen as not taking this seriously.

Rachel L Pratt, RHIA, CDIP, CCS, Inpatient Coding Supervisor, Health Information, University of Utah Health, Salt Lake City, UT

*added 3/18


It is important in any situation to be proactive. Our health information management (HIM) management team was asked to think about what, how, and who. What are the tasks in your area? How can the staff perform those tasks if they are not on-site? Who on your team is willing to work on-site? Who will you need to work in-house to continue the business?

Every HIM department has a disaster plan and should look at that plan to assist in the preparation for COVID-19. Not all staff within the HIM department work remotely, but this can be used as an opportunity to prepare for just that. If you do not have a remote clock in process, you should put one in place. This helps to manage the staff remotely. You should also have a remote policy. If you do, you may need to update it to include other staff. If you already have one in place, you may need to reinforce productivity and quality standards. You may also need to create new ones. I would recommend a role out remotely if possible and testing of all equipment and internet access with your IT department.

Katherine Kozlowski, RHIA, CCS, CDIP; Member, AHIMA The Data Use, Governance, and EHR Structure Practice Council

*added 3/17


Keep in mind that some security procedures may need to be modified. For example, our organization has new remote users complete an online remote access agreement. This may not be available from home. We would find alternative ways to obtain this agreement (e.g. read the agreement to the employee by phone and a verbally agree to or waive the agreement during this exceptional time until the user returns to work.) Also:

  • Prepare a IT help desk for an uptick in requests for remote user access, and address any HR requirements for hourly staff to keep track of time working from home for payment.
  • Also possibly prepare for influx of healthcare workers from other cities/states who come to assist in care of surge of patients, and implement Emergency access procedures.

Dana DeMasters, MN, RN, CHPS, Privacy/Security Officer, Liberty Hospital, Kansas City, MO; Member, AHIMA Privacy & Security Council

*added 3/17


Have a department plan of action in place and share with your teams. Our HIM leadership team, which our HIM department houses all things HIM and coding, have met to create a department plan for patient and organizational needs, as well as for staffing needs. Be mindful not to only plan for patient and world needs, you must also plan for the needs of your teams. Discuss with your teams what their needs and concerns are. If they fall ill, have childcare needs or elderly family member needs what flexibility can be allowed during this time. If they can work remote allow them to do so. Lastly, provide an environment for those that still show up every day during this difficult time to share their concerns and fears while offering them appreciation for still being present.

Ticia Selmon, RHIA, CCS, Ambulatory Coding Manager, Health Information Management, Children’s Minnesota, Edina, MN; Member, Clinical Terminology & classifications Practice Council 


Due to the novel coronavirus outbreak, the Department of Health and Human Services Office for Civil Rights issued a bulletin on sharing patient information under HIPAA when related to an outbreak of infectious disease or other emergency situations.

Michelle Hennen, MHA, RHIA, CPC, RMC, CMM, Regional Director, HIM Operations, R1, Pittsburgh, PA

*added 3/18


There have been malicious attacks associated with COVID-19. It’s unfortunate, but cybercriminals are using the situation to expand attacks. In addition to containing COVID-19 and supporting rapid patient treatment healthcare organizations need to remain diligent when it comes to cyberattacks. Cybercriminals are using this crisis to advertise services and solutions to address COVID-19 and are spreading malicious software. It’s important that staff and healthcare professionals obtain about the outbreak from reliable sources like the CDC and WHO and not click on email links, download software from the internet or visit what could be unsafe websites. The most important tool in your arsenal is training that’s consistent, accurate, and repeated.

Chris Apgar, CISSP, C|CISO, CEO and President, Apgar & Associates; Member, AHIMA Privacy and Security Practice Council 


Implement formal, consistent scripting from marketing/communications for front line staff related to patient calls for any information related to patients presenting for copies of medical records. Many organizations have moved to screening visitors.

  • Have an update on your organization’s website with the latest information
  • Notify HIM staff of patients who have tested positive—or who are being tested for COVID-19—so that audits can be run to identify any “snoopers.”


*added 3/17


Image credit: NIAID-RML, https://www.flickr.com/photos/niaid/49531042877/in/album-72157712914621487 .


  1. If a pt has Lung Cancer Stage III & present w/ pleural effusion, COVID-19 positive & had a chest tube. Are we to sequence U07.1 as PDX, not the neoplasm?

  2. Can anyone publish a document on best “Documentation Practices During COVID-19 – for Post Audit Considerations”. I would like to make sure our providers ROI staff and coding staff have appropriate documentation of effective dates items were implemented or information released based on regulatory guidance changes during these times. This would be a great resource for all possibly facing billing/external audits and or patient complaints that may arise post-crisis.

  3. Regarding the comment by the HIM professional who is working with paper charts and picking up charts from the floors, I am wondering if there has been any updated information since the two weeks that the comment was posted. This is an important basic function for many HIM departments. Although most organizations have EHRs, paper continues to be generated that was handled by caregivers. Should AHIMA provide direction?

  4. I work in HIM and work with paper charts and picking up chart s from the floors and having to work on-site to keep the business afloat. What’s a good disaster plan for our HIM department?

    1. Hi Shay, the Journal checked in with some of AHIMA’s practice councils about this question and they advised that you should consult with your in-house infection preventionist(s). Please let us know if you need further advice or have additional questions.

  5. Would a presumptive positive test for COVID-19 still be considered a possible diagnosis and NOT be coded as confirmed?

    1. Hi Ann, thanks for the question. I would ask that you please reach out directly to Susan Bowman, Senior Director, Coding Policy and Compliance at AHIMA. She is in contact with the CDC and can help answer your question. Her email is Sue.Bowman@ahima.org. Thanks!

Comments are closed.