compliance fraud prevention in the ehr n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Compliance & Fraud Prevention In The EHR PowerPoint Presentation
Download Presentation
Compliance & Fraud Prevention In The EHR

Loading in 2 Seconds...

play fullscreen
1 / 59

Compliance & Fraud Prevention In The EHR - PowerPoint PPT Presentation


  • 138 Views
  • Uploaded on

Compliance & Fraud Prevention In The EHR. Terri Hall, MHA, RHIT, CPC, CAC Billings Area Office Indian Health Service HIM/RM Coordinator. Definition of Healthcare Fraud.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Compliance & Fraud Prevention In The EHR' - kueng


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
compliance fraud prevention in the ehr

Compliance & Fraud Prevention In The EHR

Terri Hall, MHA, RHIT, CPC, CAC

Billings Area Office Indian Health Service

HIM/RM Coordinator

definition of healthcare fraud
Definition of Healthcare Fraud

Intentional deception or misrepresentation, or deliberate omission that the individual or entity makes, knowing that the misrepresentation could result in some unauthorized benefit to the individual, or the entity or to some other party.

(National Healthcare Anti-Fraud Association)

definition of healthcare fraud1
Definition of Healthcare Fraud
  • HIPAA legislation says “known or should have known.”
  • “Due Diligence” obligation to identify, report and prevent fraud.
identified areas of concern ehr
Identified Areas of Concern - EHR
  • Authorship Integrity
    • borrowing from another source. Inflating services.
  • Auditing Integrity
    • Inadequate audit functions.
  • Documentation Integrity
    • Automated insertion of clinical data and visit documentation (templates, pull forward, copy and paste, etc.)
  • Patient Identification and Demographic Accuracy
    • Automated demographic or registration entries generating erroneous patient identification, leading to patient safety and quality of care concerns and unjust care for profit. (location of service, technical, professional, global billing)
fraud can be detected
Fraud Can Be Detected
  • Through a variety of technology capabilities.
  • Abnormal pattern recognition.
  • Powerful system audits.
  • Practice pattern monitoring.
  • Tracking of controlled substances.
definition of the legal health record
Definition of the Legal Health Record
  • Remember: EDNA HUFFMAN, RRA, 1941, 6TH EDITION REVISED BY AMRA!, Elizabeth Price, RRA, Editor
    • The medical record is the who, what, why, where, when and how of patient care during hospitalization. It stores the knowledge concerning the patient and his care. To be complete, the medical record must contain sufficient information to clearly identify the patient, to justify the diagnosis and treatment, and to record the results. (Oh! How times have changed)
the legal paper based health record definition
The Legal Paper-Based Health Record Definition

2001 AHIMA Practice Brief

Definition of the Health Record for Legal Purposes defines the legal health record as “the legal business record generated at or for a healthcare organization. This record would be released upon request. (M. Amatayakul AHIMA 72, no.9 (2002): 88A-H)

definition of the health record for legal purposes
Definition of the Health Record for Legal Purposes
  • It used to be “straightforward” (Contents of the paper chart together with radiology films or the results of other imaging studies formed the healthcare provider’s legal business record).
  • NOW – it is more COMPLEX
    • The EHR is evolving both in development pace and design prioritization.
    • Therefore each organization has to define the content of the legal health record that best fits their system capabilities and legal environment.
definition of the legal health record1
Definition of the Legal Health Record
  • LHR is the organization’s business record.
  • Record that would be disclosed upon request.
  • The LHR IS NOT Peer Review, Incident Reports, (however these can be discoverable)
  • The custodian of the LHR is the HIM Director. (However, IT may be called upon for technical infrastructure of EHR)
  • HIM oversees the operational functions related to collecting, protecting, and archiving the legal health record while IT managers the technical infrastructure of the EHR……………
the lhr is expected to meet
The LHR is Expected to meet…
  • CMS, Medicare Conditions of Participations.
  • Federal regulations, state laws, and standards of accrediting agencies, such as JCAHO, AAAHC, etc.,
  • Policies of the healthcare organization.
the legal hybrid health record
The Legal HybridHealth Record
  • Paper documents and electronic media = Hybrid
  • Identify the “source” (paper or electronic)
  • Matrix - identify the source legal record.
  • Policies should indicate when the record is considered complete.
  • The paper portion of the LHR is collected and archived.
  • Electronic portions of the record are collected and archived in source systems. There must be a clear indication of the location where portions of a patient record are located.
so what is not part of the lhr data documents tools not part of the lhr
So, What is Not Part of the LHR? Data/Documents/Tools – NOT Part of the LHR
  • Alerts/Reminders/Pop-Ups – however, associated documentation is considered a component of the LHR.
  • Continuing Care Records – received from another healthcare provider, unless they are used in the provision of patient care.
do you have a plan when the ehr goes down downtime procedure documents
Do you have a Plan when the EHR goes down?Downtime Procedure Documents
  • EHR is unavailable is there a process in place for providers to continue with their documentation of patient care?
  • Once the EHR function is restored, the information from the downtime documents must be made part of the EHR, data entry, scanning, or recreating documents in various subsystems
what are administrative data documents they are not part of the lhr
What are Administrative Data/Documents? They are NOT Part of the LHR…
  • Abbreviation lists
  • Authorization forms for ROI
  • Audit trails related to EHR
  • Correspondence – ROI
  • Databases containing patient information
  • Event history/audit trails
  • Financial and insurance forms
  • Incident or patient safety reports
  • Indices (diseases, operation, death)
  • IRB lists
  • Logs
  • NPP
  • Patient identifiable claims
  • Patient identifiable data for QI
  • Protocols/Clinical pathways, practice guidelines
  • Psychotherapy notes
  • Registries
  • Staff roles and access rights
  • Work lists/work in progress
what are derived data documents they are not part of the lhr
What are Derived Data/Documents? They are Not Part Of The LHR.
  • Definition:Derived Data consists of information aggregated or summarized from patient records so that there are no means to identify patients

.

    • Accreditation reports
    • Anonymous patient data for research
    • Best practice guidelines created from aggregate patient data
    • OASIS reports
    • ORYX, quality indicator, Quality Measure or other reports
    • Public Health reports
    • Statistical reports
    • Transmission reports, MDS, OASIS, etc. (documentation is LHR)
data documents lrh
Data/Documents = LRH

Advance directives, allergy records, documentation from alerts and reminders, analog and digital photographs, anesthesia records, care plans, consent forms, consults, images, discharge instructions, DS, e-mail messages containing patient-provider or provider/provider communications regarding care, ER records, fetal monitoring strips, functional status assessments, graphic records, immunizations, instant messages, I&O, med orders and profiles, (MDS, OASIS, GPRA, ORYX - used in the course of patient care) progress notes, nursing assessments, OP reports, Patient Identifiers, patient submitted documentation, path, education, psychology, post it notes, practice guidelines or protocols, problem lists, H&P, research records, respiratory, PT, Speech, Occupational, results of tests, studies, standing orders, telephone messages, telephone orders, trauma tapes, verbal orders, wave forms ECG, EMG, EKG, M&M-COP required by CMS.

BROKE ALL OF THE POWER POINT RULES!!!!

have you really thought about the new technologies are they part of the lhr
Have you really thought about the New Technologies? Are they part of the LHR?

Examples of documents/data that should be evaluated for inclusion or exclusion from the LHR…

Audio files of dictation

Audio files of patient telephone calls

Nursing shift to shift reports handwritten or audio

Videos of office visits

Videos of procedures

Videos of telemedicine consultations

Videos of Behavioral Health telemedicine visits

are data documentation that reside in data source systems part of the lhr
Are Data/Documentation that reside in Data Source Systems part of the LHR?
  • Records from Source Systems
    • X-ray, Lab, Pharmacy, etc.
  • Result of Tests
  • Documents that are kept in a separate system

of record

    • Behavioral Health
    • Substance Abuse
slide19
The determining factor in whether something is to be considered part of the LHRis not where the information resides, or the format of the information, but rather how the information is used and whether it is reasonable to expect the information to be routinely released when a request for MR information is received.
electronic health record systems ehrs vs legal health record
Electronic Health Record Systems (EHRS) vs.Legal Health Record

EHRS is a concept that consists of numerous integrated, component information systems and technologies.

The electronic files that make up the EHR system’s consist of different data types, and the data in the files consist ofdifferent data formats.

  • Portions of the legal EHR may be located in various electronic systemsthat provide input to the Electronic Health Record, i.e., lab, pharmacy, PACS, Cardio, Results Reporting, CPOE, Nurse care plans, word processing, fetal trace monitoring, etc.
ehrs compliance auditing monitoring
EHRS - Compliance Auditing & Monitoring

Do you have a system/process in place to

ensure the integrity of the data in the EHR?

do you know where how the data is stored
Do You Know Where & How The Data is Stored?
  • May store structured, patient clinical, administrative data in a database or clinical data repository.
  • May store unstructured, patient clinical data in separate databases or repositories (PACS-X-Ray) and provide pointers from the clinical portal to these various repositories. (Architecturally, these databases are logical, but not physically linked).
  • The challenge for HIM in defining a legal health record in an EHRS is to determine which data elements, electronic structured documents, images, audio files, and/or video files become part of the legal electronic health record.
is this your ehr team
Is This Your EHR Team?
  • Clinical – Those who use the tools.
  • IT/CAC – The information technology experts who create, maintain, and improve the tools.
  • HIM – Those who assure the technology “fits” the environment formed within the medical-legal, regulatory, and information management standards domains.

Working together to ensure that the technical tools fit the tasks and the environment for all uses of health care information.

him professionals are
HIM Professionals are….

Ideally suited to provide domain expertise and

leadership.

Conscientious advocates, ensuring that the EHR system

is optimally planned, chosen, implemented, and

managed.

The traditional and continuing custodian of the medical

record and medical record system, regardless of the

media!

Trained to ensure the quality, privacy, and integrity of

the EHR, whether on paper or electronic!

slide25

Today, the HIM Professional is an integral part of the team that maintains vigilance over the health information technology realm, so that health information management standards are consistently applied across all systems in order to maintain the level of integrity of the data which is necessary for the clinical, risk management, and medical-legally sound operations of the healthcare organization.

are the organization s leaders on board
Are The Organization’s Leaders On Board?

In complying with all laws and regulatory requirements and to operate in

an ethical manner?

Defining and prohibiting the entry offalse information?

Definingindividual responsibility and accountability for the accuracy and

integrity of information/data?

For notifying management of errors which are discovered?

Promoting mandatory training covering the falsification of information

and information security?

Has assigned responsibility to someone for the organization’s

information security program?

does the organization establish ehr and him related policies
Does the Organization Establish EHR and HIM related policies?
  • Specific clinical documentation requirements?
  • Defining requiredlogging of activity on EHR systems?
  • Defining howchanges, corrections, amendments, retractions occur in the EHR and by whom?
does the ehr education program meet the following objectives
Does the EHR Education Program meet the following objectives?
  • Communicate & inform the organization’s P&P, individual responsibility, and the capabilities and functions of the EHR system?
  • Explain staff responsibilities for maintaining the integrity and accuracy of information?
  • Define personal responsibilities for protecting system access information?
  • Define personal responsibility for creating accurate records?
education program continued
Education Program, continued…
  • Staff responsibility to notify management of problems?
  • Cover the proper use and features and functions of the EHR?
  • Defines penalties for falsifying any organizational records?
  • Provide instruction on how to use the system security features for preventing unauthorized access?
  • Inform all EHR users that their activities are being logged by the system?
  • Address software design and other techniques that may be used to cause system users to enter false information? (Copy/Paste/Fill In The Blank Templates)
does the ehr system provide access control functions
Does the EHR System Provide Access Control Functions?
  • That define the management of user authentication? (scribes, assistants, auto authentication (many documents at one time (NO).
  • Many authenticators, not one signer for visit functionality.
  • That define the management of extensive privilege assignment and control features?
ehr fraud prevention
EHR Fraud Prevention
  • Does the EHR system have the capability/functionality to…
    • Attribute the entry to the original signer?
    • Modification/addendums made to documents?
    • Deletion of information (retraction) by a specific individual or subsystem?
    • Do bells and whistles sound when someone tries to pull forward a large section of a H&P done by another provider? Warning message, lock down of record?
  • Does the EHR system have the capability to log all activity?
    • How do you know who did an addendum, amendments, retraction of note?
audit logs what events should be recorded
Audit Logs – What Events Should Be Recorded?
  • Start-up and shutdowns of systems
  • Successful and unsuccessfullog in and log-out.
  • User actions to open, close, create, execute, modify, or delete programs or files.
  • Actions taken by system administrators, system security administrators, or other super users.
  • Changes or attempts to change privileges and access controls for users and objects.
slide33
Does the EHR system have the capability to use a common date and time stamp across all components of the system?
  • Date and time when orders were signed
  • When visit was signed
  • When orders were transcribed
  • Date & Time for addendums
  • Date and time and attribution of copy and paste documentation done by another provider?
does the ehr system have data entry editing capabilities
Does the EHR system have data entry editing capabilities?
  • To validate information on entry when possible? (edits to alert provider of values out of range, dosage based on age and weight)
  • To check for duplication and conflicts? (PCC Error report – coding queue reports)
  • To control and limited automatic creation of information? (template check boxes)
does the ehr system establish a process for logging of all activity on ehr systems
Does the EHR system establish a process for logging of all activity on EHR systems?
  • That determines which logging features should be used?
  • That assigns responsibility for auditing of log entries and reported exceptions?
  • That defines retention periods and procedures for log records?
  • That define system related performance issues?
ehr matrix hybrid p e
EHR Matrix = Hybrid = P/E

How will you keep track of what is still on paper and what is in the EHRS?

maintaining the legal ehr verification legend x prohibited monitored o allowed monitored
Maintaining the Legal EHR: Verification Legend X = Prohibited & MonitoredO = Allowed & Monitored
what does the hcca think are the top 12 hot topics for compliance
What does the HCCA think are the Top 12 Hot Topics For Compliance?
  • Medical appropriateness of coding and DRG services
  • Unbundling of hospital outpatient services
  • Outpatient department payments
  • Evaluation of “incident to” services
  • Inpatient Only services performed in an outpatient setting
  • Physical and occupational therapy services
  • Inpatient rehab facility compliance and Medicare requirements.
  • Outpatient outlier and other change-related issues.
  • Payments for observation services vs. inpatient admissions for dialysis.
  • Cardiography and echocardiography
  • Review of E&M services during global surgery periods.
  • Inappropriate payments for interpretation of diagnostic x-rays in hospital emergency departments.
selecting ehr system features to prevent fraud
Selecting EHR System Features To Prevent Fraud
  • Access Control –To verify authorship there are two concepts: authentication & access management.
  • User Authentication – is the process of determining whether someone or something is, in fact, who or what it is declared to be.
    • Something the user is – Biometric I.D., Fingerprint or Retinal or DNA sequence voice pattern, signature recognition.
    • Something the user has – ID card, security token, or software token.
    • Something the user Knows – password or a personal I.D. number (PIN).

A duel element authentication should be considered as a

reasonable control policy.

ehr system features to prevent fraud
EHR System Features To Prevent Fraud
  • Extensive Privilege Assignment & Control Features – Access Management – AKA – Authorization, is the process of verifying that a known person has the authority to perform a certain operation.
  • Logging of all activity – the EHR system must have the ability to record all activity that occurs within the system.
  • Data Entry Editing – Verify validity of information – warn, male/female ICD codes, billing codes, medical necessity documentation.
  • Checks for duplication and conflicts – MR #s, medical management options (life threatening drug interactions), system prompt capability – (system controls the prompt occurrence – lack of use or misuse by provider).
case study worst case scenario i
Case Study/Worst Case Scenario I

Electronic Tools that Enable “Borrowing” Data from Another Source

  • Electronic tools make it easy to copy and past documentation from one record to another or pull information forward from a previous visit.
  • Borrowed datacannot be trackedback to the original source creating both a legal and a quality of care concerns.
worst case scenario ii
Worst Case Scenario II

Professional Services – E&M Code

A patient had a number of medical tests and diagnostic evaluation in an outpatient clinic over a two week period. The patient requested a copy of his MR along with the bills for services. The E&M codes he found were consistently at the highest level (5). The patient was a retired auditor for health plans and he noticed that the medical history was “pulled through”within departments, between department and in subsequent visits with the same provider using the EHR system, even when the visits did not include the clinician taking a history! He reported this to the fraud division.

behavioral health service iii
Behavioral Health Service III

“Cookie Cutting”

A state department of health surveyoridentified a nurse at the community hospital documenting the same text on progress notes completed for several patients on her caseload. This practice involved copying and pasting the same text from one record to another, neglecting to accurately document the variations from one patient to another.

Example: the patients response to meds may differ, request for follow up date and time may differ.

Thus, Medicaid Fraud Division imposed fines and penalties for payment for care which was not rendered at the level of service claimed.

academic medical center physician services worst case iv
Academic Medical Center & Physician Services Worst Case IV

Patient admitted to hospital for workup to determine Hypertensive

episodes.

Patient is status post mitral valve replacement with porcine graft and also with pacemaker. The physician progress notes in a hospital based EHR were copied and pasted multiple times by the attending physician, consulting physician and residents, using a convenient “macro” feature available in the software. The teaching physician made this a regular practice to copy and past the resident notes as his own, thus saving time. A new resident misdiagnosed the patient with adrenal insufficiency and recorded the incorrect diagnosis in the MR. Due to the normal routine of “borrowing” documentation higher E&M codes were assigned based on the diagnosis and treatment, and at the same time creating a patient safety and quality of care issue from reliance on inaccurate MR documentation. The patient died from a med error in an attempt to treat the adrenal insufficiency which she did not have!

best case scenario example iv
Best Case Scenario – Example IV

This hospital made sure that their EHR had specific patient

safety and documentation integrity tools built into the design.

  • Orientation to new staff and students on how to use the tools for accurate and complete documentation.
  • Entries include the date and time stamp and the author of the note.
  • Teaching physicians must sign into the system so the appropriate authentication is attached to their chart entry and any templates must be modified to reflect specific conditions and observations unique to the service.
  • Teaching physicians must be physically present to report services for health plan claims.
  • Medical necessity and intensity of service documentation is unique to each visit, so when EHR templates and macros are not modified, they are clearly identified both by a different screen color and by a watermark across the text saying “ Unmodified Documentation Template”
best case scenario continued
Best Case Scenario continued..
  • Info buttons provide the documentation guidelines and reporting requirements for teaching physicians, available at the click of the mouse
  • Alertsare generated when a copy and past function is used warning the EHR user about Plagiarism.
  • Creation of a full slate of documentation guidelines, P&P for EHR and EHR tools.
  • Records get “locked down’ for either pulling forward or copying text content to another location.
  • Policies about surrogates and scribes.
  • Creation of a clinical documentation improvement program
best case scenario continued1
Best Case Scenario continued…

The integrity of data is of extreme importance because it is used to identify and track patients as they move from one level of care to another.

Data is used to verify the identity of an individual to insure that the correct patient is receiving the appropriate care and to support billing activity.

data integrity worst case
Data Integrity – Worst Case

Clinical Notes with difficulty in date association…

Patient seen on September 2, 2006 and informed the physician of a

possible reaction to a prescribed medication. Physician is side tracked and

does not enter visit information. On September 5th the same physician

is back on duty and realizes he did not made an entry for the September 2nd visit.

The physician decides that he wants the date to reflect the actual date the

patient was seen, so he changed the date to Sept. 2, 2006 @ 11:30 am. He

proceeds to enter the documentation, documenting the symptoms the patient

described surrounding the medication reaction as best he could.

When another provider reviewed the record, he saw the “new” note. This

provider worked over the weekend and did not recall seeing this information.

Upon further review the clinician sees that the date displayed is Sept. 2, 2005

@ 11:30 am.

best case scenario data integrity
Best Case Scenario – Data Integrity

Clinical notes with difficulty in data association…

Text capability in the EHR has built in data functionality hard coding the date a note is entered or capability to “Lock Visit”- 2 days – if provider forgot to document note.

The clinician should have the ability to associate the note with a date of service to reflect both a reference date of when they saw the patient as well as an indication of a late entry/addendum/clarify.

Both of these dates are important to best practices in HIM.

note and event entries date time stamp peripherals
Note and Event Entries – Date/Time Stamp - Peripherals

A facility has multiple biomedical peripherals connected to the EHR: Portable EKGs, IV Infusion Pumps, Etc. The main system has a synchronized clock for display with date and time stamping on notes, lab results, etc. Quality indicators say that an EKG must be performed within 10 minutes of arrival to the ER for chest pain patients. The patient is brought to the ER at 23:55 on 9/1/2006. An EKG is started and completed per orders entered at 23:57. EKG is uploaded, read and interpreted. At 00:30 on 9/2/2006 the clinician completes her documentation of the assessment and orders admission for AMI. Upon review, the EKG is reported as being ordered @ 23:57, but not completed until 9/2/2006 @ 00:45. This is 15 minutes after the note entered by the clinician, stating the EKG was done and showed ST Elevation MI.

Note: This case fell out of PI review, and would have difficulty

Standing up in court. The linkage of peripherals needs to have the

clocks on each system synchronized to support the integrity of the

data.

worst case scenario med errors
Worst Case Scenario – Med Errors

Failure of an EHR system to provide appropriate safeguards against med errors, including either the wrong patient, wrong drug, or failure to consider all available data can contribute to poor quality care.

The physician order entry software provides the capability for default self selection upon entering the first (3) letters of the drug. The physician wanted Norfloxacin (antibiotic for eye infection) and typed in NOR, but Norflex (muscle relaxant) came up. Both are oral medications. The order was signed and the meds made available for pick up .

The patient began taking the Norflex and returned to the ER by rescue squad later the same week with a septic shock due to a very serious bacterial infection of the left eye.

best case scenario med error
Best Case Scenario – Med Error

Built in safeguards in the (CPOE) software suite to prevent med errors.

The system does not allow software to self select (or default), and requires a second validation.

The system provides the user the opportunity to finish typing.

The software provides a list of options (or drop down menu) he user can select from, then provides alerts or reminders from a knowledge base.

Per policy no abbreviations are allowed in the ordering of the full name of the drug.

The system provides a warning message at the time of signature for contraindications and potential adverse effects.

The system asked the provider to verify selection of Norfloxacin as it is noted in the current med history that the patient experienced an anaphylactic reaction to another antibacterial agent.

ihs ehr compliance issues
IHS- EHR Compliance Issues
  • Provider did not complete the clinic note for many patient visits & weeks later created “new” visits to document his notes.
  • Outpatient Medication file (V-Med) is one big file –Inpatient drug file is in and Orders file – not the V-Med file.
  • PHN visits (non-face to face) visits put into EHR using clinic code (11) Home Visit, which led to visit being billed in error.
  • Missing notes after the visit was signed by provider, never found.
  • Duplicate visits created in Ancillary packages, missing POV, Provider and clinic code.
  • Mental Health Visits in EHR – New Business Rules are required – List Business Rules by User Class for MH Privileges. (Cover Sheet –Dx)
  • Vital signs entered by others can be changed.
  • Medications in EHR – lists multiple times the same dose of medication – this happens because pharmacy adds a new product/new NDC for a med that has that dose available in an existing product with it’s accompanying NDC#.
  • Discontinued and expired meds still show as chronic on the meds tab.
  • V 1.1 EHR –visit lock default is 2 days – but no lock on visits in PCC.
linking anti fraud legal ehr functions ahima march 2007
Linking Anti-Fraud & Legal EHR Functions – AHIMA March 2007
  • In 2005 AHIMA Foundation of Research and Education, under contract with the HIT, researched & published a report on the use of health IT to prevent and detect fraud.
  • Five work groups were formed to focus on key issues.
  • The report focused on the “Key Principles for EHR Systems” as outlined by “Government Paperwork Elimination Act” (GPEA).
  • GPEA is not limited to Healthcare, however there is a clear overlap with core HIM principles.
  • NHIN (Nationwide Health Information Network) – Complies with Federal & State law and meets requirements of reliability & admissibility of evidence.

Michelle Dougherty, RHIA, CHP

ahima journal march 2007
AHIMA JOURNAL – March 2007
  • Office of National Coordinator for Health Information Technology (HIT) – issued a second contract to develop model anti-fraud requirements for EHR.
  • Contract awarded to Research Triangle Institute with a sub-contract to Foundation of Research & Education (3/07-Report)
ahima march 2007 journal core him principles
Completeness

Accountability

Access & availability

Traceability

Auditable (verifiable)

Identification

Authentication

Biometric authentication

Non-repudiation

Integrity

Storage & security

Records retention

Reliability

Digital certificate

Digital signature

Electronic signature

Public key infrastructure (PKI)

AHIMA March 2007 Journal – Core HIM Principles
thank you
Thank You

Any Questions?

terri.hall@ihs.gov

406-247-7128