Nurul
Ainun Sarifuddin
(12-03-076)
Rahma
Fitri Tehupelasury
(12-03-077)
D-III
REKAM MEDIS DAN INFORMASI KESEHATAN
STIKES
PANAKKUKANG MAKASSAR
2013
KATA PENGANTAR
Pertama-tama
kami panjatkan puji syukur kepada kehadirat Allah SWT. Tuhan Yang Maha Esa,
karena dengan limpahan rahmat dan hidayahNYA sehingga kami dapat menyelesaikan
makalah kam, Journal Of AHIMA “Opportunities for HIM Involvement in the HIE
Landscape”
Kami juga mengucapkan banyak terima
kasih kepada rekan-rekan saya yang ikut serta dalam menyusun makalah yang
sangat sederhana ini.
Dan kami juga mengucapkan Terima Kasih
kepada dosen pembimbing kami “-------“ yang telah memberikan arahan sehingga
makalah ini dapat terselesaikan tepat pada waktu yang telah d tetapkan.
Kami mengakui bahwa makalah ini masih
jauh dari kesempurnaan, karena kami hanya manusia biasa yang tak luput dari kesalahan, maka dari itu kami
mengharap saran dan kritik yang membangun dari teman-teman sekalian untuk
menunjang penyusunan makalah kami selanjutnya yang lebih baik.
RANGKUMAN
Peluang
untuk HIM keterlibatan dalam landscape HIE
Pasien identifikasi akurat dan suksen
menghubungkan catatan elektronik sangat tergantung pada keakuratan data data demografi kunci. Ada tiga peristiwa yang
berbeda yang harus terjadi untuk
menjaga integritas data identitas
pasien.
ü Data
harus dikumpulkan dengan benar
ü Data
harus dimasukkan dengan benar
ü Data
harus ditanya dengan benar
Kesalahan dalam salah satu dari tiga
kejadian menciptakan peluang bagi identitas pasien tidak akurat. Tantangan HIM adalah
mengelola banyak sekali data yang rinci tentang ribuan catatan dan jutaan
transaksi setiap tahun.
Data Kepemilikan, Data Pemerintahan,
Pengelolaan
Pemerintahan data jangka menandakan
“pelaksanaan pengambilan keputusan dan otoritas otoritas untuk data-hal yang berkaitan.” Ini mengacu
kepada keseluruhan manajemen dari ketersediaan, kegunaan, integrasi, dan
keamanan data yang digunakan dalam suatu organisasi atau perusahaan. Ini
tentang mendapatkan informasi yang tepat kepada orang yang tepat pada waktu
yang tepat. Tujuan dari sebuah data organisasi pemerintahan termasuk
memungkinkan lebih baik pengambilan keputusan, mengurangi gesekan
operasional, melindungi kebutuhan pemangku kepentingan data, pelatihan manajemen dan staf untuk mengadopsi pendekatan umum untuk masalah
data, standar bangunan dan proses berulang, mengurangi
biaya, dan meningkatkan efektivitas melalui koordinasi upaya dan memastikan proses transparansi.
Prinsip
data pemerintahan meliputi :
Ø Integritas: Menunjukkan integritas dalam berurusan dengan orang lain, jujur dan yang akan datang ketika membahas driver, kendala, pilihan,
dan dampak untuk data yang berhubungan dengan keputusan
Ø Transparansi: Menjelaskan kepada semua peserta dan auditor tentang bagaimana dan kapan pengenalan data yang berhubungan dengan
keputusan dan kontrol terjadi
Ø Standardisasi: Memperkenalkan dan mendukung standarisasi data perusahaan
Ø Cek dan Saldo: Menyediakan
cek and saldo antara bisnis dan tim teknologi,
serta antara (a) pencipta
dan kolektor informasi; (b) manajer informasi,
(c) pengguna informasi,
dan (d) orang-orang yang memperkenalkan standar dan
persyaratan kepatuhan
Ø Pengelolaan: Tentukan akuntabilitas
untuk tanggung jawab anggota dan kelompok pelayanan data
Ø Akuntabilitas: Tentukan akuntabilitas untuk lintas - fungsional
yang berkaitan dengan data keputusan,
proses, dan kontrol
Ø Audit-kemampuan: Pastikan semua data yang
berhubungan dengan keputusan, proses,
dan kontrol yang auditable
dan memenuhi persyaratan audit kepatuhan berbasis
dan operasional
Ø Manajemen Perubahan: Mendukung kegiatan
manajemen proaktif dan reaktif perubahan untuk nilai referensi data
dan struktur atau penggunaan
data master dan metadata
Sebuah prinsip utama tata kelola data
adalah data pelayanan yang mengacu pada pengelolaan aset data perusahaan dalam rangka meningkatkan
usabilitas mereka, aksesibilitas, dan kualitas. Ini adalah ilmu, seni, dan keterampilan manajemen yang bertanggung
jawab dan akuntabel sumber
daya. Data kepemilikan dan data
kepengurusan harus didefinisikan secara
jelas dan harus tercermin dalam
kebijakan organisasi untuk akses data, penggunaan, dan pengendalian.
Pelanggaran
Pelanggaran yang didefinisikan dalam
aturan privasi HIPAA sebagai penggunaan diperbolehkan atau yang membahayakan keamanan atau privasi informasi
kesehatan
dilindungi, sehingga penggunaan atau pengungkapan menimbulkan risiko signifikan dari bahaya keuangan, reputasi, atau lainnya kepada individu yang terkena.
HIEs harus
mencakup pengamanan yang memadai terhadap
pelanggaran yang potensial, seperti:
Ø Melepaskan dilindungi informasi
kesehatan sesuai dengan persyaratan peraturan privasi
Ø Melindungi informasi elektronik sesuai dengan aturan persyaratan keamanan
Ø Memastikan staf terlatih
pada privasi dan aturan
keamanan
Ø Mematuhi persyaratan minimum
yang diperlukan
Ø Mengamankan komputer melalui
kebijakan akses yang tepat
dan prosedur
HIEs juga harus siap untuk menyelidiki dan melaporkan jika pelanggaran
tidak terjadi. Sebuah HIM profesional dapat
membantu HIE dalam pengembangan kebijakan dan
prosedur yang garis tanggung
jawab untuk pemberitahuan pelanggaran.
Dalam lingkungan HIE ada tiga tantangan koreksi besar :
1. Informasi catatan penyedia
2. Pencocokan kesalahan
3. Konsolidasi kesalahan
Kebijakan yang
jelas dan ringkas dan prosedur yang diperlukan baik di tingkat organisasi dan
Hie untuk memastikan bahwa koreksi yang ditangani dengan cara yang tepat.
Koreksi akan tergantung pada HIEs dan perjanjian mereka dengan rumah sakit atau
penyedia. Minimal kebijakan harus dengan jelas menyatakan siapa yang dapat
melakukan koreksi.
LAMPIRAN
Accurate
patient identification and successful linking of electronic records is highly
dependent on the accuracy of key demographic data. There are three different
events that must occur in order to maintain patient identity data integrity.
· The data must be collected correctly.
· The data must be entered correctly.
· The data must be queried correctly.
Errors
during any of these three events create opportunities for inaccurate patient
identity. The HIM challenge is managing multitudes of detailed data on
thousands of records and millions of transactions each and every year. A strong
data quality and control program must be maintained or the data will get out of
control quickly in a health information exchange environment.
Data Ownership, Data Governance, Stewardship
The
term data governance signifies “the exercise of decision-making and authority
for data-related matters.”1 It refers to the overall management of
the availability, usability, integrity, and security of the data employed in an
organization or enterprise. It is about getting the right information to the
right people at the right time. The goals of an organization’s data governance
include enabling better decision-making, reducing operational friction,
protecting the needs of data stakeholders, training management and staff to
adopt common approaches to data issues, building standards and repeatable
processes, reducing costs, and increasing effectiveness through coordination of
efforts and ensuring the transparency of processes. Data governance is needed
to guide stakeholders on decisions and activities to ensure an agreed-upon
process is followed and enforced.
Data
governance principles include:2
·
Integrity:
Demonstrate integrity in dealings
with others; be truthful and forthcoming when discussing drivers, constraints,
options, and impacts for data-related decisions
·
Transparency: Clarify to all participants and auditors on how and when
the introduction of data-related decisions and controls occurred
·
Standardization:
Introduce and support
standardization of enterprise data
·
Checks and
Balances: Provide checks and balances between
business and technology teams, as well as between (a) creators and collectors
of information; (b) managers of the information; (c) users of the information;
and (d) those who introduce standards and compliance requirements
·
Stewardship:
Define accountabilities for
individual contributor responsibilities and groups of data stewards
·
Accountability:
Define accountabilities for
cross-functional data-related decisions, processes, and controls
·
Audit-ability:
Ensure all data-related decisions,
processes, and controls are auditable and meet compliance-based and operational
auditing requirements
·
Change
Management: Support proactive and reactive
change management activities for reference data values and the structure or use
of master data and metadata
A
key principle of data governance is data stewardship, which refers to managing
the enterprise’s data assets in order to improve their reusability,
accessibility, and quality. It is the science, art, and skill of responsible
and accountable management of resources. Data ownership and data stewardship
must be clearly defined and must be reflected in organization policies for data
access, use, and control. An HIE must determine the gold standard of each data
source and agree on who owns the data—including duplicate record tables and
data transaction logs. HIEs must define the data they “own” and their
information stewardship responsibilities.
Management
of the data governance and stewardship activities are often led by a data
administrator. This role manages all data resources for the organization,
working collaboratively with all departments to support the organization’s
business needs by transforming data into information, and information into
knowledge. It is often an executive level position and HIM professionals are
well suited for this role.
Breaches
Breaches
are defined under the HIPAA privacy rule as an impermissible use or disclosure
that compromises the security or privacy of protected health information, such
that the use or disclosure poses a significant risk of financial, reputational,
or other harm to the affected individual. The HITECH Act revised the HIPAA
provisions (effective September 2009) to require business associates—including
HIEs—to comply with breach notification requirements.
AHIEs
and participating organizations or providers should have an appropriate
business associate agreement in place that clearly outlines breach notification
requirements. The agreement should designate the HIE as the business associate,
and the participating organizations or providers as covered entities.
The
HITECH breach notification regulations require covered entities and business
associates to promptly notify affected individuals of a breach. Covered
entities and business associates must also report breaches to the Department of
Health and Human Services and notify the media of breaches involving more than
500 individuals. Business associates must notify covered entities of any breach
involving the business associate. In addition, the HHS secretary is authorized
to conduct compliance audits and use civil enforcement provisions, provided no
criminal conviction is associated with the breach. However, if willful neglect
is proven then the secretary is required to impose civil penalties.
HIEs
must include appropriate safeguards against potential breaches, such as:
·
Releasing protected health
information in accordance with privacy rule requirements
·
Protecting electronic information
per the security rule requirements
·
Ensuring staff are properly trained
on privacy and security rules
·
Abiding by minimum necessary
requirements
·
Securing computers through
appropriate access policies and procedures
HIEs
also must be prepared to investigate and report if a breach does occur. An HIM professional
can assist the HIE in development of policies and procedures that outline
responsibilities for breach notification. These policies should address the
notification process, who shall make such notifications and by what means, the
role of the HIE versus the individual participating partners, and the penalties
related to breaches.
Corrections
In
an HIE environment there are three major correction challenges:
1.
Information in provider records
2.
Matching errors
3.
Consolidation errors
All
three of these errors can result in information being consumed in an electronic
health record system erroneously.
The
first challenge relates to information entered into a provider’s electronic
health record system, which is later deemed incorrect either by the provider or
by the patient. This results in two challenges—how to get the information
corrected and what to do with the information that others may have used when
obtaining information through the EHR. Information that is deemed incorrect at
the provider level should be changed at the provider level.
The
second challenge relates to matching of patients using a record locator
service, master patient index or another approach. For example, Provider A may
identify a patient as Robert Doe and Provider B may identify the patient as Bob
Doe. Consequently, it becomes a challenge to determine if the individuals are
the same. Combining the patients when they are not the same person can result
in information being provided for a patient that is incorrect. Not combining
the patient when they are the same person can result in an incomplete picture
of the patient’s health. Therefore, it is very important the providers use the
complete and accurate information when entering information into an EHR.
Further information can be found in the “Patient Identification Management
Challenge” section above.
The
third challenge relates to information that is consolidated by an HIE that
results in an inaccurate or confusing consolidated record. For example, you may
have lab results that are reported differently from one lab to the next. This
type of consolidation can happen today with paper records.
Correcting electronic health information can be a
struggle for any organization. System limitations and functionality often
dictate who, when, and how corrections can be made. However, HIPAA states that
individuals should be provided with a timely means to dispute the accuracy or
integrity of their individually identifiable health information and have
erroneous information corrected or have a dispute documented if their request
is denied. Covered entities have 60 days to correct the record or notify the
individual the request was denied.
Covered entities must ensure that corrected
information is provided to business associates and anyone who may have received
the erroneous information, including HIEs. Challenges occur when corrected
information is not sent to others, source systems are not identified at an
organizational level, or the HIE agrees to a correction that an organization
may have previously denied.
As the HIE will most likely not be the source
system for the health information, corrections in this environment can be
risky. Organizations should understand how corrections will be made by the HIE
when the healthcare organization has agreed to make corrections in the
patient’s health record. The change has to be made to all copies of the health
record across the continuum of care. HIM professionals can provide leadership
and guidance regarding HIPAA privacy rule amendment requirements for the organization
and HIE.
Clear and concise policies and procedures are
required at both the organizational and HIE levels to ensure that corrections
are handled in an appropriate manner. Corrections will depend on HIEs and their
agreement with the hospital or provider. At a minimum the policy should clearly
state who can initiate a correction and who is required to notify whom and
within what time frame.
Daftar
Pustaka
http://journal.ahima.org/2013/01/01/opportunities-for-him-involvement-in-the-hie-landscape/
PENUTUP
