Individuals involved in healthcare around the world acquire and generate a significant amount of personal health information about patients. The scope of health information includes not only personal information and private health data, but also associated payment forms and transactions. Clinical notes, pharmacy, and outpatient care records are also covered health information.
As technology has developed, it has greatly increased the potential for reliability, speed, efficiency, and usability of medical records. However, this also increased the ability for information to be misused, sold, and accessed without an individual’s consent.
As technological advancements outpaced ethical and legal policy, it became necessary to define medical/healthcare information management.
What is Health Information Management?
According to AHIMA; “Health Information Management (HIM) is the practice of acquiring, analyzing, and protecting digital and traditional medical information vital to providing quality patient care.”
The American Health Information Management Association (AHIMA) was formed to define and oversee the training and educating of Registered Health Information Technicians (RHIT) and Registered Health Information Administration (RHIA) certifications.
In tandem with this association, several laws were passed to support patient rights and the practices involving HIM. The Health Insurance Portability and Accountability Act (HIPAA) along with subsequent Privacy and Security Rules were designed to address many issues in this field. These were augmented by the Health Information Technology for Economic and Clinical Health Act (HITECH) which requires contingency plans for emergencies and for when PHI health information management technology systems are impacted.
Besides regulations and requirements for covered entities, these laws also moved to standardize many aspects relating to HIM. Recently healthcare has started transitioning to value-based therapy reflecting each organization’s role in overall healthcare management.
What is HIM in Healthcare?
Health Information Management is essential for healthcare providers and other HIPAA-covered entities to ensure patient information privacy and security. HIM involves medical coding and billing, ensuring compliance with government regulations, and handling customer requests for Personal Health Information (PHI).
This field also involves medical records retention and transition to electronic formats, as well as analysis of health care trends and the implementation of improvements. Because healthcare information overlaps many different areas in any healthcare cycle, it became necessary for many organizations to create HIM departments to oversee these important requirements are adhered to as well as managing training and education of staff.
Healthcare Information Managers would oversee all facets of an organization’s collection and retention of records as well as security, privacy, analysis, and implementations, coding, billing, and compliance.
Healthcare information managers work in healthcare organizations and associated businesses around the world. These include hospitals, dentists, pharmacies, chiropractors, and third-party healthcare services.
Security and HIM
Healthcare breaches have become a significant problem for healthcare providers today. In 2015 almost 100 million healthcare records were breached by cyber attacks. The impact from breaches has declined since then due to the implementation of privacy and security regulations for healthcare providers; however, the number of attempted breaches has increased over that same time.
As attackers become more organized or sophisticated the potential for successful breaches will increase unless organizations keep pace or excel with relevant health information management practices. Those interested in stealing health information may also gain access through the front door. In organizations that utilize unsecured wireless networks, or have lax regulations concerning secured network devices, someone could gain access from within and walk out with the data.
Role of a Health Information Manager
What a healthcare information manager does will vary by organization. Many roles in this field require one to first pass an accredited academic program as well as a certification test. These roles include collecting and securely storing medical records and Protected Health Information (PHI).
Healthcare facilities often utilize coders and claims specialists, even third-party medical coding services, to handle medical records and healthcare revenue cycle management. HIPAA rules also impact what information you share with business associates. Your organization might be liable for damages even if a breach occurred due to a third-party business, which is why it is important to choose certified HIM companies.
In addition to the roles above, HIM staff would also implement and enforce security and privacy rule adherence on top of designing and improving network security. At a minimum, this includes considering administrative, technical, and physical safeguards for traditional and electronic PHI.
Health information management duties can also include analysis and implementation of improvements. For example, an analyst might use the aggregate available information to determine patterns in various areas which can be used to devise improvements to an organization.
Importance of Health Information Management
HIM is vital for every healthcare organization and associated business. Not only are there legal requirements that must be adhered by to receive certain incentives and avoid penalties, but organizations have an ethical responsibility to protect PHI in their possession.
Breaches impact patient trust in a healthcare provider and may prohibit a patient from sharing vital information for fear of exposure. Hackers can also steal patient payment information causing residual harm such as identity theft and stolen money. Both of those factors can impact a patient’s willingness to seek care at certain providers.
A focus on HIM also allows an organization many positive benefits such as the potential for increased efficiency and optimization of healthcare information system access and other key aspects involved with revenue cycle management. A coordinated effort to standardize and efficiently operate tasks involving PHI will take a manager dedicated to the task, especially in larger organizations.