ORGANIZATION Description of Facility Cape Fear Valley Medical Center opened in 1956, and has grown to be the 8th largest health center in North Carolina. Cape Fear Valley is a private, not-for-profit health care system that is governed by a 22-member Board of Trustees. The board includes all of the Cumberland County Commissioners, as well as Physicians, Registered Nurses, and various members of the community. Cumberland County Commissioners are elected officials, and other members of the Board are appointed positions to other members of the community. The HIM Department The departmental organization charts are reviewed on an as needed basis by the HIM Director and the Department Managers. In the HIM department there were currently 40 …show more content…
However, I’m sure that when the annual review of departmental policies and procedures occurs these changes will be reflected in the policy updates. Numerous steps have been taken to maintain HIPAA compliance in the HIM Department. The facility utilizes Cerner electronic health record. This vendor is HIPAA compliant with security measures built into the software. Additionally there are other technical and physical security measures in place. No individual that is not an employee can enter the HIM Department. All employees have access cards to access areas they are employed in. Additionally, all employees have to log on to their workstation with their access cards and unique passwords. Departmental procedures are created by department heads. After the department head establishes their appropriate departmental procedures, they are reviewed and approved by the HIM Director. During new employee orientation, each employee in the HIM department receives a copy of the procedure(s) for the job(s) they will be performing. For reference, employees have access to specific network drives that stores this information for easy accessibility. The departments do not report their procedures to other departments or agencies. Orientation, Job Performance, and Grievance Procedures All new employees receive orientation to the facility by their Departmental Manager on their first day of employment. During the orientation process, the new employee will go to the Human
The Hospital is an active Florida Limited Liability Company, doing business as St. Cloud Regional Medical Center in Osceola County, Florida.
The department is divided into three bureaus. Operations Bureau, Support Bureau and Professional Services Bureau. Each bureau consists of various divisions and specialized units. The first bureau is the Operations Bureau which is
The hospital will establish policies and standards that protect patient privacy of the health care information. These policies should determine levels of access to the EHR. The Cerner® system will provide many layers of protection. A major piece of maintaining patient privacy is managing access to the EHR. This is accomplished through password management. The system will require case sensitive passwords with mandated password change every 90 days. There is employee badge swipe access that automatically enters the user log in ID but requires the password be entered. If a user has not accessed the system in a designated time period, which will be determined by the hospital (typically 90 days) then the system will automatically drop the
The plan GHCC has drafted involves using their clinical data repository (CDR) as a basis for their EHR system. During this process Sarah noticed some troubling practices regarding the use of passwords in her facility. Five hundred passwords had been assigned to grant access to the CDR, around half of the passwords were inactive and many active passwords were openly shared among employees. Physicians didn’t see a problem with leaving their passwords taped to terminals, or sharing their passwords with residents. Sarah, drawing from HIPAA regulations and
All staff directly or indirectly connected to the EHR will be educated in the safe and professional use of patient information. The first group of staff to be trained on the EHR will be “super users” (SU’s). The super users will be the clinicians provided with extensive training on the software program and its safety features. (Simmons 2013. Pg 53). These clinicians will be the mainstay in the building between the staff and the informatics department. Each department in the facility will have 3 super users, 2 full time employees and 1 part time employee to rotate and fill in the gaps ensuring there is never a day without a super user. These individuals will receive 6 months of training comprised of 3 days/week at 5 hrs/day. After this is completed, all staff will be educated including employees, medical staff, contractors, volunteers and students. These training events will be a time to ask for feedback on health information safety and HIPPA laws. The feedback received during training will be used to monitor risks to the facility. (MN DOH, 2014 pg 4). Also we will be “sending compliance reminder emails routinely” (MN DOH, 2014 pg
However, following vendors begin using EMR, electronic prescriptions and online communications, protected health information is available for various clinical and administrative positions throughout the day. Although the level of security and privacy are interchangeable terms, it is the standard security dominates HIPAA compliance regarding EMR.
No outside vendors, such as LEXIPOL, are used. The only outside sources that may be consulted are similar policies from other CALEA accredited departments of similar size and model policies from other law enforcement associations, such as the International Chiefs of Police (IACP). All policies are issued as General Orders and are numbered by Roman numerals. The policy manual is broken down into sections and policies are grouped into the appropriate section. The department also uses Standard Operating Procedures (SOP’s) that are not included in the policy manual. The SOP’s are usually more restrictive and do not give an officer much discretion. These procedures deal with common tasks that officers are required to perform and set out the way the department wants these tasks
Trainer/Mentor for new employees in a classroom, hands-on setting for primary processing. Demonstrate proper primary database searches, interpreting results displayed, responding to display results, confirming passenger arrival and secondary referral procedure. Explain proper primary interview technique, travel document examination, security feature checkpoints, completion of required entry documentation and endorsement of entry documentation.
The hospital accounting department will also be off limits except only for those personnel that are authorized. Extra vigilance must be place on all medical record rooms, since the hospital still has paper medical records. All medical staff will receive training so that they understand the importance of HIPAA. This policy will guarantee that we have controls in place in regards to accessing patient information and staff access is monitored.
Cerner offers Skybox storage for the storage of patient information. It has an unlimited storage capacity and the data is uploaded once and then available in the Cloud at anytime and location. Data is located at the hospital site and at Cerner data center locations. This allows for file replication in the event of data loss or corruption. Military grade encryption is utilized with continuous intrusion monitoring (Cerner, 2015). Security standards are also built into the system to meet HIPAA standard. HIPAA training must be completed by each new employee and a signature must be obtain that the employee will follow HIPAA guidelines. Access to patient information is only given if it is pertains to their hired position. The hospital must develop HIPAA policies that are updated annually. User specific logins and passwords are utilized to sign into the system and they need to be changed at set
Use of an EHR presents major opportunities for the compromise of patient’s personal health information (PHI). The facility must ensure proper safe guards are implemented and functioning properly at all times. Employees need to be educated on the safety measures to prevent breach of patient confidential health records. Privacy breaches can result from misuse or improper storage of PHI by the healthcare professional, by third party payers, or by lack of proper encryption in the EHR system itself (Burkhardt & Nathaniel, 2014). The Health Insurance Portability and Accountability Act (HIPAA) is a law that holds healthcare facilities and professionals accountable for keeping PHI confidential, patients to control
There are a number of guidelines and procedures in place to enable me to do my job not only to the best of my ability but in a professional manner. Whilst on the reception area, there are procedures that need to be followed relating to various aspects of the job including correct procedures to greet visitors, answer the telephone, dealing with incoming and outgoing mail, booking meeting rooms as well as many other procedures. All of the relevant procedures are kept in a file at the reception area where any member of reception staff can revise them as and when necessary.
Departmentalization includes two parts Traditional Organization Structures and Horizontal Organization Structures. Traditional Organization Structures is divided three structures that are Functional,
Specify in email, what new employee(s) needs to bring on first day (Example two photo ID’s).
Each department is responsible not only for the operation of the respective activity, but also for