A. Evaluate the two policies in the attached “Health Record Policies” by doing the following:
- Discuss what information should be included in an addendum pertaining to a shadow chart.
- Discuss how information technology staff can help decrease incidents of security breaches.
B. Discuss one situation from Montana Code 41-1-402 (2a through 2d) that may result in criminal
liability to the organization if not followed.
- Summarize how HIPAA defines criminal liability.
- Explain which part of 2a through 2d of Montana Code 41-1-402 would directly impact actions of
C. Discuss one situation from Montana Code 50-16-603x (1 through 7) specific to health record
identification that may result in a legal claim against the organization if not followed.
- Develop a confidentiality policy statement (suggested length of 1-2 sentences) using either
Montana Code 41-1-402 or Montana Code 50-16-603.
D. Compare three points in the Montana codes to HIPAA laws as they refer to release of
- Develop a release of information policy statement (suggested length of 1-2 sentences) using either
Montana Code 50-16-541 or Montana Code 50-16-542 for a policy book.
STOP requirements of Essay 1 here”. (Writer info)E. is for info purposes only as are the notes
E. If you use sources, include all in-text citations and references in APA format.
Health Record Policies
Sections of Montana Code
Task 1: Legal and Ethical Considerations in Healthcare
Shadow charts are duplicate health records that the medical provider keeps for convenience. In case a
patient’s health information is requested by an authorized individual, the staff responsible for health
information management will review any available shadow charts for the patient kept by medical
providers to determine whether there is any additional information contained in such shadow charts that is
related to that particular episode of care (Pozgar, 2012). However, there is an addendum pertaining to the
shadow chart. An addendum pertaining to a shadow chart is another type of late entry aimed at providing
additional information related to a previous entry.
The addendum consists of varied information including the date and time when the addendum was made.
The other information which should be included in the addendum is a statement of the reason why it was
created, referring back to the shadow chart’s original entry. An addendum or “late entry” records
information about a pertinent entry that was missed in the shadow chart or not written at the appropriate
time, and the individual creating the addendum must be identified as well as putting the signature of the
person who created the addendum (Pozgar, 2012). Finally, the addendum should identify or refer to the
circumstance for which it has been written.
Information technology (IT) staff can play a very significant role in helping to reduce security breaches
incidents. For instance, IT staff should ensure that their personal workstations are secure when they are
not using it. Also IT staff should make sure that confidential health information is not under any
circumstance displayed on the screens of the computers unless the staff working on the computer and at
the same time using the information (Pozgar, 2012). The IT staffs are also required to change default
passwords and avoid reusing passwords. This reduces the chances of detection of the username/password
combination by people who may not have good intention thereby giving them an opportunity to execute
their malicious motives leading to security breaches. Making sure an IT staff logs out of the account may
also help in preventing security breach. Moreover, whenever IT staff leaves job at a particular healthcare
facility his or her account must be disabled irrespective of the basis of departure (either good or bad) to
prevent future unauthorized log in by the same staff. Monitoring outbound network traffic is another way
of helping to prevent security breaches. This is because a considerable number of malwares are nowadays
often avoiding detection by becoming more sophisticated and monitoring outbound network traffic is the
most effective method of exposing them. Moreover, patching and updating application software and
operating system regularly is another best way of preventing security breach attempts whose origin is
outside the perimeter of the network (Pozgar, 2012).
A situation that may lead to criminal liability to organization if not followed is where a minor is rendered
emergency care, and the parent, parents, or legal guardian are not informed as soon as possible. This
constitutes a criminal liability and requires a legal redress.
HIPAA defines criminal liability as the action of deliberately failing to follow the set rules and
regulations governing delivery of medical services. It also regards a total neglect of a clinical staff
obligation as a criminal liability on which if an amicable solution is not arrived at, a legal redress may be
sought to solve the matter.
Section 2c would directly impact on actions of clinical staff because the self-consent of a minor in the
case of a sexually transmitted disease, pregnancy, or drug and substance abuse, shifts an obligation to the
health professional, in case he or she accepts the responsibility for the minor treatment, to give counseling
to the minor or make sure the minor is referred for counseling to another health professional (Montana
A situation that may result to legal claim against the organization if not followed is Situation 2 of
Montana Code 50-16-603, where the release of health care information pertaining to an individual who
has not given his or her written consent for the release of the information takes place in addition to failure
of the patient specifying the information type to be released as well as the entity or person to whom the
information may be released to (Montana Code 50-16-603, 2012). This amounts to criminal liability
because when personal health information of an individual is released without his or her written consent,
this is considered as an infringement of the patient’s right to confidentiality.
Using Montana Code 50-16-603, “Our confidentiality statement policy is to provide effective control and
safety of all your personal health information and ensuring its appropriate use in a confidential manner”.
Several comparisons do exist between the Montana Codes and the HIPAA laws especially on sections
concerned with release of personal health information and consent to health services such as Montana
Code 50-16-603 section 2, Montana Code 41-1-402 section 2 and Montana Code 50-16-541 section 1.
However, the three main areas of comparison between the two are concerned with the release of
information are: permitted uses and disclosures, access to personal health information by minors and
examination and copying (access) of an individual’s personal health information (U.S. Department of
Health and Human Services, 2012).
For instance, according to HIPAA Privacy Rule covered entity has permission, but not required to
disclose or use health information which is protected for the following situations or purposes without an
authorization of an individual: to the subject individual (unless required for accounting or access of
disclosures); benefit activities and public interest; payment, treatment, and health care operations;
opportunity to object or agree; incident to another disclosure and use that is permitted; and limited data
sets for research purposes, health care or public health operations. In addition, the covered entity may also
opt on relying on best judgements and professional ethics to decide which among the above listed
permissive disclosures and uses to make. However, a covered entity may disclose personal health
information which is protected to the individual who the information belongs to (U.S. Department of
Health and Human Services, 2012).
In comparison, Montana Code 50-16-603 indicates that health care information possessed by a local
board, the department, or a local health officer can be released in case of: statistical purposes, if no
individual’s identification can be made on the basis of released information; to clinical staff in a medical
emergency for protecting the well-being, life, or health of the named person; after the person subject to
the information gives a written consent allowing release of the information; to another public health
agency or state, whenever essential for continuation of health services; in case of a pursuant to an
investigation or a minor where presentation of health care information as evidence is necessary; and to
medical personnel, a local health board or officer, the department, or a district court if the information is
necessary for enforcement or implementation of state statutes or local or state health rules (Montana
Another area of comparison involves the validity of consent by minors and access to personal health
information by minors. According to HIPAA Privacy Rule parents are in most cases their minor children
personal representatives. However, these laws also says that in certain exceptional cases, the parent’s role
as a personal representative is not recognized thereby transferring the rights of parents toward accessing
and controling their minor children protected health information (U.S. Department of Health and Human
Services, 2012). Hence in this circumstance the minors may be allowed to access and control their
personal health information. By comparing HIPAA laws to Montana Codes, the Montana Code 41-1-402
gives minors consent to health services if: a minor have had a child or have been married or have
graduated from high school; a minor who is afflicted with communicable diseases or found to be
pregnant, a self-consent of the minor will apply; and finally a minor in need of emergency care, such as
transfusions, without jeopardizing the minor’s health (Montana Code, 2012).
The third comparison is about the examination and copying of information. According to HIPAA laws,
individuals have the right of reviewing and obtaining a copy of health information from the covered
entity. The protected personal health information may be examined or copied wholly or in part depending
on the individual’s desired use. Some fee is imposed for the information retrieval and administrative
purposes (U.S. Department of Health and Human Services, 2012). In comparing HIPAA laws and
Montana Codes, the Montana Code 50-16-541 compares to the above discussed HIPAA law because
upon the covered entity’s receipt of a written request from an individual to copy or to examine all or part
of their personal health information, the necessary health care provider is required to avail the information
promptly after receiving the request and payment of the required fee (Montana Code, 2012).
Using Montana Code 50-16-542, “Our release of information statement policy is that, no personal health
information that is detrimental to the patient will be released upon request”.
Montana Code, (2012). Annotated 2009.
Pozgar, G. D. (2012). Legal and Ethical Issues for Health Professionals. 3rd ed. Burlington, MA: Jones &
Bartlett Learning, LLC.
U.S. Department of Health and Human Services, (2012). Health Information Privacy,