Instructions:
Download the Joint Commission standards PDF manual provided. and review pg.19. These are the Joint Commission standards pertaining to the Information Management (IM) standards for 2014.
Choose at least three (3) or more of the IM standards and discuss how you would ensure compliance with your selected standards.
In a 3 pg. written paper identify the steps for a process that would ensure compliance for each of your selected IM standards.
Things to think about:
Who would be involved in the process?
What types of resources are needed to comply with the standard?
How does the standard specifically relates to HIM and how should the HIM Department be involved in the process?
Mastering the Information Management
Standards
by Jean S. Clark, RHIA
For HIM professionals working at organizations surveyed by the Joint Commission on Accreditation of
Healthcare Organizations, the information management standards are critical. Here’s an overview of the key
points and top issues surveyors look for.
Whether you work in acute, long term, home, or behavioral healthcare, chances are you’re familiar with the Joint
Commission’s information management (IM) standards. These guidelines have been incorporated into accreditation
manuals for some time.
In 1998, all scoring caps were removed from the standards, so organizations are expected to understand and be in
compliance with the standards. Because surveys continue to result in Type 1 recommendations (those that address
insufficient or unsatisfactory compliance) related to selected standards in the IM chapter, it’s apparent that meeting
the standards isn’t always easy. Are you up to date on the key points of each standard? Do you know what top
issues surveyors are looking for? This article offers a brief overview.
HIM professionals know that the goals of an organization’s IM function are to obtain, manage, and use information
to improve patient outcomes and individual and hospital performance. Processes must be designed well to facilitate
the definition, capture, and interpretation of datawith the ultimate goal of transforming it into usable information for
decision making, research, performance improvement, and patient education. The standards identify four types of
information:
patient-specific
aggregate
expert knowledge-based
comparative
Information Management Standard 1Assessing, Planning, Designing
IM.1 requires the organization to plan the management of information based on the needs of users, both internal and
external. This has been a troublesome standard because organizations have focused on computer applications, which
has resulted only in an information technology plan. The intent of the standard is to assess the information needs of
the organization as they relate to the above four types of information and then to develop strategies and plans based
on the findings. The processes of assessment and planning should be multidisciplinary and ongoing.
Remember, the standard does not require an information management plan, although many organizations have one. It
addresses not only computers but the overall management and use of information. Surveyors are looking for
Copyright © 2000 by The American Health Information Management Association. All Rights Reserved.
evidence of a periodic assessment and how the results of the assessments are planned for and implemented.
Information Management Standard 2Security and Confidentiality
IM.2 focuses on security and confidentiality of data and information. Again, this applies to all four types of
information. Policies and procedures should address the written, computerized, verbal, and visible use of data and
information. Noncompliance with this standard can result in multiple Type I recommendations related to other
standards, such as Patient Rights and Organizational Ethics. In the last year, there has been a particular focus on
confidentiality.
© 2014 The Joint Commission, © 2014 Joint Commission Resources
E-dition is a registered trademark of The Joint Commission
https://e-dition.jcrinc.com/Common/PopUps/PrintChapter.aspx?rwndrnd=0.704197965932… 9/17/2014
Print Chapter
Page 11 of 19
Program: Ambulatory
Chapter: Information Management
IM.02.01.03: The organization maintains the security and
integrity of health information.
Rationale: Not applicable.
Introduction: Introduction to Standard IM.02.01.03
The integrity and security of health information are closely related.
Health information is collected and processed through various
information sources and systems throughout the organization. As a
result, breaches in security can lead to the unauthorized disclosure or
alteration of health information. When this occurs, the integrity of the
data and information is compromised. Even simple mistakes, such as
writing the incorrect date of service or diagnosis, can undermine data
integrity just as easily as intentional breaches. For these reasons, an
examination of the use of paper and electronic information systems is
considered in the organizations approach to maintaining the security
and integrity of health information. Regardless of the type of system,
security measures should address the use of security levels, passwords,
and other forms of controlled access. Because information technology
and its associated security measures are continuously changing, the
organization should do its best to stay informed about technological
developments and best practices that can help it improve information
security and therefore protect data integrity.
Monitoring access to health information can help organizations be
vigilant about protecting health information security. Regular security
audits can identify system vulnerabilities in addition to security policy
violations. For example, as part of the process, the organization could
identify system users who have altered, edited, or deleted information.
The results from this audit process can be used to validate that user
permissions are appropriately set. Conducting security audits can be
particularly effective in identifying when employee turnover causes
vulnerabilities in security because user access and permissions were not
removed or updated.
Elements of Performance
1 The organization has a written policy that addresses the security of
health information, including access, use, and disclosure.
Note: For ambulatory surgical centers that elect to use The Joint
Commission deemed status option: The organization must comply with
Section 45 of the Code of Federal Regulations parts 160 and 164,
https://e-dition.jcrinc.com/Common/PopUps/PrintChapter.aspx?rwndrnd=0.704197965932… 9/17/2014
Print Chapter
Page 12 of 19
generally known as the Health Insurance Portability and Accountability
Act (HIPAA) Privacy and Security Rules.
EP Attributes
New FSA
– Information
Technology
CMS
MOS
CR
§416.50(g)
DOC
SC
ESP
D
A
ESP-1
2 The organization has a written policy addressing the integrity of health
information against loss, damage, unauthorized alteration,
unintentional change, and accidental destruction.
EP Attributes
New FSA
CMS
MOS
CR
– Information
Technology
DOC
SC
ESP
D
A
ESP-1
3 The organization has a written policy addressing the intentional
destruction of health information.
EP Attributes
New FSA
CMS
MOS
CR
– Information
Technology
DOC
SC
ESP
D
A
ESP-1
4 The organization has a written policy that defines when and by whom
the removal of health information is permitted.
Note: Removal refers to those actions that place health information
outside the organization’s control.
EP Attributes
New FSA
– Information
Technology
CMS
§416.47(a)
MOS
CR
DOC
SC
ESP
D
A
ESP-1
5 The organization protects against unauthorized access, use, and
disclosure of health information.
Note: For ambulatory surgical centers that elect to use The Joint
Commission deemed status option: The organization must comply with
Section 45 of the Code of Federal Regulations parts 160 and 164,
generally known as the Health Insurance Portability and Accountability
Act (HIPAA) Privacy and Security Rules.
https://e-dition.jcrinc.com/Common/PopUps/PrintChapter.aspx?rwndrnd=0.704197965932… 9/17/2014
Print Chapter
Page 13 of 19
EP Attributes
New FSA
CMS
– Information
Technology
MOS
CR
DOC
SC
§416.50(g)
ESP
C
6 The organization protects health information against loss, damage,
unauthorized alteration, unintentional change, and accidental
destruction.
EP Attributes
New FSA
CMS
MOS
CR
DOC
SC
– Information
Technology
ESP
C
7 The organization controls the intentional destruction of health
information.
EP Attributes
New FSA
CMS
MOS
CR
DOC
– Information
Technology
SC
ESP
A
8 The organization monitors compliance with its policies on the security
and integrity of health information.
Note: For ambulatory surgical centers that elect to use The Joint
Commission deemed status option: The organization must c
Recent Comments