User Guide — athenaEnterprise and Patient Privacy
HIPAA privacy guidelines mandate that only the minimum patient information necessary for treatment can be exchanged between healthcare entities. This "minimum necessary" rule affects many practices that use the athenaEnterprise feature to segment provider groups within their organization. Because the rule applies even to basic demographic information, additional restrictions on sharing patient demographic information may also be necessary for some practices, depending on the organization of the practice.
athenaOne provides several options to help practices using athenaEnterprise comply with the HIPAA "minimum necessary" rule. These options allow practices to control whether — and to what degree — a patient's protected health information can be shared among provider groups within the practice.
athenaOne segments patient demographic information using provider groups, in much the same way it segments financial and appointment data within an athenaEnterprise organization. Each patient record is assigned to a single provider group, and a copy of the patient record (actually a subset of the original data) is recorded in the Common Patient Index (CPI).
Configuration options allow you to control exactly which patient demographic information is included in the CPI record, and to control user access to CPI records.
Enterprise ID versus patient ID
The enterprise ID represents the entire patient record across all provider groups, whereas the patient ID represents the patient within a specific provider group.
Medical practices that segment their organization into provider groups must configure three settings that control the behavior of the common patient index: CPI lookup, CPI shared patient fields, and CPI insurance synchronization.
This setting determines whether users with access to only certain provider groups can scan the entire CPI when looking up patients. The CPI Lookup setting has two options.
Unrestricted Lookup
With this option, even group-level users (users who have access to only the provider groups to which they belong) are able to scan the entire CPI when searching for patients. For patients registered in the local provider group, all usual information is displayed. For patients registered in other provider groups, group-level users see only a limited subset of patient information (see CPI Shared Patient Fields for more information).
Restricted Lookup
With this option, a group-level user can scan only patient records that belong to provider groups for which the user has permissions. Group-level users can still copy a record from the CPI, but only from within the registration process — if they trigger a "duplicate patient" match.
This setting determines which patient demographic fields the customer wants to maintain in the CPI.
- All fields on the full Patient Registration page that do not pertain to the department or provider (for example, usual provider or department of registration) can be maintained in the CPI, including medical record numbers.
- Only registration fields can be shared; fields located on other pages cannot be shared.
-
Refer to the Field Reference table for Patient Registration to see the fields that are Available to Select as CPI Shared Patient Fields in the Common Patient Index. Additional fields from Quickview can also be selected to be CPI shared fields. See the Practice Setting: CPI Shared Patient Fields for a complete list of available fields.
- Common Patient Index (CPI) grouped fields must be maintained together — (in the Practice Setting: CPI Shared Patient Fields) if you select one of the fields in the group to be a CPI Shared Patient Field, all fields in that group must also be selected for sharing. Refer to the CPI Shared Patient Fields Group column in the Field Reference table for Patient Registration to see which Common Patient Index fields are grouped and must be maintained as a set.
Including fields in the set of "CPI Shared Patient Fields" has several consequences:
- The included fields are listed in the CPI View.
- If CPI Lookup is set to Restricted, these fields are automatically copied into fields on the Patient Registration page when a CPI patient record is selected from the duplicate checker.
- The data in these fields is automatically synchronized across all copies of the patient record. For example, if "Guarantor Last Name" is included in the set of CPI Shared Patient Fields, any change to the guarantor name made at one provider group is automatically propagated to all other copies of the patient record.
A closely related setting allows medical record numbers to be included in the CPI. This setting is controlled by the Sync across enterprise patients option on the Custom Fields page.
This setting determines how patient insurance policies are handled between provider groups. The CPI Insurance Synchronization setting has two options.
Shared
Insurance policies are automatically synchronized for all provider groups in which the patient is registered. Changes to insurance policies made in one provider group are immediately propagated to all other copies of the patient record. There are exceptions, however:
- Mental health-related carve-outs and case policies are excluded from synchronization because of privacy concerns.
- Patient payment plans, including sliding fee arrangements, are also excluded, because provider groups represent distinct financial entities.
- The insurance sequence number (primary, secondary) may not be synchronized if a patient has a non-synchronizable policy.
Copy-on-Register
When a user registers an existing patient in a new provider group, a checkbox appears next to each available policy. The user selects the relevant policies, then saves. These policies are copied to the new provider group. Subsequent changes are not propagated to other groups, however. Policies that are exceptions under the Shared option are not available for copying and are not displayed.
In a practice configured with "CPI Lookup Unrestricted," all users can use the Common Patient Index page, accessible through the CPI View link that appears in the search results on the Find a Patient page. Users with access to multiple provider groups also see the CPI View option in the Registration menu of the Patient Actions Bar. The CPI view displays all data stored in the CPI and allows users to register patients in additional provider groups. Two registration options are available: Register Exact Copy and Register Interactively. See the Common Patient Index page for more information.
Enterprise-level users (users who have access to all provider groups within the enterprise) should be aware of which provider group they selected at login time. The provider group is displayed in the browser title bar next to the practice name as a reference.
If the enterprise-level user views an appointment or claim for another provider group, athenaOne switches the user's current login to that provider group. The user can also manually switch the current provider group by selecting the department from the Dept drop-down list at the top of the Task Bar.
The provider group is controlled by the department of login. Users can view the patient Quickview page only while logged in to a provider group that has a record for that patient, so that non-shared fields can be viewed. Although demographic information (and policy information) reflects the current login provider group, the displayed information includes appointments and financial information from all provider groups for which the user has data permissions.
The "Show Enterprise Patient Balances" setting allows users access to enterprise-wide patient balances. When this setting is ON:
- Patients' enterprise-wide balances are shown on the Quickview page to users who have access to the provider groups where the balances were incurred.
- Office staff can remind patients about balances incurred in other provider groups within the enterprise.
In medical practice networks where patients frequently move between provider groups, enabling the "Show Enterprise Patient Balances" setting may help improve the patient collections rate.
Note: The "Show Enterprise Patient Balances" setting does not allow provider group-level users to post payments for other groups. Your practice should implement a policy for handling payments collected across provider groups. Also note that no additional patient record information is made accessible by this setting (because of HIPAA privacy regulations).