Jeff,
There have been some great points mentioned by the posters here. The most important issue is security protocols meeting HIPAA standards and those rules and regulations required by the state where you live and possibly county and city (one never knows until he/she inquires on these two levels). 1. Educate yourself with the HIPAA regulations on safeguarding medical information at www.hipaa.org and be aware that the penalty for violating HIPAA is 10 years imprisonment and $250,000 fine. Setup security protocols for the FM server and database(s); use passwords of 12 characters in random order with upper and lower case letters, numbers and symbols; require passwords change every 3-6 months; write auto shutdown of the users' access to the databases if left idle for 20-30 minutes; decide who will have full access to the database and make lists of various privileges and select users for these categories such as medical records (physicians, medical records administrator, insurance personnel), medical billing (insurance personnel, accounting clerk), demographics (all users with exceptions as to who adds/deletes records). You may want to have the staff who has full access to determine who has the privilege of deleting records. 2. You did not mention billing to the insurance companies or patients from this database. I would suggest to prepare it as an aid in billing. The CPT, HCPCS and ICD-9 codes will determine what type of service was rendered, product provided, and the diagnosis which these items can be listed in the medical visitation log by the healthcare provider (that portion of the medical record that accumulates medical data over periods of time) and use as a backup for the billing personnel. I am not sure of the commercial insurance companies who have gone electronically, but I do know that Medicare, the state's Medicaid and Blue Cross are electronic submissions and require a separate terminal to process claims (this was in the late 1980s when I did hospital billing). 3. The medical record number can be made with the last two digits of the year the patient joined the practice followed by the first three letters of the last name and then 5-6 digits after that (09FLO123456). You do not need to add numbers to determine if the patient was an emergency or outpatient. The CPT code provides this information. You can purchase the books on CPT, HCPCS and ICD-9 codes and their definitions from the American Medical Association. Your first table should be the Medical Record Number consisting of fields for the first, middle, maiden, last names; DOBs; race (needed for sickle cell anemia). You will need to find out from HIPAA how to address the social security number as it is not suppose to be used for identification even though insurance companies have not totally complied with this regulation. Next table would be the patient demographic consisting of current address, phone, cell, email, next of kin and contact info; it would be related via medical record number Next table would be the patient insurance consisting employer and its address, phone, and insurance company and its address, phone, contact, url, email; length of time to submit a claim, expiration date of the policy, PreAuthorization for outpatient or inpatient testing or surgical procedure, and copy of the front and back of insurance card(s); it would be related via medical record number Next table would be the patient medical profile consisting of known illnesses, medications including over-the-counter products, known allergies and sensitivities, contacts or eyewear, missing body part, surgical procedures, dates of births, abortion, miscarriage, etc. and related via medical record number Next table would be the patient medical record for office visits consisting of date, patient's complaint, diagnostic criteria, vitals, and physician's treatment and prognosis, CPT, HCPCS and ICD-9 codes, and date sent to insurance company or responsible party (a check point to following up on billing), and related via medical record number Next table would be the patient medical studies for lab, imaging, and other diagnostic testing reports submitted by outside medical vendors/providers. I think it would be easier and quicker to scan this paperwork into the database than to have staff type the information because the volume of error would be high and any error for diagnostic testing can result in the wrong treatment plan; this is related via medical record number Next two tables are archives for addresses and insurance companies, and related via medical record number Your insurance table should consist of fields for medical, pharmacy, vision, dental, and mental health; auto and home insurance; worker's compensation; and insurance of another person as a result of an accident, law suit, etc. Each table would have timestamps for creating and modifying records and the name of the person creating or modifying records; record number which can be used in other tables for quick reference - example: John Smith is record #5 in patient demographics, but the record number field for the insurance table is empty. This would alert the user to enter the insurance information or indicate the patient is Self-Pay. In the event of a sudden emergency of a patient that would cause a delay of entering medical information, it would be wise to have a red flag setup so that the information is added to the database. Such an emergency would be a patient having chest pains, the medical assistant urgently applies the cables for an EKG reading that is passed to the physician for immediate diagnosis. This type of emergency may not have a patient chart out at the time it occurs. Define values would have a list of illnesses, a list of prescription medications, over-the-counter, etc., that the staff can check on the patient profile. There is a lot more to be said, but this should give you an idea of the complexities involved. I have created these databases as well as had one setup for billing to the insurance company with a re-created copy of the HCFA form used for medical providers (UB92 is for hospital billing). Sincerely, Charlene M. Flora Database Developer Division of Athletic Training/Sports Medicine Intercollegiate Athletics The University of Texas at Austin Post Office Box 7399 Austin, TX 78713-7399 512.658.2257 [email protected]
