Supervisory and Legal Aspects

I.     Course Prefix/Number: HIT 222

       Course Name: Supervisory and Legal Aspects

       Credits: 3 (3 lecture; 0 lab)

II.    Prerequisite

Consent of Instructor or Department Chair

III.   Course (Catalog) Description

Course studies impact of legal system on health information. Focus is on the health record as a legal document, and effect of confidential communication laws, including HIPAA, on release of information and use of health information. Content includes management principles and supervisory role in healthcare organizations.

IV.   Learning Objectives

  1. Describe the legal system in the United States and the role of law in the United States healthcare system.
  2. Outline civil procedures including: the parties to a lawsuit, pretrial procedures including court orders and subpoenas, trial procedures that include testimony to authenticate health records and post-trial procedures.
  3. Determine how health records are used as evidence, how they are discoverable during the pretrial and admissible in court, how and when to respond to a subpoena duces tecum and/or court order and how to apply health record retention and destruction policies.
  4. Differentiate between intentional torts, malpractice and negligence including the elements of negligence, the causes of action for improper disclosure of health information, and how the statute of limitations affect the retention of health records.
  5. Explain the different types of consents, requirements and exceptions to informed consent, advance directives including durable power of attorney for healthcare decisions, living wills, do not resuscitate orders, and the self-determination act, and the parties to consent.
  6. Explain the Health Information Portability and Accountability Act (HIPAA) Privacy and Security Rules, the components of each of the rules and how they apply to protected health information (PHI).
  7. Recognize appropriate access, use and disclosure/release of health information in compliance with state and federal regulations including required reporting and mandatory disclosure laws.
  8. Apply confidentiality, privacy, and security concepts to health information and legal concepts and principles to the practice of health information management.
  9. Examine the supervisor’s roles, functions, and authority and differentiate between the theories of management.
  10. Analyze the importance and relationship of managerial planning to the controlling function and develop planning tools including a policy, procedure, and job description.
  11. Describe the fundamental concepts of organization, division of work and departmentalization, delegation of authority, the process of reorganization, and the use of committees as an organizational tool.
  12. Discuss the staffing process, legal implications, the selection process, performance appraisals and position changes.
  13. Explain the influencing function including how to give directives, manage change, and work with different generations, cultures and diversity.
  14. Examine leadership theories, theories of motivation, morale, and discipline.
  15. Explain the fundamentals of control and the controlling functions, and budgetary and other control techniques.
  16. Describe federal and state laws that govern employment in the healthcare setting.

V.    Academic Integrity and Student Conduct

Students and employees at Oakton Community College are required to demonstrate academic integrity and follow Oakton's Code of Academic Conduct. This code prohibits:

• cheating,
• plagiarism (turning in work not written by you, or lacking proper citation),
• falsification and fabrication (lying or distorting the truth),
• helping others to cheat,
• unauthorized changes on official documents,
• pretending to be someone else or having someone else pretend to be you,
• making or accepting bribes, special favors, or threats, and
• any other behavior that violates academic integrity.

There are serious consequences to violations of the academic integrity policy. Oakton's policies and procedures provide students a fair hearing if a complaint is made against you. If you are found to have violated the policy, the minimum penalty is failure on the assignment and, a disciplinary record will be established and kept on file in the office of the Vice President for Student Affairs for a period of 3 years.

Please review the Code of Academic Conduct and the Code of Student Conduct, both located online at

VI.   Sequence of Topics

Legal Aspects

  1. Introduction to the fundamentals of law
    1. Health information and health records
    2. Privacy confidentiality and security
    3. Custodian/steward of health records
    4. Relationship of law and ethics
      1. American Medical Association (AMA)
      2. American Health Information Management Association (AHIMA)
      3. American Medical Informatics Association (AMIA)
  2. The legal system in the United States
    1. Role of law in the United Stated healthcare system
    2. Public versus private law
    3. Sources of law
    4. Conflicts of laws
    5. Government organization
    6. Judicial system
    7. Alternative dispute resolution
  3. Civil procedures
    1. Definition of civil procedure
    2. Parties to a lawsuit
    3. Pretrial
      1. Commencement of a lawsuit
      2. Types of discovery
      3. Court orders
      4. Subpoenas
    4. Trial
      1. Players in a trial
      2. Trial procedures
      3. Testimony to authenticate health records
    5. Post-trial
      1. Appeals
      2. Collection of judgment
  4. Evidence
    1. Health information as evidence
    2. Discoverability
      1. Electronic discovery (e-discovery)
    3. Subpoenas
      1. Producing records as kept in the usual course of business
      2. Legal hold and spoliation
      3. Retention and destruction of health information
      4. Managing the discovery process
    4. Admissibility
    5. Types of evidence
    6. Evidentiary rules
      1. Best evidence rule
      2. Hearsay
    7. Physician-patient privilege
      1. Waiver of privilege
      2. Privilege between patients and other providers
    8. Protection of related medical documentation
      1. Incident reports
      2. Peer review records
  5. Tort law
    1. Type of torts
      1. Intentional torts
      2. Negligence
    2. Causes of action for improper disclosure of health information
      1. Defamation
      2. Invasion of privacy
      3. Breach of confidentiality (fiduciary duty)
      4. Negligence for improper disclosure
    3. Immunity from liability
    4. Statutes of limitations
    5. Torts and contracts
    6. Criminal liability in healthcare
  6. Corporations, contracts, and antitrust legal issues
    1. Healthcare corporations
    2. Advantages of a corporation
    3. For-profit and not-for-profit corporations
    4. Responsibilities of the governing board
    5. General principles of a contract
    6. General principles of antitrust law
      1. The Sherman Act
      2. The Clayton Act
      3. The Federal Trade Commission Act
    7. Contract and antitrust issues associated with the medical staff
  7. Consent to treatment
    1. Types of consents
      1. Express consent
      2. Implied consent
    2. Informed consent
      1. Requirements
      2. Exceptions to informed consent
    3. Advance directives
      1. Durable Powers of Attorney for Healthcare Decisions
      2. Living Wills
      3. Do not resuscitate orders
      4. Patient Self-Determination Act
    4. Parties to consent
      1. Competent and incompetent adults
      2. Minors
    5. Challenges to consent and documenting consent
    6. Types of consent forms
      1. General
      2. Short and long forms
  8. The legal health record: maintenance, content, documentation, and disposition
    1. The legal health record
    2. Paper versus electronic health records
    3. Health record maintenance, content, and documentation requirements
      1. Documentation principles for health record entries
    4. Maintaining a legally defensible health record
    5. Health record identification, retention, and disposition
  9. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule
    1. Overview of HIPAA and other patient privacy laws; HIPAA terminology
      1. Purpose and goals of the HIPAA Privacy Rule
      2. Source of law
      3. American Recovery and Reinvestment Act (ARRA) of 2009
      4. History and comparison with existing laws
      5. Applicability
        1. Covered entities and workforce
        2. Business associates
      6. Protected health information (PHI)
      7. Designated record set
      8. Disclosure, use, and request
      9. Treatment, payment, and operations
      10. Health information in personnel and educational records
    2. Core privacy rule documents and the minimum necessary requirement
      1. Key privacy rule documents
        1. Notice of Privacy Practices
        2. Consent to use or disclosure PHI
        3. Authorization
      2. When authorization is not required
      3. Uses and disclosures that require an opportunity for the individual to agree or object
      4. Uses and disclosures for which authorization or opportunity to agree or object is not required
      5. Redisclosure
      6. Minimum necessary requirement
    3. Individual rights; other key requirements; penalties for noncompliance
      1. Individual rights
        1. Access and denial of access
        2. Request amendment
        3. Accounting of disclosures
        4. Confidential communications
        5. Request restrictions
        6. Submit complaints
      2. Breach notification
      3. Marketing, fundraising, and research
      4. Preemption
      5. Administrative requirements
      6. Enforcement and penalties for noncompliance
  10. The HIPAA Security Rule
    1. Purposes of the HPAA security rule
    2. Source of law
    3. Scope and anatomy of the security rule
    4. History and comparison with existing laws
    5. Applicability
    6. Ensuring security compliance
    7. Key components of the security rule
    8. Security rule safeguards and requirements
      1. Administrative safeguards
      2. Physical safeguards
      3. Technical safeguards
      4. Organizational requirements
      5. Policies, procedures, and documentation
      6. Security officer designation
      7. Enforcement and penalties for noncompliance
  11. Security threats and controls
    1. Internal, external, human, natural and environmental threats
    2. Identity theft
    3. Medical identity theft
      1. Implications of medical identity theft
      2. Fair and Accurate Credit Transactions Act and the Red Flag Rule
      3. Prevention, detection, and mitigation of medical identity theft
    4. Systems controls
      1. Workstation use and security
      2. Data encryption
      3. Firewall protection and virus checking
      4. Transmission of ePHI
      5. Electronic mail
      6. Wireless communication devices, telemedicine, and social media
    5. Contingency planning or disaster recovery planning
      1. Data backup
      2. Data recovery
  12. Access, use and disclosure/release of health information
    1. Ownership and control of the health record and health information
    2. Access to patient health information
      1. Competent and incompetent adults
      2. Minors
    3. Highly sensitive health information
    4. Special access, request, and disclosure situations
    5. Managing the release of information (ROI) process
      1. Definition of legal health record (LHR) and designated record set (DRS)
      2. Determining who will disclose/release information
      3. Types of requests for access, use, and disclosure/release of PHI
      4. Determining if disclosure is appropriate
      5. ROI reimbursement and fee structure
      6. Accounting of disclosures and tracking releases
      7. Refusal to disclose information
  13. Required reporting and mandatory disclosure laws
    1. Disclosure without patient authorization or agreement for public health and benefit activities
    2. Preemption
    3. Notice of Privacy Practices
    4. Accounting of disclosures
    5. Common state reporting requirements
      1. Abuse and neglect of children, elderly and disabled
      2. Vital records
      3. Communicable diseases
      4. Induced termination of pregnancy (abortion)
      5. Birth defects
      6. Reportable deaths
      7. Unusual events and other state reporting requirements
    6. National reporting requirements
      1. National reporting of quality measures
      2. National Practitioner Data Banks
      3. Medical device reporting
    7. Registries
      1. Cancer registries
      2. Trauma registries
      3. Immunization and birth defects registries
      4. Diabetes, implant and transplant registries
  14. Risk management and quality improvement
    1. Differences between risk management and quality improvement
    2. Risk management
    3. Quality improvement
    4. Patients’ rights as a condition of quality healthcare
    5. Quality Improvement Organizations (QIOs)
    6. Private quality watchdogs
    7. Pay for performance
  15. Corporate compliance
    1. Fraud and abuse
      1. Role of documentation
    2. Major statutes, rules, and regulations
      1. False Claims Act
      2. Federal anti-kickback statute
    3. High-risk areas
    4. Role of the Office of Inspector General (OIG)
    5. Role of the Department of Justice (DOJ)
    6. Coordinated federal fraud and abuse programs
    7. Recovery Audit Contractor (RAC) program
      1. Other Medicare program review contractors
    8. Corporate Compliance Programs
      1. Elements of a corporate compliance program
  16. Medical Staff
    1. Governing board
      1. Medical staff bylaws
      2. Categories of medical staff membership
    2. Medical staff credentialing
      1. Joining the medical staff
      2. Primary source verification
      3. National Practitioner Data Bank
      4. Office of the Inspector General
      5. Review of credentials documents
    3. Determination of clinical privileges
    4. Due process

Part I Stepping into management

  1. The Supervisor’s Job, roles, functions, and authority
    1. The Healthcare perspective
    2. The demands of the supervisory position
    3. The managerial aspects of the supervisory position
    4. The meaning of management
    5. Managerial skills and technical skills
    6. Managerial functions and authority
  2. The theories and history of management
    1. Industrial revolution (1700s-1800s)
    2. Classical school (1800s-1950s)
    3. Human relations movement (1930-present)
    4. Human resources school (1950-present)
    5. Contemporary management theories (1940s-present)
    6. Cultural theory (1970s-present)

Part II Connective processes

  1. Decision making
    1. Programmed and non-programmed decisions
    2. The importance of decision-making skills
  2. Coordinating organizational activities
    1. The meaning of coordination
    2. Coordination and cooperation
    3. Difficulties in attaining coordination
    4. Coordination and managerial functions
    5. Coordination and decision making
    6. Coordination and communication
    7. Dimension of coordination
  3. Communicating
    1. The nature of communication
    2. Communication network
    3. Formal channels
    4. Communication media
    5. The manager’s role in communication
    6. Barriers to communication
    7. Overcoming barriers to improve communication effectiveness
    8. The grapevine: the informal communication network
  4. Legal aspects of the healthcare setting
    1. Liability
    2. Employee-related regulations

Part III Planning

  1. Managerial planning
    1. The nature of planning
    2. Forecasting trends
    3. Supervisory forecasts
    4. Benefits of planning
    5. The strategic planning process
    6. The use of objectives in planning
    7. Monitoring the effectiveness of the strategic plan
    8. Tactical considerations in planning
      1. The supervisor as a change agent
      2. Planning strategies
  2. Planning tools
    1. Policies
    2. Procedures
    3. Methods
    4. Rules
    5. Work simplification
    6. Organizational manuals
    7. Programs and projects
    8. Budgets
    9. Time management techniques
      1. Use of time
      2. Time-use chart
      3. Managing the employees’ time

Part IV Organizing

  1. Fundamental concepts of organizing
    1. Formal organization theory
    2. Two key concepts
    3. Authority
    4. Line and staff
    5. Span of management
  2. Division of work and departmentalization
    1. Division of work or job specialization
    2. Departmentalization
    3. Organizing at the supervisory level
    4. Departmental organizational structure
    5. Organization and personnel
    6. Organization design and charts
  3. Delegation of authority
    1. The meaning of delegation
    2. The scalar chain (chain of command)
    3. Unity of command
    4. The process of delegation
      1. The availability of trained subordinates
      2. Selecting a backup
    5. Recognition
    6. Equality of the three essential parts
    7. Achieving delegation of authority
    8. Advantages and disadvantages of delegation
  4. Process of reorganization and tools to improve the process
    1. Reorganization concepts, tools, and vocabulary
    2. The supervisor’s role in quality management
    3. What is quality?
    4. Other approaches that foster collaboration, innovation, and process improvements
      1. Six Sigma
      2. Lean
      3. Kaizen
    5. Reengineering
    6. Downsizing and rightsizing
  5. Committees as an organizational tool
    1. The nature of committees
    2. Functions of committees
    3. Benefits of committees
    4. Disadvantages of committees
    5. The effective operation of a committee
    6. The committee meeting

Part V Staffing: Human resources management

  1. The staffing process
    1. The staffing function and the Human Resources department
    2. Staffing and legal implications
    3. Functional authority and the Human Resources department
    4. The supervisor’s staffing function
    5. The selection process
      1. Early assessment
      2. Interviews
      3. The employment interview
      4. Evaluating the applicant
      5. Testing the applicant
      6. Diversity
      7. Making the decision
  2. Performance appraisals and position changes
    1. The performance appraisal system
    2. Performance appraisal methods and purposes
    3. Mentoring, skill building, and succession planning
    4. Timing of appraisals
    5. Who is the appraiser?
    6. Performance rating
    7. Preparing for the interview
    8. The appraisal interview
    9. Proper wages, salaries, and benefits
    10. Promotion
  3. Workplace law
    1. Discrimination and related laws
    2. Labor laws
    3. Employee safety

Part VI Influencing

  1. Giving directives and managing change
    1. Characteristics of good directives
    2. Directing techniques
    3. Explaining directives
    4. General supervision compared with no supervision
    5. Team management
    6. Change and influencing
  2. Leadership
    1. Leadership theories
    2. Leadership role
    3. Leadership style
    4. Energizing staff
    5. Diversity
    6. Social responsibility
  3. Motivation
    1. Theories of motivation
    2. Model of motivational processes
    3. Perceptions, values, and attitudes
    4. Modifying motivational techniques
    5. Working with the generations and diversity
  4. Morale
    1. The nature of morale
    2. The level of morale
    3. Factors influencing morale
    4. The supervisor’s role
    5. The effects of morale
    6. Assessing current morale
  5. Discipline
    1. Organizational discipline
    2. When disciplinary action is warranted
    3. The supervisor’s dilemma
    4. The “red-hot stove” approach
    5. Discipline without punishment
    6. Right of appeal

Part VII Controlling

  1. Fundamentals of control and the controlling functions
    1. The nature of control
    2. Human reaction to control
    3. The supervisor and control
    4. The anticipatory aspect of control
    5. Control systems
    6. The feedback model of control
    7. Basic requirements of a control system
    8. Steps in the supervisor’s control function
    9. Benchmarking
  2. Budgetary and other control techniques
    1. The supervisor’s concern about budgeting
    2. Making the budget
    3. Participation in traditional budgeting
    4. Budgeting approaches
    5. Types of budgets
    6. Preparing the budget
    7. Other budget considerations

Part VIII Labor Relations

  1. The labor union and the supervisor
    1. The nuances of unions
    2. Unionization and labor negotiations
    3. The supervisor and the shop steward
    4. Employee-friendly legislation
  2. Handling grievances
    1. The shop steward’s role
    2. The supervisor’s role
    3. Nonunionized organizations

VII.  Methods of Instruction

Methods of instruction include lectures, scenarios, videos, assigned readings, and worksheet exercises. Class participation is required.

Course may be taught as face-to-face, hybrid or online course.

VIII. Course Practices Required

Course may be taught as face-to-face, hybrid or online course. Students are required to attend classes, complete assignments, do readings and participate in class discussions, Students will prepare a job procedure and write a job description. Students will write a department policy for a scenario and prepare a memo to communicate the changes. Students will be given an employee hiring scenario and will prepare a decision matrix. Students will complete a HIPAA and court decisions research project. Students will use lab hardware and software to complete projects and assignments.

IX.   Instructional Materials

Note: Current textbook information for each course and section is available on Oakton's Schedule of Classes.

Health Information: Management Technology: An Applied Approach, Sayles, Fourth Edition, 2013
Dunn & Haimann's Healthcare Management, Dunn, Tenth Edition, 2016
Fundamentals of Law for Health Informatics and Information Management, Brodnik, Second Edition, Revised Reprint, 2012.

X.    Methods of Evaluating Student Progress

Evaluation will be based on quizzes, exams, assignments, and attendance on a cumulative point basis. The grading scale will be:

A = 94%
B = 88%
C = 82%
D = 76%
F = Below 76%

XI.   Other Course Information

If you have a documented learning, psychological, or physical disability you may be entitled to reasonable academic accommodations or services. To request accommodations or services, contact the Access and Disability Resource Center at the Des Plaines or Skokie campus. All students are expected to fulfill essential course requirements. The College will not waive any essential skill or requirement of a course or degree program.

CAHIIM Curriculum Entry-Level Competencies for Health Information Management (HIM) at the Associate Degree Level

Entry-Level Competencies
I.  Data, Content, Structure & Standards
Subdomain I.C. Data Governance
1.  Apply policies and procedures to ensure the accuracy and integrity of health data
II.  Information Protection:  Access, Disclosure, Archival, Privacy & Security
Subdomain II. A. Health Law
1.  Apply healthcare legal terminology
2.  Identify the use of legal documents
3.  Apply legal concepts and principles to the practice of HIM
Subdomain II. B. Data Privacy, Confidentiality & Security
1.  Apply confidentiality, privacy and security measures and policies and procedures for internal and external use and exchange to protect electronic health information
2.  Apply retention and destruction polices for health information
3.  Apply system security policies according to departmental and organizational data/information standards
Subdomain II. C. Release of Information
1.  Apply policies and procedures surrounding issues of access and disclosure of protected health information
Domain V. Compliance
Subdomain V. A. Regulatory
1.  Analyze policies and procedures to ensure organizational compliance with regulations and standards
Domain VI. Leadership
Subdomain VI. A. Leadership Roles
1.  Summarize health information related leadership roles
2.  Apply the fundamentals of team leadership
3.  Organize and facilitate meetings
Subdomain VI. B. Change Management
1.  Recognize the impact of change management on processes, people and systems
Subdomain VI. D. Human Resources Management
2.  Interpret compliance with local, state, and federal labor regulations
3.  Adhere to work plans, policies, procedures, and resource requisitions in relation to job functions
Subdomain VI. E. Training and Development
1.  Explain the methodology of training and development
2.  Explain return on investment for employee training/development
Subdomain VI. G. Financial Management
1.  Plan budgets
2.  Explain accounting methodologies
3.  Explain budget variances

If you have a documented learning, psychological, or physical disability you may be entitled to reasonable academic accommodations or services. To request accommodations or services, contact the Access and Disability Resource Center at the Des Plaines or Skokie campus. All students are expected to fulfill essential course requirements. The College will not waive any essential skill or requirement of a course or degree program.

Oakton Community College is committed to maintaining a campus environment emphasizing the dignity and worth of all members of the community, and complies with all federal and state Title IX requirements.

Resources and support for
  • pregnancy-related and parenting accommodations; and
  • victims of sexual misconduct
can be found at

Resources and support for LGBTQ+ students can be found at

Electronic video and/or audio recording is not permitted during class unless the student obtains written permission from the instructor. In cases where recordings are allowed, such content is restricted to personal use only. Any distribution of such recordings is strictly prohibited. Personal use is defined as use by an individual student for the purpose of studying or completing course assignments.

For students who have been approved for audio and/or video recording of lectures and other classroom activities as a reasonable accommodation by Oakton’s Access Disabilities Resource Center (ADRC), applicable federal law requires instructors to permit those recordings. Such recordings are also limited to personal use. Any distribution of such recordings is strictly prohibited.

Violation of this policy will result in disciplinary action through the Code of Student Conduct.