CRSM chapter 6 and 4 – Flashcards

Cancer registries contain summarized health information for all cancer patients within the scope of their service areas. For the hospital registry, the scope is all patients diagnosed or treated at the facility. For the state or regional cancer registry, the scope is all cancer patients within their defined borders or state boundary. The summarized health information includes patient identification, detailed medical histories, and treatment information. It is of the utmost importance that registrars understand what comprises confidential health information.

Enacted by Congress to simplify and reduce healthcare costs by decreasing administrative costs with standardized health transactions and coding and to promote an effective and efficient use of information technology. The portion of HIPAA entitled "Administrative Simplification" calls for the implementation of common sense privacy and security protection of personal information below are the components of the purpose of the "Administrative Simplification:" 1. Protect and enhance the rights of consumers by providing people access to their health information while controlling inappropriate use of that information 2. Improve quality of healthcare by restoring trust in the healthcare system among: - Consumers - Healthcare professionals - Multitudes of organizations and individuals committed to the delivery of care 3. Improve efficiency and effectiveness of healthcare delivery by creating a national framework for health privacy protection that builds on efforts by: - States - Health systems - Individual organizations, and - Individuals Privacy defines permissible means of access, usage, and disclosure of applicable patient information. Security governs the operational and technical mechanisms necessary to protect patient information. The Security and Electronic Signature Standard (Security) and Privacy of Individually Identifiable Health Information Standard (Privacy) are a team of regulations to protect patient information.

HIPAA protects individually identifiable health information. All healthcare workers should have a clear understanding of what is considered confidential information. HIPAA considers the following identifiable health information when it refers to the: •Condition of the patient of the patient •Treatment of the patient •Billing More specifically, information is considered individually identifiable if it identifies the patient by: •Name •Identifiers •Address •Social Security number •Phone number •Information that permits reasonable deduction to the patient's identity Additionally, HIPAA protects information that can link the patient's identity with other health information. An example is the linking of a database of patients from a clinic to a database with prescription drug information that could lead to knowledge of the patient's condition such as a diagnosis of a sexually transmitted disease.

Privacy and security are a team of protections meant to prevent unintended access, use, and disclosure of confidential information. According to the author of this chapter, Thomas Faris; "Privacy generally refers to the requirements of restricting access, use and disclosure of confidential information to parties with privilege to the information; however, security's operational and technical protections are the tools that ensure implementation and maintenance of these requirements. Security is often the methodology by which privacy or confidentiality is attained." These co-concepts work together to protect confidential information from unintended disclosure and may overlap on occasion, but each has a predominant role. Privacy protections are aimed at meeting confidentiality expectations for data provided or accumulated from health-related information given by a patient for the purpose of diagnosing and treating their health problems. Individuals have the right to deny any and all use of their confidential information; however, this denial would result in no diagnosis or treatment. HIPAA provides consistent requirements that do not allow the disclosure of individually identifiable information so that a patient can expect their confidential information to remain private and used only for their health care. Healthcare providers must have a signed authorization from the patient to permit access to, or disclosure of, any identifiable information for any purpose beyond treatment, payment, and healthcare operations. There are disclosures for which an authorization is not required such as, requirements of law and public health activities. All states have laws that require health care facilities to report cancer to the state cancer registry or department of health, which, in turn, uses the data for public health activities. Patient authorization is not required for the cancer registry to report data to the state central cancer registry. Security encompasses all procedures and actions taken to protect confidential information. An important component of the organization's security management plan is formal operational policies and procedures to provide security instructions to all applicable personnel. A formal process must be established to report, investigate and resolve incidents involved in a breach of confidentiality. Security ranges from delineating who has access to confidential information and the actual physical security of confidential information. Security includes, but is not limited to, a disaster plan, computer passwords, and locks on doors and files.

The hospital cancer registry is not only a part of the facility's accreditation activities, but when in place, it also reports the facility's data to the state. While establishing and maintaining a cancer registry is not required by state law, it is a requirement for accreditation of the cancer program by the ACoS/CoC. ACoS/CoC-accredited cancer programs must submit their data to the National Cancer Data Base (NCDB),which is maintained and used by the ACoS/CoC for quality test and improvement purposes, including outcomes evaluation. Reporting cancer information to the NCDB is part of the voluntary accreditation requirements. In other words, accreditation, while highly desirable, is voluntary. The NCDB receives a limited data set from ACoS/CoC-accredited programs, meaning that only selected data items collected by the cancer registry are actually sent to the NCDB. The HIPAA Privacy Rule allows for the release of a limited data set to the NCDB if certain agreements are in place, including a Business Agreement. Address information is sent, but patient names and social security numbers are not. Instead, a control number made up of several of the abstract's data items (such as the Accession number) is used to identify unique cancer records. Hospital registrars often gather additional patient information outside of the institution so that they can capture the entire first course of treatment and for follow-up information on each patient every year. Patients often receive their systemic therapy or their radiation therapy outside the facility. Cancer patients are discussed on a weekly or monthly basis at the facility's cancer conferences. These conferences provide a multidisciplinary forum that aids in arriving at the very best treatment plan possible for the patients under discussion. All of these uses of health information areas are permissible under the HIPAA Privacy rule when certain requirements are met

State or regional cancer registries are authorized by state law to collect and receive health information for the purpose of preventing and controlling disease and conducting public health surveillance, investigations, and interventions. State or central registries are operated by a state health department or as a freestanding state-supported agency. Some large states may have designated regional registries that help facilitate complete state reporting. Authorized by state law, state or regional registries are considered public health authorities. HIPAA does not require patient authorization for health care facilities to report cancer information to public health authorities. Patient names and social security number are sent to the central cancer registries. Because the central cancer registry may receive multiple reports from multiple facilities on the same patient, this information is critical to linking these patients and combining the information into one record. State registries conduct audits of health care facilities, both those with and without a cancer registry, to assure completeness and accuracy of cancer reporting. The audits include the review of patient health records for comparing information reported to the central or state registry. State registry employees often collect the data to meet state reporting requirements on behalf of some health care facilities. State cancer registry authorizing legislation includes strict limits on use and disclosure of reported information

State and national laws, regulations from governmental and non-governmental agencies, and institutional policies all define the legal aspects of cancer registry data. Legal aspects generally relate to the law and the term law encompasses: •Common law or law established by court decisions •Statutory laws is prescribed by legislation •Administrative law formulates rules and regulations necessary to carry out the intent of the law Central or state cancer registries are authorized by statutory law and have administrative rules (or laws) that should clearly delineate the rules and regulations necessary to comply with the reporting law. For instance, the administrative rules will relate who has to report, how the reporting will be accomplished (for example, electronic or paper abstracts), the reporting date or when the data must be reported, what cases to include and exclude, and penalties for not reporting.

institutional review board

State registries' laws are designed to protect patient information while allowing the data to be used for research and surveillance activities. Some states, like New Jersey, have very specific laws, while others are written in more general language. NAACCR has standards for confidentiality, disclosure of data, and information that legislation and regulations should specify. The NAACCR standards are available to assist any state in establishing or revising cancer reporting legislation. In addition to knowledge of state and federal laws, registry professionals should also be familiar with the institution's rules concerning confidentiality and releasing information. For instance, a hospital's institutional review board (IRB) may require that the patient's physician be notified if the central cancer registry wishes to contact the patient for a special study. This additional rule is actually good practice because many cancer patients may be too ill to participate or even be contacted. The registrar plays a key role in ensuring that everyone involved in the collection, maintenance, and release of cancer data meets all legal and institutional requirements.

*Never release confidential registry data for: •Marketing •Recruiting patients by healthcare facilities or providers •Aiding insurance companies in their decisions to insure •Aiding employers or potential employers •Publishing or for the press •Granting a request from the general public *Policies and procedures may allow the release of confidential patient information to: •Other treating hospitals for follow-up or case completion •Physicians for their own patients •The state or central cancer registry

Aggregate data, which contains non-confidential information, may be released if allowed by organizational policies and procedures. When in doubt, do not release without speaking with a person in authority at the institution such as the privacy officer. It is better to delay releasing information than to release information that could do harm. Policies and procedures may allow the release of confidential patient information to: •Other treating hospitals for follow-up or case completion •Physicians for their own patients •The state or central cancer registry Polices and procedures must be approved by the cancer committee and should certainly be reviewed by the privacy officer. The registry should try to identify areas where there is a risk of violating confidentiality and be sure that the policies and procedures address those areas. The registry is responsible for monitoring the release of confidential information and accounting for disclosures. For patient information in both electronic and paper formats to remain confidential, it must be kept secure. The registry should have locks and an alarm system. Registry computers should require passwords and an audit system that logs all attempts to enter the database. The use of strong passwords should be encouraged such as those that do not form real words but do contain a combination of upper and lower case letters, numbers, and at least one special character such as !, #, $, or %. Confidential information may be transmitted electronically if the data is encrypted and is being transmitted to those authorized to receive it such as the central cancer registry. For guidance, registrars can work with the facility Security Officer to ensure all aspects of the HIPAA Security Rule are implemented correctly. Policy and procedures for security should include information concerning: •Physical safeguards •Remote access •Disposal of confidential information

Ethics is a system of moral principles or values. A Code of Ethics governs the conduct of members of the registry profession. The National Cancer Registrars Association (NCRA) published A Guide to Interpretation of the Code of Ethic for cancer registrars that addresses; serving employers honestly, declining favors that might influence behavior, and avoiding commercializing one's position. Consult the textbook, Cancer Registry Management Principles & Practices, page 49, for a comprehensive list of issues addressed in the NCRA Code of Ethics. Pay particular attention to Table 4-1, "Guidelines Addressed in the National Cancer Registrars Association Professional Practice Code of Ethics." Releasing or repeating confidential information obtained from the workplace or privileged information obtained through an appointed or elected association office is a breach of the code of ethics. It is also considered unethical for registrars to: •Provide patients names for marketing •Accept a position or contract for which one is inadequately prepared •Vacate a position without adequate notice •Relate an untruthful accounting of work status •Participate in improper preparation, alteration or suppression of health records •Place material gains ahead of service •Misrepresent professional qualifications or credentials Notice that the above list includes some items that are covered in legal aspects and others reflect honesty, moral principles, and conduct.

a population-based cancer registry or a multi-hospital cancer registry.

•They include all cases in a census (or related data) population, such as one state •They allow the calculation of incidence and mortality rates •They rate include all cases diagnosed in the population at risk (the state population) •The same case reported by more than one facility must be consolidated and counted only once Population-based cancer registries, while having all of the characteristics listed above, can have differing goals. Here are some of the differing goals of population-based registries: Incidence only: •Determination of cancer rates in different groups in a defined area •Tracking of cancer trends in the population •Usually no treatment or outcome data Multiple purposes, which includes: •Incidence •Survival results •Patient care (includes treatment) •Research (epidemiological, rapid reporting) •Cancer control activities

Non-population-based cancer registries are multi-hospital cancer registries. Multi-hospital registries pool their data into a single file that can be used for comparative purposes. Here are some characteristics of multi-hospital central registries: •Data is not representative of all patients in the geographic area. •They usually do not consolidate cases that are reported by more than one facility. •They cannot be used to determine cancer rates in a defined area. Examples of non-population-based central cancer registries: •Multi-hospitals that use the same software that pool their data in a centralized location •National Cancer Data Base of the Commission on Cancer •Military central registries, such as the Department of Defense and Veterans Administration The data sets used by all central cancer registries will vary depending upon the goals and objectives of the registry. For the most part, when you see or hear the term "central cancer registry" used in the cancer surveillance community, it is referring to a population-based registry. For consistency in this program, the use of the term central cancer registry refers only to population-based central registries.

For consistency in this program, the use of the term central cancer registry refers only to population-based central registries.

Central cancer registries submit their data to national databases, which are maintained by a primary funding source or sponsoring organization. Examples of national registries and their primary funding sources include the following: National Cancer Registry Funding Source Surveillance and Epidemiology and End Results (SEER) National Cancer Institute (NCI) National Program of Cancer Registries (NPCR) Centers for Disease Control (CDC) National Cancer Data Base (NCDB) American College of Surgeons Commission on Cancer (ACoS/CoC) Both SEER and NPCR are population-based national registries, while the NCDB is a multi-hospital national registry. Remember that only hospital registries accredited by the ACoS/CoC report data to the NCDB. Hospital registries only capture patients that choose to be seen at their facility. Therefore, they are not able to define the population catchment area making the NCDB a non- population-based national registry. State and regional central registries report data to SEER and NPCR making SEER and NPCR population based national registries. The NPCR is the national population-based registry that state central registries report to while SEER is the national pool of data reported from the areas of the country that have SEER registries.

Central population-based cancer registries are enabled by a state legislative mandate. The legislative mandate will often specify operational requirements, provide a process for determining compliance, and establish funding. The two main funding sources in the United States for central cancer registries are CDC NPCR and NCI SEER. All states have statewide population- based central cancer registries as a result of one (or both) of these main funding sources. Some states have both a SEER area and a state central cancer registry. An example is the Atlanta area SEER registry and the Georgia state central registry that was presented earlier in the course. Along with enabling legislation, central registries depend upon the advice and support of a variety of people and organizations that have a stake in the data produced. These stakeholders include clinicians, public health officials, epidemiologists, bio- statisticians, and others. Many central registries have an advisory committee usually made up of stakeholders. It is very important that a member of this committee be a hospital registrar whose facility reports to the central registry. The hospital registrar can keep the committee informed about data collection problems encountered at the hospital level. The function of the advisory committee varies. In some states, the advisory committee gives advice, and in others, the committee may actually set policy.

include specifications for data items, codes, and storage format. Comparable data must be consistent or "standard" to provide useful information for research and new technologies to diagnose and treat patients. Case ascertainment includes a reportable list, reference date and rules for residency, multiple primaries, analytic cases, ambiguous terms, and diagnostic confirmation methods. The abstract is a summarized record of the patient's cancer in coded form. The abstract is considered the building blocks of the database. Every abstract should meet all case ascertainment rules and all data standards required by the agencies that the registry reports data to in order to insure a complete, accurate, and timely database.

maintains responsibility for data set standards in the United States. Many cancer registry professionals represent their organizations on this important committee. Before UDSC was established, states set their own standards for data items. As states began to share reports, and as software vendors faced increasing difficulty to provide programs for consistent data from hospitals in each state, the need for standardizing data sets increased. The work of the UDSC Committee has resulted in fewer disagreements among the standard-setting organizations by building on those data items that could be agreed upon. This has led to an increasing mutually agreeable data set in the United States.

defined by legislation Generally, states require the reporting of all in-situ and invasive neoplasms (ICD-O-3 behavior codes of /2 and /3). In addition, states require the reporting of benign and non-malignant central nervous system neoplasms (ICD-O-3 behavior codes of /0 and /1). State laws usually do not require the reporting of squamous or basal cell skin carcinomas. Reporting requirements should define a clear start or reference date. This is the date by which all cases must be reported. Ambiguous terminology that constitutes a diagnosis of cancer should be defined. Residency issues should be addressed. Some states have populations that live in their state for the winter or summer months of the year. Military personnel can pose residency problems for central cancer registries and should also be addressed. Defining multiple primary rules must also be a part of case ascertainment. In the United States, all registries follow the SEER Multiple Primary and Histology Coding Rules for determining multiple primaries

A decision on the timing of the cancer diagnoses must also be considered. All central cancer registries require that newly diagnosed cancer cases be reported. This means the patient has just received their initial diagnosis and their first course of treatment plan for treating the cancer. In addition, most require all cancer cases with active disease (no matter how long ago they were diagnosed), which would include patients undergoing a recurrence or progression of their disease. The term that denotes "newly diagnosed" is analytic, and the term for those who were "previously diagnosed or treated elsewhere" is non- analytic. The CoC requires that only analytic cases be abstracted and reported because the focus is on the care delivered at the time of initial diagnosis and treatment. However, most central cancer registries require that both analytic and non-analytic cases be abstracted and reported. Remember that the central registry is trying to identify all cases of cancer within a defined population. While the role of facility is important, for case ascertainment purposes there is less focus on why the patient was seen at the reporting facility and more on ensuring that all patients with a diagnosis of cancer are included. Requiring non-analytic cases allows an opportunity for cases that may have been missed by the facility that initially diagnosed the patient to be identified. The terms analytic and non-analytic are used primarily by hospital registries and will be discussed in detail in the next course. However, they are also pertinent in the central registry for determining what cases are required to be reported and for deciding what type of statistical analysis may be done on patients in each category. For instance, a central registry would not include non-analytic cases in a quality of care study because the non-analytic cases may not have received their initial treatment in that state, or the standard of care may have changed based upon further knowledge or technological advances after the patient was treated. To compare these patients with the newly diagnosed cases (or analytic cases) would not result in meaningful information on the quality of care in that particular state. The method used to denote the diagnostic confirmation is also important in determining what cases should be reported. In other words, determining what method was used to confirm the diagnosis of cancer. Were there microscopic examination of respected tissue (pathology), or was the only confirmation of the cancer based on radiological exams (clinical)? These rules should include required diagnostic methods such as pathology, cytology, clinical, and so forth. Explicit rules must be established to guide facilities in determining which of the out of the ordinary cases should be reported, for example those seen for transient care, those seen for consultation only, those who are diagnosed at autopsy, and the like.

Death clearance is both a data quality and a casefinding process. The CCR will obtain an electronic file of death records from vital records and link (or match) it with the registry database. The previously registered cancer cases are checked with the information on the death certificates to record cause of death and to verify place of birth and other patient identification. If the case has not been previously registered, steps are taken to gather complete information for inclusion into the central cancer registry. These steps are known as "follow back." Follow back is conducted with the last known health provider or health facility where the patient expired. A health provider is sent a letter that asks for more information on the patient's cancer. If the patient died in a health facility, a letter is sent to the facility asking that this patient's health information be abstracted and sent to the central cancer registry. Of course, there is always the possibility that the case was not "missed" by the facility but was not reported because after review, it was determined that it was not a reportable case. An example would be a patient who was diagnosed or treated before the central cancer registry's reference or start date. If all attempts to gather more complete data fail, the case is retained in the central registry as a death-certificate-only case (DCO). Registries strive to have less than 3% of their caseload as DCO cases. It is not beneficial to users of the data if the cases are not being identified until after the patient has died—often when details about the initial diagnosis and treatment are difficult to obtain. It is optimal to be identifying patients at the time they are being diagnosed and treated so that the information about the diagnosis and treatment are more accessible and reliable. Reporting pathology data is becoming an increasingly computerized process. A software system is able to select reports with a diagnosis of cancer from all pathology and cytology reports processed by the pathology laboratory. This information is matched against the central cancer registry to see whether the patient and this particular cancer had been reported. The pathology report does not contain all of the information necessary for a complete abstract. Therefore, the central registry must follow back to the managing physician or facility to obtain the complete information. If they are a reporting source for the central registry, the facility will be required to abstract the case and submit with their next transmission of data. If not, then the central registry will have to abstract and enter the case into the central registry database so that this cancer is counted. From a quality perspective, identifying cases through these other means allows the central registry and the reporting sources to identify problems in the casefinding and reporting procedures. Perhaps a particular type of case is inadvertently being omitted from casefinding reports, or the facility may not be applying the eligibility rules correctly and incorrectly determining that a particular type of case is not reportable. The goal is to communicate with reporting sources about cases being identified elsewhere that should have been reported by that facility. The facility can then review and hopefully improve their processes so that the identification of cases is taking place where it should be—at the facility that diagnosed or treated the patient.

linking all patients from a certain small area with the same type of cancer

Completeness, accuracy, and timeliness Perhaps the three most time-consuming and knowledge-intensive activities for registry staff is resolving edits and reconciling duplicates and death clearance Some central cancer registries have 20% of their annual caseload linked as duplicate records. Cancer registrars at the central registry also conduct re- abstracting and case completeness audits on a random basis at reporting facilities. At the end of the audit, the central cancer registry is able to provide a percent of accuracy. A common benchmark for this is around 96% accuracy. Most of the cancer registrar's time at the central cancer registry is spent in the office resolving edits, reconciling duplicates and completing death clearance activities. However, conducting audits can be quite time-consuming as well because doing so requires traveling to the reporting facility, spending several days onsite, and then taking time afterwards to complete the reports.

the active follow-up methods requires someone to initiate a contact with the patient's treatment facility, physician, or possibly the actual patient •the passive follow-up methods do not require registry contact with hospitals, physicians, or patients. Passive methods include a computerized search of databases for the patient's vital status and current date last seen alive or date of death All states have laws that require the reporting of cancer cases and, as already mentioned in this course, most of the data comes from hospitals, so it is very important for the central registry to have a good working relationship with the hospital registries. In addition to offering educational opportunities, the central registry can provide other services to the hospitals. There is a very helpful listing of the services that central registries can provide in the textbook on page 394, Table 36-10.

Rates of disease in the population at risk (or the state's population). Measures disease frequency over a specified time. See Table 34-1 on page 429 of the textbook

Rates calculated for a specific age group. There are also sex-specific rates and site-specific rates

Also known as standardized rates, age-adjusted rates facilitate rate comparisons in populations with different age distributions

The rate of the risk of dying among people who have a certain disease.

The proportion of persons in the defined population who remain alive during a specified time interval; begins with a specified event (date of diagnosis or date of treatment, etc.), generally ends at death for survival rates or ends at date of recurrence when used to calculate disease free intervals.

A comparative analysis of incidence rates by age, group, gender, and race/ethnicity.This allows the patterns of disease occurrence to be studied to evaluate causes and to develop control programs for the higher risk groups. Descriptive epidemiology is an important foundation for nearly all studies of the disease

*unique function of the population-based central cancer registry *most suspected or reported cancer clusters turn out not to be a "cluster" but the usual at-risk population being diagnosed with one of the many, many cancers.

The purpose of rapid case ascertainment is to identify eligible study cases shortly after diagnosis in order to provide researchers with immediate patient access. This is especially important for those cases under special study with high morbidity or mortality rates. The goal is to reach the patient for firsthand interviews and perhaps tissue or blood samples while any lifestyle changes are still fresh in their minds. Genetic studies surrounding issues of early detection have increased the demand for rapid access to eligible study cases.

**Some central cancer registries require basic information for every cancer case within six weeks of diagnosis followed by a full abstract within the usual six-month time frame. This method is conducive to population-based studies of all cancer sites. **Other central registries may have a "Rapid Case Ascertainment" (RCA) unit. The RCA cancer registrars visit facilities to identify cases needed for special studies. This method is ideal for collecting additional patient information not usually part of the registry case report. RCA staff helps research by identifying cases within days of diagnosis and can be a great resource for study planning and grant writing. *** Another method utilized for rapid case reporting is the electronic pathology reporting that some central cancer registries have in place. The electronic pathology system has the ability to scan all pathology reports searching for key terms to determine reportability. As technology advances, more central registries can be expected to increase the computerization of all reporting processes. Where electronic pathology reporting is not in place, central registries rely upon the hospital registrars within the study areas to fax pathology reports that meet study criteria to the central cancer registry.