Identifying Issues in Facility and Provider Mergers and Acquisitions. Appendix B: HIM Worklist: Setting Up a New Clinic


To ensure all health information-related tasks are addressed in the process of setting up a new clinic.

Departments Needed: Contracting, Marketing, IS, HIM, Patient Management Systems, EMR Team, Clinic Management, Billing/Coding
Questions to Answer:

1. What is the legal name of the clinic going to be?


2. Is the clinic owned, or partnership?


3. Who is the operations director? The clinic manager? Privacy officer? HIM director? Security officer? Compliance officer?

Operations director:

Clinical manager:

HIM director:

Security officer:

Compliance officer:

4. What is the anticipated go-live date?


5. Is there a physical site?


6. What is the address, phone, and fax number?




7. Who will employ providers?


8. What system has been used historically for documenting (e.g., paper or electronic system)?


9. What documentation system will the clinic use going forward?


10. Which staff members will need access to the EHR and what are their roles? (Obtain and outline main contact information and roles of the staff members that will need access to the EHR)


11. Will physicians dictate? Will they type in notes directly? Or will they do both?


What types of notes are needed (e.g., physicians and nursing)?


12. Does the clinic have speech microphones?


13. Does the clinic need to purchase a scanner?


14. [Outline other questions as needed]


Tasks to Be Completed:



  • Identify or order scan equipment
  • Install scan equipment
  • Identify and install computers needed
  • Identify or order/install dictation equipment


  • Assign or create appropriate structured and unstructured note types
  • Set up clinic group in EHR


  • Set up users with appropriate system access including EHR, abstract system, billing system, etc.


  • Identify scan staff
  • Train scan staff
  • Ensure clinic management:
    • Are given guidelines
    • Identify and develop protocols
    • Put sort mechanism in place
    • Receive scan training
  • Train clinic staff on full scanning process

FORMS (continued):

  • Develop training on location of the following forms:
    • Request to amend PHI
    • Request to restrict PHI
    • Accounting for disclosure tracking form


  • Determine department responsible for releasing, and provide instructions on appropriate centralized ROI process
  • Notify HIM and ROI departments of new clinic
  • Determine if release will be outsourced
  • Identify staff responsible for release of time-sensitive, urgent, continued care information
  • Create and administer ROI training for staff responsible for time-sensitive, urgent, continued care releases


  • Develop and disseminate minors consent grid/guidelines


  • Create and post notice of privacy practices poster
  • Create and post "Do Not Use Abbreviations" signs


  • Obtain names of providers who will be dictating
  • Add providers and note types for inclusion into chart deficiency report
  • Obtain the clinic mnemonic for set up in chart deficiency system
  • Send dictating providers instructions and work type information


  • Develop authorization to release PHI form
  • Develop continued care authorization for specific visit types
  • Set up the following forms:
    • General consent (English, plus requested available languages)
    • Notice of privacy practices (English, plus requested available languages)
    • Consent to treat minors
    • Parents and minors brochure
    • E-mail consent form
    • Verbal authorization form
  • Train staff on form use


  • Determine department responsible for billing
  • Determine whether billing will be outsourced at any point (e.g., bad debt)
  • Identify how information will be provided to the billing personnel (e.g., super bills, entering codes, managing code edits, managing denials)
  • Determine how billers will receive records when requested by the insurance company for payment

Privacy and Security

  • Identify who will be the privacy and security officers
  • Determine how staff will be trained on privacy and security policies and procedures and who will provide training
  • Ensure policies and procedures from both entities are reviewed for discrepancies (e.g., sanctions policy)
  • Determine role-based access requirements and ensure each entity utilizes the same
  • Determine who will receive, investigate, report complaints
  • Determine training needs for any business associates
  • Determine who will manage privacy and security audits and reporting


  • [Add additional notes and to-do items as needed]



Article citation:
AHIMA. "Identifying Issues in Facility and Provider Mergers and Acquisitions. Appendix B: HIM Worklist: Setting Up a New Clinic." Journal of AHIMA 83, no.2 (February 2012): expanded online version.