Check Request Status610-994-7500

Navigating HIMSS: Learn and explore new ways to protect PHI throughout its lifecycle

It’s hard to believe that in just ten days, we’ll be kicking off HIMSS16 in Las Vegas. This will be my fifth consecutive HIMSS event, and based on my experience, I would recommend bringing good walking shoes because the HIMSS exhibit floor stretches nearly a mile long and really gives attendees an opportunity to get moving!

Another energizing aspect of HIMSS is that it gets me thinking outside the box and excited about driving innovation back to support MRO’s clients. The show is so large and diverse that it offers a unique chance to witness and understand new technology happening outside of our normal business.

I invite you to approach this upcoming HIMSS with the same perspective, especially considering changes occurring in healthcare right now.

Shift from Meaningful Use to PHI Privacy and Security
With Meaningful Use hype dying down, I expect the buzz at this year’s event will be around Protected Health Information (PHI) privacy and security, and other priorities that have moved to the forefront. For privacy and security, it’s not just safeguarding against cyberattacks, but also around data integrity and protecting PHI from being inappropriately accessed or disclosed.

HIMSS16 is the perfect place to learn about new technologies that can help solve these challenges and meet like-minded individuals in the industry. A great place to learn is during the many education sessions available throughout the conference or through more intimate group discussions. You can also take advantage of the numerous networking opportunities and events, including receptions, award galas, community events and more.

Learn about Innovative Technology
You will find MRO’s HIMSS16 booth at #6454, where we’ll be showcasing several new and updated technologies we offer that address emerging PHI privacy and security issues.

For example, there you can learn about IdentiScan®, our solution that helps ensure record integrity and prevent data breaches. The application uses optical character recognition technology to assist healthcare organizations in locating misfiled pages within record sets so they can be corrected.

You can also learn about MROeLink®, a suite of platform integrations for Release of Information (ROI) that automates ROI process steps. The application offers a direct synchronization between MRO’s PHI disclosure management platform, ROI Online®, and the ROI module within the Epic electronic medical record (EMR) system to improve efficiency and accuracy, allowing clients to reap the full benefits of both systems. The result of this integration is that users no longer need to worry about dual data entry or completing so many ROI steps manually. Not only can MROeLink cut ROI processing time in half, but it also helps eliminate manual errors.

MRO also offers a number of innovative electronic information exchange solutions, including Direct Secure Messaging, which is a secure alternative to faxing documentation that contains PHI. In fact, we will be presenting about how MRO has partnered with Kno2 and the Department of Veterans Affairs (VA) to drive care coordination from fax to Direct at our booth Tuesday, March 1 at 11 a.m. You can get more details on our website.

We hope you stop by booth #6454 at HIMSS16 to see how we’re using innovation to safeguard PHI everywhere it goes.

Sign Up for Future Blog Posts

Read More

PHI privacy and security challenges reign supreme in 2016

Health IT Outcomes reported that 2016 will mark “the end of EHR/MU’s five-year reign as the top health IT initiative with Protected Health Information (PHI) security taking over the top spot.”

I agree with the article author’s assessment that there are multiple PHI security and privacy concerns as we enter the second month of this new year. The top risks I see include:

  • Mobile device protection: Device theft is a major risk, but so is how PHI is exchanged using these devices.
  • Data segmentation: Ensuring disclosed PHI includes only the information the patient has authorized providers to share is an emerging challenge in our electronic age.
  • Data integrity: Errors, redundancies and gaps in the electronic medical record (EMR) can result in inaccurate Release of Information (ROI)—such as including PHI about the wrong patient due to comingled records—which would qualify as a breach under HIPAA.
  • Cybercrime: Hackers are developing new techniques to steal PHI from hospitals.

However, a substantial PHI privacy and security issue that providers have an opportunity to control is the PHI disclosure process occurring within their own organizations. As we will explore in this post, establishing standardized disclosure policies and procedures and partnering with a tech-savvy PHI disclosure management partner can address emerging privacy and security issues and limit breach risk.

Small breach risk escalating
All indicators are pointing toward an increased focus in 2016 on small breaches, defined by the Department of Health and Human Service’s Office for Civil Rights (OCR) as those affecting fewer than 500 individuals. These types of breaches are often the result of an organizational failure to fully implement compliant privacy and security standards around the disclosure of PHI.

Research conducted by news organization ProPublica last year revealed that there were 1,400 large breaches of 500 or more individuals since 2009, but there were also more than 181,000 small breaches. Despite the size, small breaches are just as impactful to providers, carrying similar financial implications. According to a report by the American National Standards Institute, each incident can cost $8,000 to $300,000, not including HIPAA violation civil penalties. These penalties can reach as much as $50,000 per breach with a maximum of $1.5 million annually for repeated occurrences.

While cybercrime or device thefts make for sensational headlines, breaches due to employee or organization errors are also reported in the news and can spread virally in social media, resulting in loss of brand value. As these trends continue, patient awareness of privacy and security concerns will increase, as will their expectations when a privacy and/or security event occurs.

Breach prevention tips
To protect your organization, establish and train a privacy and security incident response team before a breach occurs. Standardizing and enforcing policies and procedures around PHI access, use and disclosure in all departments is also important to mitigate breach risk.

In addition, mitigation includes educating your staff on risks, such as how working too fast could cause careless mistakes resulting in improperly disclosing health information. With PHI disclosure, we are called to strike the right balance between efficient workflows and excellence in accuracy.

Another best practice is to leverage technology to make the process secure, reliable and efficient. For example, MRO’s ROI solution includes the cutting-edge IdentiScan® data integrity application that uses optical character recognition technology to check medical documentation to identify comingled records. Errors are flagged and corrected by MRO’s Quality Assurance (QA) team before PHI is disclosed.

Data integrity
MRO is expanding IdentiScan’s capabilities this year to better ensure the data integrity within a health system’s EMR. There are many points at which patient records can become mixed, and by leveraging IdentiScan in this new way, we help identify and correct comingled records at every stage.

At the upcoming HIMSS16 conference in Las Vegas, my colleague David Borden, MRO’s CTO and inventor of IdentiScan, and I will be showcasing IdentiScan at MRO’s booth #6454. In our presentation, we will focus on how this kind of technology can safeguard healthcare organizations against breach and contribute to your Information Governance goals for data integrity.

For more information about our presentation and all the events at MRO’s booth, view our schedule.

Sign Up for Future Blog Posts

Read More

Maximize your EMR investment with systems integration

Fueled by the Meaningful Use program, healthcare organizations nationwide have invested billions of dollars plus countless hours in their electronic medical record (EMR) systems and are looking for ways to maximize value from those huge investments. More than 70 percent of responding College of Healthcare Information Management Executives (CHIME) members agreed that optimizing such investments is a top priority, according to an August survey.

One key optimization opportunity is EMR integration, which allows providers to leverage their investments and continue to use best-of-breed frameworks, ensuring they don’t get locked in with a single vendor.

Opportunity to integrate
EMR vendors have recognized the importance of opening up their systems by letting other vendors add to their core product. Epic has taken the lead in this area. The company’s new application exchange program, which is similar to Apple’s App Store or Android’s Google Play, provides a framework of APIs and technical support to help non-competing vendors make value-added integrations between their product and Epic; they also provide a sandbox for testing. This open approach creates a win-win-win scenario for the EMR vendor, other third-party vendors and their mutual clients.

Ease of use and streamlined workflow
MRO has taken advantage of the EMR integration opportunity to streamline Release of Information (ROI) workflows and improve ease of use for our clients. This January, we officially announced the launch of MROeLink®, a suite of health information technology (HIT) integrations for ROI. At the core of MROeLink is a web services-based synchronization between our ROI platform and the ROI module within Epic, using API services provided on Epic’s Interconnect Server.

MROeLink automates seven different manual ROI workflow steps, and eliminates the need for dual data entry in MRO’s application and the EMR. Clients using the integration have reported time savings of up to 50 percent in logging requests, and selecting and aggregating patient records for release.

MRO’s team continues to devote time and financial resources towards making this and other EMR integrations possible, to help our partners derive the maximum value from their HIT investments. Learn more about MROeLink by watching the video below.

Sign Up for Future Blog Posts

Read More