Check Request Status610-994-7500

AHIMA Privacy and Security Institute recap: patients and personal representatives

Hospital administrator in archives

AHIMA’s Privacy and Security Institute celebrated its tenth anniversary this year with a two-day event kicking off the AHIMA Convention and Exhibit in Baltimore. This event included a lineup of speakers addressing the latest information, trends and cutting-edge technology affecting how healthcare organizations effectively balance privacy and security to protect confidentiality in health information.

The Institute’s aim is to improve the management of privacy and security programs, promote the understanding of an ever-changing regulatory environment and to discuss the industry’s hottest trends, issues and best practices.

Patients and personal representatives

I had the opportunity to sit on the panel for a roundtable discussion on patient access, amendments and fees, as part of the Institute. We took this opportunity to tackle the elephant in the room and answer questions around assessing fees and the many changes affecting patients and providers alike, and to discuss the operational challenges faced today.

As a panelist, I was surprised to learn of the amount of confusion regarding the Office for Civil Rights’ (OCR) guidance for personal representatives, especially when attorneys are involved in a request. There is a vast difference between attorneys requesting records as attorneys, and attorneys requesting records as authorized personal representatives. After discussing this topic at length, we ultimately agreed that if there is doubt regarding the intent of a patient’s directive, the best practice is to contact the patient directly to determine their wishes before proceeding. While it is important to give patients and personal representatives easy access to Protected Health Information (PHI), it is more important to ensure records are not released to an unauthorized requester.

If you didn’t make it to the Privacy and Security Institute in Baltimore, you can learn more about privacy and security in AHIMA’s Virtual Privacy and Security Academy. The next session, hosted by MRO, will cover Business Associate and subcontractor management, and will be held on December 14, 2016. Please enter your email address below to receive our special promo codes for 15 percent off registration.

Receive a 15% Discount for AHIMA's Privacy and Security Academy

Read More

Four steps to minimize breach risk and liabilities for medical practices

Five people are sitting in the waiting room of a doctor's office. Some of the people look tense or upset, and others look completely relaxed.

As advancements are made in health information technology, allowing for easier access to Protected Health Information (PHI), the risks inevitably grow. This year alone, more than 220 PHI breaches affecting 500 patients or more have been reported. While large breaches caused by cyber attacks are often the center of media discussion, smaller breaches caused by incidents like the improper disclosure of PHI are much more common.

Smaller breaches are gaining more attention from the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). Earlier this year, the OCR announced the initiation of a new program to more thoroughly investigate breaches impacting 500 individuals or less. These breaches, just like larger ones, are costly, not only in dollars, but in reputational damage as well. Medical practice leaders should to be ready.

Here are four steps medical practices can take to minimize breach when disclosing PHI:

1) Institute multiple levels of Quality Assurance
Instituting multiple levels of Quality Assurance (QA) is a must for breach prevention. An estimated 20 to 30 percent of Release of Information (ROI) authorizations are initially invalid, and 5 percent of EMRs have record integrity issues, such as comingled patient records. Without multiple check points to validate HIPAA compliance and record integrity, medical practices are highly susceptible to human error, which can lead to improper disclosure of health information. The best workflows for releasing medical documentation include having a second set of eyes on every authorization and on the health information being disclosed to lower the likelihood of improper disclosures.

2) Leverage technology to catch human error
Human intervention can only prevent a certain level of error; however, dedicated technologies are available to catch human error and improve accuracy. Innovations like MRO’s IdentiScan® record integrity application, which uses optical character recognition (OCR) technology to assist record integrity specialists in reading every page of requests before release, work to catch human error and minimize the chance of disclosing records of wrong patients. IdentiScan pushes disclosure accuracy to an industry-leading 99.99 percent, well above the 90 percent average.

3) Implement proper training and education
To ensure accuracy and compliance while disclosing PHI, medical practice staff should be highly trained and specialized in HIPAA and state compliance. Since PHI disclosure management is not the core function of medical practice staff tasked with releasing medical records, this can become a tricky area. That’s where a vendor with a high level of expertise comes in.

4) Partner with a dedicated PHI disclosure management firm
Partnering with a knowledgeable and advanced PHI disclosure management firm will help prevent breach. By outsourcing PHI disclosure management processes, medical practices can better standardize their systems for disclosure and allow practice staff to focus time and energy on other priorities, such as patient care. With the right partner in place – such as MRO – practices can achieve industry-leading turnaround times and the highest levels of accuracy, ensuring compliance every step of the way.

To learn more, fill out the form below to download our case study detailing how Lehigh Valley Physician Group partnered with MRO to improve accuracy and minimize breach risk.

This blog post is made available by MRO’s general counsel for educational purposes only, as well as to give general information and a general understanding of the law, not to provide specific legal advice. This blog post does not create an attorney-client relationship between the reader and MRO’s privacy and compliance counsel. This blog post should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.

Download Lehigh Valley Physician Group Case Study

Read More

Test Press Release

NORRISTOWN, Pa. – January 7, 2016MRO, a leader in secure, compliant and efficient exchange of Protected Health Information (PHI), today announced the addition of health information management (HIM) expert Rita Bowen, MA, RHIA, CHPS, SSGB, to its leadership as vice president, privacy, HIM policy and education. Bowen will ensure new and existing client HIM policies and procedures are at code and drive the development, implementation and maintenance of MRO’s privacy and training programs. Previously, Bowen served as senior vice president and privacy officer for HealthPort, Inc.

“Rita is well-known and respected within the healthcare industry for her HIM leadership and industry expertise, and we’re excited to have her on board at MRO,” said Steve Hynes, CEO for MRO. “She brings an excellent perspective that will aid MRO in ensuring the highest levels of quality assurance and compliance while managing and disclosing PHI.”

Bowen comes to MRO with more than 30 years’ industry experience, holding a variety of HIM director and consulting roles. She is an active member of the American Health Information Management Association (AHIMA) and has served as its president and board chair, as a member of the board of directors, and on the council on certification. She has been honored with AHIMA’s Triumph Award in the mentor category, and she is the recipient of the Distinguished Member Award from the Tennessee Health Information Management Association (THIMA).

Bowen is also an established author and speaker on HIM topics and has taught HIM studies at Chattanooga State and the University of Tennessee Memphis.

“Being from Chattanooga, Tenn., I think my city’s motto ‘the right size and the right attitude,’ perfectly describes how I view MRO,” said Bowen. “MRO is the right size, and it has the right attitude. Integrity is a key principle in HIM, as well as to me personally; and MRO is a company based in honesty, integrity and high ethical standards. I look forward to joining an amazing team of professionals offering industry-leading services and technologies for HIM and other healthcare professionals.”

MRO is the standing KLAS Category Leader for Release of Information (ROI) and has been cited for having the highest quality and overall best performance in the ROI space in the KLAS “HIM Services Performance 2015: Coding, Transcription, Release of Information” report.

About MRO
MRO empowers healthcare organizations with proven, enterprise-wide solutions for the secure, compliant and efficient exchange of Protected Health Information (PHI). These solutions include a suite of PHI disclosure management services comprised of release of information, government and commercial payer audit management and accounting of disclosures. MRO’s technology-driven services reduce the risk of improper disclosure of PHI, ensure unmatched accuracy and enhance turnaround times. MRO additionally supports its clients’ current and future initiatives, including interoperability, meaningful use and health information exchange. To learn more, visit

Newsletter Signup

Read More

Enhancing Release of Information workflows to thwart breach

Privacy breaches are one of the greatest threats facing healthcare systems today. To curb the rising tide of breaches, MRO will give a Product World presentation at the upcoming AHIMA16 convention in Baltimore, covering eight tips to minimize breach in Release of Information (ROI). Some of these tips include enhancing workflows with multiple Quality Assurance (QA) steps and exceptional people.

Multiple Quality Assurance Steps

Introducing multiple QA steps into the ROI workflow is key to minimizing breach. QA steps should include multiple checks on ROI authorization forms, as well as on the Protected Health Information (PHI) itself before being released. Using a record integrity application – like MRO’s IdentiScan®, which uses optical character recognition technology to “read” every page of records before they are released – puts a second set of eyes on records to catch human error.

Another way to drive accuracy is by adding shipping integrity QA checks. Implementing systems such as barcoding to prevent double stuffing of envelopes will ensure the right records are sent to the right requesters.

Exceptional People

A perfectly designed workflow will not work without great people, however. Hiring the right employees is the first step, and training them in privacy and security best practices is paramount. Programs like the Association of Health Information Outsourcing Services’ (AHIOS) Certified Release of Information Specialist (CRIS) testing help warrant that employees are highly trained, while regular desk audits and phishing exercises ensure employees are compliant with security policies and procedures. Additionally, regular retraining ensures employees stay up-to-date on best practices and regulations.

For additional insight into MRO’s workflow and to explore our eight tips for breach prevention, sign up to attend our Product World presentation at the AHIMA Convention.

To learn how MRO’s ROI workflow boosts accuracy rates to 99.99 percent using a combination of cutting-edge technology and exceptional people, watch the video below.

Sign Up for Future Blog Posts

Read More

MRO celebrates National Customer Service Week


Organizations across the country have celebrated National Customer Service Week since 1987 as a way to honor and recognize workforce members delivering customer service as the core function of their positions. In 1992, the U.S. Congress proclaimed this celebratory week as a nationally recognized event, to be celebrated annually during the first full week of October.

At MRO, we are proud to celebrate this week, as service excellence is one of our primary goals and core values; we strive to treat customers with respect, empathy, courtesy and professionalism.

Service Champions
This year’s theme for National Customer Service Week is “Service Champions,” recognizing frontline customer service professionals as champions in the eyes of clients, and acknowledging that a client-focused culture is only possible when a dedicated team of service specialists works together.

This year’s logo includes three essential steps to becoming a service champion:

  • Lead by example
  • Achieve success
  • Exceed expectations

MRO’s service champions help our provider clients and requesters of medical records navigate the complex and sometimes confusing world of Release of Information (ROI). More than simply answering questions, our service specialists also:

  • Solve problems in an expedited manner
  • Provide empathetic encouragement
  • Go the extra mile to exceed customer expectations
  • Remain calm, professional and courteous
  • Brighten patients’ days

Patient Advocate Program: Taking service to a new level
This year, MRO has taken customer service to a whole new level. We proudly introduced our new Patient Advocate Program earlier this year to elevate our focus on patient satisfaction. The key goal of this new team is to provide distinguished service with a heightened sense of compassion and empathy, while fast-tracking issue resolution. Our Patient Advocate team provides an additional lifeline for patients, providing focused coordination of their concerns, and ensuring patients are fully satisfied with the final remediation and outcome.

We are planning some special events, activities and surprises this week to honor and thank our frontline service professionals for the incredible dedication and hard work that has helped us be the KLAS Category Leader for ROI services three years in a row (2013, 2014, 2015/2016).

Please remember to thank a service provider this week for all they do!

To download information about our service teams working from our National Service Center, including the MRO Patient Advocate team, please fill out the form below.

Download our National Service Center Booklet

Read More