MRO’s Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, Vice President of Privacy, Compliance and HIM Policy, discusses Global Data Privacy Rule (GDPR) compliance.
As we move into 2018, healthcare professionals should be up to date on the latest Privacy, Security and Information Governance trends. It is important to be aware of what’s on the horizon and how to prepare your organization for the future.
In MRO’s upcoming 2018 healthcare compliance webinar series, MRO’s Angela Rose, MHA, RHIA, CHPS, FAHIMA, Director of Client Relations and Account Management, and I will co-present on the latest industry trends and discuss best practices for organizations to consider. There are four parts to this webinar series, and we are in process of having each session pre-approved by AHIMA for one (1) CEU in the privacy and security domain.
Below are the four session topics, which Angela and I will go into more detail on in our webinar series. To register, click here.
Webinar Watch List: Privacy, Security and Information Governance
1) Compliance with the Global Data Privacy Rule (GDPR) and Privacy Shield
The Global Data Privacy Rule (GDPR) is compelling every organization to consider how it will respond to today’s security and compliance challenges. This may require significant changes to how your business gathers, uses and governs data if you serve individuals from the United Kingdom. Much of the discussion about the GDPR has focused on the law’s privacy-centric requirements, such as mandatory record keeping, the right to be forgotten, and data portability.
March 22, 2018 – 2pm Eastern – Register Here.
2) Healthcare Regulatory Updates and Guidance
Healthcare regulatory updates and government guidance are continuously evolving and can be hard to interpret and understand. The implementation and management of those changing guidelines is vital for meeting compliance in any organization. When we hold this webinar, the session will review the regulatory updates and guidance that must be implemented to achieve regulatory compliance.
May 17, 2018 – 2pm Eastern – Register Here.
3) Cybersecurity: Protecting your Healthcare Enterprise
Although cyber attackers constantly create new versions of malicious software and search for new vulnerabilities to exploit, healthcare organizations must continue to be vigilant in their efforts to combat cyber extortion. This webinar will share lessons learned and actions for consideration to remain diligent and ready for potential threats.
August 15, 2018 – 2pm Eastern – Register Here.
4) 2019 Healthcare Privacy and Security Compliance Predictions
This session will briefly summarize the prior sessions in MRO’s four-part webinar series on healthcare privacy and security compliance, including lessons learned in 2018— and then shift focus to 2019. We will do our best, utilizing our crystal ball, to predict focus areas for 2019.
November 7, 2018 – 2pm Eastern – Register Here.
Health Information Professionals Week
MRO will launch our healthcare compliance webinar series, which covers these topics, on March 22, 2018, during Health Information Professionals (HIP) Week. HIP Week will coincide with AHIMA’s Advocacy Summit and Hill Day, events where AHIMA members receive education specific to advocacy and visit Capitol Hill to share the importance of advancing HIM. Privacy, security and Information Governance continue to be key issues for HIM professionals. AHIMA has stated it will continue to provide guidance to the healthcare industry and government leaders seeking expertise and counsel, and MRO looks forward to continuing in our efforts to educate and support the HIM profession, as well.
Register today for our first webinar, on the topic of Compliance with the Global Data Privacy Rule (GDPR) and Privacy Shield.
Request our Case Study
In a Journal of AHIMA article, MRO’s Angela Rose, MHA, RHIA, CHPS, FAHIMA, Director of Client Relations and Account Management, moderates a virtual roundtable discussion with three HIM experts, who discuss leading enterprise-wide projects such as centralizing PHI disclosure management.
Millions of payer requests for medical records are sent to hospital business offices every day. Business office staff are often tasked with gathering and releasing Protected Health Information (PHI) to payers in a very short amount of time to get claims paid. During this rush to meet payer deadlines and expedite claims, human mistakes can be made. Critical steps of the Release of Information (ROI) process may be skipped or accidentally omitted. This increases PHI breach risk.
To ensure business office disclosures are kept safe and secure, organizations should train their staff on disclosure management using the same information, curriculum and courses presented to Health Information Management (HIM) teams. Below is a video where I discuss MRO’s unique approach for training and educating employees, as well as five PHI disclosure management topics to train your business office staff on.
PHI Disclosure Management Training/Education at MRO Corp.
Five PHI Disclosure Management Topics to Train Your Business Office Employees On
1) ROI and HIPAA Basics
Ensure employees understand the definition of HIPAA (Health Insurance Portability and Accountability Act), the privacy rule, ARRA HITECH Omnibus, PHI and differences between federal versus state law. This distinction is especially important for business offices that process requests for care locations across different states.
Another important topic to cover is the Health and Human Services (HHS) minimum necessary guidance under the HIPAA privacy rule. This guidance helps organizations determine what information can be used, disclosed or requested by payers for a specific purpose. Business office staff need to know which parts of the record to send to the payer. By training business office staff to fully understand and apply the minimum necessary guidance, organizations tighten privacy and mitigate breach risk.
2) Medical Record Components
Make sure to define the various components of the medical record to business office staff. These components include: common documents, various types of encounters, properly documented corrections and amendments.
3) Confidentiality and Legal Issues
Outline the legal health record concept and what it includes for your organization. Additionally, all the various confidentiality and legal issues should be explained in full detail.
4) Types of Requests
List all the various types of requests that might be received in the business office. For each category, differentiate which are part of Treatment, Payment and Healthcare operations (TPO) and which are not. Those that fall outside of TPO require a patient authorization and should be forwarded to HIM for processing. For a list of types of requests to discuss, read this article.
5) Sensitive Records and Special Situations
Identify and describe specific PHI disclosure management practices related to sensitive records. These cases can include information on genetics, HIV/AIDS, STDs, mental/behavioral health, substance abuse, deceased patients, minors and other sensitive issues. Federal and state legal issues may be involved with these and business office employees should be aware of them.
If you’re concerned about the ability of business office or other staff to properly and securely process requests, a centralized ROI model may be your organization’s safest approach.
To sign up for future blog posts, complete the form below.