Check Request Status610-994-7500

MRO Celebrates Health Information Professionals Week

 

 

 

 

 

 

 

 

During Health Information Professionals (HIP) Week, MRO enjoys celebrating our Health Information Management (HIM) partners and staff, who perform their duties masterfully throughout the year. We have the pleasure of working with the industry’s most dedicated professionals whose expertise upholds high standards of integrity.

With appreciation for this year’s HIP Week theme “Health Information Professionals Driven by Health Data,” MRO affirms its commitment to protecting client data. This core responsibility is reflected in our recent HITRUST CSF Certification and SOC 2 Type II audit.

MRO’s expert Protected Health Information (PHI) disclosure management teams equip our HIM partners with the safeguards, services and resources needed to sustain a superior reputation for compliance, service quality and patient satisfaction. Resources include guidance from renowned industry experts, along with passionate teams of Release of Information (ROI) specialists eager to provide high levels of customer care.

HIM’s Everyday Heroes

At MRO, our mission is simple. We aim to share the right PHI with the right requesting parties, in the most compliant, efficient and secure way. And, we do more than share medical records. We make a difference in the lives of patients—sometimes we even save lives.

The work of HIM matters, especially Release of Information. Proper ROI enables better coordination of care, helps patients secure disability benefits, and supports patients through insurance claims or lawsuits when medical records are required. The fast and accurate sharing of medical records can make a lasting impact for a patient in need.

Many MRO employees have been recognized as personal heroes to patients and other requesters of health information whom we have had the privilege of helping. They email us, send cards and gifts, and make phone calls to share their positive experiences with MRO. We regularly highlight these exceptional HIM professionals in an employee development and recognition program fittingly called MRO’s “Everyday Heroes.” We are proud to have our heroes serving over 8,500 healthcare locations and their patients across the U.S.

HIM Expert Resources

HIM leaders at many of the nation’s top health systems trust and rely on MRO’s KLAS-rated #1 Release of Information services and team of renowned experts. Our leadership team was skillfully assembled to provide our HIM partners with the best guidance and support possible, as together we navigate the complex world of compliant PHI disclosure.

Throughout the next year, you will have the opportunity to learn more about MRO’s experts in advertisements appearing on the back cover of the Journal of AHIMA. Each issue will feature a different expert resource provided to MRO clients.

Just released, the April issue of the Journal features MRO’s Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, Vice President of Privacy, Compliance and HIM Policy. An HIM superstar and Past President of AHIMA, Rita has over 40 years of experience and expertise. She and her team empower HIM professionals through consultative reviews of PHI disclosure policies and procedures, privacy analytics, and a variety of HIPAA compliance resources and tools. Be sure to check out each issue of the Journal and visit our accompanying website to learn more about MRO’s HIM experts.

2019 Webinars: Supporting Your HIM Continuing Education

To support the ongoing education of MRO’s clients, our many credentialed employees, and all HIM professionals, we recently launched a complimentary PHI disclosure management webinar series, led by our industry experts.

The series consists of four sessions throughout 2019, each pre-approved by AHIMA for one CEU in the privacy and security domain.

Wednesday, April 10

The Rising Tide of Payer Requests for Medical Records: How to Shore Up Your Defense >>Register

Thursday, June 27

Enterprise-wide Disclosure Management: Closing the Compliance Gaps >>Register

Wednesday, August 14

Cybersecurity in Health IT: Trends and Tips for Safeguarding PHI >>Register

Wednesday, November 13

Clearing the Confusion: Attorney Misuse of Patient-Directed Record Requests and How to Cope >>Register

Happy HIP Week

We hope all Health Information Professionals enjoy this special week. Thank you to our clients and our employees for all that you do, and Happy HIP Week from all of us at MRO!

Sign Up for Future Blog Posts

Read More

Five Takeaways from the 28th National HIPAA Summit

 

 

 

 

 

 

 

 

The month of March holds important projections for the healthcare industry—especially for those involved in privacy, security and patient access to health information. It is when the annual National HIPAA Summit is held every year in Washington, D.C., and this year was no exception.

The 28th National HIPAA Summit was held March 4 – 6 at the Grand Hyatt Washington. Thousands of healthcare professionals gathered to discuss current challenges, future goals and expert predictions for our industry. This year’s event focused on the changing landscape of healthcare privacy, security, HIPAA and Protected Health Information (PHI). Here are my five top takeaways from the National HIPAA Summit 2019.

  1. Beacons of Change: GDPR and CCPA

Passage of both the European General Data Protection Rule (GDPR) and the California Consumer Protection Act (CCPA) is paving the way for stricter standards and expansion of HIPAA. GDPR and CCPA serve as the new measuring sticks for 2019 privacy conversations in healthcare. With this shift come increased compliance risks for providers and business associates (BAs), alongside greater privacy right of action for individuals. For example, presenters at the HIPAA Summit suggested that all stakeholders should be governed by revised guidelines including those currently carved out of the HIPAA rule.

  1. Uptick in Audits

Speakers also suggested there will be an increase in third-party audits to assure a culture of compliance within organizations and BAs. Audits currently conducted reveal four ongoing concerns in healthcare privacy and security:

  1. Lack of BA agreements
  2. Incomplete or inaccurate risk analysis
  3. Impermissible disclosure of PHI
  4. Recurring compliance issue—gaps from risk register not closed

Significant attention remains focused on network servers compromised by hackers and malware. However, smaller breach incidents where patterns are identified but no mitigation efforts occurred will also be investigated.

  1. New Approach to BA Assessments

With regard to BA assessments, generic risk assessments completed by BAs at the request of covered entities (CEs) have become obsolete. A new approach suggests that BAs provide information specific to three aspects of risk:

  1. Describe delivery of the BA’s services
  2. Identify the BA’s risk components
  3. Detail how the BA works to close privacy and security gaps

In addition, HIPAA Summit attendees reiterated that best-practice criteria for vetting BAs include compliance with HITRUST and SOC 2 certification.

  1. Push for Greater Patient Access to Health Information

From HIMSS to the HIPAA Summit in 2019, the healthcare industry is squarely focused on the patient. Patient engagement, patient satisfaction and patient access to health information are top goals for most healthcare provider organizations in the year ahead. Similar to a call for better patient access, heard during a December 2018 congressional briefing, summit presenters pushed for specific improvements for the healthcare consumer:

  • Harmonize information across all states for easier patient access
  • Give the patient (or directed requester) information from the designated record set (DRS)
  • Ensure right of access to the requester (patient and/or their representative)—a primary audit focus with penalties associated with any type of information blocking or hindrance to obtaining health information

Unless providers have contacted the patient and the patient states otherwise, requests for information should be processed by the CE in accordance with existing guidance. Proper alignment of processes to policy helps mitigate breach risk when processing patient-directed requests (PDRs) for information. For example, a specific individual must be named to receive information.

Greater patient access to information is an important step to improve patient satisfaction and create positive patient experiences. In fact, it is one of three key results highlighted in a recent blog post about MRO’s partnership with Saint Luke’s Health System.

  1. Interoperability Promotes Data Sharing, Streamlines the Business of Healthcare

My final takeaway from the HIPAA Summit 2019 was renewed emphasis on interoperability in an effort to streamline the business of healthcare—especially data sharing between providers and payers. Both the OCR and ONC have announced initiatives around interoperability. Two areas in particular were discussed.

Electronic claims. An electronic claims attachments rule was passed in 2012, but has not been widely adopted or enforced. Enforcement of electronic remittance advice (ERA) will reduce paperwork between providers and clearinghouses, with the potential to save $8 billion annually. Facilities will be reviewed for compliance via the “optimization program” versus process audits.

Health plans. Getting data back to health plans is vital to success under value-based reimbursement. Our patients are health plan members. We all have the same purpose—to improve the health of those we serve. Direct exchange of information between CE, provider and plan support this goal while streamlining processes across all stakeholders. The ability for patients to also contribute electronic health data for better patient care coordination is the industry’s audacious goal.

HIPAA was first signed into law in 1996. Today, 22 years and 28 HIPAA summits later, I still learn and advance in concert with healthcare industry changes. Keeping abreast of predictions, such as those listed above, ensures every healthcare professional gains the knowledge they need to deliver high-quality care while protecting privacy, security and patient access to health information.

MRO is committed to keeping our clients and the HIM industry up to date on the latest happenings. To receive updates from MRO when we release new blog posts, complete the form below. You can also learn more in our upcoming PHI disclosure management webinar series, which kicks off April 10, 2019 with a session focused on payer requests for medical records, including audits and reviews.

Sign Up for Future Blog Posts

Read More

Four PHI Disclosure Management Webinars to Catch in 2019

 

 

 

 

 

 

 

 

As we move into 2019, it is important for healthcare professionals to stay up to date on the latest trends and best practices for managing Protected Health Information (PHI) disclosure across healthcare enterprises.

In MRO’s upcoming 2019 “Best Practices in PHI Disclosure Management” webinar series, the latest trends and best practices for organizations to consider will be covered. There are four parts to this webinar series, and each session is pre-approved by AHIMA for one (1) CEU in the privacy and security domain.

Below are the four session topics in our webinar series, which MRO’s subject matter experts will go into more detail. To register, click here.

Webinar Watch List: Payer Audits, Compliance, Cybersecurity and Patient-Directed Requests

1) The Rising Tide of Payer Requests for Medical Records: How to Shore Up Your Defense
Payer requests for medical records are challenging, time-consuming undertakings for healthcare organizations, typically requiring the release of hundreds or thousands of patient records. MRO’s payer relations expert Greg Ford, Senior Director of Requester Relations and Receivables Administration, will share tips and best practices to shore up your defenses against the rising tide of payer requests for medical records.

2) Enterprise-Wide Disclosure Management: Closing the Compliance Gaps
Privacy and security within a healthcare enterprise are top of mind in an era of regulatory reform and breach. With risks including financial penalties, lawsuits, and reputational damage, healthcare organizations are seeking ways to mitigate risk and ensure proper disclosure of PHI by implementing new technology and HIPAA-compliant policies and procedures. In this webinar, I will cover the benefits of implementing an enterprise-wide PHI disclosure management strategy to close compliance gaps.

3) Cybersecurity in Health IT: Trends and Tips for Safeguarding PHI
In an era of evolving cybersecurity threats, healthcare leaders are challenged to be vigilant in their efforts to minimize risk and implement new, robust safeguards to protect the privacy and security of patient data. MRO’s security expert Anthony Murray, CISSP, Vice President of Information Technology and ISSO, and I will provide best practices for safeguarding PHI across your healthcare enterprise.

4) Clearing the Confusion: Attorney Misuse of Patient-Directed Record Requests and How to Cope
The OCR’s 2016 guidance on patient access was meant to remove roadblocks for patients and their personal representatives when requesting medical records or PHI. However, instead of adding clarification for healthcare providers, the 2016 guidance opened the door for third-party requesters and attorneys to inappropriately request medical records under the guise of patient-directed requests, resulting in rising challenges for healthcare providers. MRO’s legal expert Danielle Wesley, Esq., Vice President and General Counsel, and I will provide clarity on the topic and cover strategies and tactics for combatting the related issues.

Register today for our first webinar, on the topic The Rising Tide of Payer Requests for Medical Records: How to Shore Up Your Defense.

Register for "The Rising Tide of Payer Requests for Medical Records: How to Shore Up Your Defense"

Read More