In a For The Record E-News Exclusive, MRO’s Angela Rose summarizes a national survey about Release of Information, conducted by Porter Research, an independent market intelligence and research group focused on HIT. The findings provide valuable perspectives for HIM departments to consider and assess as they move into the 2020 budget and planning season.
As we approach the 2019 AHIMA Health Data and Information Conference in Chicago, September 14-18, 2019, MRO is excited to exhibit for the 16th year in a row. We are looking forward to mingling, networking, and spending time with our clients, Health Information Management (HIM) partners and friends. Stop by Booth 1102 to say hello to the team, catch up and learn about MRO’s successful ROI solutions.
Our team of ROI experts will be available at the booth to discuss Protected Health Information (PHI) disclosure management topics, including enterprise-wide solutions for ROI, cybersecurity, BA management, payer audit and review strategies, and the compliant management of patient-directed requests.
If you don’t make it to the booth, you can take advantage of MRO’s experts during the conference at the learning opportunities listed below:
AHIMA’s Privacy and Security Institute
Saturday and Sunday, September 14-15
10:30am – 11:45am
Rooms E451A & E353A
MRO is proud to sponsor this year’s Institute, and Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, Vice President of Privacy, Compliance and HIM Policy for MRO, will participate in Sunday’s presentation “Assessing Privacy and Security Compliance.”
Enterprise-Wide Disclosure Management: Penn Medicine’s Journey in Outsourcing Release of Information
Monday, September 16
2:20pm – 3:10pm
Exhibit Hall, HIM Expert Theater Andersonville
Join me and my colleague, Sherine Koshy, MHA, RHIA, CCS, Corporate Director of Health Information Management at Penn Medicine, for this presentation on proven practices for outsourcing Release of Information and successful enterprise-wide implementations.
The Next Big Story: BA Management Tips to Keep Your Organization Out of the Headlines
Monday, September 16
7:30am – 8:30am
Don’t miss “The Next Big Story: BA Management Tips to Keep Your Organization Out of the Headlines” given by my fellow teammates and subject matter experts, Rita Bowen and Anthony Murray, MRO’s privacy and security officers. This session takes a deeper dive into BA breaches and the effective strategies necessary to mitigate your organization’s risk.
Patient-Directed Requests: What’s the Elephant in the Room?
Tuesday, September 17
7:30am – 8:30am
Rise and shine! Let’s talk about the elephant in the room. This Networking Breakfast is sponsored by AHIOS and we are honored to co-present on this industry hot topic. MRO’s privacy and legal experts, Rita Bowen and Danielle Wesley, Esq., will discuss and analyze the current trends and challenges around the misuse of patient-directed requests by attorneys and record retrieval companies. Mark it on your calendar and secure your spot today!
Time to Clear the Confusion: Attorney Misuse of Patient-Directed Record Requests and How to Cope
Wednesday, September 18
9:00am – 9:45am
Can’t make it to the breakfast or still want more? This presentation will be your last chance to listen, learn, or join the discussion on one of the latest threats to one of HIM’s core functions – ROI. Take advantage of time with MRO’s privacy and legal experts Rita Bowen and Danielle Wesley, Esq. as they discuss the current landscape on the attorney misuse of patient-directed medical record requests under HITECH. Walk away with tips and recommended practices for your organization to ensure compliance and patient satisfaction.
To schedule time with us, please complete the form on this page. We hope to see you there!
Meet us at AHIMA19
MRO has released the results of a nationwide survey, “Release of Information: Can You Afford to Ignore Industry Changes?” The survey was conducted by Porter Research, a market intelligence and research group focused on healthcare IT. The survey provides valuable insights from senior HIM professionals concerning Release of Information (ROI) priorities and approaches, including top vendor criteria.
As requests to disclose patient health information rapidly evolve, provider organizations are challenged to apply innovative methods to Protected Health Information (PHI) disclosure management across their health systems. With increasing demands for the exchange of and access to health information, HIM leaders must deal with large volumes of government and commercial payer audits, enterprise-wide compliance and breach prevention, and patient satisfaction. The changing landscape calls HIM leaders to reevaluate their ROI strategies, and the results of our study can be used as a guide for navigating disclosure management.
The executive insights from the report represent 33 hospitals, 1,253 clinics and 620,719 annual ROI requests. The surveyed senior HIM professionals provided feedback regarding PHI disclosure management options and the assessment of ROI vendors. The survey questions included, but were not limited to, the following:
- When is it time to consider a new strategy and ROI partner? According to the Porter Research survey results, senior HIM leaders indicated that there are two main reasons for seeking better ROI solutions. The first is dissatisfaction with their existing vendor due to inadequate quality and service, including breach occurrences. The second involves the need for more modernized solutions to meet enterprise-wide compliance and operational demands as their systems grow and evolve.
- What are the essential attributes of an ROI vendor? The survey results found that in most evaluations there were at least three ROI vendors originally deliberated, with two typically making the short list. The respondents revealed five important criteria to consider when looking for an ROI partner: ease of use, workflow, ability to handle volume, turnaround time and industry reputation.
- What key decision criteria matter the most to healthcare organizations? Once crucial characteristics are examined, it’s vital to complete an analysis of how the aspects of an ROI agreement align with your own organization’s key performance indicators. The respondents revealed the most important decision criteria when choosing a new ROI vender are integration and technical features, compliance and level of service engagement. Of all criteria, price was ranked least important.
The Release of Information needs indicated by the survey show that an enterprise-wide approach to disclosure management is crucial. Healthcare organizations are partnering with strategic ROI vendors to address the intricate requirements of their organizations. When assessing vendors, the top criteria in decision-making are reputation, service, quality, technology and accountability. These survey results will help guide HIM directors who want to transition from an in-house to outsourced ROI model or those who are looking for a new ROI partner, if already outsourced.
To download a copy of “Release of Information: Can You Afford to Ignore Industry Changes?” complete the form below.
DOWNLOAD THE ROI STUDY
The April 2019 Journal of AHIMA article “What to Do (and Not Do) When Changing HIM Vendors” served as a virtual roundtable featuring the experiences of three HIM leaders who successfully navigated HIM service vendor transitions. The MRO client panelists were Cindy M. Phelps, RHIA, Sr. Director, TSG Business Relationship Management, Carilion Clinic; Sherine Koshy, MHA, RHIA, CCS, Corporate Director HIM, Penn Medicine; and Kathleen J. Edlund, M.M., RHIA, Director of HIM, Trinity Health.
Topics discussed in the roundtable included challenges, lessons learned and practical strategies that help ensure quality service and a lasting collaborative partnership. As moderator of the discussion, I had an opportunity to focus on each expert’s type of vendor transition: transcription, EHR and Release of Information (ROI).
Choosing the right vendor can be a challenging and daunting task, especially if your current service has been in place for a long time. Whether the service being considered for outsourcing options is in-house or with another vendor, the key to a successful transition is in the planning.
Some of the common challenges that prompted the panelists’ organizations to seek a better solution were: the need to have all users on one platform, service and quality issues, communication problems and lack of client support.
From their experiences addressing the challenges listed above, each HIM expert offered lessons learned and suggestions for other organizations to consider when transitioning service vendors. Here is a summary of their recommendations:
- Conduct benchmark, research, and reference checks.
- Establish key performance indicators (KPIs).
- Engage multidisciplinary teams.
- Conduct a pilot test.
- Communicate and collaborate to build a trusted partnership.
- Create a project charter.
- Provide training and education.
- Complete pre-implementation assessment documentation.
- Create a visual diagram model of the process flow.
- Ensure understanding of ancillary departmental (EHR) software systems.
- Preserve a working relationship with the outgoing vendor.
Strategies to help ensure a lasting collaborative partnership
Each panelist offered components of a strong, collaborative partnership that promotes ongoing optimal outcomes. Here are five essential factors:
- Monthly review meetings and open communication to discuss successes, concerns and issues with the vendor.
- Engagement and availability of the vendor in the daily operational business.
- Vendor sharing latest trends with development and with their other clients.
- Annual onsite business review to highlight current state and share future state with key stakeholders.
- Investment in the training and resources necessary to meet the needs of your organization.
The Journal of AHIMA article provides additional details regarding lessons learned, strategies and expert recommendations. To download a copy of the article, fill out the form below.
Download the Journal of AHIMA Article
In an article published to the Journal of AHIMA, MRO’s Angela Rose, MHA, RHIA, CHPS, FAHIMA, Vice President of Implementation Services, moderates a virtual roundtable discussion that takes a close look at the real-life experiences of three HIM experts during their service vendor transitions.
In a Healthcare Scene guest blog by Beth Friedman, BSHA, RHIT, MRO’s Angela Rose and Rita Bowen were mentioned for their presentation and panel discussion at AHIMA 2018.
Begin with the end in mind. – Stephen Covey
Stephen Covey will long be remembered as the author of The Seven Habits of Highly Effective People. The wisdom of those habits is applicable to organizations as well. When onboarding a new Release of Information (ROI) vendor, the end goal is to standardize policies and processes across the enterprise for timely, accurate and efficient disclosure of Protected Health Information (PHI).
Partnering with a new vendor for outsourcing Release of Information doesn’t have to be a daunting task. Whether your organization is managing ROI in house or considering a change from one outsourcing vendor to another, making a smooth transition across the enterprise is critical. Defined tasks and activities are required to successfully bring a new ROI vendor on board and resume normal operations as efficiently and effectively as possible. A seamless process begins with a dedicated implementation team to facilitate the transition, keeping the end goal in mind.
In our experience, organizations often encounter challenges that are difficult to overcome without the expertise of an implementation team. Here are some of the most common pitfalls:
- Lack of executive ownership
- Resistance from stakeholders, no buy-in
- Lack of process knowledge/ownership
- Scope creep—project not well defined, documented, controlled
- Communication issues
- Insufficient staffing, training and other resources
- Multiple technology platforms/EMR
Setting the Stage for PHI Disclosure Management Success: Six Strategies to Ensure a Smooth Transition
When evaluating an ROI vendor, be sure the vendor has a dedicated implementation team to facilitate a smooth transition. That is your first priority. The team will guide the implementation through the following six strategies:
Define the Project. Define the project scope, goals and objectives. Identify the project owner, executive sponsor and all stakeholders. Set expectations and accountability. Develop a timeline with milestones and phases.
Manage Contracts. Monitor and manage the terms of the contract to ensure contractual obligations are met. Deliver to the client exactly as specified in the contract. Proper management prevents scope creep.
Communicate. Provide ways to communicate with senior management and all stakeholders across the enterprise. Communication tools include internal memos, email templates, press releases, onsite meetings, workflow tips, helpline, monthly updates to senior management on timelines and milestones, and post-implementation touch-point calls. Communication builds trust.
Plan. Planning and communication go hand in hand. Otherwise, the project implementation plan won’t leave the conference room. To assist with planning, here at MRO, we provide new clients with a detailed overview of our implementation planning process including the following:
- Pre-Implementation Activities
- Implementation Timeline
- Go-Live Activities
- Post Implementation Activities
Planning is everything. Proper planning presents the opportunity to identify and address issues up front, setting the stage to achieve optimal results.
Document. Comprehensive documentation clearly defines the project desired outcomes. Transparency and accountability are essential. One of our practices is to send welcome packets introducing what we do and what’s going to happen during the implementation period, along with escalation pathways and MRO contact information. Throughout the transition, we provide a detailed agenda for every meeting, minutes following each meeting, training documentation, videos, monthly updates and project monitoring reports. The entire process is documented from the beginning.
Train and Educate. In preparation for go-live, an effective training and education program promotes successful outcomes. The recommended strategy is to begin training after the planning phase and continue throughout go-live. At MRO, our implementation specialists provide training on MRO ROI policies and procedures, current and legacy EMR systems, HIPAA privacy and security, ROI Online® system use and best practices.
Best Practices Yield Optimal Outcomes
Beginning with the end in mind, providers and vendors should work together to help organizations achieve timely, accurate and efficient ROI outcomes. At MRO, our dedicated implementation team guides you every step of the way with proven strategies to ensure a seamless transition.
Sign Up for Future Blog Posts
From encoders to Electronic Health Records (EHRs), Health Information Management (HIM) professionals are often tasked with enterprise-wide project management including new technologies, changing workflows and centralized operations. These massive projects require strong HIM skills, expanded partnerships and greater collaboration among vendors, HIM, IT and others. With leadership skills, specialized education, and peer-to-peer relationships, HIM professionals are perfectly positioned to promote collaboration among all stakeholders, secure executive support, ensure timelines are met and cover every detail of an enterprise-wide initiative.
A few months ago, I moderated a roundtable discussion with three HIM experts: consultant, Pat Biesboer, RHIA, MSS, PMP; Susan Carey, MHI, RHIT, PMP, FAHIMA, System Director of HIM for Norton Healthcare; and Emilie Sturm, MA, RHIA, CHPS, Senior Revenue Management Consultant for Trinity Health. They each discussed mapping out enterprise-wide projects, such as PHI disclosure management and how to meet milestones and resolve common challenges. You can find the full discussion, “Using HIM Skills to Lead Enterprise-Wide Projects: An Expert Roundtable,” in the February 2018 issue of Journal of AHIMA.
During the roundtable, all three HIM experts provided their main lessons learned from their experiences as enterprise-wide project managers. If you are an HIM professional, you may benefit from reviewing the lessons below:
- Provide concise, timely, and honest communication. Keep people motivated by injecting fun into your discussions. Keep the current status in front of stakeholders according to a regular schedule, providing the degree of detail they need.
- Have realistic expectations and transparency. If difficulties are expected, prepare the team ahead of time. This will help build trust.
- Follow stated goals. Guide your team toward the goals you established. When you run into blockers, review your options. Objectively provide the background, options, rationale and a recommended direction to maintain forward progress.
- Avoid bringing assumptions to the table. Remain open-minded and validate your expectations. Susan Carey reflected, “When I was the project manager for our EHR’s operating room, nursing and HIM modules, I mistakenly assumed that IT resources understood HIM. Looking back, I should have educated my peers who were managing other parts of the project regarding the tenets of HIM. This would have facilitated HIM operations leaders’ attempts to maintain decision-making regarding the electronic record configurations and policy.”
- Conduct reference calls with organizations using any technology you are considering. HIM needs differ from those of other departments. Current users can suggest ways to configure applications to best meet your needs and save valuable implementation time and resources.
- Perform as a project manager with HIM knowledge. Project managers are valuable when they have subject matter expertise and can develop subsidiary plans within the overall project management plan.
- Have the right stakeholders at the table when starting a project. Due diligence should be conducted to map out all areas of the project and determine vested parties. Having the right team on board provides for a productive group of multidisciplinary professionals with varying expertise.
- Identify lessons learned during each phase of a multiphase project. With a multiphase project, such as a system rollout, identify lessons learned during each phase. When possible, incorporate those lessons into the next phase for a stronger outcome. As your timeline allows, be flexible and don’t hesitate to post-pone a go-live if critical goals are not yet achieved.
- Communicate often with your project team and stakeholders. For HIM-driven projects, it’s critical that the local HIM director communicates with key constituents or peers. Establish regular meetings over the course of each project or expand your schedule if necessary. Disseminate project management tools such as timelines and meeting minutes to the project team. Regularly review the project plan to monitor progress compared with the overall timelines.
Though HIM professionals have always managed projects, enterprise-wide endeavors raise the bar for communication, organization and leadership. HIM professionals have unique abilities to manage enterprise-wide projects. More importantly, HIM professionals can help team members solve problems, achieve their goals and enjoy the journey.
If you are interested in learning more about this topic, come join me and Emilie Sturm, MA, RHIA, CHPS, Senior Revenue Management Consultant for Trinity Health, at the 2018 AHIMA National Convention in Miami, for our presentation titled “Project Management in Enterprise-Wide HIM Implementations.”
Sign Up for Future Blog Posts
In a Journal of AHIMA article, MRO’s Angela Rose, MHA, RHIA, CHPS, FAHIMA, Director of Client Relations and Account Management, moderates a virtual roundtable discussion with three HIM experts, who discuss leading enterprise-wide projects such as centralizing PHI disclosure management.
AHIMA held its 11th Annual Privacy and Security Institute on October 7-8, 2017 in Los Angeles, concurrent with the national convention. As a sponsor of the event, MRO held a breach prevention session titled “Developing Best Practices from OCR Audits and Enforcement Activities.” During the presentation, Rita Bowen and I reviewed the current Office for Civil Rights (OCR) audit and enforcement landscape and provided best practice guidance based on audit and enforcement outcomes.
We discussed some of the biggest cases to date including nine resolution agreements totaling over $17M collected by the OCR. The top five compliance issues (in order of frequency) included (1) impermissible use and disclosures, (2) lack of safeguards, (3) lack of patient access to health information, (4) releasing the minimum necessary, and (5) lack of administrative safeguards to electronic Protected Health Information (PHI). Below are five best practices for breach prevention, as well as a video interview where I recap the presentation.
Video Recap: AHIMA Privacy and Security Institute
Five Best Practices for Breach Prevention
1) Create a patient data protection committee.
This committee should oversee the organization’s patient privacy compliance program and conduct quarterly risk analyses and assessments. Serving as the incident response team, each committee member should review policies and procedures annually. In addition to these responsibilities, a patient data protection committee should perform mock HIPAA audits using Phase 2 protocols from the OCR.
2) Provide ongoing education and training for workforce members.
Many breaches are caused by unintentional actions taken by workforce members who are not familiar with the proper policies and procedures for Protected Health Information disclosure management. To avoid this from happening, organizations should provide formal training at least once a year to ensure compliance with applicable federal and state law. Provide reminders of policies and procedures through emails, posters, and patient privacy awareness activities.
3) Implement HIPAA’s security rules for administrative, physical and technical safeguards.
Make sure your organization’s risk analysis is current and complete. This is the key to avoiding any potential threats and vulnerabilities. Utilize technologies that strengthen your compliance program and access monitoring software. For HHS guidance on technical safeguards, visit their website.
4) Test the effectiveness of your compliance program.
This can be done a few ways. Through internal, external and penetration audits. Through social engineering, which involves fake phishing emails, fake phone calls and checking desks for exposed passwords. And lastly, through mock breach exercises.
5) Assess your Business Associates’ compliance.
With proper due diligence and periodic vendor assessments, healthcare providers can safeguard their organizations against breach by way of their BAs. Additionally, Business Associate Agreements (BAAs) can ensure HIPAA compliance, and hold subcontractors liable for potential violations.
Complete the form below to download MRO’s eBook on breach prevention “Tips and Best Practices to Safeguard your Healthcare Organization.”