Record Requests610-994-7500

Information Blocking: MRO’s Webinar Series Recap

Information Blocking: MRO’s Webinar Series Recap

Recently, MRO hosted a webinar series on the 21st Century Cures Act focusing on the Information Blocking Rule and Interoperability. I joined other industry experts to provide highlights of the rule, take a closer look at the technical requirements, and analyze the impacts on HIPAA.

While the series has come to an end, the recorded playbacks of each session are still available for download, and to earn 1 CEU per session. For those who did attend, this blog is a recap of the entire series. And for those who did not attend, below is a sneak peek at the information you can learn from the recordings. Our goal is to help clear up some of the current confusion related to the rules.

How did we get here?

In order to understand where the rule originated, we must first look at the history of information blocking according to the Office of the National Coordinator (ONC). Complaints received at health IT developers included fees for sending, receiving or exporting electronic health information (EHI), charging for common interfaces and pricing designed to deter connectivity, to name a few. On the other side, complaints against providers included instances of controlling referrals to enhance market dominance, and the reference of HIPAA to deny the exchange of EHI.

Due to these unsolicited complaints, the ONC decided to release key recommendations in April 2015. These recommendations included the following:

  • Constrain standards and implementation specifications
  • Ensure greater transparency in certified health IT products and services
  • Provide governance rules that deter information blocking
  • Improve understanding of HIPAA privacy rule and security standards related to information sharing
  • Work with CMS to coordinate healthcare payment initiatives and leverage other market drivers that reward interoperability and discourage information blocking
  • Promote competition and innovation in health IT and healthcare

As a result, the 21st Century Cures Act was created. The key objectives include accelerating drug and medical device development, addressing the opioid crisis, improving mental health service delivery and enhancing nationwide interoperability of EHRs.

To download our infographic explaining the rule, click here

Information Blocking Rule Details

While this rule does impact healthcare providers, health IT developers of certified health IT and health information networks/health information exchanges, it does not necessarily impact business associates. It is imperative that business associates determine whether they are considered an “actor” and required to comply. Impacted entities must certify that they:

  • Do not engage in information blocking
  • Provide assurances that developer or entity will not engage in information blocking
  • Do not prohibit or restrict certain communications
  • Publish APIs and allow health information to be accessed, used and exchanged without special effort through the use of APIs
  • Conduct real world testing
  • Ensure attestation is completed

As defined by the rule, the above applies to electronic health information (EHI)—all electronic information regarding the patient’s health information as defined in the facility-specific electronic designated record set (DRS). The definition of EHI is based on how an organization defines their DRS. If it’s not properly defined, the definition is left open to interpretation.

Defining the DRS is a requirement under HIPAA and is a key component to ensuring the patient has appropriate access to their healthcare. Beginning in 2022, the scope of EHI will be broadened so it’s important to understand the rule and its requirements.

Some Exceptions

The rule did finalize eight exceptions, divided into two categories. The first category involves not fulfilling requests to access, exchange or use EHI, and includes:

  • Preventing harm – aligns with HIPAA’s harm exception but must be consistent with organizational policy
  • Privacy – protecting an individual’s privacy
  • Security – protecting the security of EHI
  • Infeasibility – meeting one of the requirements noted in the rule with a response provided to the requester within 10 business days of request receipt specifying the infeasibility exception
  • Health IT performance – scheduled maintenance or downtime due to a security risk

The second category involves fulfilling requests to access, exchange or use EHI, and includes:

  • Content and manner – fulfilling a request in an alternative manner if unable to fulfill as requested
  • Fees exception – charging fees related to costs, which is not to be based on competition with another actor, but instead based on objective and verifiable data uniformly applied
  • Licensing – actors protecting the value of their innovations and charge reasonable royalties in order to earn returns on the investments they have made to develop, maintain and update those innovations

Actions to Consider

Now that the rule is final and the first pieces of compliance are approaching in November 2020, organizations must consider the best course of action forward. A great resource that I highly recommend is The Sequoia Project, which is continually updating its resources page for the HealthIT community. They are providing additional webinars, toolkits and reports.

MRO will also continue to publish relevant content around the information blocking rule and interoperability. My colleague Rita Bowen will present Information Blocking Rule: The Impact to HIM later this year on November 18, 2020. Be sure to mark your calendar!

Above all else, remember the basics for creating or updating a compliance program. Begin with the end in mind. What are your goals? Determine whether your organization is considered an actor. Review your current program and determine what modifications or new items are needed to remain ahead of the game. Make the changes and implement them through education and training.

To learn more about the information blocking rule from our panel of industry experts, complete the form below to request playback for the entire series.

Request webinar playback for the entire Information Blocking series

Read More

Announcing MRO’s 2020 Webinar Series

Information Blocking: MRO’s Webinar Series Recap









MRO and I are proud to announce our 2020 webinar series. I would like to invite you to join me and my colleagues to review, analyze and discuss the hottest topics impacting Protected Health Information (PHI) today.

This year’s webinar series focuses on best practices related to industry trends and challenges, leadership development and regulatory changes that affect the secure and compliant exchange of PHI. The sessions address the needs of Health Information Management (HIM), privacy, compliance, risk management, security and other healthcare professionals seeking up-to-date information. Don’t miss the opportunity to learn from seasoned industry experts!

Highlighted below are the four sessions included in our webinar series.

The Right ROI Solution, Information Blocking, Workforce Training, and Privacy and Security Trends

Release of Information: Industry Changes and the Road to the Right Solution

This presentation explores results from a nationwide survey of senior HIM professionals about the ROI challenges, priorities and strategies at the forefront of today’s healthcare ecosystem. The survey was commissioned and published by MRO and conducted by Porter Research. I will guide attendees through a discussion regarding the right time to consider a new strategy and ROI partner, the meaning of transparency in partnership, key criteria for success and more.

Information Blocking Rule: The Impact to HIM

The Information Blocking Rule encourages the flow of information for patient-enhanced management of their own healthcare through the use of health information. As a result, we expect to see increased patient-directed flow of their health information to APIs and other support management tools. MRO’s privacy and compliance expert, Rita Bowen, and MRO’s legal expert, Danielle Wesley, Esq., will discuss how this rule appears to conflict with areas of HIPAA and what that means for HIM departments.

HIM Workforce Training: Developing Tomorrow’s Leaders

The evolving HIM landscape demands new skillsets and expertise for the workforce. MRO’s motivation and development expert, Mariela Twiggs, will provide best practices for training and retaining your employees. Attendees will take away valuable knowledge to develop their staff into tomorrow’s leaders.

Watch List: 2021 Privacy and Security Trends

This presentation recaps 2020 privacy and security trends affecting the HIM industry. The session also focuses on the outlook for HIM in 2021 and how to prepare for the future. MRO’s privacy and compliance expert, Rita Bowen, and MRO’s IT expert and CIO, Anthony Murray, will review watch list resources and provide related links. This timely information is most valuable to HIM directors, compliance and privacy officers, security officers, chief information officers and chief financial officers.

I will present our first webinar, Release of Information: Industry Changes and the Road to the Right Solution, on April 15, 2020 at 2 pm ET. Register today!

Read More

Heard at AHIMA 2019: Penn Medicine’s Journey to Enterprise-Wide Disclosure Management

Information Blocking: MRO’s Webinar Series Recap

Recently, at the AHIMA Health Data and Information Conference in Chicago, I had the pleasure of presenting with my colleague Sherine Koshy, MHA, RHIA, CCS, Corporate Director of HIM at Penn Medicine, about her experience outsourcing Penn Medicine’s release of information (ROI) function.

Our presentation was held in the HIM Expert Theater where we discussed why enterprise-wide disclosure management is so important in today’s healthcare ecosystem.

We had a great time networking among peers and sharing best practices as well as lessons learned along Sherine’s journey. The conference is a busy time with many opportunities for education. So, if you were unable to make our session, here are highlights of the points discussed:

Healthcare and HIT Environmental Scan

HIPAA is still the standard that sets the floor for the privacy and security of protected health information (PHI), but let’s not forget the other federal and various state laws that also affect PHI safeguards and disclosures. We’ve all heard that HIPAA 2.0—the reboot for a modernized version—is coming to catch up with the continually changing healthcare and HIT environments. As part of the healthcare evolution, patients have become more actively involved in their own care, a trend that demands timely and accurate disclosure management practices.

Why Enterprise-Wide Disclosure Management?

 As outlined in our presentation, the benefits of an enterprise-wide disclosure management approach include the ability to:

  • Standardize workflows
  • Review/update policies and procedures
  • Improve the customer experience
  • Achieve compliance
  • Mitigate risk

Nationwide ROI Survey Results

 We summarized the results of a survey that MRO recently commissioned to a third party, Porter Research, to find out more about current ROI needs and requirements. The survey found that senior HIM professionals experienced two top business challenges:

  • Dissatisfaction with their ROI vendor—including missed service level agreements (SLAs), compliance issues/breaches, and lack of support/poor service quality
  • Need for standardization of the ROI process—due to a high volume of ROI requests, multiple locations and need for one single platform: one EMR and one ROI vendor for consistency

The study also revealed five essential attributes organizations consider when searching for an ROI solution or a new ROI vendor. Those include:

  • Ease of use—a dependable system that is user-friendly
  • Workflow—efficient and effective to ensure timely and accurate disclosures
  • Turnaround time—requirements met according to timelines, if not sooner
  • Industry reputation—customer satisfaction, company integrity, and staff credibility
  • Ability to handle volume—to ensure quality of service does not fluctuate with request volume

 Penn Medicine’s ROI Journey

 Penn Medicine is located in and around the Philadelphia, Pennsylvania area and includes 6 hospitals (7,163 physicians), 10 multispecialty centers, and 800+ physician practice locations. The system is ranked by U.S. News & World Report as No. 1 in the state of Pennsylvania.

Like many other organizations, Penn Medicine faced challenges with their ROI solution and realized the need to evaluate the following:

  • Level of quality—internal issues and patient complaints due to backlog in requests
  • Customer service—lack of partnership and trust in the relationship, and a reactive instead of proactive approach when taking on issues
  • Patient complaints—increase in complaints across the entire health system
  • Staffing—high turnover and inability to keep up with demand for new employees
  • Productivity and turnaround time—compliance risk due to missed deadlines
  • Technology—platform not user-friendly, inability to integrate with the existing EHR

Ultimately, Penn Medicine made the tough decision to change ROI vendors, and focused on top priorities:

  • Ensure excellent customer service and response times to Penn Medicine and, even more important, to the patient
  • Create a one-stop-shop model allowing a patient to request records from anywhere in the enterprise at any one location
  • Decrease privacy and security incident/breach rates
  • Ensure system integration with Penn’s EHR

Many collaborative planning meetings paved the way for MRO to clearly understand Penn’s challenges and to define an effective transition plan for the organization’s future ROI state. A strong partnership was built by creating a team approach, investing in training and resources, and going above and beyond to bring Penn Medicine’s vision to life.

The transition proved to be successful for Penn, measured by the following outcomes:

  • Compliant ROI—quality and accuracy improved, turnaround times were met, and productivity levels kept up with high volumes
  • Customer service—increased satisfaction by allowing requesters to request and obtain any Penn Medicine record at any location
  • Complaints—decreased significantly
  • Staffing—low turnover and well-managed staff
  • EHR integration—streamlined workflows and increased productivity
  • Partnership—mutual trust and transparency between Penn Medicine and MRO

Enterprise-Wide Disclosure Management: Best Practices and Lessons Learned

Along any successful journey, issues must be resolved to achieve success. Partnership is essential. Penn Medicine’s ROI journey provides other healthcare organizations with valuable best practices and lessons learned:

  • RFP—Create a multidisciplinary committee, define the process with timelines and due dates, define the most important criteria and attributes needed for your organization, establish a grading document and scale, and communicate regularly with the vendors
  • Contracts—Ensure accountability and responsibility between parties in your BAAs, know payer contract verbiage and negotiated rates, and create realistic achievable SLAs
  • Technological capabilities and limitations—Ensure ease of use, keep in mind possible integrations such as MROeLink®, maintenance, and downtime
  • Communication—Create checks and balances, hold ongoing meetings to touch base (internally and with vendor), ensure all stakeholders are on the same page and change course if necessary
  • Partnership development—Ensure transparency, team effort, reliability and above all, trust

To learn more about enterprise-wide disclosure management, and Penn Medicine’s ROI journey, fill out the form below to receive a copy of our presentation, originally presented at AHIMA 2019.

Request presentation slides

Read More

HIM Leaders Identify ROI Priorities and Strategies

In a For The Record E-News Exclusive, MRO’s Angela Rose summarizes a national survey about Release of Information, conducted by Porter Research, an independent market intelligence and research group focused on HIT. The findings provide valuable perspectives for HIM departments to consider and assess as they move into the 2020 budget and planning season.

Read More

AHIMA Conference 2019: Learn from MRO’s Release of Information Experts

Information Blocking: MRO’s Webinar Series Recap

As we approach the 2019 AHIMA Health Data and Information Conference in Chicago, September 14-18, 2019, MRO is excited to exhibit for the 16th year in a row.  We are looking forward to mingling, networking, and spending time with our clients, Health Information Management (HIM) partners and friends. Stop by Booth 1102 to say hello to the team, catch up and learn about MRO’s successful ROI solutions.

Our team of ROI experts will be available at the booth to discuss Protected Health Information (PHI) disclosure management topics, including enterprise-wide solutions for ROI, cybersecurity, BA management, payer audit and review strategies, and the compliant management of patient-directed requests.

If you don’t make it to the booth, you can take advantage of MRO’s experts during the conference at the learning opportunities listed below:

AHIMA’s Privacy and Security Institute

Saturday and Sunday, September 14-15
10:30am – 11:45am

Rooms E451A & E353A

MRO is proud to sponsor this year’s Institute, and Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, Vice President of Privacy, Compliance and HIM Policy for MRO, will participate in Sunday’s presentation “Assessing Privacy and Security Compliance.

Enterprise-Wide Disclosure Management: Penn Medicine’s Journey in Outsourcing Release of Information

Monday, September 16
2:20pm – 3:10pm

Exhibit Hall, HIM Expert Theater Andersonville

Join me and my colleague, Sherine Koshy, MHA, RHIA, CCS, Corporate Director of Health Information Management at Penn Medicine, for this presentation on proven practices for outsourcing Release of Information and successful enterprise-wide implementations.

The Next Big Story: BA Management Tips to Keep Your Organization Out of the Headlines

Monday, September 16
7:30am – 8:30am

Don’t miss “The Next Big Story: BA Management Tips to Keep Your Organization Out of the Headlines” given by my fellow teammates and subject matter experts, Rita Bowen and Anthony Murray, MRO’s privacy and security officers. This session takes a deeper dive into BA breaches and the effective strategies necessary to mitigate your organization’s risk.

Patient-Directed Requests: What’s the Elephant in the Room?

Tuesday, September 17
7:30am – 8:30am

Rise and shine!  Let’s talk about the elephant in the room. This Networking Breakfast is sponsored by AHIOS and we are honored to co-present on this industry hot topic.  MRO’s privacy and legal experts, Rita Bowen and Danielle Wesley, Esq., will discuss and analyze the current trends and challenges around the misuse of patient-directed requests by attorneys and record retrieval companies.  Mark it on your calendar and secure your spot today!

Time to Clear the Confusion: Attorney Misuse of Patient-Directed Record Requests and How to Cope

Wednesday, September 18
9:00am – 9:45am

Can’t make it to the breakfast or still want more?  This presentation will be your last chance to listen, learn, or join the discussion on one of the latest threats to one of HIM’s core functions – ROI.  Take advantage of time with MRO’s privacy and legal experts Rita Bowen and Danielle Wesley, Esq. as they discuss the current landscape on the attorney misuse of patient-directed medical record requests under HITECH. Walk away with tips and recommended practices for your organization to ensure compliance and patient satisfaction.

To schedule time with us, please complete the form on this page. We hope to see you there!

Meet us at AHIMA19

Read More

MRO Publishes Study—Release of Information: Can You Afford to Ignore Industry Changes?

Information Blocking: MRO’s Webinar Series Recap

MRO has released the results of a nationwide survey, “Release of Information: Can You Afford to Ignore Industry Changes?” The survey was conducted by Porter Research, a market intelligence and research group focused on healthcare IT. The survey provides valuable insights from senior HIM professionals concerning Release of Information (ROI) priorities and approaches, including top vendor criteria.

As requests to disclose patient health information rapidly evolve, provider organizations are challenged to apply innovative methods to Protected Health Information (PHI) disclosure management across their health systems. With increasing demands for the exchange of and access to health information, HIM leaders must deal with large volumes of government and commercial payer audits, enterprise-wide compliance and breach prevention, and patient satisfaction. The changing landscape calls HIM leaders to reevaluate their ROI strategies, and the results of our study can be used as a guide for navigating disclosure management.

The executive insights from the report represent 33 hospitals, 1,253 clinics and 620,719 annual ROI requests. The surveyed senior HIM professionals provided feedback regarding PHI disclosure management options and the assessment of ROI vendors. The survey questions included, but were not limited to, the following:

  • When is it time to consider a new strategy and ROI partner? According to the Porter Research survey results, senior HIM leaders indicated that there are two main reasons for seeking better ROI solutions. The first is dissatisfaction with their existing vendor due to inadequate quality and service, including breach occurrences. The second involves the need for more modernized solutions to meet enterprise-wide compliance and operational demands as their systems grow and evolve.
  • What are the essential attributes of an ROI vendor? The survey results found that in most evaluations there were at least three ROI vendors originally deliberated, with two typically making the short list. The respondents revealed five important criteria to consider when looking for an ROI partner: ease of use, workflow, ability to handle volume, turnaround time and industry reputation.
  • What key decision criteria matter the most to healthcare organizations? Once crucial characteristics are examined, it’s vital to complete an analysis of how the aspects of an ROI agreement align with your own organization’s key performance indicators. The respondents revealed the most important decision criteria when choosing a new ROI vender are integration and technical features, compliance and level of service engagement. Of all criteria, price was ranked least important.

The Release of Information needs indicated by the survey show that an enterprise-wide approach to disclosure management is crucial. Healthcare organizations are partnering with strategic ROI vendors to address the intricate requirements of their organizations. When assessing vendors, the top criteria in decision-making are reputation, service, quality, technology and accountability. These survey results will help guide HIM directors who want to transition from an in-house to outsourced ROI model or those who are looking for a new ROI partner, if already outsourced.

To download a copy of “Release of Information: Can You Afford to Ignore Industry Changes?” complete the form below.


Read More

What to Do and Not Do When Changing Health Information Management Vendors

Information Blocking: MRO’s Webinar Series Recap









The April 2019 Journal of AHIMA article “What to Do (and Not Do) When Changing HIM Vendors” served as a virtual roundtable featuring the experiences of three HIM leaders who successfully navigated HIM service vendor transitions. The MRO client panelists were Cindy M. Phelps, RHIA, Sr. Director, TSG Business Relationship Management, Carilion Clinic; Sherine Koshy, MHA, RHIA, CCS, Corporate Director HIM, Penn Medicine; and Kathleen J. Edlund, M.M., RHIA, Director of HIM, Trinity Health.

Topics discussed in the roundtable included challenges, lessons learned and practical strategies that help ensure quality service and a lasting collaborative partnership. As moderator of the discussion, I had an opportunity to focus on each expert’s type of vendor transition: transcription, EHR and Release of Information (ROI).


Choosing the right vendor can be a challenging and daunting task, especially if your current service has been in place for a long time. Whether the service being considered for outsourcing options is in-house or with another vendor, the key to a successful transition is in the planning.

Some of the common challenges that prompted the panelists’ organizations to seek a better solution were: the need to have all users on one platform, service and quality issues, communication problems and lack of client support.

Lessons Learned

From their experiences addressing the challenges listed above, each HIM expert offered lessons learned and suggestions for other organizations to consider when transitioning service vendors. Here is a summary of their recommendations:

  • Conduct benchmark, research, and reference checks.
  • Establish key performance indicators (KPIs).
  • Engage multidisciplinary teams.
  • Conduct a pilot test.
  • Communicate and collaborate to build a trusted partnership.
  • Create a project charter.
  • Provide training and education.
  • Complete pre-implementation assessment documentation.
  • Create a visual diagram model of the process flow.
  • Ensure understanding of ancillary departmental (EHR) software systems.
  • Preserve a working relationship with the outgoing vendor.

Strategies to help ensure a lasting collaborative partnership

Each panelist offered components of a strong, collaborative partnership that promotes ongoing optimal outcomes. Here are five essential factors:

  • Monthly review meetings and open communication to discuss successes, concerns and issues with the vendor.
  • Engagement and availability of the vendor in the daily operational business.
  • Vendor sharing latest trends with development and with their other clients.
  • Annual onsite business review to highlight current state and share future state with key stakeholders.
  • Investment in the training and resources necessary to meet the needs of your organization.

The Journal of AHIMA article provides additional details regarding lessons learned, strategies and expert recommendations. To download a copy of the article, fill out the form below.

Download the Journal of AHIMA Article

Read More