Check Request Status610-994-7500

Onboarding a New Release of Information Vendor: Six Strategies to Ensure a Smooth Transition Process

Begin with the end in mind.  – Stephen Covey

Stephen Covey will long be remembered as the author of The Seven Habits of Highly Effective People. The wisdom of those habits is applicable to organizations as well. When onboarding a new Release of Information (ROI) vendor, the end goal is to standardize policies and processes across the enterprise for timely, accurate and efficient disclosure of Protected Health Information (PHI).

Partnering with a new vendor for outsourcing Release of Information doesn’t have to be a daunting task. Whether your organization is managing ROI in house or considering a change from one outsourcing vendor to another, making a smooth transition across the enterprise is critical. Defined tasks and activities are required to successfully bring a new ROI vendor on board and resume normal operations as efficiently and effectively as possible. A seamless process begins with a dedicated implementation team to facilitate the transition, keeping the end goal in mind.

In our experience, organizations often encounter challenges that are difficult to overcome without the expertise of an implementation team. Here are some of the most common pitfalls:

  • Lack of executive ownership
  • Resistance from stakeholders, no buy-in
  • Lack of process knowledge/ownership
  • Scope creep—project not well defined, documented, controlled
  • Communication issues
  • Insufficient staffing, training and other resources
  • Multiple technology platforms/EMR

Setting the Stage for PHI Disclosure Management Success: Six Strategies to Ensure a Smooth Transition

When evaluating an ROI vendor, be sure the vendor has a dedicated implementation team to facilitate a smooth transition. That is your first priority. The team will guide the implementation through the following six strategies:

Define the Project. Define the project scope, goals and objectives. Identify the project owner, executive sponsor and all stakeholders. Set expectations and accountability. Develop a timeline with milestones and phases.

Manage Contracts. Monitor and manage the terms of the contract to ensure contractual obligations are met. Deliver to the client exactly as specified in the contract. Proper management prevents scope creep.

Communicate. Provide ways to communicate with senior management and all stakeholders across the enterprise. Communication tools include internal memos, email templates, press releases, onsite meetings, workflow tips, helpline, monthly updates to senior management on timelines and milestones, and post-implementation touch-point calls. Communication builds trust.

Plan. Planning and communication go hand in hand. Otherwise, the project implementation plan won’t leave the conference room. To assist with planning, here at MRO, we provide new clients with a detailed overview of our implementation planning process including the following:

  • Pre-Implementation Activities
  • Implementation Timeline
  • Go-Live Activities
  • Post Implementation Activities

Planning is everything. Proper planning presents the opportunity to identify and address issues up front, setting the stage to achieve optimal results.

Document. Comprehensive documentation clearly defines the project desired outcomes. Transparency and accountability are essential. One of our practices is to send welcome packets introducing what we do and what’s going to happen during the implementation period, along with escalation pathways and MRO contact information. Throughout the transition, we provide a detailed agenda for every meeting, minutes following each meeting, training documentation, videos, monthly updates and project monitoring reports. The entire process is documented from the beginning.

Train and Educate. In preparation for go-live, an effective training and education program promotes successful outcomes. The recommended strategy is to begin training after the planning phase and continue throughout go-live. At MRO, our implementation specialists provide training on MRO ROI policies and procedures, current and legacy EMR systems, HIPAA privacy and security, ROI Online® system use and best practices.

Best Practices Yield Optimal Outcomes

Beginning with the end in mind, providers and vendors should work together to help organizations achieve timely, accurate and efficient ROI outcomes.  At MRO, our dedicated implementation team guides you every step of the way with proven strategies to ensure a seamless transition.

Sign Up for Future Blog Posts

Read More

How to Lead Enterprise-Wide Projects: HIM Expert Advice

From encoders to Electronic Health Records (EHRs), Health Information Management (HIM) professionals are often tasked with enterprise-wide project management including new technologies, changing workflows and centralized operations. These massive projects require strong HIM skills, expanded partnerships and greater collaboration among vendors, HIM, IT and others. With leadership skills, specialized education, and peer-to-peer relationships, HIM professionals are perfectly positioned to promote collaboration among all stakeholders, secure executive support, ensure timelines are met and cover every detail of an enterprise-wide initiative.

A few months ago, I moderated a roundtable discussion with three HIM experts: consultant, Pat Biesboer, RHIA, MSS, PMP; Susan Carey, MHI, RHIT, PMP, FAHIMA, System Director of HIM for Norton Healthcare; and Emilie Sturm, MA, RHIA, CHPS, Senior Revenue Management Consultant for Trinity Health. They each discussed mapping out enterprise-wide projects, such as PHI disclosure management and how to meet milestones and resolve common challenges. You can find the full discussion, “Using HIM Skills to Lead Enterprise-Wide Projects: An Expert Roundtable,” in the February 2018 issue of Journal of AHIMA.

During the roundtable, all three HIM experts provided their main lessons learned from their experiences as enterprise-wide project managers. If you are an HIM professional, you may benefit from reviewing the lessons below:

    1. Provide concise, timely, and honest communication. Keep people motivated by injecting fun into your discussions. Keep the current status in front of stakeholders according to a regular schedule, providing the degree of detail they need.
    2. Have realistic expectations and transparency. If difficulties are expected, prepare the team ahead of time. This will help build trust.
    3. Follow stated goals. Guide your team toward the goals you established. When you run into blockers, review your options. Objectively provide the background, options, rationale and a recommended direction to maintain forward progress.
    4. Avoid bringing assumptions to the table. Remain open-minded and validate your expectations. Susan Carey reflected, “When I was the project manager for our EHR’s operating room, nursing and HIM modules, I mistakenly assumed that IT resources understood HIM. Looking back, I should have educated my peers who were managing other parts of the project regarding the tenets of HIM. This would have facilitated HIM operations leaders’ attempts to maintain decision-making regarding the electronic record configurations and policy.”
    5. Conduct reference calls with organizations using any technology you are considering. HIM needs differ from those of other departments. Current users can suggest ways to configure applications to best meet your needs and save valuable implementation time and resources.
    6. Perform as a project manager with HIM knowledge. Project managers are valuable when they have subject matter expertise and can develop subsidiary plans within the overall project management plan.
    7. Have the right stakeholders at the table when starting a project. Due diligence should be conducted to map out all areas of the project and determine vested parties. Having the right team on board provides for a productive group of multidisciplinary professionals with varying expertise.
    8. Identify lessons learned during each phase of a multiphase project. With a multiphase project, such as a system rollout, identify lessons learned during each phase. When possible, incorporate those lessons into the next phase for a stronger outcome. As your timeline allows, be flexible and don’t hesitate to post-pone a go-live if critical goals are not yet achieved.
    9. Communicate often with your project team and stakeholders. For HIM-driven projects, it’s critical that the local HIM director communicates with key constituents or peers. Establish regular meetings over the course of each project or expand your schedule if necessary. Disseminate project management tools such as timelines and meeting minutes to the project team. Regularly review the project plan to monitor progress compared with the overall timelines.

    Though HIM professionals have always managed projects, enterprise-wide endeavors raise the bar for communication, organization and leadership. HIM professionals have unique abilities to manage enterprise-wide projects. More importantly, HIM professionals can help team members solve problems, achieve their goals and enjoy the journey.

    If you are interested in learning more about this topic, come join me and Emilie Sturm, MA, RHIA, CHPS, Senior Revenue Management Consultant for Trinity Health, at the 2018 AHIMA National Convention in Miami, for our presentation titled “Project Management in Enterprise-Wide HIM Implementations.”

Sign Up for Future Blog Posts

Read More

Breach Prevention: Developing Best Practices from OCR Audits and Enforcement Activities

AHIMA held its 11th Annual Privacy and Security Institute on October 7-8, 2017 in Los Angeles, concurrent with the national convention. As a sponsor of the event, MRO held a breach prevention session titled “Developing Best Practices from OCR Audits and Enforcement Activities.” During the presentation, Rita Bowen and I reviewed the current Office for Civil Rights (OCR) audit and enforcement landscape and provided best practice guidance based on audit and enforcement outcomes.

We discussed some of the biggest cases to date including nine resolution agreements totaling over $17M collected by the OCR. The top five compliance issues (in order of frequency) included (1) impermissible use and disclosures, (2) lack of safeguards, (3) lack of patient access to health information, (4) releasing the minimum necessary, and (5) lack of administrative safeguards to electronic Protected Health Information (PHI). Below are five best practices for breach prevention, as well as a video interview where I recap the presentation.

Video Recap: AHIMA Privacy and Security Institute

 

Five Best Practices for Breach Prevention

1) Create a patient data protection committee.
This committee should oversee the organization’s patient privacy compliance program and conduct quarterly risk analyses and assessments. Serving as the incident response team, each committee member should review policies and procedures annually. In addition to these responsibilities, a patient data protection committee should perform mock HIPAA audits using Phase 2 protocols from the OCR.

2) Provide ongoing education and training for workforce members.
Many breaches are caused by unintentional actions taken by workforce members who are not familiar with the proper policies and procedures for Protected Health Information disclosure management. To avoid this from happening, organizations should provide formal training at least once a year to ensure compliance with applicable federal and state law. Provide reminders of policies and procedures through emails, posters, and patient privacy awareness activities.

Some free helpful tools include:
OCR’s website
OCR’s YouTube channel
AHIMA’s Body of Knowledge

3) Implement HIPAA’s security rules for administrative, physical and technical safeguards.
Make sure your organization’s risk analysis is current and complete. This is the key to avoiding any potential threats and vulnerabilities. Utilize technologies that strengthen your compliance program and access monitoring software. For HHS guidance on technical safeguards, visit their website.

4) Test the effectiveness of your compliance program.
This can be done a few ways. Through internal, external and penetration audits. Through social engineering, which involves fake phishing emails, fake phone calls and checking desks for exposed passwords. And lastly, through mock breach exercises.

5) Assess your Business Associates’ compliance.
With proper due diligence and periodic vendor assessments, healthcare providers can safeguard their organizations against breach by way of their BAs. Additionally, Business Associate Agreements (BAAs) can ensure HIPAA compliance, and hold subcontractors liable for potential violations.

Complete the form below to download MRO’s eBook on breach prevention “Tips and Best Practices to Safeguard your Healthcare Organization.”

DOWNLOAD MRO’S eBook “Preventing a Breach: Tips and Best Practices to Safeguard your Healthcare Organization.”

Read More