Check Request Status610-994-7500

How Saint Luke’s Health System Enhanced Release of Information Workflows and Improved the Customer Experience

Saint Luke’s Health System (SLHS) includes 16 hospitals, home care, hospice, behavioral health services, and physician practices across Missouri and Kansas. The health system receives 49,200 Release of Information (ROI) requests annually. As SLHS continues to expand, their HIM management team, led by Sharon Korzdorfer, Health Information Management (HIM) Director, is committed to delivering the highest quality health information services to its patients, who may request information concerning care provided by SLHS.

In 2018, Korzdorfer realized that in order to respond to a rise in monthly ROI request volumes compliantly and efficiently, they needed advanced technology and services. After evaluating multiple vendors, SLHS selected MRO to handle Protected Health Information (PHI) disclosure management across the enterprise. Their decision was based on several factors, including MRO’s dedication to clients, patients and other third-party requesters, layers of support from responsive teams of experts, and the ability to leverage technology to improve workflow. MRO’s reputation as a true partner to providers was also a key factor.

“Reputation goes a long way,” said Korzdorfer. “Sales teams can sell anything, but what I have heard consistently from my HIM peers is that MRO always comes to the table prepared to meet and exceed expectations.”

Enhanced Release of Information Workflows: Leveraging MRO’s Technology

SLHS implemented MRO’s flagship Release of Information platform, ROI Online®, along with MROeLink®, a bidirectional interface between the ROI solution and the health system’s Epic EHR.

The MROeLink tool automates manual steps for working in both an ROI system and the Epic EHR. Eliminating manual processes reduces the time needed to process requests and minimizes human error. SLHS leadership knew a system integration method would be a vital component in improving efficiencies and accuracy.

In addition to enhancing the ROI workflow through MROeLink, MRO introduced ways to further improve productivity and service quality, including implementing new processes for responding to the rising tide of payer audits and reviews, such as HEDIS and Medicare Risk Adjustment, by shifting requester relations and correspondence to MRO’s National Service Center.

Improved Customer Experience

As a result of improved workflows, technology integrations, and moving requester relations to MRO’s service center, SLHS reports reduced requester complaints, reflecting improvements in the patient and requester experience.

The Results

Through a partnership with MRO, SLHS saw impressive results, including improvements to turnaround times for ambulatory requests, continued high accuracy levels and an improved customer experience for patients and other requesters of PHI.

Korzdorfer said, “Throughout my experience with the company—from sales, through implementation and training, to the current operational partnership—MRO’s industry experts have been accessible, responsive, communicative and eager to help. It is so refreshing that MRO cares.”

To learn more, download MRO’s Saint Luke’s Health System Case Study by completing the form below.

Receive a copy of our Saint Luke’s Health System case study

Read More

Breach Prevention: Bolstering Quality Assurance in Release of Information Workflows

Health Information Management (HIM) and healthcare compliance professionals will concur that there is heightened awareness of small breaches across the healthcare industry. And though small privacy breaches affecting fewer than 500 patients per incident are not usually publicized as widely as large-scale cyberattacks, the impact can be just as detrimental to healthcare organizations.

A small breach can be as simple as making an error in the Release of Information (ROI) process, involving a patient’s Protected Health Information (PHI) mistakenly sent to the wrong person—or the wrong patient’s PHI sent to the correct requesting party.

When you look at the stats, there is plenty of room for those types of errors. MRO’s research shows there are as many as 40 disclosure points across a single healthcare system. Most of those disclosure points tend to be outside of the HIM department, where individuals not trained in proper PHI disclosure management are handling the release of PHI. This trend of expanding disclosure points is one of the key factors driving breach risk in the Release of Information process.

Another risk factor involves gaps in the Quality Assurance (QA) processes. Research shows that roughly 30 percent of all Release of Information authorizations are initially invalid. And if Release of Information workflows lack redundant QA checks, up to 10 percent of those invalid authorizations are processed with errors.

Moreover, 5 percent of patient information in electronic medical records (EMRs) have integrity issues, including comingled patient records. MRO’s research shows that without proper QA measures in place, 1 in 200 records released will contain mixed patient information—which means an organization releasing 100,000 requests annually could potentially release 500 comingled records. That’s 500 potential breaches by way of errors in the Release of Information process.

Filling the Gaps in ROI Workflow to Minimize Breaches

Given the potential risk of breach due to improper PHI disclosure, healthcare leaders should closely review gaps in their PHI disclosure management processes and consider ways to enhance workflows to improve accuracy and quality. Here are some recommendations.

First, deploying an enterprise-wide strategy for PHI disclosure management will standardize policies, procedures and technologies across a health system. As part of that strategy, a streamlined Release of Information workflow helps eliminate inconsistencies, inefficiencies, distractions and errors.

Second, redundant QA checks are vital for PHI disclosure accuracy. Even the most experienced ROI specialists are subject to human error. Multiple layers of QA are needed throughout the lifecycle of an Release of Information request, from receipt through delivery, to ensure accuracy and compliance—and prevent a privacy breach. Best practice is to bolster workflows to ensure multiple teams review both the authorizations and medical records associated with each Release of Information request prior to release.

Providing a “second set of eyes” on all authorizations and PHI before release helps reduce improper disclosures. These additional quality checks should come from a combination of trained ROI specialists and record integrity technology that uses optical character recognition to locate and correct comingled records. For example, MRO offers its patented IdentiScan® record integrity application to ensure PHI disclosure accuracy. This tool scans records for patient identifiers throughout the record set, helping ROI specialists identify and correct mixed patient information prior to release. The right combination of people and technology promotes improved accuracy and minimizes breach risk.

Patent Issued to MRO for IdentiScan Application

Learn more about the benefits of IdentiScan® by watching our video. Complete the form below to request a demo of MRO’s ROI solution, which ensures 99.99% disclosure accuracy.

Request a Demo of MRO’s KLAS-rated #1 ROI Solution

Read More

DOs and DON’Ts of Outsourcing Release of Information

DOs and DON’Ts of Outsourcing Release of Information

Managing the disclosure of Protected Health Information (PHI) from within a healthcare organization has become increasingly complex. As the volume of medical Release of Information (ROI) continues to rise, multiple disclosure points place organizations at risk for privacy breach. Many have turned to outsourcing Release of Information to promote proper PHI disclosure. Choosing the right vendor can be a challenge if you don’t know where to start. Here are some suggestions to make the process easier.

DO—Use HIM peer feedback

The best way to begin is by seeking feedback from HIM peers who have experience with ROI vendors. Trusted peers can help with steps to identify vendors that offer high levels of service quality, accuracy and compliance.

Ensure the vendor is equipped to handle a health system your size

In today’s environment, there are fewer independent hospitals than in the past. Increased consolidation among hospital groups adds a new level of complexity due to size of the organization. It’s important to conduct a thorough evaluation to ensure the vendor can accommodate the size of your organization.

Over the years, many independent hospitals have used small local ROI companies that served them well at the time. But as these organizations grow to include multiple facilities with hundreds of clinics, ROI becomes a more complicated process. Vendor reassessment involves two critical considerations—scalability and expertise. Does the vendor have the scalability to meet the needs of all facilities and the expertise to conduct the implementation from a proven project management perspective?

Scalability is especially important for organizations acquiring physician practices. For one organization, we are currently hiring 40 people to serve five hospitals and 300 physician practice locations. Few vendors are equipped to manage a project of that size. Organizations should consider the scope of the project and the vendor’s ability to conduct a smooth and seamless implementation. Best practice is to engage a dedicated implementation team of trained specialists to onboard staff and ensure a successful implementation.

Assess the vendor’s ability to offer high levels of service quality, accuracy and compliance

Your organization must have confidence in the vendor’s ability to measure quality and accuracy to ensure compliance. While seeking feedback from peers, review the company’s resources to assess quality standards, documentation processes, areas of priority and methods of measurement. What is the success rate in terms of service delivery and accuracy? What internal quality measures are in place to ensure proper disclosure of PHI and prevent breach? Also, look for independent measures of quality and reputation of a vendor you’re considering. One of those measures is KLAS, a third-party group that rates companies based on customer ratings.

DO—Visit the vendor

As part of the evaluation process, schedule an onsite visit. At MRO, we welcome the opportunity to show and tell what we do. Showing tells a lot about an organization. Take a tour of the workflow to see ROI processes firsthand. That’s where you’ll see those crucial quality checks.

DO—Leverage the latest technology innovations

Advanced technology is essential to provide optimal ROI services. Top priorities include EMR integration, electronic delivery, optical character recognition (OCR) technology for Quality Assurance, and IT expertise and leadership.

EMR integration

Look for technology with the capability to integrate with most EMR systems. Some ROI companies have built interfaces between their ROI platforms and EMRs to enhance workflows through automation. For example, MRO’s MROeLink® interface with Epic’s ROI module has the capability to automate typically manual and redundant steps in the ROI process to improve efficiency and reduce errors.

Electronic delivery

Organizations today need import and export capabilities that extend beyond extraction of information.

Look for the ability to receive requests and deliver information via electronic interchange. At MRO, we have thousands of portals set up with different organizations around the country to securely receive and deliver information. Additionally, our proprietary interface with SSA’s Disability Determination Services (DDS) and esMD for CMS enables healthcare organizations to enhance revenue, improve efficiency and drive compliance.

OCR technology for Quality Assurance

Quality Assurance requires the right people, processes and technology. The most effective programs offer technology and human intervention to review documents at various points within information management workflows. For example, we suggest a combination of OCR technology and specially trained staff to perform multiple quality checks during the ROI process. MRO’s IdentiScan® OCR validation technology checks for patient identifiers to catch comingled records. Any detected errors are quickly corrected and documented by Quality Assurance experts.

IT expertise and leadership

Finally, consider the vendor’s future plans for investment on the IT side of the ROI process. Many times smaller vendors can’t make large investments required to be on the leading edge of IT. Is the vendor forward thinking regarding IT? What capabilities are in place? Recommended practice is to have extensive internal IT resources backed by plans for future investment. Look for progressive companies with IT knowledge, experience and leadership.

DO—Consider an enterprise-wide approach

A centralized, enterprise-wide approach to PHI disclosure management is the recommended strategy to have complete confidence in achieving compliance. This approach guards a patient’s privacy while also protecting the organization against breach, financial risk and reputational harm. The benefits across the health system include:

  • Standardized policies and procedures
  • Consistent policy enforcement
  • Improved patient and third-party requester experience
  • Heightened PHI disclosure accuracy through quality-infused workflows

DON’T—Prioritize low cost over quality

Prioritizing low cost over quality and compliance will cost your organization more in the long run. Everyone wants the most economical deal, but not at the expense of quality. Noncompliance and associated costs are too great a risk. When evaluating a vendor, shop for accuracy and quality.

MRO is proud to be KLAS-rated #1 for outsourced Release of Information services, offering scalability, expertise, innovative technologies, and the highest levels of accuracy, quality and service. To request a demo of our ROI Online® solution, complete the form.

Request a Demo

Read More

How to Improve PHI Disclosure Efficiency in the Business Office

PHI Disclosure

Releasing medical records from a healthcare organization’s business office can be accomplished in a more efficient and cost-effective method. Instead of distracting billers and collectors from their main duties of collecting revenue, business offices should consider the following options to improve efficiency and ensure proper tracking of Protected Health Information (PHI). I provide more detailed information in an HFMA blog “PHI Disclosure Management in the Business Office.”

Centralize all Requests for Records

If the business office wishes to continue to process using their staff, the function should be centralized and assigned to a core group of processors to fulfill all requests. This will help minimize administrative burden from the billers and collectors. Centralization also promotes consistent, standardized processes. These dedicated business office staff should be thoroughly trained in proper PHI disclosure management to maximize efficiency, eliminate redundancy and mitigate risk of HIPAA breach for requests that may fall outside of TPO such as itemized bills for outside attorney requests.

Transfer the Work to HIM

HIM staff are well trained in processing requests for information. They have the knowledge and skills to complete requests efficiently and in compliance with HIPAA guidelines. Nevertheless, some organizations fear delegating this function to HIM because of concerns regarding timeliness and payer deadlines. To reduce turnaround time fears, the following four best practices should be implemented:

  1. Ensure open and ongoing communication between the business office and HIM
  2. Optimize the use of EHR and PHI disclosure management technologies to route requests and share information
  3. Assign dedicated Release of Information (ROI) experts to support the business office and process requests
  4. Conduct regular meetings to discuss new trends in payer requests and proactively improve turnaround time through SFTP delivery

Outsource Business Office PHI Disclosures

A number of national firms, including MRO, provide Release of Information services to process payer requests. MRO’s services for business office disclosure management ensure timely delivery of information to payers, full compliance with HIPAA guidelines, and around-the-clock staffing to avoid backlogs or delays.

Careful and strategic tracking of information released, to whom and why, will make the PHI disclosure process more efficient. If your organization needs to improve this process, you should consider: centralization, delegating work to HIM or outsourcing PHI disclosure management. By implementing these alternative workflow options, your organization will be taking the right steps towards improving billing processes and decreasing denials.

Join our blog mailing list

Read More

How to Ensure Proper PHI Disclosure across your Healthcare Enterprise

PHI Disclosure

When it comes to Protected Health Information (PHI), one of the main duties of Health Information Management (HIM) departments is to protect their patients’ privacy and ensure proper disclosure. HIM departments have had a long-held reputation of being the top disclosers of PHI within a healthcare enterprise. However, recent trends in PHI disclosure management are changing things around. Combined requests from other areas such as radiology, business offices, and physician practices are matching, if not exceeding, the PHI disclosure volumes in HIM. This combination of departments managing PHI disclosure causes high volumes of records and increases risk. Below are a few best practices, as outlined in a Journal of AHIMA article, for how HIM professionals can ensure proper disclosure and mitigate breach.

Know the Risky Spots: Audit your Points of PHI Disclosure

A practical first step is to conduct an enterprise-wide audit of all disclosure points. An audit of all PHI disclosure points should be conducted and updated yearly as part of your organization’s privacy compliance assessment. Auditing your enterprise helps HIM leaders become aware of the risks, which they can then work to mitigate. HIM professionals should audit non-HIM PHI disclosure areas to ensure compliance with relevant laws. During the audit, HIM leaders should review a list of items for disclosures which includes date received, date delivered and more.

Train and Educate Based on Needs

Training is essential for safe and compliant enterprise-wide Release of Information. This goes for the HIM department as well as any other employees that release PHI. Well-trained ROI staff keep the flow of information running smoothly. Based on the individual department’s most common requests, ROI training should be focused on accuracy, include all HIPAA privacy basics, and include the following six PHI disclosure management fundamentals:

  1. Track and monitor each type of request being received.
  2. Define each type of request.
  3. Emphasize accuracy.
  4. Reiterate minimum necessary.
  5. Coach personnel on patient requests.
  6. Direct requests to HIM.

Establish HIM as the Enterprise-wide PHI Gatekeepers

Annual HIM reviews and continuous communication with other departments that release information are essential to mitigate breach risk, expedite payer reimbursement, and prevent a requester dissatisfaction crisis. Non-HIM staff are focused on their core competency areas and are rarely trained in proper PHI disclosure management. The result is often hasty PHI processing and increased risk of breach. To mitigate risk while also ensuring the appropriate ROI, HIM departments should maintain oversight of PHI disclosure management across the entire enterprise—not just within HIM.

Complete the form below to download MRO’s eBook “Breach Risk in Release of Information: Don’t Leave Risk to Chance” and learn strategic, enterprise-wide approaches to PHI disclosure management and mitigating breach risk.

DOWNLOAD MRO’S EBOOK “BREACH RISK IN RELEASE OF INFORMATION: DON’T LEAVE RISK TO CHANCE.”

Read More

Two Private Eyes on Your ROI: Quality Assurance in Release of Information

Quality Assurance in Release of Information

Small scale privacy breaches, like those caused by errors in the Release of Information process, can be just as damaging to healthcare organizations as larger breaches. The repercussions include both monetary penalties and reputational harm. With the stakes this high, it is important to ensure the highest levels of quality when disclosing Protected Health Information (PHI).

The Cost of PHI Breach

Although small breaches, affecting less than 500 patients per incident, are not usually broadcasted as widely as a large cyberattack, the financial impact is real.

• Each breach can cost between $8,000 to $300,000, not including HIPAA violation civil penalties.

• Penalties are rising to as much as $50,000 per breach with a maximum of $1.5 million annually for repeated occurrences.

• As many as 10 states now consider HIPAA to be the “relevant standard of care for state privacy violation claims brought by individuals.”

Release of Information – Risky Business

Criminal attacks and lost or stolen devices were the root cause of most PHI data breaches in recent years, but almost as many—40 percent—were due to “unintentional employee action,” according to 2015 survey results from the Ponemon Institute.

Unintentional employee actions include more than using the wrong fax number or mailing address when disclosing PHI. There are multiple points in the ROI process that can result in breaches.

• With typical ROI workflows, 20 to 30 percent of all submitted authorizations are initially found to be invalid. MRO’s research shows there are around 100 types of authorization errors.

• Five percent or more of patient data in Electronic Medical Records (EMRs) have integrity issues, including comingling of patient records.

• Well-trained ROI specialists will catch the majority of mixed records; however, with just one level of quality control, up to 0.7 percent will contain mixed patient data.

Additionally, in the typical ROI workflow, requests for health information come into a facility and are logged by onsite ROI staff that also handle many other responsibilities, such as: requester calls, support and issue resolutions, record retrieval, invoicing and collections, producing copies, and delivering records. There is no “second set of eyes” for Quality Assurance. This approach results in inefficiencies, distractions and increased errors.

Closing the Quality Assurance Gap in ROI

At MRO, we believe the best practice is to ensure “second set of eyes” Quality Assurance measures are taken across multiple steps of the ROI process. Not one, but two teams should check each ROI authorization for accuracy, in addition to checking PHI multiple times for accuracy, e.g. ensuring there are no comingled records.

Sophisticated ROI vendors will offer technologies to assist with this process – like MRO’s IdentiScan® record integrity application that uses optical character recognition to scan for mixed patient data. Technology, such as barcoding systems, can also be used to maintain shipping integrity.

Introducing MRO’s Two Private Eyes on Your ROI

If you subscribe to the Journal of AHIMA, or have visited MRO’s website or social media pages recently, you may have noticed our new campaign called Two Private Eyes on Your ROI. This theme was developed by the creative team at MRO. The idea was born while brainstorming ad concepts that could be tied into a Miami theme, with the 2018 annual AHIMA Convention being hosted in Miami Beach. What started as a Miami Vice theme quickly turned to a private investigator theme when the idea of “Two Private Eyes on your ROI” – a play on MRO’s “second set of eyes” redundant quality checks within our Release of Information workflow – was bounced around. Since the Miami Vice detectives were with the police force and not PI’s, we looked at famous private eyes over history and developed the characters Magnum PHI and SureLook Holmes.

Be sure to check out the “premier episode” of Two Private Eyes on Your ROI by visiting our microsite.

Join our blog mailing list

Read More