In a Journal of AHIMA article, MRO’s Greg Ford and Rita Bowen discuss payer access to electronic health record (EHR) systems, and how providers should recognize that they have choices about how to share this data. By carefully evaluating the benefits and risks to their organizations and patients, providers can protect themselves against inherent risks related to financial health, privacy, security, and information governance.
Last month I had the privilege of presenting the first installment of MRO’s 2019 PHI Disclosure Management Webinar Series to healthcare professionals across the country about the rising tide of payer requests for medical records. Judging by the attendance and feedback, it is a topic that garnered a lot of attention. Based on the high level of interest, MRO plans to continue to provide content on this topic. Here is an overview of “The Rising Tide of Payer Requests for Medical Records: How to Shore Up Your Defense” presentation.
Payer Audits vs. Reviews
First, we covered the difference between audits and reviews as it is important to make the distinction and not group them together in the same category. DRG audits (post-payment audits) are not the provider’s friend. As payers attempt to review records for paid claims to recoup payment from the provider, audits occur throughout the year. Payers review the record to make sure the claim and record information match, so they can determine if the claim has been overpaid and recoup funds if necessary. These audits are typically time sensitive and due within 30 to 45 days of the date on the request letter.
The other category, reviews, includes HEDIS (Health Effectiveness Data and Information Set) and Risk Adjustment (Medicare Advantage, Medicaid, and commercial) requests. Review requests are seasonal projects that do benefit payers, but providers are not subject to negative financial impact and requests should be prioritized accordingly. The payer may impose an unrealistic time frame of 10 to 15 days when in reality there’s a broader time frame. Because HEDIS and Risk Adjustment reviews are seasonal, providers have more than 30 to 45 days to produce records.
Payer Requests for Medical Records: Deep Dive into Trends, Issues and Statistics
Next, we examined the current environment, trends, issues and statistics related to rising payer requests for medical records. It is common that audits (year round) and reviews (seasonal) overlap, causing a burden on HIM departments. HEDIS and commercial Risk Adjustment projects overlap with HEDIS, running from January through early May, and commercial Risk Adjustment running from September through mid-April. In addition, Medicare Risk Adjustment projects are beginning earlier every year. MRO has already seen requests come in during April 2019.
In recent years, healthcare organizations have experienced a steady increase in DRG/post-payment audits and HEDIS/Risk Adjustment reviews. According to MRO statistics from 2017 to 2018, overall payer requests increased 70 percent due to a significant upsurge in core categories—DRG audits up 52 percent, HEDIS reviews up 62 percent, and Risk Adjustment reviews up 80 percent.
Handling Large Audit and Review Projects: Recommended ROI Workflows
The growing trend of payer requests for medical records may seem overwhelming at times, but there are solutions to lessen the burden on HIM departments. The presentation also provided the following recommended Release of Information (ROI) workflows for handling large review projects:
- Build stronger relationships with payers and health plans to better manage the surge in medical ROI. Establish project due dates instead of 30-day completion.
- To offset the cost burden associated with producing these high-volume review requests for records, ensure the health plans will compensate for the records provided in a timely manner.
- Ask your ROI vendor to work directly with the health plan to coordinate disclosure management instead of using internal staff or engaging a third-party vendor. Establish project due dates, rates and electronic delivery.
- Use your ROI vendor’s remote services capabilities to process these large review projects so that HIM labor resources can focus on the daily workload.
Managed Care Contracts: Medical Record Language
Understanding the medical records section of the managed care agreements also plays an important role in how payers request medical records. An organization’s managed care agreement governs the payer/provider relationship and includes a medical records section that specifies the payer cost to audit a healthcare provider. Unfortunately, the medical records section is often a low priority because the managed care team may not understand the burden on HIM or the financial risk for the entire organization. The presentation provided details of recommended language for managed care contracts to ensure optimal outcomes for provider organizations. You can learn more by downloading the slides.
Payer Access to EMRs
The last topic covered the emerging concerns around payer requests for direct access to EMRs. Payers want access to medical records for the aforementioned reasons (post-payment audits, HEDIS, Risk Adjustment) and for initial claims processing. Payers are making a variety of proposals as to the types of access they would like to be granted. These levels of access and aggregation of records have different levels of associated risk. Here are four areas of concern for providers and patients:
- Financial—Direct, automated access to a wide band of patient records will facilitate the growing trend of post-payment audits, denials and recoupments.
- Privacy and Consent—Unlike the healthcare community, payers have not earned patients’ trust to serve as custodians of their most personal and private information. Learning of payer aggregation and storage of these records by payers is not a practice patients would approve, and learning of it after the fact could lead to strong patient dissatisfaction.
- Information Governance (IG)—Automated sharing of full patient records with payers, and aggregating those records for permanent use, raises multiple legal and IG concerns. These include managing distributed health records, meeting HIPAA requirements for minimum use and correction of errors, and inadvertently sharing encounters for which the payer was not the guarantor.
- Security—Automated access to health data by payers increases a provider’s exposure to cyberattack, and the aggregation and storage of that data in the payer’s IT system widens the potential exposure to large-scale breach.
The presentation included recommendations for payer access to EMRs. For those details, please complete the form below.
Request a copy of the presentation below
In an HFMA article, MRO’s Greg Ford, Senior Director of Requester Relations and Receivables Administration, discusses strategies for managing payer requests for medical record copies, including tips on how to update language in managed care contracts to mitigate financial, privacy and security risks.
MRO’s Greg Ford, Senior Director of Requester Relations and Receivables Administration, offers practice guidance and strategies to HIM departments trying to cope with rising demands for the disclosure of PHI during payer audits and reviews.
Listen to MRO’s Greg Ford, Director of Requester Relations and Receivables Administration, discuss HEDIS Reviews.
MRO’s Greg Ford, Director of Requester Relations and Receivables Administration, discusses best practices for eliminating redundancies and easing workflows during the HEDIS review season in a RACmonitor article titled “Four Tough Questions About HEDIS Review in 2018.”
In a HFMA blog, MRO’s Greg Ford, Director of Requester Relations and Receivables Administration, offers insight and tips on how to prepare for HEDIS Reviews.
Three major types of payer record reviews are conducted every year: Healthcare Effectiveness Data and Information Set (HEDIS), Medicare Risk Adjustment, and Commercial Risk Adjustment. A HEDIS Review, in particular, is performed by a payer or health plan to measure the quality and effectiveness of care delivered to their covered patient populations. They are the smallest of the three major payer reviews and occur every year from January to mid-May.
As the volume of payer and health plan reviews continues to sky rocket, millions of patient records are requested. From 2016 to 2017, payer review requests to MRO clients increased by 14%, with HEDIS Review requests increasing from 2% to 3% of the total Release of Information requests processed by MRO nationally.
A recent article in HIM Briefings about HEDIS Reviews details benefits, lessons learned, and what to expect. Below are three important tips that are outlined for providers to prepare for the upcoming HEDIS Review season.
Tips for Managing Payer Requests During the Upcoming HEDIS Review Season
In working with payer record reviews, several practical strategies have emerged to minimize payer-provider abrasion and reduce operational costs. Providers should take a proactive approach and follow these three tips:
1) Engage early.
The National Committee for Quality Assurance (NCQA) is proactive in announcing which quality measures will be targeted for review in the year ahead. For example, the 2018 NCQA quality measures are now published and available to both providers and payers. Proactive providers should reach out to their contracted payers and health plans in December or January to discuss the upcoming HEDIS Review season. With the potential for thousands of medical records to be requested between January and May, two conversations are critical: expected volumes and reimbursement for the provider’s efforts. Keep in mind this dialogue sets the tone for the relationship.
2) Determine expected volumes.
The most important conversation that should occur between payer and provider is about determining the number of record requests that will be received. Be sure to plan ahead for the increased staff workload needed to produce the required medical record documentation. The number of requests depends on the size of the hospital or the healthcare system. Each payer has a designated HEDIS Review team responsible for the program. Contact the team lead or local health plan representative to schedule this conversation during the HEDIS Review planning period in December or January.
3) Set rate for records.
The initial perception in the industry suggested that providers could not charge payers for the time, manpower, and mailing costs associated with producing records for a HEDIS Review. However, this is not the case. Payers understand the tremendous staff burden on providers and are willing to reimburse them for their efforts.
How Your Release of Information Vendor Can Help
At MRO, we utilize our industry knowledge and “easy to work with” approach to create partnerships with payers and their vendors to streamline the processing of HEDIS Review, Medicare Risk Adjustment and Commercial Risk Adjustment projects. This process includes establishing a rate per chart for these projects, as payers are willing to pay for review requests regardless of the language in the managed care contracts. We have found that most payers are reasonable and understand the cost associated with producing these high-volume requests. Hence, why they are willing to pay for them. MRO ensures that the cost of producing these records is not a burden on our clients.
Watch the below video interview to learn more about reducing payer-provider abrasion, and what MRO is doing to help providers handle these payer review requests.
To sign up for future blog posts, complete the form below.
Join our blog mailing list
MRO’s Greg Ford, Director of Requester Relations and Receivables Administration, offers his insight on the topic of payer requests for patient records in a HIM Briefings article titled “Payer requests for records skyrocket as HEDIS season looms.”
Best Practices for Disclosing Protected Health Information from the Hospital Business Office