Record Requests610-994-7500

Step Up in Crisis

There are times in a person’s life where resilience is tested.  As I reflect upon this pandemic, I feel hopeful.  I say this because time and time again, we Americans have risen to challenges such as natural disasters, 9/11, the Great Depression, rationing during wars, etc.  I remember the extraordinary story of people forming a human chain into the ocean to rescue someone drowning.  I remember how I was assisted after Hurricane Katrina and we recently saw volunteers lined up in Nashville to assist tornado victims.  One of my city leaders said, “We have to face this with storm coming mentality.  That’s when we check on our neighbors and make sure they have a plan, especially elderly neighbors.  Let’s make sure they have groceries or whatever they need to stay home and stay safe.”  I love this sentiment- that in a crisis, we band together where the fate of us all matters more than the individual.  Surrender the ME to WE!

In wars, natural disasters, or pandemics, we are called upon to be our best selves.  It’s time for you to ask the question, “How can I be my best self in this pandemic?”  Staying calm and collected is important.  Anxiety about the future just inflames your immune system.  Live in the present.  The past is done, the future cannot be controlled, but the present is the state in which to live and appreciate the little things.  Minute by minute, hour by hour, day by day.  Preparation is important in a possible quarantine situation.  Yes, buy groceries for a couple of weeks, but don’t hoard.  I know someone who was worried about families who don’t have childcare, and she decided that she would volunteer to babysit.  How generous, she will make a difference and leave this world a better place.

Psychologist Gretchen Schmelzer wrote, “For most people worldwide, this virus is not about you. This is one of those times in life when your actions are about something greater, a greater good that you may never witness. A person you will save who you will never meet.  This isn’t like other illnesses and we don’t get to act like it is. It’s more contagious, it’s more fatal—and most importantly, even if manageable, it can’t be managed at a massive scale anywhere. We need this to move slowly enough for our medical systems to hold the very ill so that all can be cared for. There is still cancer, heart attacks, car accidents and complicated births. We need to be responsible because medical systems are made up of people and these amazing healthcare workers are a precious and limited resource. They will rise to this occasion and work to help you heal. They will work to save your mother, father, sibling, grandparent or baby. For that to happen, we have important work to do.  Yes, you need to wash your hands, stay home if you are sick and comply with all social distancing rules.  But the biggest work you can do is to expand your heart and your mind to see yourself and your family as part of a much bigger community that can have a massive impact on the lives of other people.”

I’ve already seen amazing stories happening- the patron who left a $3,000 tip at a restaurant for workers to split, people delivering groceries to those in need, stores dedicating hours for elderly shopping and many more.  Let’s share these stories to encourage others.  Imagine if we can make our response to this crisis our finest hour.  Hopefully, we can look back and tell stories of how we came together as a team in our community, our state, our nation and across the world. Your contribution to the finest hour may seem small—but every small act of kindness adds up exponentially to save lives.

At MRO, we have an incredible team and a culture we’re so proud of.  I recently shared with our team, that if they start to feel stressed, take a deep breath and practice mindfulness.  One thing that always works for me is to name 5 things for which I’m grateful for right in this moment.  It eases your anxiety.  Rely only upon reputable sources for information.  Unplug for a while to de-stress.  Now is a great time to journal your daily thoughts.  You’ll appreciate reading them in the future.

Interested in learning more? Request the playback of my recent webinar, Effective Leadership During COVID-19.

Join our blog mailing list

Read More

MRO’s Everyday Heroes: A Motivational Initiative

I have a fabulous job title: Senior Director of Motivation and Development. When I meet people, they often comment on my title, saying it’s intriguing and then ask what I do. The development aspect of my job at MRO Corp. includes managing all the training content—creating engaging lessons within our learning management system for our large, diverse workforce. But the truly heartwarming and rewarding part of my job is the motivation aspect. It is my responsibility to manage a program that inspires our workforce. I often joke that I get to play MROprah!

Creating Everyday Heroes

The biggest piece of our motivation plan is a program called Everyday Heroes, which celebrates team members who go above and beyond in their job performance. On a bimonthly basis, we produce an Everyday Heroes Newsletter that tells stories about how the actions of a team member touched someone’s life. The stories come from a variety of sources, but each one is about an MRO customer who received outstanding service and took the time to email an employee’s manager. Sometimes these happy customers send a gift of appreciation or call MRO to say they had a wonderful customer service experience. By far, most of these satisfied customers are patients whose lives have been touched.

Additionally, there are customers such as attorneys, insurance company representatives and our clients who write lovely letters to sing someone’s praises. Sometimes a staff member is asked to tell a noteworthy story about their own MRO coworker. Further, the newsletter features a section called “My Manager Cares” where an employee nominates a manager for excellent leadership and an inspirational skillset.

I recently shared with my daughter that one of my career accomplishments I’m most proud of is being able to touch one person’s heart. This is a privilege I treasure. As the Everyday Heroes program begins its fourth year this January, our CEO asked me how we find all the stories. I explained that inspiration is contagious, so team members and managers continue to send me great material.

I like to say, “We don’t just disclose health information, sometimes we save lives.”

Celebrating Great Customer Service at MRO Corp

Many ROI specialists who handle patient walk-in requests often say the most enjoyable part of their job is making a difference in a patient’s life. Our program celebrates these moments and gives people recognition for great customer service. When acknowledged as an Everyday Hero, honorees receive a gift box with a gift card, an MRO Hero frame containing their story, a candygram and a chance to enter a drawing for a big cash prize. Historically, we’ve had around 60 team members per year receive this honor. At the end of each year, we randomly draw three Everyday Heroes and one “My Manager Cares” for the big cash prize.

How We Make a Difference

As I reflect on all the newsletters I’ve written over the years, some memorable stories come to mind. In one case, a patient was in the middle of surgery when a report from an old chart was needed. Our staff member made the request a top priority and walked the report to the surgery area.

In another case, a husband came in to obtain his wife’s report, explaining that she was in the car because she had difficulty walking. To make things easier, our staff member walked to the requester’s car to obtain the patient’s signature on the authorization form.

Another story that comes to mind featured a manager who stayed at work in the Distribution Center during a blizzard because many employees were unable to get to work. It’s so great to hear, “I have been working for many years with many bosses, but I have never had a manager make a difference in my life the way my MRO Manager has done.” Heartwarming, inspirational, making a difference. We care!

Here are some photos of gifts that have been received by staff members:

 

 

 

 

 

 

 

To stay updated on our heartwarming and inspirational “Everyday Heroes” sign up to receive MRO’s newsletters. 

Stay updated on our heartwarming and inspirational "Every Heroes" by signing up to receive MRO's Newsletters.

Read More

Using the CRIS Test to Evaluate ROI Competencies

Using AHIOS’s CRIS test to evaluate Release of Information competencies of their staff is a best practice that every healthcare provider organization should consider to protect patient privacy and mitigate risk. Mariela Twiggs, MS, RHIA, CHP, FAHIMA, Director of Motivation and Development for MRO, and Education Chair for AHIOS, discusses the importance of using this powerful tool.

Read More

Training Business Office Staff on PHI Disclosure Management

Millions of payer requests for medical records are sent to hospital business offices every day. Business office staff are often tasked with gathering and releasing Protected Health Information (PHI) to payers in a very short amount of time to get claims paid. During this rush to meet payer deadlines and expedite claims, human mistakes can be made. Critical steps of the Release of Information (ROI) process may be skipped or accidentally omitted. This increases PHI breach risk.

To ensure business office disclosures are kept safe and secure, organizations should train their staff on disclosure management using the same information, curriculum and courses presented to Health Information Management (HIM) teams. Below is a video where I discuss MRO’s unique approach for training and educating employees, as well as five PHI disclosure management topics to train your business office staff on.

PHI Disclosure Management Training/Education at MRO Corp.

Five PHI Disclosure Management Topics to Train Your Business Office Employees On

1) ROI and HIPAA Basics

Ensure employees understand the definition of HIPAA (Health Insurance Portability and Accountability Act), the privacy rule, ARRA HITECH Omnibus, PHI and differences between federal versus state law. This distinction is especially important for business offices that process requests for care locations across different states.

Another important topic to cover is the Health and Human Services (HHS) minimum necessary guidance under the HIPAA privacy rule. This guidance helps organizations determine what information can be used, disclosed or requested by payers for a specific purpose. Business office staff need to know which parts of the record to send to the payer. By training business office staff to fully understand and apply the minimum necessary guidance, organizations tighten privacy and mitigate breach risk.

2) Medical Record Components

Make sure to define the various components of the medical record to business office staff. These components include: common documents, various types of encounters, properly documented corrections and amendments.

3) Confidentiality and Legal Issues

Outline the legal health record concept and what it includes for your organization. Additionally, all the various confidentiality and legal issues should be explained in full detail.

4) Types of Requests

List all the various types of requests that might be received in the business office. For each category, differentiate which are part of Treatment, Payment and Healthcare operations (TPO) and which are not. Those that fall outside of TPO require a patient authorization and should be forwarded to HIM for processing. For a list of types of requests to discuss, read this article.

5) Sensitive Records and Special Situations

Identify and describe specific PHI disclosure management practices related to sensitive records. These cases can include information on genetics, HIV/AIDS, STDs, mental/behavioral health, substance abuse, deceased patients, minors and other sensitive issues. Federal and state legal issues may be involved with these and business office employees should be aware of them.

If you’re concerned about the ability of business office or other staff to properly and securely process requests, a centralized ROI model may be your organization’s safest approach.

To sign up for future blog posts, complete the form below.

Join our blog mailing list

Read More

A Lesson in Staff Retention: 15 Reasons Why MRO’s Employees Stay

On May 1, 2017, MRO celebrated our 15th anniversary. As the company continues to grow and evolve, we keep a focus on our “people” – hiring, training and retaining the best and brightest in the industry. Employee retention isn’t an easy feat in the Release of Information (ROI) industry – in fact, the average turnover rate for ROI staff is around 40 percent. At MRO, we keep our turnover at an impressively low 15 percent.

To celebrate our 15th anniversary, we collected a list, through a voluntary employee survey, of the top 15 reasons MRO employees love their release of information jobs. Any employer can learn a lesson or two from the results.

15 Reasons MRO Employees Love Their Release of Information Jobs

  1. Great managers – Managers are a huge indication of employee job satisfaction, and a major reason employees stay or go. At MRO, we have programs to develop enthusiastic managers who coach team members to be successful.
  2. Flexible scheduling – People cherish the ability to maintain work life balance.
  3. Enjoyable work – When work is fun and meaningful, employees tend to go the extra mile. I heard an anecdote that really encapsulates this idea. It goes like this: three people were crushing rocks side by side at a construction job, when they were asked, “What is your job?” The first person answered, “My job is to do whatever I am told so I can get a check.” The second person replied, “My job is to crush rocks.” The third person said, “My job is to build a temple.”  Ask yourself, which of these workers do you think is the happiest?
  4. Coworkers – They’re the best! At MRO, we treat coworkers with the same level of customer service as anyone else.
  5. Growing company – MRO has been listed on Inc. 5000’s fastest growing companies list for two years in a row. When a company is growing, not only is it exciting, but it’s an indication of stability.
  6. Fast-paced and exciting jobs – Fast-paced jobs make the day go by. Nobody wants to be bored with all the time we spend on the job!
  7. Making a difference – We are all in search of a clear and driving purpose for our lives, and want to contribute to something bigger than ourselves. At MRO, our work world offers a great opportunity for people to connect with a purpose. We make a difference in the lives of patients, requesters and our clients by getting the right PHI to the right requesters, on time. We remind our teams regularly that they are “everyday heroes.”
  8. Career advancement and promotion opportunities – Developing employees, and promoting within, support a positive culture. That’s our approach at MRO. We also encourage our credentialed health information management (HIM) staff to pursue their educational goals by contributing towards membership dues to the American Health Information Management Association (AHIMA).
  9. Team culture – When everyone is in harmony, working towards a team mission, employees tend to be fulfilled. At MRO, we take pride in our culture, which is based on MRO’s core values of passion, accountability, respect, trust, nurture, excellence and reputation.
  10. Valued ideas and opinions – Everyone wants to be heard, and employees with great ideas can make a huge impact on a company’s success, from improving efficiency with technology ideas, to enhancing quality and service through recommending adjustments to workflow.
  11. Leadership that cares – Leaders, from executive management to direct managers, can cheer staff to achieve their highest levels of excellence.
  12. Stability – When a company is stable, employees have one less thing to worry about. Employees can rest assure with job security, benefits, wages, etc.
  13. Great benefits – Employees don’t take these for granted! Healthcare insurance, personal time off, etc., all support an employee’s wellbeing, attitude and commitment to the company.
  14. Company reputation – MRO has been rated #1 by KLAS for four years in a row, and noted for having both the highest quality and fastest turnaround times in the ROI industry. It’s inspiring to be part of a company that is rated top in its field!
  15. Training programs – People want fun, interactive and easily accessible training – not a boring, old PowerPoint template that has been in use for ten years. MRO Academy is MRO’s primary training tool, offered via a web-based learning management system. Training is continuously updated and offered through the virtual platform.

Other reasons MRO employees listed for loving their jobs included competitive wages, educational opportunities, employee recognition, fun events and charity activities.

In an incredibly competitive business environment, hiring and retaining top talent can be challenging. However, if you listen carefully to what your employees say they love about working for your company – and continue to do more of that – chances are you’ll keep the best of the best working for your organization.

Sign Up for Future Blog Posts

Read More

Virtual Academy recap: Six Tips for Business Associate Compliance

 

Businesspeople Sitting In A Conference Room Looking At Computer Screen

HIPAA compliance for Business Associates (BAs) was the topic of MRO’s AHIMA Virtual Privacy and Security Academy session this month. I presented alongside my colleagues Sara Goldstein, Esq., general counsel and Rita Bowen, MA, RHIA, CHPS, SSGB, vice president of privacy, HIM policy and education.

During this three-credit course, we discussed how BAs must now comply with the HIPAA Security Rule and certain provisions of both the HIPAA Privacy Rule and the HIPAA Breach Notification Rule. We emphasized that BAs can be held liable for violating these rules, as well as for violations by their subcontractors.

We also covered several best practices BAs can follow to stay HIPAA-compliant and avoid liability, which you can learn more about in Sara Goldstein’s recent post.

Although it’s difficult to summarize all of the valuable insight shared during our session, the six major tips offered by our experts included:

1. Check your insurance policy
Verify insurance coverage in the event of a HIPAA violation.

2. Conduct regular internal and third-party audits
Regular internal and third-party technical audits are the foundation of implementing Security Rule administrative, physical and technical safeguards.

3. Consider applying for Health Information Trust Alliance (HITRUST) certification
HITRUST provides an information security framework to harmonize standards and regulations.

4. Implement the right technologies
Utilizing technologies like encryption, access tracking software and record integrity applications, powered by optical character recognition (OCR) software, can also drive BA HIPAA compliance.

5. Document compliance programs
Business Associate Agreements (BAAs) can ensure HIPAA compliance, and hold subcontractors liable for potential violations.

6. Invest in training and education
Workforce members should undergo formal training at least once a year on privacy, security and compliance, as well as on federal and state disclosure laws, and the healthcare organization’s policies and procedures.

After covering these topics, the Virtual Academy session concluded with a fun, educational and impactful group activity where participants were assigned disclosure management case studies that explored how to identify HIPAA violations and breaches. Rita Bowen and I then tested the participants on their knowledge.

MRO’s team will delve more into the topic of BAs in the next session of AHIMA’s Virtual Privacy and Security Academy: “Advanced Business Associate and Subcontractor Management” on November 9, 2016. If you are interested in attending the session, please fill out the form below and you’ll receive MRO’s promo code for a 15 percent discount.

Receive a 15% Discount for AHIMA's Privacy and Security Academy

Read More

Privacy and security series, part 3: Prevent ransomware from holding your organization hostage

Data Breach

For the second year in a row, cyberattacks were the leading cause of data breaches in healthcare, according the Ponemon Institute’s recently released “Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data.”

Ransomware, malware and denial-of-service (DOS) attacks are the most common and growing cyber threats facing healthcare organizations, according to the study. Protecting your organization from an attack, however, is highly feasible if you pursue a rigorous and consistent program of employee training, testing and IT system updates.

Increase in cyberattacks led by ransomware and DOS

Most ransomware attacks—the hijacking and encrypting of an organization’s data by cybercriminals—are caused by employees clicking a malicious link in an email or opening a file that spreads a malware virus, effectively rendering data inaccessible.

The virus typically includes a ransom message demanding payment, frequently in bitcoins, to unencrypt the computer or server. Cybercriminals are aided by a “dark web” presence, where they can partner with other criminals to execute attacks.

Since data drives safe and effective healthcare decisions, organizations often pay the attackers’ ransom when operations are crippled. Ransomware, however, may also be considered a breach, although not all organizations have been reporting these types of attacks to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR).

Educate staff and implement safeguards

OCR is currently working on guidance for reacting to and reporting ransomware, but there are three essential steps healthcare organizations should take today to help avoid becoming a victim:

  • Education: Employees should be trained about the threat of ransomware—not to click on suspicious links or attempt to access unknown flash drives, and to report suspicious emails.
  • Testing: Once a year phishing exercises to test employees’ training are not enough to prevent the next attack. These tests need to be continually repeated at random to drive employee compliance with security policies and procedures.
  • Updates: Organizations need to follow recommended IT-management practices, including implementing software patches, anti-virus updates and other software tools immediately as they become available.

At MRO, we seek to mitigate breach risk from all angles, from our Quality Assurance-infused Protected Health Information (PHI) disclosure management workflow to ensuring our staff is properly trained to avoid cyberattacks. Training quality is ensured through MRO Academy, our rigorous and required online educational and testing platform, with the most up-to-date HIPAA regulations and Release of Information (ROI) requirements at the federal, state and facility level. To learn more about MRO’s training and education programs, click here.

Join our blog mailing list

Read More

Privacy and security series, part 1: OCR protocols for phase 2 HIPAA audits

Audit photo for OCR audit blog

On March 21, 2016, the Director of the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR), Jocelyn Samuels, announced the launch of Phase 2 of its HIPAA compliance audit program for covered entities and business associates. Expanding upon Phase 1 audits conducted in 2012, Phase 2 audits will use newly released audit protocols.

What to expect
Starting this month with limited-scope desk audits until July and on-site full compliance audits later in 2016, Phase 2 of the HIPAA audit program is now in effect. Additional details on what to expect from the audits are outlined in our previous Phase 2 audits blog post, which can be accessed here . In this post, we’ll take a look at the recently announced audit protocols that were not yet released during our last post, and how your organization can ensure it’s prepared.

The new audit protocols are more specific than the previous audit protocols, addressing documentation requirements more comprehensively than the 2012 version. In total, there are 169 audit protocols: 78 for security, 81 for privacy and 10 for breach notification. Approximately one-third of the protocols ask for documentation, which will need to be submitted electronically to the OCR’s new secure online portal. With regard to privacy, the major areas are 1) uses and disclosures, 2) minimum necessary standard, 3) patient rights, 4) notice of privacy practices, 5) business associates and 6) administrative requirements.

How to prepare your organization
The best way to get ready for these compliance audits is to prepare the workforce and assemble an audit team that can communicate effectively with senior management and champion compliance activities. Here’s how to get started:

  • Educate the team: Present information on the audit protocols and inquires, reviewing how and where your organization’s relevant documentation can be accessed for potential audit requests.
  • Conduct internal audits: After the review, a mock audit team could be assembled to simulate complying with some or all of the Phase 2 audit protocols.
  • Address potential gaps: The mock audit should help identify areas where policies and procedures may be lacking or insufficiently documented. Those corrections should be completed before the Phase 2 desk audits begin.

Although the OCR released the protocols prior to soliciting input, they invite the public to submit feedback by emailing OSOCRAudit@hhs.gov.

All of the audit protocols are available on a user-friendly spreadsheet created by MRO to assist with your organization’s preparation. To download the reference tool, please fill out the form below.

SIGN UP TO RECEIVE MRO'S USER-FRIENDLY AUDIT PROTOCOL SPREADSHEET

Read More