Record Requests610-994-7500

MRO and AHIMA celebrate you: the Health Information Professional

Blog 26 photo - P&S month Hynes

Because privacy and security is at the heart of our business activities, MRO is proud to be the premier sponsor of AHIMA’s Privacy and Security Month in April. We’re kicking off the month by celebrating Health Information Professional (HIP) Week, held April 3 – 9 with the theme: “Accurate Information, Quality Care.”

This theme hits home for us at MRO, as we are committed to delivering the highest levels of accuracy and quality in Release of Information (ROI). As a confirmation of this commitment, in early 2016, MRO was named the KLAS Category Leader for ROI services in the 2015/2016 “Best in KLAS” report. This is the third consecutive year that MRO was rated #1, and another year in which our focus on service quality was recognized by KLAS.

With each passing year, MRO continues to grow and advance as a result of our clients’ candid feedback to KLAS and MRO management. We also benefit from their excellent references and unwavering commitment to HIM professional principles and our business partnerships. We would like to take a moment to express how truly grateful we are to our clients: Thank you!

Giving back to the HIM community
As part of our privacy and security celebration, we are also sponsoring AHIMA’s Virtual Privacy and Security Academy, which is designed to advance the knowledge of industry professionals. This three-part series occurring throughout the year will provide individuals with the most up-to-date information on privacy and security and the impact of existing laws and regulations. Not only are we a sponsor, but we are also very proud to announce that MRO’s own industry leaders are presenting these sessions.

• Advanced Breach Management: Wednesday, April 27, 10 am – 12 pm Central
• HIPAA Compliance for Business Associates: Wednesday, August 17, 10 am – 12 pm Central
• Business Associate and Subcontractor Management: Wednesday, November 9, 10 am – 12 pm Central

You can register to attend a single session or all three sessions in the AHIMA store, and if you are unable to attend live, recorded formats will be shared after each event.

In honor of Privacy and Security Month, HIP Week and our appreciation of the HIM community, MRO is happy to offer clients and friends who sign up for these sessions a 15 percent discount off the AHIMA member price. To receive more details about the Academy sessions and our discount promo codes, please complete the below form (scroll to the bottom of the blog page). It’s a small token of thanks from us to a group of dedicated, hard-working professionals who uphold the highest standards of integrity across the industry and who perform their duties masterfully throughout the year. We hope these educational sessions help safeguard your organizations and strengthen your career.

Receive a 15% discount

To receive MRO’s promo codes to receive a 15% discount off your Virtual Privacy and Security Academy registration, please complete the form.

Read More

CEO Spotlight, Part 2: Steve Hynes describes how MRO will lead the way amid the changing health information marketplace

Last week, we featured part 1 of our discussion with MRO’s CEO Steve Hynes where he described how the company evolved since its founding in 2002. In part 2 of that discussion, Steve looks to the future to explain how MRO’s technology will continue to innovate in the increasingly complex world of health information management (HIM) and exchange (HIE), and how healthcare organizations will be able to continue to rely on MRO’s technology, service and expertise to ensure their Protected Health Information (PHI) is safeguarded.

Q: Why do you think MRO continues to lead the industry in regards to its technology and innovation?
We put a lot of focus and resources into our technology vision in terms of making PHI exchange in the electronic age more secure, efficient and compliant with HIPAA and state regulations. David Borden, our chief technology officer, has done an excellent job of being our visionary in terms of technology. As provider and requester IT needs evolve, it is important for MRO to evolve with them. While we are in the service business, technology is a critical tool for delivering quality service.

Q: What do you see as the most pressing challenges facing healthcare provider organizations in 2016 and beyond in regards to exchanging health information?
A few of the challenges include merging disparate systems from within healthcare organizations and maintaining patient privacy as certain types of disclosures become more automated via HIE and interoperability. Having privacy and security experts, such as MRO, in their corner is essential in facing these challenges. We will continue to evolve our service and technology offerings to help healthcare organizations meet these challenges.

Q: Do you have any examples?
Sure, in 2016, we are rolling out a suite of health information technology (HIT) integrations called MROeLink® to streamline ROI workflows and improve accuracy through automation of the process. Additionally, we are expanding the capabilities of IdentiScan®, our proprietary Quality Assurance (QA) application that identifies comingled patient records. Soon, it will assist in quality checking every page of released documentation, ensuring the highest levels of accuracy; we are also exploring additional use cases to leverage this technology for data integrity purposes outside of the release process.

Q: How will you measure success for MRO?
In many, many ways, but in the end I have two primary metrics: our client retention rate and our KLAS rating. I don’t mean to minimize other metrics, but if we get those right, which we have thus far, then we will be successful.

To learn more about Steve’s vision for MRO and health information exchange, please watch the video below.

Join our blog mailing list

Read More

CEO Spotlight, Part 1: Steve Hynes discusses MRO’s steadfast adherence to innovation, compliance and client service

When MRO was founded in 2002, the healthcare industry was significantly different than it is today. Electronic medical records (EMRs) were in their infancy, and faxing and postal mail were the primary methods of compliantly exchanging Protected Health Information (PHI).

Fast-forward to 2016, and electronic PHI (ePHI) exchange is everywhere. While more efficient to manage, ePHI also raises new challenges and risks for healthcare provider organizations. With the start of the New Year, it is the ideal time to discuss the evolving state of PHI exchange with MRO’s co-founder and CEO, Steve Hynes, and how MRO will help clients rise to the challenges and mitigate those risks. In the first part of this discussion, Steve describes how MRO has evolved since its founding. In part two, Steve will describe what he sees for the future of MRO and the healthcare industry.

Q: How has your vision for MRO evolved since the company was founded in 2002?
When we founded MRO, our focus was on building a Release of Information (ROI) platform that would enable healthcare providers to process ROI in-house while partnering with MRO to provide Quality Assurance (QA), requester customer service and fulfillment, such as billing, collections and distribution. This is still what MRO offers as our ROI Shared Services model today. Since then, we have evolved our platform to be leveraged in fully-outsourced Staffed and Centralized Remote Services models that provide flexibility to meet client needs. We’ve also enhanced the platform to include new technology features that enable clients to exchange PHI at the highest accuracy and efficiency rates.

With a continued focus on innovation, technology and unparalleled service, MRO’s vision has expanded beyond ROI to address the many privacy and security compliance challenges healthcare organizations face in today’s age of information exchange and interoperability.

Q: What changes in the healthcare industry and/or MRO caused your vision to evolve?
EMR systems and health information exchange (HIE) have fundamentally changed the way healthcare organizations manage and share PHI. Health information management (HIM) and a myriad of other departments in a healthcare enterprise are accessing and exchanging ePHI with more requesters than ever before. There are several reasons behind the increased demand for medical records from patients and third-party requesters, such as the rising tide of payer audits that may require providers to share thousands of records at a time.

MRO was ahead of the curve in addressing these issues by enhancing our technology and expanding our service offerings so we could help organizations manage and share PHI more efficiently and productively, while improving HIPAA compliance in their exchange processes.

Q: What are some aspects of the vision that haven’t changed?
We set out to build the best PHI disclosure management platform in the industry and that remains an important component of our value proposition. In 2016 and the coming years, we will continue to enhance the platform with additional functionality and safeguards as ePHI exchange continues to expand across the industry. However, our vision will always include an unwavering focus on exceptional service quality.

Q: To what do you attribute MRO’s significant growth over the years, particularly in 2015 when the company was named to Inc. magazine’s 5000 fastest-growing companies?
We have built a client-first culture that cuts across our entire organization. This enables us to be responsive to client needs and drives a high client retention rate. You can’t grow if you don’t retain your clients! Our move in November 2015 to our new larger National Service Center near our former corporate offices demonstrates that commitment to our culture.

To learn more about how our National Service Center serves our clients, watch our facility video here.

Join our blog mailing list

Read More

4 ways a high-quality PHI disclosure management team can bring home Release of Information touchdowns

Winter is almost upon us. We’re deep into the football season. And, I’ll be settling in at home to watch the local Philadelphia Eagles play the Buffalo Bills this weekend.

I’ve watched the home team struggle this season, and I can’t help but think about what makes some teams more successful than others. I believe that great teams need solid training and coaching, plus the confidence that comes with practiced experience, to choose and execute the right play at the right moment as part of a winning strategy. Just as it does in the game of football, this counts in the business of ensuring efficient and compliant disclosure of Protected Health Information (PHI), too.

To manage Release of Information (ROI) in the best interests of the patient and for timely, informed care, a Health Information Management (HIM) team needs to protect the ball (or the request) and deliver it (and its associated PHI) safely over the goal line time after time. In that spirit, the following are four ways your PHI disclosure management team can bring home ROI touchdowns:

1. Preparation. Having a great playbook means being prepared with a set of plans for a variety of situations. Each player (or ROI specialist) should be trained and ready to take the best-practice action in each case. This kind of proactive approach can help prevent fumbles in the request completion process.

2. Know the rules. Knowing the rulebook is also essential to the game. With ongoing changes to the HIPAA Privacy & Security rules, as well as the need to comply with state law, healthcare organizations must ensure that all requirements are met. HIPAA guidelines may be overruled by state law, and the regulations that apply in one state may not exist in another. To be in compliance, the organization needs to understand the variant situations and adjust processes appropriately.

3. Performance measurement. Measuring, reporting and reviewing performance are also crucial to ensure that productivity, turnaround, Accounting of Disclosures and other key areas are all running at their peak. It’s much like watching the game films at practice the next day to determine exactly what took place and then figure out how to execute better next time. Likewise, thorough risk assessment will allow the team to eliminate any openings in its defense.

4. Strong coaching. Team members should receive a formal program of ongoing learning led by highly qualified “head coaches” where they gain knowledge and learn good judgment which results in strong productivity and highly accurate ROI deliveries. Learn more about MRO’s training and education programs on our website.

As part of their strategy, many organizations choose to outsource PHI disclosure management rather than maintain their own team and processes. Fortunately, MRO is positioned to take it all on and consistently score for our partners. MRO offers the type of team I have described here plus state-of-the-art technology all integrated into a proven, standardized workflow that helps enforce HIPAA-compliant policies and procedures across the multiple departments that disclose PHI.

A successful PHI disclosure management strategy should be dedicated to using all available resources to win the game and the season, and a strong, focused team is a key component. MRO’s winning team delivers high-quality results every day.

Join our blog mailing list

Read More

Reputational damage of data breach the most lingering consequence

Data Breach - Steves Blog

Few other industries emphasize and value reputation more than healthcare, especially when it concerns patient care quality and experience. When a provider organization discloses Protected Health Information (PHI) to an unauthorized party, that organization’s reputation can suffer significant damage. Reputational damage is just one of the elements that I described in my last post about the financial risks of a PHI breach, but I wanted to focus on it exclusively in this post because the consequences are so far reaching beyond financial penalties.

I also want to emphasize that healthcare organizations can help prevent the lingering reputational damage associated with a breach by partnering with a PHI disclosure management vendor that offers state-of-the-art technology and a highly trained and knowledgeable staff who are experts in HIPAA compliance and avoiding breaches.

Patients key stakeholders for reputational risk

A “negative reputation event,” such as a data breach, can cause a “loss of brand value” for healthcare providers, according to a group of healthcare and life sciences executives who were surveyed recently by consulting firm Deloitte.

The survey also found that customers (patients for healthcare organizations) were the “most important stakeholders for managing reputational risk.” Although patients can easily find out about a PHI breach in the news, smaller breaches, which are much more common, can also be damaging to hospitals’ reputations. Word of a breach can spread online through social media, such as Facebook and Twitter, through consumer rating sites, such as Yelp, and even through Google results when someone searches for the hospital. These online assessments are increasingly influencing patients’ expectations, Deloitte reported.

Patients sharing experiences with others online about hospitals and providers is also another reflection of how patients are even more so becoming healthcare consumers with much more mobility and choice over where they seek their care. If patients don’t trust providers with their PHI, they are more likely than ever before to move their healthcare dollars elsewhere.

Establishing a culture of compliance

Decreased patient volume due to reputational damage is just one of the financial impacts of a PHI breach. But the lingering effects of reputational damage, I believe, are more long lasting and difficult to quantify in terms of dollars and cents. Apart from the loss of patient trust, breaches can impact employee morale, providers’ confidence, and degrade the overall culture of the organization to one of instability and confusion.

By instilling a culture of adherence to HIPAA-compliant PHI disclosure policies and procedures, and offering employees the support and tools they need to comply, organizations can avoid these breach-caused negative reputation events and their impacts.

A trusted PHI disclosure management partner that has already established a culture of HIPAA compliance and knowledge, supported by technology to prevent improper disclosures, can be a significant advantage to an organization in protecting its reputation and its bottom line.

To learn more about the financial and reputational impacts of a PHI breach, please download our white paper: “Mitigating breach risk in an era of expanding PHI disclosure points and requests for health information.”

Join our blog mailing list

Read More

The ticking PHI breach bomb


When organizations don’t have the right Protected Health Information (PHI) disclosure policies, procedures and infrastructure in place, it can be like they’re sitting on a ticking breach time bomb.

With more than 100 error types found across Release of Information (ROI) authorizations, each request has the potential to result in a PHI breach. That is just one of the many risks detailed in MRO’s new white paper, “Mitigate Breach Risk in an Era of Expanding PHI Disclosure Points And Requests For Health Information.” We also describe industry trends, gaps within the ROI process and other factors that make healthcare organizations vulnerable to breach risk.

The white paper also discusses the most recent findings of the Ponemon Institute, which reported in May 2015 that 91 percent of healthcare organizations had suffered a PHI breach, and 40 percent had more than five data breaches over the past two years. The financial impacts of these breaches are real, including the HIPAA penalties, which can reach as much as $50,000 per breach with a maximum of $1.5 million annually for repeated occurrences.

The good news is that organizations can protect themselves from breaches through the combination of highly trained, knowledgeable staff and state-of-the-art technology, which can improve PHI disclosure accuracy rates to 99.99 percent. In our white paper, we describe how improved Quality Assurance procedures and technology could enable an example 300-bed hospital, with approximately 33,000 ROI requests per year, to avoid 231 potential breaches annually.

Financial impacts
Beyond the steep HIPAA penalties and settlement agreement fines described above, organizations also face $8,000 to $300,000 in costs from a reported improper PHI disclosure, according to an estimate from the American National Standards Institute, who surveyed healthcare organizations affected by a breach. These costs include credit or identity theft monitoring for breach victims, forensic and legal fees, and loss of goodwill and of business. The reputational damage of a breach causes an incalculable financial impact in terms of loss of current and/or new patients, as well as physicians or business partners who leave the organization because they don’t want to be associated with the institution.

Additionally adding to the high cost of breach, healthcare organizations can now be sued for negligence and other damages based on improper PHI disclosure. In these cases, courts in at least 10 states have ruled that HIPAA does not supersede their state laws, but rather, the statute represents the relevant standard of care.

Although popular perception is that the vast majority of these breaches are caused only by a cyberattack or stolen laptop, nearly 40 percent are caused by “unintentional employee action,” not including lost or stolen devices containing PHI.

Right people and right technology
Defusing this ticking time bomb can be as simple as partnering with an experienced and knowledgeable PHI disclosure management partner, such as MRO, where employees undergo specialized training on the most up-to-date HIPAA regulations and PHI disclosure requirements at the federal, state and facility level.

We also utilize technology to identify errors at every step of the ROI process, including optical character recognition (OCR) technology, to ensure there are no comingled records before release. All of the above can result in our high disclosure accuracy rate and an alleviated operational burden from hospital HIM departments and physician practices.

What risk does your organization face from this ticking time bomb? Find out by using our Breach Risk Calculator, which is based on our industry research and in-depth analysis of thousands of ROI transactions. You may be surprised by the results.

Join our blog mailing list

Read More

KLAS Puts MRO at the Top of the ROI Class


The concept of a report card can still evoke feelings of eagerness, excitement and perhaps some anxiety in adults whose parents put great emphasis on these scholastic performance judgments. If you were smart, studied hard and delivered quality work, you could hand over that piece of paper with a smile. For everyone else, it was time to get creative about your lapses.

Memories of eagerly awaiting a report card flashed through my mind as we waited at MRO to receive the “HIM Services Performance 2015: Coding, Transcription, Release of Information” report from KLAS. With a track record of being KLAS “Category Leader” for Release of Information (ROI), as designated in both the 2013 and 2014 “Best in KLAS: Software & Professional Services” reports, we were excited to see if we had once again received the highest performance ratings in the new HIM report.

We weren’t disappointed. I’m pleased to report that MRO was named the overall performance leader and rated “significantly higher” in quality for ROI services in the 2015 HIM report. We were compared to both Healthport and IOD; the ROI category is a small “class” since only MRO and the two other companies had client bases that were statistically large enough to be included in the HIM services report.

Here are a few of the key highlights from the KLAS report:

  • MRO was named the highest performing ROI services provider overall and is the only one to have any clients say that quality is “significantly higher” than expected.
  • 100 percent of clients stated that they would hire MRO again – the only vendor that had 100 percent of its clients say this.
  • 100 percent of clients agreed that MRO keeps its promises.
  • Recurring themes in client comments included quality of services, innovative technology and knowledgeable, responsive employees.

One provider said, “MRO has a higher quality of work than other vendors. They are definitely fantastic. They are very proactive. I can rely on them for HIPAA information. They are very familiar with the laws in our state, and I know that if we were to miss something, they would catch it. They are very good at giving us information ahead of time, and their communication is exceptional.”

Another provider stated, “Releasing information is not a process I have to actively manage. It is out of sight and out of mind. MRO is a well-run company that provides a good service. I don’t get phone calls from attorneys or other people complaining about MRO’s level of service. They have really taken the management of releasing information out of my hands.”

I’m pleased that MRO’s leading-edge technology, dedicated team of experts and uncompromising commitment to our clients’ success were recognized by KLAS, not just in relation to the other ROI companies, but on an objective performance scale.

We’re very proud of our “report card” and would be happy to share this executive summary of the KLAS report with you.

Join our blog mailing list

Read More