Health Information Management (HIM) and healthcare compliance professionals will concur that there is heightened awareness of small breaches across the healthcare industry. And though small privacy breaches affecting fewer than 500 patients per incident are not usually publicized as widely as large-scale cyberattacks, the impact can be just as detrimental to healthcare organizations.
A small breach can be as simple as making an error in the Release of Information (ROI) process, involving a patient’s Protected Health Information (PHI) mistakenly sent to the wrong person—or the wrong patient’s PHI sent to the correct requesting party.
When you look at the stats, there is plenty of room for those types of errors. MRO’s research shows there are as many as 40 disclosure points across a single healthcare system. Most of those disclosure points tend to be outside of the HIM department, where individuals not trained in proper PHI disclosure management are handling the release of PHI. This trend of expanding disclosure points is one of the key factors driving breach risk in the Release of Information process.
Another risk factor involves gaps in the Quality Assurance (QA) processes. Research shows that roughly 30 percent of all Release of Information authorizations are initially invalid. And if Release of Information workflows lack redundant QA checks, up to 10 percent of those invalid authorizations are processed with errors.
Moreover, 5 percent of patient information in electronic medical records (EMRs) have integrity issues, including comingled patient records. MRO’s research shows that without proper QA measures in place, 1 in 200 records released will contain mixed patient information—which means an organization releasing 100,000 requests annually could potentially release 500 comingled records. That’s 500 potential breaches by way of errors in the Release of Information process.
Filling the Gaps in ROI Workflow to Minimize Breaches
Given the potential risk of breach due to improper PHI disclosure, healthcare leaders should closely review gaps in their PHI disclosure management processes and consider ways to enhance workflows to improve accuracy and quality. Here are some recommendations.
First, deploying an enterprise-wide strategy for PHI disclosure management will standardize policies, procedures and technologies across a health system. As part of that strategy, a streamlined Release of Information workflow helps eliminate inconsistencies, inefficiencies, distractions and errors.
Second, redundant QA checks are vital for PHI disclosure accuracy. Even the most experienced ROI specialists are subject to human error. Multiple layers of QA are needed throughout the lifecycle of an Release of Information request, from receipt through delivery, to ensure accuracy and compliance—and prevent a privacy breach. Best practice is to bolster workflows to ensure multiple teams review both the authorizations and medical records associated with each Release of Information request prior to release.
Providing a “second set of eyes” on all authorizations and PHI before release helps reduce improper disclosures. These additional quality checks should come from a combination of trained ROI specialists and record integrity technology that uses optical character recognition to locate and correct comingled records. For example, MRO offers its patented IdentiScan® record integrity application to ensure PHI disclosure accuracy. This tool scans records for patient identifiers throughout the record set, helping ROI specialists identify and correct mixed patient information prior to release. The right combination of people and technology promotes improved accuracy and minimizes breach risk.
Patent Issued to MRO for IdentiScan Application
Learn more about the benefits of IdentiScan® by watching our video. Complete the form below to request a demo of MRO’s ROI solution, which ensures 99.99% disclosure accuracy.