Mariela Blog 2 - Lock

The 87th Annual AHIMA Convention and Exhibit in New Orleans was a resounding success, despite the coinciding industry-wide transition to ICD-10, which occurred just a day after the event ended on October 1.

Not surprisingly, ICD-10 was a major topic of discussion during the conference. Other topics addressed were emerging issues surrounding data privacy and security including confidentiality, integrity and availability; interoperability; Release of Information (ROI); health information exchanges (HIEs); cyber security; and the Department of Health and Human Services’ Office for Civil Rights audit readiness, as we approach the launch of desk audits.

Information Governance (IG), however, was the most covered topic at the event. AHIMA defines IG as “an organization-wide framework for managing information throughout its lifecycle and supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.”

To help navigate this increasingly complex issue, AHIMA released an IG tool kit that urges HIM professionals to take leadership in data sharing, budget allocation and collaboration with other departments for an IG plan. To ensure this collaboration is successful, HIM needs to delegate some IG responsibilities to other departments, which can be difficult, but allows the opportunity for HIM to integrate and oversee data silos it wouldn’t have had access to in years past.

This is just one of the emerging IG challenges that our chief technology officer, David Borden, discussed during the educational session he co-presented at AHIMA with Susan Carey, MHI, RHIT, PMP, the system director of HIM for Norton Healthcare in Louisville, Ky., a not-for-profit system comprised of five hospitals, 19 outpatient centers and 140 practice sites. In their session, Borden and Carey urged HIM professionals to “get in the HIE boat” to ensure their voice is heard and considered during HIE planning.

HIM professionals, who are typically the Protected Health Information (PHI) privacy and HIPAA experts within healthcare organizations, need to be integral in this planning because HIE was not created with HIPAA in mind, and has not been updated since. Organizational compliance has taken a backseat to the technical requirements of HIE, as David also told in a dual interview with Susan at AHIMA. This means that without the proper policies, procedures and safeguards, breaches can occur on a larger scale and much easier than in the past — with only a few keystrokes and mouse clicks — which exponentially increases risk and liability for healthcare organizations.

“Very often, it’s not well understood that security and privacy are two very distinct knowledge domains,” David told the publication, as well as AHIMA attendees. “IT is very good at security, and sometimes they may think that means they’re also good at privacy, without realizing that’s just as naïve as someone who’s trained in privacy thinking they understand all the ins and outs of security.”

As David and Susan’s presentation discussed, with the growth of electronic HIE, patient-identity matching is becoming a growing patient safety issue and workflow challenge that usually requires HIM to design a solution, but one that requires IT input and assistance. Patient identity is also one of the many data integrity issues that organizations face including accurately and reliably integrating PHI from other providers into the legal record.

Other emerging issues that David and Susan explored in their presentation include sharing of sensitive and “super-protected information”, such as mental health, AIDS/HIV and substance abuse information; patient consent management, such as opt-in, opt-out, and patient education; and managing the minimum necessary standard requirements for payers in a query-based HIE.

As HIEs expand and connect with other information networks, the rules-of-the-road may change without sufficient input from participants, which is why HIM needs to be ever vigilant in having its voice heard. “I feel like we’re in a good place with HIEs, but there’s a lot more work to be done,” Susan told “…[K]eeping those avenues open between IT and HIM is really want you want to strive for. We have to understand the roles we all play and what the use cases are.”