Check Request Status610-994-7500

Five Takeways from the HFMA 2018 Conference

“Efficiency is doing things right; effectiveness is doing the right things.” Peter Drucker

Peter Drucker, world-renowned business management guru, reminds us to focus on both efficiency and effectiveness to improve long-standing processes, procedures or policies. Healthcare finance leaders and revenue cycle professionals were charged with the same goal—creating efficiencies and building effectiveness—during the recent HFMA 2018 Annual Conference held in Las Vegas, June 24-27, 2018.

For central business offices (CBOs) and patient financial services (PFS) departments, the need to address stubborn problems and improve performance is paramont to cut costs and reduce risk. One way to achieve these goals is by fostering innovation.

This blog shares HFMA’s call for innovation, summarizes four other takeaways from the 2018 event and lays out an important MRO strategy to improve business office efficiency and CBO effectiveness.

Foster Innovation for Business Office Efficiency and Better Outcomes

Kevin Brennan, FHFMA, CPA, the new chair of HFMA’s 2018-2019 board of directors and recently retired Executive VP, Finance and CFO at Geisinger Health System, welcomed attendees by discussing the importance of promoting experimentation and new ideas to bolster efficiency in revenue cycle workflow and operations. Brennan encouraged revenue cycle leaders to resist the fear of failing and build new business models to promote performance. As Brennan stated, a good new motto to follow might be “Never be fearful of making new mistakes.”

Build Collaboration through Better Tools and Workflows

By coupling innovation with collaboration, Brennan urged HFMA attendees to build new bridges with other departments, providers, payers, consumers and the government. The call for better collaboration was reiterated by Tuesday’s keynote speaker, Dr. Rubin Pillay, medical futurist, physician and professor.

With collaboration as the central theme of this year’s event, revenue cycle professionals were encouraged to “try new tools and make existing workflows work better” as one pathway to foster collaboration and improve business office efficiency within CBOs and PFS departments.

Go to a New Level in Healthcare Delivery

Dr. Pillay also discussed the role of artificial intelligence and technological innovation in spurring healthcare collaboration. Pillay provided examples of growing organs for corneal transplants and using robotics to help paraplegics walk as important ways healthcare organizations can take patient care to a new level. According to Pillay, “Technology and data, their convergence with policy, and provider and payer strategies are driving major trends to transform healthcare.”

Enhance the Patient’s Financial Experience

The final takeaway from the HFMA 2018 Conference was a continued cry to improve the patient’s financial experience. Best practices from HFMA’s 2017 MAP winners were referenced as innovative ways to make steady, incremental changes and improve performance. In reviewing these MAP winner strategies, we are reminded of the need to continually speed processes and streamline operations—this is especially true for CBOs.

Improve Business Office Efficiency by Reducing Biller Distractions

Consistent with HFMA’s themes of efficiency, effectiveness, innovation and collaboration, MRO is laser focused on improving business office performance. For most CBOs and PFS departments, biller distraction is an important issue—one we intend to reduce for MRO clients. We continue to hear from clients that billers and collectors become distracted with trying to process payer requests for medical records. Our latest service was discussed with HFMA attendees during the conference and received rave reviews.

Challenge:

Business office personnel release millions of medical records annually to commercial health plans and government payers to expedite payment of claims, appeal denials or fulfill auditor requests. However, it doesn’t make sense for these business office staff—billers or collectors—to handle payer requests for medical records when they should be focused on reimbursement. There are also HIPAA risks to consider when billers release Protected Health Information (PHI) versus having Health Information Management (HIM) professionals manage this task.

Receiving, processing and managing payer requests for health information is what MRO does best. So we’re applying this expertise to cut cost and reduce risk for CBOs and PFS departments.

Solution:

Instead of distracting billers and collectors from their core objective of collecting revenue, MRO disclosure management experts apply new workflows and HIM collaboration to the process of Release of Information (ROI) in the business office. Here is a high-level summary of how the new MRO service works.

  • Business office logs requests and attaches billing documents
  • MRO adds medical record documentation
  • MRO quality checks and releases billing and medical documentation to the payer
  • MRO sends documentation by payer-requested delivery method

Results:

MRO clients who are using this service from MRO are achieving both efficiency and effectiveness in their CBOs and PFS departments. Specific improvements include:

  • Heightened efficiency and cost savings
  • Minimized breaches and more compliant PHI exchange
  • Payer request trackability for analytics
  • Enhanced collaboration between HIM and the business office
  • Maximized production by keeping teams focused on what they do best
  • Improved visibility and transparency for both teams

Request information about MRO’s business office ROI services

Read More

How to Improve PHI Disclosure Efficiency in the Business Office

PHI Disclosure

Releasing medical records from a healthcare organization’s business office can be accomplished in a more efficient and cost-effective method. Instead of distracting billers and collectors from their main duties of collecting revenue, business offices should consider the following options to improve efficiency and ensure proper tracking of Protected Health Information (PHI). I provide more detailed information in an HFMA blog “PHI Disclosure Management in the Business Office.”

Centralize all Requests for Records

If the business office wishes to continue to process using their staff, the function should be centralized and assigned to a core group of processors to fulfill all requests. This will help minimize administrative burden from the billers and collectors. Centralization also promotes consistent, standardized processes. These dedicated business office staff should be thoroughly trained in proper PHI disclosure management to maximize efficiency, eliminate redundancy and mitigate risk of HIPAA breach for requests that may fall outside of TPO such as itemized bills for outside attorney requests.

Transfer the Work to HIM

HIM staff are well trained in processing requests for information. They have the knowledge and skills to complete requests efficiently and in compliance with HIPAA guidelines. Nevertheless, some organizations fear delegating this function to HIM because of concerns regarding timeliness and payer deadlines. To reduce turnaround time fears, the following four best practices should be implemented:

  1. Ensure open and ongoing communication between the business office and HIM
  2. Optimize the use of EHR and PHI disclosure management technologies to route requests and share information
  3. Assign dedicated Release of Information (ROI) experts to support the business office and process requests
  4. Conduct regular meetings to discuss new trends in payer requests and proactively improve turnaround time through SFTP delivery

Outsource Business Office PHI Disclosures

A number of national firms, including MRO, provide Release of Information services to process payer requests. MRO’s services for business office disclosure management ensure timely delivery of information to payers, full compliance with HIPAA guidelines, and around-the-clock staffing to avoid backlogs or delays.

Careful and strategic tracking of information released, to whom and why, will make the PHI disclosure process more efficient. If your organization needs to improve this process, you should consider: centralization, delegating work to HIM or outsourcing PHI disclosure management. By implementing these alternative workflow options, your organization will be taking the right steps towards improving billing processes and decreasing denials.

Sign Up for Future Blog Posts

Read More

How to Lead Enterprise-Wide Projects: HIM Expert Advice

From encoders to Electronic Health Records (EHRs), Health Information Management (HIM) professionals are often tasked with enterprise-wide project management including new technologies, changing workflows and centralized operations. These massive projects require strong HIM skills, expanded partnerships and greater collaboration among vendors, HIM, IT and others. With leadership skills, specialized education, and peer-to-peer relationships, HIM professionals are perfectly positioned to promote collaboration among all stakeholders, secure executive support, ensure timelines are met and cover every detail of an enterprise-wide initiative.

A few months ago, I moderated a roundtable discussion with three HIM experts: consultant, Pat Biesboer, RHIA, MSS, PMP; Susan Carey, MHI, RHIT, PMP, FAHIMA, System Director of HIM for Norton Healthcare; and Emilie Sturm, MA, RHIA, CHPS, Senior Revenue Management Consultant for Trinity Health. They each discussed mapping out enterprise-wide projects, such as PHI disclosure management and how to meet milestones and resolve common challenges. You can find the full discussion, “Using HIM Skills to Lead Enterprise-Wide Projects: An Expert Roundtable,” in the February 2018 issue of Journal of AHIMA.

During the roundtable, all three HIM experts provided their main lessons learned from their experiences as enterprise-wide project managers. If you are an HIM professional, you may benefit from reviewing the lessons below:

    1. Provide concise, timely, and honest communication. Keep people motivated by injecting fun into your discussions. Keep the current status in front of stakeholders according to a regular schedule, providing the degree of detail they need.
    2. Have realistic expectations and transparency. If difficulties are expected, prepare the team ahead of time. This will help build trust.
    3. Follow stated goals. Guide your team toward the goals you established. When you run into blockers, review your options. Objectively provide the background, options, rationale and a recommended direction to maintain forward progress.
    4. Avoid bringing assumptions to the table. Remain open-minded and validate your expectations. Susan Carey reflected, “When I was the project manager for our EHR’s operating room, nursing and HIM modules, I mistakenly assumed that IT resources understood HIM. Looking back, I should have educated my peers who were managing other parts of the project regarding the tenets of HIM. This would have facilitated HIM operations leaders’ attempts to maintain decision-making regarding the electronic record configurations and policy.”
    5. Conduct reference calls with organizations using any technology you are considering. HIM needs differ from those of other departments. Current users can suggest ways to configure applications to best meet your needs and save valuable implementation time and resources.
    6. Perform as a project manager with HIM knowledge. Project managers are valuable when they have subject matter expertise and can develop subsidiary plans within the overall project management plan.
    7. Have the right stakeholders at the table when starting a project. Due diligence should be conducted to map out all areas of the project and determine vested parties. Having the right team on board provides for a productive group of multidisciplinary professionals with varying expertise.
    8. Identify lessons learned during each phase of a multiphase project. With a multiphase project, such as a system rollout, identify lessons learned during each phase. When possible, incorporate those lessons into the next phase for a stronger outcome. As your timeline allows, be flexible and don’t hesitate to post-pone a go-live if critical goals are not yet achieved.
    9. Communicate often with your project team and stakeholders. For HIM-driven projects, it’s critical that the local HIM director communicates with key constituents or peers. Establish regular meetings over the course of each project or expand your schedule if necessary. Disseminate project management tools such as timelines and meeting minutes to the project team. Regularly review the project plan to monitor progress compared with the overall timelines.

    Though HIM professionals have always managed projects, enterprise-wide endeavors raise the bar for communication, organization and leadership. HIM professionals have unique abilities to manage enterprise-wide projects. More importantly, HIM professionals can help team members solve problems, achieve their goals and enjoy the journey.

    If you are interested in learning more about this topic, come join me and Emilie Sturm, MA, RHIA, CHPS, Senior Revenue Management Consultant for Trinity Health, at the 2018 AHIMA National Convention in Miami, for our presentation titled “Project Management in Enterprise-Wide HIM Implementations.”

Sign Up for Future Blog Posts

Read More

Webinar Recap: Healthcare Regulatory Updates and Guidance

Healthcare Compliance

On Thursday, May 17, 2018 my colleague, Angela Rose, MHA, RHIA, CHPS, FAHIMA, Vice President of Implementation Services and I presented the second part of our four-part healthcare compliance webinar series. In this webinar titled “Healthcare Regulatory Updates and Guidance,” we covered some of the following key points:

Global Data Privacy Rule (GDPR)

The GDPR is current legislation that was proposed by the European Commission to strengthen and unify data protection for individuals in the European Union (EU). The goal of the regulation is to increase protection and enhance privacy rights on how data is collected and used regarding EU residents. This rule also applies to organizations outside the EU, such as the US, if it collects data.

Substance Abuse and Mental Health Services Administration (SAMHSA)

SAMHSA released an update in January 2017, which allows organizations to utilize an inclusive authorization whereby this sensitive information may be shared with an HIE or within an integrated delivery system which affords these patients with the same rights to high-quality care by allowing care givers to review necessary information. The update to the rule permits the disclosure or re-disclosure of this information as necessary to carry out lawful treatment, payment and operations. The required statement on this type of record now reads “Federal law 42 CFR Part 2 prohibits unauthorized disclosure of these records.”

Disclosures for Emergency Preparedness

Emergency preparedness and recovery planners are interested in the availability of information they need to serve people in the event of an emergency. The HIPAA Privacy Rule protects individually identifiable health information from unauthorized or impermissible uses and disclosures. The Rule is carefully designed to protect the privacy of health information, while allowing important health care communications to occur.

Cybersecurity and Ransomware

Ransomware has forced health IT to get more aggressive towards increasing their security safeguards and protections against attacks through infected mails and websites. Attendees were reminded that the best ways to prepare and combat these attacks include:

  • Risk analyses and gap analyses
  • Ongoing end-user training
  • Appropriate and up to date patching
  • Utilization of advanced security protection tool

To learn more about this topic, sign up for our next webinar “Cybersecurity: Protecting your Healthcare Enterprise” on Wednesday, August 15, 2018 at 2pm Eastern.

Texting in Healthcare

Texting in healthcare can be a risk if not done so by meeting the technical safeguards of the HIPAA Security Rule. These safeguards include:

  • Access to PHI must be limited to authorized users who require the information to do their jobs
  • A system must be implemented to monitor the activity of authorized users when accessing PHI
  • Those with authorization to access PHI must authenticate their identities with a unique, centrally-issued username and PIN
  • Policies and procedures must be introduced to prevent the PHI from being inappropriately altered or destroyed
  • Data transmitted beyond an organization’s internal firewall should be encrypted to make it unusable if it is intercepted in transit

Future Outlook

Attendees also received insight on the changes and updates we may expect to see forthcoming in 2018. Some of these included:

  • Restitution back to victims who were harmed by a violation of HIPAA
  • Consideration to remove NPP signature forms
  • Good faith disclosures (related to Opioid crisis)
  • Potential changes in the requirement related to accounting of disclosures

Healthcare regulatory updates and government guidance are continuously evolving and can be difficult to interpret and understand. The implementation and management of those changing guidelines is vital for meeting compliance in any organization. For more information on these topics, fill out the form below to receive a copy of this webinar.

Receive a copy of the part 2 webinar recording and a PDF of the slides

Read More

Privacy Dashboards: A Powerful Tool for Compliant PHI Disclosure Management

Managing the release of Protected Health Information (PHI) is more complex than ever, due to evolving federal regulations, patient access rights, and pressure to manage and exchange health information electronically. With multiple departments releasing PHI, there are concerns and risks across the entire enterprise. For individuals whose primary tasks do not include PHI disclosure, privacy regulations are not foremost in their thoughts. Without ongoing education and process change, the potential for breach risk escalates. To mitigate risk, it is recommended that organizations centralize their Release of Information (ROI) and use privacy dashboards and data analytics technology.

Centralize Release of Information to Improve Privacy Compliance

Healthcare organizations should assign PHI disclosure and ROI tasks to a focused group of professionals who understand the regulations, receive ongoing education on changes, and realize the complexities of the process. This way, one department will have total control and responsibility of maintaining appropriate records of what information has been released, knowing where it’s going, and when to escalate notification issues. Managing information through one department will improve compliance and patient care.

Use Privacy Dashboards to Track Patterns and Trends

Every privacy incident yields valuable data to improve compliance. Privacy dashboards can be used as a powerful tool to show patterns and trends for smaller incidents — now being tracked by OCR — and for large events as well. Regardless of size, an organization’s ability to consistently identify and track trends is essential. You can find a list of all the features an effective compliance tool should provide in “Privacy dashboards: Tracking and reporting for compliant PHI disclosure management,” which appears in the May 2018 issue of HCCA’s Compliance Today.

The most important factors in compliance program management are constant awareness, communication, tracking and reporting through easy access to reliable and actionable data. Privacy dashboards help organizations determine root causes of incidents, so they can take the necessary actions to improve compliance.

Examples of corrective action include:

    • Revising compliance policies and procedures
    • Providing additional staff training on hospital policy and HIPAA regulations
    • Assessing and improving PHI disclosure management processes
    • Ensuring encryption of all devices used by staff

    As the volume of PHI requests continues to increase over time, so does the risk of breach. Using privacy analytics to identify compliance patterns and trends, improve operational processes, and resolve breach issues is increasingly important. Actionable compliance data has become a critical tool for healthcare organizations along the journey to value-based care.

    Learn more about privacy analytics by attending AHIMA’s Live Data Dive Webinar “Privacy Dashboards: What You Should be Tracking & Reporting” on May 9th at 9:30am Eastern. If you cannot make the live session, sign up for the playback webinar recording here.

Sign Up for Future Blog Posts

Read More

How to Ensure Proper PHI Disclosure across your Healthcare Enterprise

PHI Disclosure

When it comes to Protected Health Information (PHI), one of the main duties of Health Information Management (HIM) departments is to protect their patients’ privacy and ensure proper disclosure. HIM departments have had a long-held reputation of being the top disclosers of PHI within a healthcare enterprise. However, recent trends in PHI disclosure management are changing things around. Combined requests from other areas such as radiology, business offices, and physician practices are matching, if not exceeding, the PHI disclosure volumes in HIM. This combination of departments managing PHI disclosure causes high volumes of records and increases risk. Below are a few best practices, as outlined in a Journal of AHIMA article, for how HIM professionals can ensure proper disclosure and mitigate breach.

Know the Risky Spots: Audit your Points of PHI Disclosure

A practical first step is to conduct an enterprise-wide audit of all disclosure points. An audit of all PHI disclosure points should be conducted and updated yearly as part of your organization’s privacy compliance assessment. Auditing your enterprise helps HIM leaders become aware of the risks, which they can then work to mitigate. HIM professionals should audit non-HIM PHI disclosure areas to ensure compliance with relevant laws. During the audit, HIM leaders should review a list of items for disclosures which includes date received, date delivered and more.

Train and Educate Based on Needs

Training is essential for safe and compliant enterprise-wide Release of Information. This goes for the HIM department as well as any other employees that release PHI. Well-trained ROI staff keep the flow of information running smoothly. Based on the individual department’s most common requests, ROI training should be focused on accuracy, include all HIPAA privacy basics, and include the following six PHI disclosure management fundamentals:

  1. Track and monitor each type of request being received.
  2. Define each type of request.
  3. Emphasize accuracy.
  4. Reiterate minimum necessary.
  5. Coach personnel on patient requests.
  6. Direct requests to HIM.

Establish HIM as the Enterprise-wide PHI Gatekeepers

Annual HIM reviews and continuous communication with other departments that release information are essential to mitigate breach risk, expedite payer reimbursement, and prevent a requester dissatisfaction crisis. Non-HIM staff are focused on their core competency areas and are rarely trained in proper PHI disclosure management. The result is often hasty PHI processing and increased risk of breach. To mitigate risk while also ensuring the appropriate ROI, HIM departments should maintain oversight of PHI disclosure management across the entire enterprise—not just within HIM.

Complete the form below to download MRO’s eBook “Breach Risk in Release of Information: Don’t Leave Risk to Chance” and learn strategic, enterprise-wide approaches to PHI disclosure management and mitigating breach risk.

DOWNLOAD MRO’S EBOOK “BREACH RISK IN RELEASE OF INFORMATION: DON’T LEAVE RISK TO CHANCE.”

Read More

HIMSS18 Recap: Patient Data Takes Center Stage for Privacy Protection

HIMSS18

The 2018 Healthcare Information Management Systems Society’s (HIMSS) Health IT Conference (HIMSS18), hosted more than 43,000 attendees. Groups of healthcare industry professionals filled educational sessions and convention hall aisles on March 5—9 in Las Vegas. With over half of attendees representing provider, payer, and governmental agencies, HIMSS reaffirmed its position as the top event for everyone involved in the health information technology (HIT) industry.

As Vice President of Privacy, Compliance, and HIM Policy for MRO, my personal focus at HIMSS18 was on the need for greater patient data integrity and evolving data privacy. Below are a few main points and strategic tasks gleaned for fellow patient privacy professionals. I discuss these points more in detail in this article.

Break Down Barriers

Attendees this year intentionally focused on the need to make health information accessible and fully actionable. The importance of creating actionable data, versus simply sharing information, was a key point throughout HIMSS18.

Direct sharing of the Continuity of Care Document (CCD) was another strategic task presented to HIT professionals during HIMSS18. CCD includes the predefined data elements needed for continuing care in any setting. The underlying thought is that these data elements could be shared through direct messaging to the next caregiver and prepopulate the provider’s EHR for continuity of care. The same reasoning would hold that these data elements should be downloadable to the patient application of choice so the patient always has this information.

The bottom line for data access in healthcare: information silos must be eliminated.

Encourage Patient Ownership

Multiple sessions covered the importance of patient ownership of personal healthcare data. To effectively meet the goal of patient ownership, speakers reiterated the need for data segmentation. For example, patients can specify which data they want to be held privately—not the entire record, but granular information at the data element level.

The General Data Privacy Regulation (GDPR), the European move to segment data for special protections, was also covered in detail at HIMSS18. Patient privacy is now a global initiative. For more information on this topic, download a copy of MRO’s recent webinar on the topic.

Finally, information for quality reporting was a central topic, as quality reporting moves from an encounter-centric to a patient-centric approach. Both of these capabilities, data segmentation and whole patient reporting, must be supported as healthcare makes the transition to value-based purchasing.

Watch Threats, Ensure Compliance

Cloud computing vulnerabilities remain top of mind for all healthcare providers, payers, and governmental agencies. For Business Associates (BAs) using cloud computing, speakers emphasized the need to know where data resides and how it is controlled. These details should be in BA Agreements, along with specifications on how the confirmed BA meets security regulations.

Effective healthcare privacy compliance plans must manage policies and procedures, auditing, disciplinary guidelines, and corrective actions. Focus on your ability to detect, respond to, and recover from any privacy or security events through proactive risk plans and accountability to protect patient data.

People, processes, and technology are the golden keys for privacy and security compliance and breach prevention.

The biggest benefit of attending the 2018 HIMSS annual conference was gaining useful knowledge. Technology is rapidly advancing, and the conference is one of the best venues to observe the transformational impact of technology on the healthcare industry.

DOWNLOAD MRO’S EBOOK “PREVENTING A BREACH: TIPS AND BEST PRACTICES TO SAFEGUARD YOUR HEALTHCARE ORGANIZATION.”

Read More

MRO Celebrates the 29th Health Information Professionals Week

2018 HIP Week

During Health Information Professionals (HIP) Week, MRO always enjoys celebrating the wonderful work of our Health Information Management (HIM) partners. It is an honor to work with these dedicated and hard-working professionals who perform their duties skillfully throughout the year.

MRO’s 2018 Healthcare Compliance Webinar Series Launches During HIP Week

To celebrate HIP Week and continue with our efforts to educate and support the HIM profession, MRO has launched a complimentary healthcare compliance webinar series. To show our appreciation, we would like to invite you to register and earn four AHIMA CEU’s on us.

This four-part series will cover these latest privacy, security and information governance trends impacting healthcare professionals:

  • Part 1: Compliance with the Global Data Privacy Rule (GDPR) and Privacy Shield 
    Thursday, March 22, 2018 – 2pm Eastern – Register Here.
  • Part 2: Healthcare Regulatory Updates and Guidance 
    Thursday, May 17, 2018 – 2pm Eastern – Register Here.
  • Part 3: Cybersecurity: Protecting your Healthcare Enterprise 
    Wednesday, August 15, 2018 – 2pm Eastern – Register Here.
  • Part 4: 2019 Healthcare Privacy and Security Compliance Predictions
    Wednesday, November 7, 2018 – 2pm Eastern – Register Here.

Looking Ahead: MRO’s Future is Bright

HIP Week’s theme “Our Future is Bright” is appreciated by MRO. As the HIM landscape evolves, we will continue to grow and adapt our services and technology to step up to the challenge. MRO is committed to delivering the highest levels of accuracy and quality while servicing healthcare organizations across the country with the best Release of Information solution available.

In the beginning of this year, MRO was named KLAS Category Leader for ROI services in the 2018 Best in KLAS report. This is the fifth consecutive year that MRO was rated #1, and another year in which our focus on service quality was recognized by KLAS. With each passing year, MRO continues to grow and advance because of the valued business, support and partnership we receive from our HIM partners. As we continue on this journey together, our future is indeed bright.

At MRO’s National Service Center in Norristown, Pennsylvania and across our client sites throughout the nation, we are all enjoying a week filled with festivities and celebrations for the HIM profession. We hope all Health Information Professionals are enjoying this special week, too. Thank you to our clients and our employees for all that you do, and Happy HIP Week from all of us at MRO!

Sign Up for Future Blog Posts

Read More

Two Private Eyes on Your ROI: Quality Assurance in Release of Information

Quality Assurance in Release of Information

Small scale privacy breaches, like those caused by errors in the Release of Information process, can be just as damaging to healthcare organizations as larger breaches. The repercussions include both monetary penalties and reputational harm. With the stakes this high, it is important to ensure the highest levels of quality when disclosing Protected Health Information (PHI).

The Cost of PHI Breach

Although small breaches, affecting less than 500 patients per incident, are not usually broadcasted as widely as a large cyberattack, the financial impact is real.

• Each breach can cost between $8,000 to $300,000, not including HIPAA violation civil penalties.

• Penalties are rising to as much as $50,000 per breach with a maximum of $1.5 million annually for repeated occurrences.

• As many as 10 states now consider HIPAA to be the “relevant standard of care for state privacy violation claims brought by individuals.”

Release of Information – Risky Business

Criminal attacks and lost or stolen devices were the root cause of most PHI data breaches in recent years, but almost as many—40 percent—were due to “unintentional employee action,” according to 2015 survey results from the Ponemon Institute.

Unintentional employee actions include more than using the wrong fax number or mailing address when disclosing PHI. There are multiple points in the ROI process that can result in breaches.

• With typical ROI workflows, 20 to 30 percent of all submitted authorizations are initially found to be invalid. MRO’s research shows there are around 100 types of authorization errors.

• Five percent or more of patient data in Electronic Medical Records (EMRs) have integrity issues, including comingling of patient records.

• Well-trained ROI specialists will catch the majority of mixed records; however, with just one level of quality control, up to 0.7 percent will contain mixed patient data.

Additionally, in the typical ROI workflow, requests for health information come into a facility and are logged by onsite ROI staff that also handle many other responsibilities, such as: requester calls, support and issue resolutions, record retrieval, invoicing and collections, producing copies, and delivering records. There is no “second set of eyes” for Quality Assurance. This approach results in inefficiencies, distractions and increased errors.

Closing the Quality Assurance Gap in ROI

At MRO, we believe the best practice is to ensure “second set of eyes” Quality Assurance measures are taken across multiple steps of the ROI process. Not one, but two teams should check each ROI authorization for accuracy, in addition to checking PHI multiple times for accuracy, e.g. ensuring there are no comingled records.

Sophisticated ROI vendors will offer technologies to assist with this process – like MRO’s IdentiScan® record integrity application that uses optical character recognition to scan for mixed patient data. Technology, such as barcoding systems, can also be used to maintain shipping integrity.

Introducing MRO’s Two Private Eyes on Your ROI

If you subscribe to the Journal of AHIMA, or have visited MRO’s website or social media pages recently, you may have noticed our new campaign called Two Private Eyes on Your ROI. This theme was developed by the creative team at MRO. The idea was born while brainstorming ad concepts that could be tied into a Miami theme, with the 2018 annual AHIMA Convention being hosted in Miami Beach. What started as a Miami Vice theme quickly turned to a private investigator theme when the idea of “Two Private Eyes on your ROI” – a play on MRO’s “second set of eyes” redundant quality checks within our Release of Information workflow – was bounced around. Since the Miami Vice detectives were with the police force and not PI’s, we looked at famous private eyes over history and developed the characters Magnum PHI and SureLook Holmes.

Be sure to check out the “premier episode” of Two Private Eyes on Your ROI by visiting our microsite.

Sign Up for Future Blog Posts

Read More

Four Healthcare Compliance Webinars to Attend in 2018: Covering Privacy, Security and Information Governance

As we move into 2018, healthcare professionals should be up to date on the latest Privacy, Security and Information Governance trends. It is important to be aware of what’s on the horizon and how to prepare your organization for the future.

In MRO’s upcoming 2018 healthcare compliance webinar series, MRO’s Angela Rose, MHA, RHIA, CHPS, FAHIMA, Director of Client Relations and Account Management, and I will co-present on the latest industry trends and discuss best practices for organizations to consider. There are four parts to this webinar series, and we are in process of having each session pre-approved by AHIMA for one (1) CEU in the privacy and security domain.

Below are the four session topics, which Angela and I will go into more detail on in our webinar series. To register, click here.

Webinar Watch List: Privacy, Security and Information Governance

1) Compliance with the Global Data Privacy Rule (GDPR) and Privacy Shield
The Global Data Privacy Rule (GDPR) is compelling every organization to consider how it will respond to today’s security and compliance challenges. This may require significant changes to how your business gathers, uses and governs data if you serve individuals from the United Kingdom. Much of the discussion about the GDPR has focused on the law’s privacy-centric requirements, such as mandatory record keeping, the right to be forgotten, and data portability.

March 22, 2018 – 2pm Eastern – Register Here.

2) Healthcare Regulatory Updates and Guidance
Healthcare regulatory updates and government guidance are continuously evolving and can be hard to interpret and understand. The implementation and management of those changing guidelines is vital for meeting compliance in any organization. When we hold this webinar, the session will review the regulatory updates and guidance that must be implemented to achieve regulatory compliance.

May 17, 2018 – 2pm Eastern – Register Here.

3) Cybersecurity: Protecting your Healthcare Enterprise
Although cyber attackers constantly create new versions of malicious software and search for new vulnerabilities to exploit, healthcare organizations must continue to be vigilant in their efforts to combat cyber extortion. This webinar will share lessons learned and actions for consideration to remain diligent and ready for potential threats.

August 15, 2018 – 2pm Eastern – Register Here.

4) 2019 Healthcare Privacy and Security Compliance Predictions
This session will briefly summarize the prior sessions in MRO’s four-part webinar series on healthcare privacy and security compliance, including lessons learned in 2018— and then shift focus to 2019. We will do our best, utilizing our crystal ball, to predict focus areas for 2019.

November 7, 2018 – 2pm Eastern – Register Here.

Health Information Professionals Week

MRO will launch our healthcare compliance webinar series, which covers these topics, on March 22, 2018, during Health Information Professionals (HIP) Week. HIP Week will coincide with AHIMA’s Advocacy Summit and Hill Day, events where AHIMA members receive education specific to advocacy and visit Capitol Hill to share the importance of advancing HIM. Privacy, security and Information Governance continue to be key issues for HIM professionals. AHIMA has stated it will continue to provide guidance to the healthcare industry and government leaders seeking expertise and counsel, and MRO looks forward to continuing in our efforts to educate and support the HIM profession, as well.

Register today for our first webinar, on the topic of Compliance with the Global Data Privacy Rule (GDPR) and Privacy Shield.

Sign Up for Future Blog Posts

Read More