Check Request Status610-994-7500

2017 National AHIMA Convention: Takeaways for Health Information Management Professionals

The American Health Information Management Association (AHIMA) held its annual convention and exhibit in Los Angeles, October 7-11. This year’s event delivered a renewed focus on the profession’s responsibility to protect and govern Protected Health Information (PHI). During the convention, updates for privacy, security, interoperability and information governance were provided. Here is a quick overview of lessons learned at the conference. You can read more in my recent post to HIM Scene’s blog, titled Heard at #AHIMACon17: Lessons Learned for HIM.

Privacy and Security Institute

This year was the 11th anniversary of AHIMA’s Privacy and Security Institute. Speakers from the United States Department of Health and Human Services (HHS) Office for Civil Rights (OCR), Federal Bureau of Investigations (FBI) and Health Information Trust Alliance (or HITRUST) joined privacy and HIM consultants for a two-day seminar.

Additionally, MRO’s Angela Rose, MHA, RHIA, CHPS, FAHIMA, Director of Client Relations and Account Management, and I co-presented a session titled, “Developing Best Practices from OCR Audits and Enforcement Activities.” In this session, we offered best practices for HIM professionals based on lessons learned from the OCR’s patient access guidance, resolution agreements and HIPAA Audit Program protocols. You can download a copy of our presentation by completing the form at the bottom of this blog post.

Cutbacks Underway

The position of Chief Privacy Officer (CPO) at the Office of the National Coordinator for Health Information Technology (ONC) has been vacant for the past year, and during this time Deven McGraw, Deputy Director of Health Information Privacy at the OCR, successfully served as acting CPO. Her recent departure, along with other cutbacks, will have a trickle-down impact for privacy compliance in 2018.

Onsite Audits Cease

Yun-kyung (Peggy) Lee, Deputy Regional Manager for the OCR, informed attendees that onsite HIPAA audits would no longer be conducted for Covered Entities or Business Associates due to staffing cutbacks in Washington, D.C. The concern here is that whatever doesn’t get regulatory attention, may not get done.

Interoperability Advances HIPAA

The national push for greater interoperability is an absolute necessity to improve healthcare delivery. However, 30 years of new technology and communication capabilities must be incorporated into HIPAA rules. Old guidelines block us from addressing new goals. We expect more fine-tuning of HIPAA in 2018 to achieve the greater good of patient access and health information exchange.

In an article published shortly before the AHIMA convention, OCR Director Roger Severino touched on the need to modify HIPAA in light of technology advancements and cyber threats saying, “I’ve gotten up to speed on HIPAA, and as the threats evolve, we have to evolve in how we approach it – and we have to be smart about who we target. At most I will say the big, juicy case is going to be my priority and the methods for finding it – stay tuned.”

Luminary Healthcare Panel

This session was a very relevant discussion for my role as Vice President of Privacy, Compliance and HIM Policy at MRO. Panelists provided a glimpse into the future of healthcare while reiterating HIM’s destiny—data integrity and information governance.

Final Takeaway

There is no doubt that HIM’s role is expanding. We have the underlying knowledge of the importance of data and the information it yields. More technology leads to more data and an increased need for sophisticated health information management and governance. Our history of protecting patient information opens the door to our future in the healthcare industry.

To download slides from MRO’s Privacy and Security Institute presentation “Developing Best Practices from OCR Audits and Enforcement Activities,” complete the form below.

To download slides from MRO’s Privacy and Security Institute presentation “Developing Best Practices from OCR Audits and Enforcement Activities,” complete the form below.

Read More

Four ways HIM leaders can leverage technology to improve the Release of Information process

network cable with high tech technology color background

In today’s fast-changing healthcare environment, health information management (HIM) professionals encounter a variety of challenges, including Information Governance, standardizing disclosure processes across an enterprise, operating in an environment of disparate information technology (IT) and paper systems, managing data integrity, and navigating the sharing of electronic Protected Health Information (ePHI) and interoperability initiatives. These challenges, however, can be turned into opportunities for forward-thinking, tech-savvy HIM leaders to establish organizational leadership and develop innovative strategies.

MRO will lead an educational session at the upcoming AHIMA Convention and Exhibit in Baltimore exploring some of these opportunities. Alongside our Release of Information (ROI) client Charlotte Walton-Sweeney, RHIT, Director of HIM for Lancaster General Health/Penn Medicine, we will discuss how HIM leaders can leverage technology to improve operational efficiency, increase security and mitigate breach risk.

The following is a sneak peek into some of the ROI tips we’ll cover:

1. Deploy an enterprise-wide ROI platform
MRO research shows as many as 40 disclosure points in a health system, including HIM, radiology, billing offices and physician practices. Deploying one platform across a health system ensures standardized policies, procedures and technology are in place; improves compliance; and provides centralized oversight of ROI.

2. Utilize integrations with EMR and other hospital IT systems
Automating manual steps of the ROI process by enabling system integrations saves time and drives accuracy. Sophisticated ROI vendors off such system integration solutions, like MROeLink®. At its core, MROeLink is a direct synchronization between MRO’s PHI disclosure management platform, ROI Online®, and the ROI module within the Epic electronic medical record (EMR) system. It also includes a variety of other IT system integrations, such as an MPI patient lookup feature, which enables HIM staff to electronically access patient identifiers and demographics, and encounter history directly within ROI Online, eliminating the need for copying or retyping information.

3. Implement electronic delivery methods
Implementing electronic delivery methods, such as portal technology, esMD for CMS audits, integrations with the U.S. Social Security Administration for disability determination, and Direct Secure Messaging all improve efficiency by reducing associated time and labor, and reduce risk by moving paper processes to secure, electronic methods.

4. Leverage Quality Assurance (QA) technology
Technology can be used to enhance QA in the ROI process. For example, MRO’s record integrity application IdentiScan® is powered by optical character recognition (OCR) technology that “reads” medical records to identify comingled records, resulting in accuracy rates of 99.99 percent.

Be sure to attend our session at AHIMA to learn more, and complete the form below to request a copy of a case study detailing how Lancaster General Health/ Penn Medicine partnered with MRO to improve ROI quality, service and efficiencies.

Fill Out Form to Receive Lancaster General Health/Penn Medicine Case Study

Read More

HIMSS16 Reflections

After a busy yet exciting week at HIMSS16, most attendees are settling back into their daily routines, but strong impressions from the event remain. Main takeaways tend to vary from year to year, and this time, privacy and security was a prevailing theme across the HIMSS floor.

Several of MRO’s executive leaders shared insights from the event that reinforced this idea. For example, Charlie Wilson, CIO of MRO, noted, “A security awareness permeated the show, as there were a host of vendors that focused on cybersecurity, encryption, risk management, single sign-on with two-factor authentication; and there was buzz created by recent breach incidents, both domestic and international.” With the potential for both internal and external threats, his comments point out the wide range of issues that underlie security concerns.

Healthcare organizations clearly need to cover many fronts as part of their privacy and security vigilance; chief among them are enforcement of policies and procedures, protection of data integrity and mitigation of risk.

“Privacy, security and compliance are of paramount importance across the spectrum of healthcare products and services,” said Wilson.

Best Practices and Tools
Best practice concepts in managing the secure flow of Protected Health Information (PHI) were among major topics of discussion. Steve Hynes, CEO of MRO, noted that the creation of a Data Governance plan was in the forefront of ideas. Defining procedures and accountability to support stated enterprise-wide policies can help align the various departments of a healthcare group in a common effort to meet privacy and security standards.

Rita Bowen, MA, RHIA, CHPS, SSBG, Vice President of Privacy, HIM Policy and Education for MRO, saw a common focus on meeting these standards as well, saying, “innovation was a key theme.” Bowen noted the use of technology “as an enabling tool to assist in data quality and integrity standards, which are integral components of an organization’s Information Governance program.”

Finding and implementing the right tools can help organizations raise the bar to a higher level of data integrity. One example of such a tool is MRO’s IdentiScan®, introduced as a standalone record integrity application at HIMSS16. At MRO’s exhibit space, Bowen and colleague David Borden, CTO of MRO, demonstrated the tool which uses optical character recognition to review electronic medical records and flag any potentially misfiled records. Ensuring that the correct patient information is maintained in the health record is key to the successful use and exchange of PHI.

The conversations and awareness raised at HIMSS16 can serve to inspire healthcare providers and their business associates to implement new practices and technologies to improve privacy and security efforts. Healthcare organizations can collaborate with partners like MRO to build stronger methodologies and meet the challenges of enforcing compliance across their groups.

Missed MRO at HIMSS? No problem. Schedule your no-obligation demo of IdentiScan today and learn how you can improve record integrity, patient safety and quality of care.

Sign Up for Future Blog Posts

Read More

HIM: The Original Health Information Exchange(rs)

Sharing Documents

HIM: The Original Health Information Exchange(rs)

It wasn’t that many years ago that medical records consisted of reams of paper files stored in rows and rows of cabinets. It’s also not that long ago that fax machines were considered “high-tech.” Although the technology was lacking by today’s standards, health information management (HIM) professionals led initiatives around the exchange of patient health information, ensuring compliance with federal, state and facility patient-privacy policies.

Fast forward to today’s HIM department, where patient charts are digitized and can be electronically transmitted in a matter of seconds using electronic medical records (EMRs) and Health Information Exchanges (HIEs). Technology has changed the face of health information exchange, bringing about both challenges and opportunities that require HIM leaders to evolve their roles and keep pace with changing times.

For example, electronic exchange technologies are typically implemented by the information technology (IT) department without involving HIM professionals until late in the process. It is essential, however, that collaboration with HIM leaders occurs early in these HIE initiatives and throughout the process so they can offer their expertise and knowledge of best practices in information governance, workflow and compliance.

One way to get involved early in the planning and implementation is for HIM leaders to present potential exchange solutions to their IT peers. This requires research and education (and gumption). Often, a Release of Information (ROI) partner can be a great resource. A technologically advanced ROI company, in particular, likely offers some “HIE-like” solutions such as:

  • Direct Secure Messaging as a fax replacement
  • esMD delivery to the Centers for Medicare & Medicaid Services for audits
  • Social Security Administration interfaces for automating the disability claims process

With their HIM expertise and technology capabilities, your ROI partner can equip you with solutions, help raise your levels of influence, and assist in bridging the gap between HIM and IT. By opening the doors of communication and collaboration, the departments can work as a team to electronically exchange health information in a secure, compliant and efficient way.

Check out our white paper, Finding the Right Partner for Integrated HIE, which discusses the benefits of partnering with a PHI disclosure management firm to implement HIE-based solutions.

For even more information, please attend our session on HIM and IT collaboration around HIE at the 87th Annual AHIMA Convention in New Orleans. We will be presenting with Susan Carey, MHI, RHIT, PMP, who serves as System Director for HIM at Norton Healthcare, at 10 a.m. on Wednesday, September 30, 2015. Look forward to seeing you there!

Sign Up for Future Blog Posts

Read More