As we approach the 2018 AHIMA National Convention and Exhibit in Miami, held September 22-26, 2018 in Miami, MRO is very excited to exhibit and have the chance to mingle with our Health Information Management (HIM) partners and friends.

During exhibit hall hours, members of MRO’s leadership will be available at Booth 437 to discuss topics surrounding Protected Health Information (PHI) disclosure management, including industry trends, breach risk mitigation and MRO’s KLAS #1-rated Release of Information (ROI) solutions. We will also have a mentalist/magician performing in our booth on Monday and Tuesday, September 24 and 25.

Some other places you can find MRO during the convention include:

AHIMA’s Privacy, Cybersecurity, and Information Governance Institute

Saturday and Sunday, September 22-23
Miami Beach Convention Center, Art Deco Ballroom, Room 228 AB

AHIMA is committed to remaining the leader in privacy, cybersecurity, and Information Governance (IG) throughout healthcare. Because of this commitment and healthcare’s evolution—which requires continued education on the most current topics and trends in the industry—AHIMA’s annual Privacy and Security Institute is evolving. This year AHIMA is introducing the Privacy, Cybersecurity, and Information Governance (PCIG) Institute.

MRO is proud to sponsor this year’s PCIG Institute, and Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB, Vice President of Privacy, Compliance and HIM Policy for MRO will participate in Sunday’s 10:55am – 11:45am Eastern panel discussion “Privacy and Security Competency Gaps: How to Navigate Your Way to Success.”

Case Study for Business Office ROI: Yale New Haven Health

Monday, September 24
Miami Beach Convention Center, Exhibit Hall, Theater C
12:15pm – 1:05pm Eastern

Join Kim Charland, RHIT, CCS, Director of Revenue Cycle Services for MRO, and Cindy Zak, MS, RHIA, PMP, FAHIMA, Executive Director of Corporate HIM for Yale New Haven Health, for a presentation on exploring ways MRO’s Medical Record Attachment Services for the Business Office can help HIM leaders improve interdepartmental collaborative efforts to efficiently and compliantly fulfill ROI requests that support claim payments.

ROI Networking Roundtable

Monday, September 25
Miami Beach Convention Center, Room 209
3:30pm – 4:15pm Eastern

Attend the presentation “The Modern Age of ROI – Are You Up to Date?” to network with HIM peers and experts in the field, including MRO’s Rita Bowen and Angela Rose, MHA, RHIA, CHPS, FAHIMA, Vice President of Implementation Services. Bring to the table any issues or challenges faced in ROI and discuss best practices.

Educational Session: Project Management in HIM Implementations

Monday, September 25
Miami Beach Convention Center, Ocean Drive Ballroom A-D
4:30pm – 5:15pm Eastern

To learn best practices for utilizing project management skills in enterprise-wide HIM implementations, join Angela Rose and Emilie Sturm, Sr. Revenue Management Consultant for Trinity Health, for this exploratory session.

Meet MRO at AHIMA

MRO has been exhibiting at this convention every year since 2004. In our 15th year at the event, we anticipate this to be our best year yet. I am looking forward to learning about the latest industry trends and being able to see and spend time with all our clients and friends in attendance. We hope to see you there!

Managing the disclosure of Protected Health Information (PHI) from within a healthcare organization has become increasingly complex. As the volume of medical Release of Information (ROI) continues to rise, multiple disclosure points place organizations at risk for privacy breach. Many have turned to outsourcing Release of Information to promote proper PHI disclosure. Choosing the right vendor can be a challenge if you don’t know where to start. Here are some suggestions to make the process easier.

DO—Use HIM peer feedback

The best way to begin is by seeking feedback from HIM peers who have experience with ROI vendors. Trusted peers can help with steps to identify vendors that offer high levels of service quality, accuracy and compliance.

Ensure the vendor is equipped to handle a health system your size

In today’s environment, there are fewer independent hospitals than in the past. Increased consolidation among hospital groups adds a new level of complexity due to size of the organization. It’s important to conduct a thorough evaluation to ensure the vendor can accommodate the size of your organization.

Over the years, many independent hospitals have used small local ROI companies that served them well at the time. But as these organizations grow to include multiple facilities with hundreds of clinics, ROI becomes a more complicated process. Vendor reassessment involves two critical considerations—scalability and expertise. Does the vendor have the scalability to meet the needs of all facilities and the expertise to conduct the implementation from a proven project management perspective?

Scalability is especially important for organizations acquiring physician practices. For one organization, we are currently hiring 40 people to serve five hospitals and 300 physician practice locations. Few vendors are equipped to manage a project of that size. Organizations should consider the scope of the project and the vendor’s ability to conduct a smooth and seamless implementation. Best practice is to engage a dedicated implementation team of trained specialists to onboard staff and ensure a successful implementation.

Assess the vendor’s ability to offer high levels of service quality, accuracy and compliance

Your organization must have confidence in the vendor’s ability to measure quality and accuracy to ensure compliance. While seeking feedback from peers, review the company’s resources to assess quality standards, documentation processes, areas of priority and methods of measurement. What is the success rate in terms of service delivery and accuracy? What internal quality measures are in place to ensure proper disclosure of PHI and prevent breach? Also, look for independent measures of quality and reputation of a vendor you’re considering. One of those measures is KLAS, a third-party group that rates companies based on customer ratings.

DO—Visit the vendor

As part of the evaluation process, schedule an onsite visit. At MRO, we welcome the opportunity to show and tell what we do. Showing tells a lot about an organization. Take a tour of the workflow to see ROI processes firsthand. That’s where you’ll see those crucial quality checks.

DO—Leverage the latest technology innovations

Advanced technology is essential to provide optimal ROI services. Top priorities include EMR integration, electronic delivery, optical character recognition (OCR) technology for Quality Assurance, and IT expertise and leadership.

EMR integration

Look for technology with the capability to integrate with most EMR systems. Some ROI companies have built interfaces between their ROI platforms and EMRs to enhance workflows through automation. For example, MRO’s MROeLink® interface with Epic’s ROI module has the capability to automate typically manual and redundant steps in the ROI process to improve efficiency and reduce errors.

Electronic delivery

Organizations today need import and export capabilities that extend beyond extraction of information.

Look for the ability to receive requests and deliver information via electronic interchange. At MRO, we have thousands of portals set up with different organizations around the country to securely receive and deliver information. Additionally, our proprietary interface with SSA’s Disability Determination Services (DDS) and esMD for CMS enables healthcare organizations to enhance revenue, improve efficiency and drive compliance.

OCR technology for Quality Assurance

Quality Assurance requires the right people, processes and technology. The most effective programs offer technology and human intervention to review documents at various points within information management workflows. For example, we suggest a combination of OCR technology and specially trained staff to perform multiple quality checks during the ROI process. MRO’s IdentiScan® OCR validation technology checks for patient identifiers to catch comingled records. Any detected errors are quickly corrected and documented by Quality Assurance experts.

IT expertise and leadership

Finally, consider the vendor’s future plans for investment on the IT side of the ROI process. Many times smaller vendors can’t make large investments required to be on the leading edge of IT. Is the vendor forward thinking regarding IT? What capabilities are in place? Recommended practice is to have extensive internal IT resources backed by plans for future investment. Look for progressive companies with IT knowledge, experience and leadership.

DO—Consider an enterprise-wide approach

A centralized, enterprise-wide approach to PHI disclosure management is the recommended strategy to have complete confidence in achieving compliance. This approach guards a patient’s privacy while also protecting the organization against breach, financial risk and reputational harm. The benefits across the health system include:

• Standardized policies and procedures
• Consistent policy enforcement
• Improved patient and third-party requester experience
• Heightened PHI disclosure accuracy through quality-infused workflows

DON’T—Prioritize low cost over quality

Prioritizing low cost over quality and compliance will cost your organization more in the long run. Everyone wants the most economical deal, but not at the expense of quality. Noncompliance and associated costs are too great a risk. When evaluating a vendor, shop for accuracy and quality.

MRO is proud to be KLAS-rated #1 for outsourced Release of Information services, offering scalability, expertise, innovative technologies, and the highest levels of accuracy, quality and service. To request a demo of our ROI Online® solution, complete the form.

Begin with the end in mind.  – Stephen Covey

Stephen Covey will long be remembered as the author of The Seven Habits of Highly Effective People. The wisdom of those habits is applicable to organizations as well. When onboarding a new Release of Information (ROI) vendor, the end goal is to standardize policies and processes across the enterprise for timely, accurate and efficient disclosure of Protected Health Information (PHI).

Partnering with a new vendor for outsourcing Release of Information doesn’t have to be a daunting task. Whether your organization is managing ROI in house or considering a change from one outsourcing vendor to another, making a smooth transition across the enterprise is critical. Defined tasks and activities are required to successfully bring a new ROI vendor on board and resume normal operations as efficiently and effectively as possible. A seamless process begins with a dedicated implementation team to facilitate the transition, keeping the end goal in mind.

In our experience, organizations often encounter challenges that are difficult to overcome without the expertise of an implementation team. Here are some of the most common pitfalls:

• Lack of executive ownership
• Resistance from stakeholders, no buy-in
• Lack of process knowledge/ownership
• Scope creep—project not well defined, documented, controlled
• Communication issues
• Insufficient staffing, training and other resources
• Multiple technology platforms/EMR

Setting the Stage for PHI Disclosure Management Success: Six Strategies to Ensure a Smooth Transition

When evaluating an ROI vendor, be sure the vendor has a dedicated implementation team to facilitate a smooth transition. That is your first priority. The team will guide the implementation through the following six strategies:

Define the Project. Define the project scope, goals and objectives. Identify the project owner, executive sponsor and all stakeholders. Set expectations and accountability. Develop a timeline with milestones and phases.

Manage Contracts. Monitor and manage the terms of the contract to ensure contractual obligations are met. Deliver to the client exactly as specified in the contract. Proper management prevents scope creep.

Communicate. Provide ways to communicate with senior management and all stakeholders across the enterprise. Communication tools include internal memos, email templates, press releases, onsite meetings, workflow tips, helpline, monthly updates to senior management on timelines and milestones, and post-implementation touch-point calls. Communication builds trust.

Plan. Planning and communication go hand in hand. Otherwise, the project implementation plan won’t leave the conference room. To assist with planning, here at MRO, we provide new clients with a detailed overview of our implementation planning process including the following:

• Pre-Implementation Activities
• Implementation Timeline
• Go-Live Activities
• Post Implementation Activities

Planning is everything. Proper planning presents the opportunity to identify and address issues up front, setting the stage to achieve optimal results.

Document. Comprehensive documentation clearly defines the project desired outcomes. Transparency and accountability are essential. One of our practices is to send welcome packets introducing what we do and what’s going to happen during the implementation period, along with escalation pathways and MRO contact information. Throughout the transition, we provide a detailed agenda for every meeting, minutes following each meeting, training documentation, videos, monthly updates and project monitoring reports. The entire process is documented from the beginning.

Train and Educate. In preparation for go-live, an effective training and education program promotes successful outcomes. The recommended strategy is to begin training after the planning phase and continue throughout go-live. At MRO, our implementation specialists provide training on MRO ROI policies and procedures, current and legacy EMR systems, HIPAA privacy and security, ROI Online® system use and best practices.

Best Practices Yield Optimal Outcomes

Beginning with the end in mind, providers and vendors should work together to help organizations achieve timely, accurate and efficient ROI outcomes.  At MRO, our dedicated implementation team guides you every step of the way with proven strategies to ensure a seamless transition.

Releasing medical records from a healthcare organization’s business office can be accomplished in a more efficient and cost-effective method. Instead of distracting billers and collectors from their main duties of collecting revenue, business offices should consider the following options to improve efficiency and ensure proper tracking of Protected Health Information (PHI). I provide more detailed information in an HFMA blog “PHI Disclosure Management in the Business Office.”

Centralize all Requests for Records

If the business office wishes to continue to process using their staff, the function should be centralized and assigned to a core group of processors to fulfill all requests. This will help minimize administrative burden from the billers and collectors. Centralization also promotes consistent, standardized processes. These dedicated business office staff should be thoroughly trained in proper PHI disclosure management to maximize efficiency, eliminate redundancy and mitigate risk of HIPAA breach for requests that may fall outside of TPO such as itemized bills for outside attorney requests.

Transfer the Work to HIM

HIM staff are well trained in processing requests for information. They have the knowledge and skills to complete requests efficiently and in compliance with HIPAA guidelines. Nevertheless, some organizations fear delegating this function to HIM because of concerns regarding timeliness and payer deadlines. To reduce turnaround time fears, the following four best practices should be implemented:

1. Ensure open and ongoing communication between the business office and HIM
2. Optimize the use of EHR and PHI disclosure management technologies to route requests and share information
3. Assign dedicated Release of Information (ROI) experts to support the business office and process requests
4. Conduct regular meetings to discuss new trends in payer requests and proactively improve turnaround time through SFTP delivery

Outsource Business Office PHI Disclosures

A number of national firms, including MRO, provide Release of Information services to process payer requests. MRO’s services for business office disclosure management ensure timely delivery of information to payers, full compliance with HIPAA guidelines, and around-the-clock staffing to avoid backlogs or delays.

Careful and strategic tracking of information released, to whom and why, will make the PHI disclosure process more efficient. If your organization needs to improve this process, you should consider: centralization, delegating work to HIM or outsourcing PHI disclosure management. By implementing these alternative workflow options, your organization will be taking the right steps towards improving billing processes and decreasing denials.

From encoders to Electronic Health Records (EHRs), Health Information Management (HIM) professionals are often tasked with enterprise-wide project management including new technologies, changing workflows and centralized operations. These massive projects require strong HIM skills, expanded partnerships and greater collaboration among vendors, HIM, IT and others. With leadership skills, specialized education, and peer-to-peer relationships, HIM professionals are perfectly positioned to promote collaboration among all stakeholders, secure executive support, ensure timelines are met and cover every detail of an enterprise-wide initiative.

A few months ago, I moderated a roundtable discussion with three HIM experts: consultant, Pat Biesboer, RHIA, MSS, PMP; Susan Carey, MHI, RHIT, PMP, FAHIMA, System Director of HIM for Norton Healthcare; and Emilie Sturm, MA, RHIA, CHPS, Senior Revenue Management Consultant for Trinity Health. They each discussed mapping out enterprise-wide projects, such as PHI disclosure management and how to meet milestones and resolve common challenges. You can find the full discussion, “Using HIM Skills to Lead Enterprise-Wide Projects: An Expert Roundtable,” in the February 2018 issue of Journal of AHIMA.

During the roundtable, all three HIM experts provided their main lessons learned from their experiences as enterprise-wide project managers. If you are an HIM professional, you may benefit from reviewing the lessons below:

1. 1. Provide concise, timely, and honest communication. Keep people motivated by injecting fun into your discussions. Keep the current status in front of stakeholders according to a regular schedule, providing the degree of detail they need.
   2. Have realistic expectations and transparency. If difficulties are expected, prepare the team ahead of time. This will help build trust.
   3. Follow stated goals. Guide your team toward the goals you established. When you run into blockers, review your options. Objectively provide the background, options, rationale and a recommended direction to maintain forward progress.
   4. Avoid bringing assumptions to the table. Remain open-minded and validate your expectations. Susan Carey reflected, “When I was the project manager for our EHR’s operating room, nursing and HIM modules, I mistakenly assumed that IT resources understood HIM. Looking back, I should have educated my peers who were managing other parts of the project regarding the tenets of HIM. This would have facilitated HIM operations leaders’ attempts to maintain decision-making regarding the electronic record configurations and policy.”
   5. Conduct reference calls with organizations using any technology you are considering. HIM needs differ from those of other departments. Current users can suggest ways to configure applications to best meet your needs and save valuable implementation time and resources.
   6. Perform as a project manager with HIM knowledge. Project managers are valuable when they have subject matter expertise and can develop subsidiary plans within the overall project management plan.
   7. Have the right stakeholders at the table when starting a project. Due diligence should be conducted to map out all areas of the project and determine vested parties. Having the right team on board provides for a productive group of multidisciplinary professionals with varying expertise.
   8. Identify lessons learned during each phase of a multiphase project. With a multiphase project, such as a system rollout, identify lessons learned during each phase. When possible, incorporate those lessons into the next phase for a stronger outcome. As your timeline allows, be flexible and don’t hesitate to post-pone a go-live if critical goals are not yet achieved.
   9. Communicate often with your project team and stakeholders. For HIM-driven projects, it’s critical that the local HIM director communicates with key constituents or peers. Establish regular meetings over the course of each project or expand your schedule if necessary. Disseminate project management tools such as timelines and meeting minutes to the project team. Regularly review the project plan to monitor progress compared with the overall timelines.

   Though HIM professionals have always managed projects, enterprise-wide endeavors raise the bar for communication, organization and leadership. HIM professionals have unique abilities to manage enterprise-wide projects. More importantly, HIM professionals can help team members solve problems, achieve their goals and enjoy the journey.

   If you are interested in learning more about this topic, come join me and Emilie Sturm, MA, RHIA, CHPS, Senior Revenue Management Consultant for Trinity Health, at the 2018 AHIMA National Convention in Miami, for our presentation titled “Project Management in Enterprise-Wide HIM Implementations.”

Small scale privacy breaches, like those caused by errors in the Release of Information process, can be just as damaging to healthcare organizations as larger breaches. The repercussions include both monetary penalties and reputational harm. With the stakes this high, it is important to ensure the highest levels of quality when disclosing Protected Health Information (PHI).

The Cost of PHI Breach

Although small breaches, affecting less than 500 patients per incident, are not usually broadcasted as widely as a large cyberattack, the financial impact is real.

• Each breach can cost between $8,000 to $300,000, not including HIPAA violation civil penalties.

• Penalties are rising to as much as $50,000 per breach with a maximum of $1.5 million annually for repeated occurrences.

• As many as 10 states now consider HIPAA to be the “relevant standard of care for state privacy violation claims brought by individuals.”

Release of Information – Risky Business

Criminal attacks and lost or stolen devices were the root cause of most PHI data breaches in recent years, but almost as many—40 percent—were due to “unintentional employee action,” according to 2015 survey results from the Ponemon Institute.

Unintentional employee actions include more than using the wrong fax number or mailing address when disclosing PHI. There are multiple points in the ROI process that can result in breaches.

• With typical ROI workflows, 20 to 30 percent of all submitted authorizations are initially found to be invalid. MRO’s research shows there are around 100 types of authorization errors.

• Five percent or more of patient data in Electronic Medical Records (EMRs) have integrity issues, including comingling of patient records.

• Well-trained ROI specialists will catch the majority of mixed records; however, with just one level of quality control, up to 0.7 percent will contain mixed patient data.

Additionally, in the typical ROI workflow, requests for health information come into a facility and are logged by onsite ROI staff that also handle many other responsibilities, such as: requester calls, support and issue resolutions, record retrieval, invoicing and collections, producing copies, and delivering records. There is no “second set of eyes” for Quality Assurance. This approach results in inefficiencies, distractions and increased errors.

Closing the Quality Assurance Gap in ROI

At MRO, we believe the best practice is to ensure “second set of eyes” Quality Assurance measures are taken across multiple steps of the ROI process. Not one, but two teams should check each ROI authorization for accuracy, in addition to checking PHI multiple times for accuracy, e.g. ensuring there are no comingled records.

Sophisticated ROI vendors will offer technologies to assist with this process – like MRO’s IdentiScan® record integrity application that uses optical character recognition to scan for mixed patient data. Technology, such as barcoding systems, can also be used to maintain shipping integrity.

Introducing MRO’s Two Private Eyes on Your ROI

If you subscribe to the Journal of AHIMA, or have visited MRO’s website or social media pages recently, you may have noticed our new campaign called Two Private Eyes on Your ROI. This theme was developed by the creative team at MRO. The idea was born while brainstorming ad concepts that could be tied into a Miami theme, with the 2018 annual AHIMA Convention being hosted in Miami Beach. What started as a Miami Vice theme quickly turned to a private investigator theme when the idea of “Two Private Eyes on your ROI” – a play on MRO’s “second set of eyes” redundant quality checks within our Release of Information workflow – was bounced around. Since the Miami Vice detectives were with the police force and not PI’s, we looked at famous private eyes over history and developed the characters Magnum PHI and SureLook Holmes.

Be sure to check out the “premier episode” of Two Private Eyes on Your ROI by visiting our microsite.

Three major types of payer record reviews are conducted every year: Healthcare Effectiveness Data and Information Set (HEDIS), Medicare Risk Adjustment, and Commercial Risk Adjustment. A HEDIS Review, in particular, is performed by a payer or health plan to measure the quality and effectiveness of care delivered to their covered patient populations. They are the smallest of the three major payer reviews and occur every year from January to mid-May.

As the volume of payer and health plan reviews continues to sky rocket, millions of patient records are requested. From 2016 to 2017, payer review requests to MRO clients increased by 14%, with HEDIS Review requests increasing from 2% to 3% of the total Release of Information requests processed by MRO nationally.

A recent article in HIM Briefings about HEDIS Reviews details benefits, lessons learned, and what to expect. Below are three important tips that are outlined for providers to prepare for the upcoming HEDIS Review season.

Tips for Managing Payer Requests During the Upcoming HEDIS Review Season

In working with payer record reviews, several practical strategies have emerged to minimize payer-provider abrasion and reduce operational costs. Providers should take a proactive approach and follow these three tips:

1) Engage early.
The National Committee for Quality Assurance (NCQA) is proactive in announcing which quality measures will be targeted for review in the year ahead. For example, the 2018 NCQA quality measures are now published and available to both providers and payers. Proactive providers should reach out to their contracted payers and health plans in December or January to discuss the upcoming HEDIS Review season. With the potential for thousands of medical records to be requested between January and May, two conversations are critical: expected volumes and reimbursement for the provider’s efforts. Keep in mind this dialogue sets the tone for the relationship.

2) Determine expected volumes.
The most important conversation that should occur between payer and provider is about determining the number of record requests that will be received. Be sure to plan ahead for the increased staff workload needed to produce the required medical record documentation. The number of requests depends on the size of the hospital or the healthcare system. Each payer has a designated HEDIS Review team responsible for the program. Contact the team lead or local health plan representative to schedule this conversation during the HEDIS Review planning period in December or January.

3) Set rate for records.
The initial perception in the industry suggested that providers could not charge payers for the time, manpower, and mailing costs associated with producing records for a HEDIS Review. However, this is not the case. Payers understand the tremendous staff burden on providers and are willing to reimburse them for their efforts.

How Your Release of Information Vendor Can Help

At MRO, we utilize our industry knowledge and “easy to work with” approach to create partnerships with payers and their vendors to streamline the processing of HEDIS Review, Medicare Risk Adjustment and Commercial Risk Adjustment projects. This process includes establishing a rate per chart for these projects, as payers are willing to pay for review requests regardless of the language in the managed care contracts. We have found that most payers are reasonable and understand the cost associated with producing these high-volume requests. Hence, why they are willing to pay for them. MRO ensures that the cost of producing these records is not a burden on our clients.
Watch the below video interview to learn more about reducing payer-provider abrasion, and what MRO is doing to help providers handle these payer review requests.

To sign up for future blog posts, complete the form below.