Releasing medical records from a healthcare organization’s business office can be accomplished in a more efficient and cost-effective method. Instead of distracting billers and collectors from their main duties of collecting revenue, business offices should consider the following options to improve efficiency and ensure proper tracking of Protected Health Information (PHI). I provide more detailed information in an HFMA blog “PHI Disclosure Management in the Business Office.”

Centralize all Requests for Records

If the business office wishes to continue to process using their staff, the function should be centralized and assigned to a core group of processors to fulfill all requests. This will help minimize administrative burden from the billers and collectors. Centralization also promotes consistent, standardized processes. These dedicated business office staff should be thoroughly trained in proper PHI disclosure management to maximize efficiency, eliminate redundancy and mitigate risk of HIPAA breach for requests that may fall outside of TPO such as itemized bills for outside attorney requests.

Transfer the Work to HIM

HIM staff are well trained in processing requests for information. They have the knowledge and skills to complete requests efficiently and in compliance with HIPAA guidelines. Nevertheless, some organizations fear delegating this function to HIM because of concerns regarding timeliness and payer deadlines. To reduce turnaround time fears, the following four best practices should be implemented:

1. Ensure open and ongoing communication between the business office and HIM
2. Optimize the use of EHR and PHI disclosure management technologies to route requests and share information
3. Assign dedicated Release of Information (ROI) experts to support the business office and process requests
4. Conduct regular meetings to discuss new trends in payer requests and proactively improve turnaround time through SFTP delivery

Outsource Business Office PHI Disclosures

A number of national firms, including MRO, provide Release of Information services to process payer requests. MRO’s services for business office disclosure management ensure timely delivery of information to payers, full compliance with HIPAA guidelines, and around-the-clock staffing to avoid backlogs or delays.

Careful and strategic tracking of information released, to whom and why, will make the PHI disclosure process more efficient. If your organization needs to improve this process, you should consider: centralization, delegating work to HIM or outsourcing PHI disclosure management. By implementing these alternative workflow options, your organization will be taking the right steps towards improving billing processes and decreasing denials.

From encoders to Electronic Health Records (EHRs), Health Information Management (HIM) professionals are often tasked with enterprise-wide project management including new technologies, changing workflows and centralized operations. These massive projects require strong HIM skills, expanded partnerships and greater collaboration among vendors, HIM, IT and others. With leadership skills, specialized education, and peer-to-peer relationships, HIM professionals are perfectly positioned to promote collaboration among all stakeholders, secure executive support, ensure timelines are met and cover every detail of an enterprise-wide initiative.

A few months ago, I moderated a roundtable discussion with three HIM experts: consultant, Pat Biesboer, RHIA, MSS, PMP; Susan Carey, MHI, RHIT, PMP, FAHIMA, System Director of HIM for Norton Healthcare; and Emilie Sturm, MA, RHIA, CHPS, Senior Revenue Management Consultant for Trinity Health. They each discussed mapping out enterprise-wide projects, such as PHI disclosure management and how to meet milestones and resolve common challenges. You can find the full discussion, “Using HIM Skills to Lead Enterprise-Wide Projects: An Expert Roundtable,” in the February 2018 issue of Journal of AHIMA.

During the roundtable, all three HIM experts provided their main lessons learned from their experiences as enterprise-wide project managers. If you are an HIM professional, you may benefit from reviewing the lessons below:

1. 1. Provide concise, timely, and honest communication. Keep people motivated by injecting fun into your discussions. Keep the current status in front of stakeholders according to a regular schedule, providing the degree of detail they need.
   2. Have realistic expectations and transparency. If difficulties are expected, prepare the team ahead of time. This will help build trust.
   3. Follow stated goals. Guide your team toward the goals you established. When you run into blockers, review your options. Objectively provide the background, options, rationale and a recommended direction to maintain forward progress.
   4. Avoid bringing assumptions to the table. Remain open-minded and validate your expectations. Susan Carey reflected, “When I was the project manager for our EHR’s operating room, nursing and HIM modules, I mistakenly assumed that IT resources understood HIM. Looking back, I should have educated my peers who were managing other parts of the project regarding the tenets of HIM. This would have facilitated HIM operations leaders’ attempts to maintain decision-making regarding the electronic record configurations and policy.”
   5. Conduct reference calls with organizations using any technology you are considering. HIM needs differ from those of other departments. Current users can suggest ways to configure applications to best meet your needs and save valuable implementation time and resources.
   6. Perform as a project manager with HIM knowledge. Project managers are valuable when they have subject matter expertise and can develop subsidiary plans within the overall project management plan.
   7. Have the right stakeholders at the table when starting a project. Due diligence should be conducted to map out all areas of the project and determine vested parties. Having the right team on board provides for a productive group of multidisciplinary professionals with varying expertise.
   8. Identify lessons learned during each phase of a multiphase project. With a multiphase project, such as a system rollout, identify lessons learned during each phase. When possible, incorporate those lessons into the next phase for a stronger outcome. As your timeline allows, be flexible and don’t hesitate to post-pone a go-live if critical goals are not yet achieved.
   9. Communicate often with your project team and stakeholders. For HIM-driven projects, it’s critical that the local HIM director communicates with key constituents or peers. Establish regular meetings over the course of each project or expand your schedule if necessary. Disseminate project management tools such as timelines and meeting minutes to the project team. Regularly review the project plan to monitor progress compared with the overall timelines.

   Though HIM professionals have always managed projects, enterprise-wide endeavors raise the bar for communication, organization and leadership. HIM professionals have unique abilities to manage enterprise-wide projects. More importantly, HIM professionals can help team members solve problems, achieve their goals and enjoy the journey.

   If you are interested in learning more about this topic, come join me and Emilie Sturm, MA, RHIA, CHPS, Senior Revenue Management Consultant for Trinity Health, at the 2018 AHIMA National Convention in Miami, for our presentation titled “Project Management in Enterprise-Wide HIM Implementations.”

Small scale privacy breaches, like those caused by errors in the Release of Information process, can be just as damaging to healthcare organizations as larger breaches. The repercussions include both monetary penalties and reputational harm. With the stakes this high, it is important to ensure the highest levels of quality when disclosing Protected Health Information (PHI).

The Cost of PHI Breach

Although small breaches, affecting less than 500 patients per incident, are not usually broadcasted as widely as a large cyberattack, the financial impact is real.

• Each breach can cost between $8,000 to $300,000, not including HIPAA violation civil penalties.

• Penalties are rising to as much as $50,000 per breach with a maximum of $1.5 million annually for repeated occurrences.

• As many as 10 states now consider HIPAA to be the “relevant standard of care for state privacy violation claims brought by individuals.”

Release of Information – Risky Business

Criminal attacks and lost or stolen devices were the root cause of most PHI data breaches in recent years, but almost as many—40 percent—were due to “unintentional employee action,” according to 2015 survey results from the Ponemon Institute.

Unintentional employee actions include more than using the wrong fax number or mailing address when disclosing PHI. There are multiple points in the ROI process that can result in breaches.

• With typical ROI workflows, 20 to 30 percent of all submitted authorizations are initially found to be invalid. MRO’s research shows there are around 100 types of authorization errors.

• Five percent or more of patient data in Electronic Medical Records (EMRs) have integrity issues, including comingling of patient records.

• Well-trained ROI specialists will catch the majority of mixed records; however, with just one level of quality control, up to 0.7 percent will contain mixed patient data.

Additionally, in the typical ROI workflow, requests for health information come into a facility and are logged by onsite ROI staff that also handle many other responsibilities, such as: requester calls, support and issue resolutions, record retrieval, invoicing and collections, producing copies, and delivering records. There is no “second set of eyes” for Quality Assurance. This approach results in inefficiencies, distractions and increased errors.

Closing the Quality Assurance Gap in ROI

At MRO, we believe the best practice is to ensure “second set of eyes” Quality Assurance measures are taken across multiple steps of the ROI process. Not one, but two teams should check each ROI authorization for accuracy, in addition to checking PHI multiple times for accuracy, e.g. ensuring there are no comingled records.

Sophisticated ROI vendors will offer technologies to assist with this process – like MRO’s IdentiScan® record integrity application that uses optical character recognition to scan for mixed patient data. Technology, such as barcoding systems, can also be used to maintain shipping integrity.

Introducing MRO’s Two Private Eyes on Your ROI

If you subscribe to the Journal of AHIMA, or have visited MRO’s website or social media pages recently, you may have noticed our new campaign called Two Private Eyes on Your ROI. This theme was developed by the creative team at MRO. The idea was born while brainstorming ad concepts that could be tied into a Miami theme, with the 2018 annual AHIMA Convention being hosted in Miami Beach. What started as a Miami Vice theme quickly turned to a private investigator theme when the idea of “Two Private Eyes on your ROI” – a play on MRO’s “second set of eyes” redundant quality checks within our Release of Information workflow – was bounced around. Since the Miami Vice detectives were with the police force and not PI’s, we looked at famous private eyes over history and developed the characters Magnum PHI and SureLook Holmes.

Be sure to check out the “premier episode” of Two Private Eyes on Your ROI by visiting our microsite.

Three major types of payer record reviews are conducted every year: Healthcare Effectiveness Data and Information Set (HEDIS), Medicare Risk Adjustment, and Commercial Risk Adjustment. A HEDIS Review, in particular, is performed by a payer or health plan to measure the quality and effectiveness of care delivered to their covered patient populations. They are the smallest of the three major payer reviews and occur every year from January to mid-May.

As the volume of payer and health plan reviews continues to sky rocket, millions of patient records are requested. From 2016 to 2017, payer review requests to MRO clients increased by 14%, with HEDIS Review requests increasing from 2% to 3% of the total Release of Information requests processed by MRO nationally.

A recent article in HIM Briefings about HEDIS Reviews details benefits, lessons learned, and what to expect. Below are three important tips that are outlined for providers to prepare for the upcoming HEDIS Review season.

Tips for Managing Payer Requests During the Upcoming HEDIS Review Season

In working with payer record reviews, several practical strategies have emerged to minimize payer-provider abrasion and reduce operational costs. Providers should take a proactive approach and follow these three tips:

1) Engage early.
The National Committee for Quality Assurance (NCQA) is proactive in announcing which quality measures will be targeted for review in the year ahead. For example, the 2018 NCQA quality measures are now published and available to both providers and payers. Proactive providers should reach out to their contracted payers and health plans in December or January to discuss the upcoming HEDIS Review season. With the potential for thousands of medical records to be requested between January and May, two conversations are critical: expected volumes and reimbursement for the provider’s efforts. Keep in mind this dialogue sets the tone for the relationship.

2) Determine expected volumes.
The most important conversation that should occur between payer and provider is about determining the number of record requests that will be received. Be sure to plan ahead for the increased staff workload needed to produce the required medical record documentation. The number of requests depends on the size of the hospital or the healthcare system. Each payer has a designated HEDIS Review team responsible for the program. Contact the team lead or local health plan representative to schedule this conversation during the HEDIS Review planning period in December or January.

3) Set rate for records.
The initial perception in the industry suggested that providers could not charge payers for the time, manpower, and mailing costs associated with producing records for a HEDIS Review. However, this is not the case. Payers understand the tremendous staff burden on providers and are willing to reimburse them for their efforts.

How Your Release of Information Vendor Can Help

At MRO, we utilize our industry knowledge and “easy to work with” approach to create partnerships with payers and their vendors to streamline the processing of HEDIS Review, Medicare Risk Adjustment and Commercial Risk Adjustment projects. This process includes establishing a rate per chart for these projects, as payers are willing to pay for review requests regardless of the language in the managed care contracts. We have found that most payers are reasonable and understand the cost associated with producing these high-volume requests. Hence, why they are willing to pay for them. MRO ensures that the cost of producing these records is not a burden on our clients.
Watch the below video interview to learn more about reducing payer-provider abrasion, and what MRO is doing to help providers handle these payer review requests.

To sign up for future blog posts, complete the form below.

As I reflect during this year’s Thanksgiving season, I find it both gratifying and humbling to see the progress that MRO has made since our humble beginnings in 2002. We formed MRO on the premise that a better platform for Release of Information (ROI) could be built, and we continue to evolve and meet the demands of our changing industry.

This year marked the company’s 15th anniversary, and as a co-founder of the company, I have had the great honor and privilege of watching the organization evolve and grow. There have been both exciting and interesting times throughout MRO’s history, including major milestones that helped transform the organization into the industry-recognized leader for Protected Health Information (PHI) disclosure management. I would like to take a moment to thank all our clients, employees and partners for the company’s continued growth and success.

Highlights and Milestones for MRO in 2017 Include:

• MRO was named the KLAS Category Leader in the Release of Information service category for the fourth year in a row. As the 2017 Category Leader, MRO was rated No. 1 for ROI with an overall performance score of 93.7 out of 100, an increase from 91.9 in the 2015/2016 Best in KLAS: Software & Services report. KLAS scores are weighted in the following key areas – sales and contracting, implementation and training, service and support, and general and overall services.
• Our Patient Advocate program at MRO’s National Service Center won a Stevie^®Award for innovation in customer service. The Patient Advocate program was initiated by MRO’s Client Support team in 2016 to elevate the PHI disclosure management company’s focus on patient satisfaction. The Patient Advocate team provides specialized support to patients requesting medical records from MRO’s client locations.
• Philly.com named MRO the No. 34 midsize company on a list of Top Workplaces in Philadelphia. Out of 14,000 companies in the Philadelphia area, only 125 companies made this prestigious list.
• Inc. magazine named MRO one of the fastest-growing private companies in the nation for the third year in a row. MRO’s appearance at No. 3988 on the annual list was a rare third showing after the company ranked No. 3903 in 2016, and 3290 in 2015.

We are proud to be recognized for our strong client and employee satisfaction scores as MRO grows, and we strive to continuously exceed expectations.

I’ll close with a note to our clients that it was great seeing so many of you at the recent AHIMA Convention in Los Angeles. Being at the convention this year only added to my sentiments as we had one of the larger booths in the exhibit hall. It doesn’t seem all that long ago that we were a first-time vendor with a small exhibit space and a handful of clients. I talk about MRO’s history exhibiting at the convention in the below video. Watch it to hear a funny story about our first time exhibiting!

2017 AHIMA Reflections Video: MRO’s History of Exhibiting

Our company’s success would not be possible without the contributions and support of so many people over the years, for which I am eternally grateful. Thank you, and Happy Thanksgiving!

To sign up for future blog posts, complete the form below.

Henry Ford Health System (HFHS) is one of the nation’s largest healthcare providers. The auto pioneer himself founded it in 1915 to serve Detroit autoworkers. The group has since grown into an integrated health system employing more than 30,000 full-time workers and handling millions of patient visits a year.

HFHS Partners with MRO for Release of Information

To better meet the needs of its patients, HFHS turned to MRO for outsourcing Release of Information (ROI) more than a decade ago. HFHS was one of MRO’s early clients, and we’re proud that they are still a client today. Over the years, we have continued to evolve our Protected Health Information (PHI) disclosure management services to meet the changing needs of our clients. A recent example is the implementation of MROeLink®, an interface between MRO’s ROI Online® platform and HFHS’s Epic medical records software. With the interface in place, our client has realized notable productivity improvements.

Watch the video below to hear Sheila Bowlds, Director of HIM and Hospital Coding at Henry Ford Health System, share why HFHS continues to partner with MRO, including some details around our MROeLink Epic integration.

Transcript

Hi, my name’s Sheila Bowlds, and I am the Director of HIM and Hospital Coding at Henry Ford Health System.

Henry Ford Health System is a large health system located with its main campus in Detroit, Michigan, with about an 800-bed hospital there. In addition to that, there are four other acute care hospitals located in the southeastern Michigan area, along with several clinics. In addition to that, there is a detox hospital and also a mental health hospital.

Henry Ford Health System has been with MRO for approximately 13 years. We were one of the initial customers, and I’ve only been at Henry Ford Health System for a year and a half. I’ve had very good experiences with MRO. We have a Shared Services relationship with MRO, where our staff do the inputting of the authorizations and then also the pushing out of the documents to MRO. Then, MRO does the rest of the release, handles anything in the call center, does all the billing and takes care of all that business for us.

I came from a health system where everything was done internally. So, working with MRO, when a patient has a question, they call MRO, and MRO handles it very positively. With any issues that come up, MRO is very attentive in taking care of any of those issues.

We did just initiate MROeLink. The MROeLink has been a really great success for our health system, and the MROeLink has improved the turnaround time because it’s the technology that can be used with that. And the request can be input more quickly because there is an interface with Epic that can pull across the demographic information; and then, also when they’re working on the releases, they can work on multiple releases at one time rather than having to wait. So, I think it’s just been a really good success.

Henry Ford Health System continues to partner with MRO because it’s been a long-standing relationship— a very positive relationship. It’s very collaborative, so whenever we have something that we need, we feel free to contact MRO. And, they’re always very attentive to anything that is needed.

The top reasons I would recommend MRO is that we have a very collaborative relationship with MRO, and that we use the Shared Services model which our staff can still control what is being sent out to the patient or to the requester, and MRO will take care of all the back office business that’s needed for those releases. They take care of all the call centers, all the billing and all the mailing. There’s also the technology from them that they can push out in a different type of file or we wouldn’t have that type of capability.

We have a very good relationship with MRO. I do feel like it is a very team oriented type of a relationship, and that they’re very attentive. They provide education to my staff. They’re very up on any new Release of Information type of regulations that come up. And, they help guide us also in that type of release and making sure we’re up to date on everything.

To sign up for future blog posts, complete the form below.