Reducing PHI breach risk essential for physician groups
For many physician groups, Protected Health Information (PHI) disclosure policies and procedures can vary greatly between practice locations. This variability and limited administrative oversight increases the risk of a PHI breach, which can be costly in terms of reputational damage and financial consequences.
Transitioning a physician group from multiple different Release of Information (ROI) processes to a single ROI technology platform, with the help of an experienced and knowledgeable PHI disclosure management partner, can help identify errors before records are released and avoid these costly breaches. A standardized process across any size practice through a single platform ensures that consistent and compliant ROI policies and procedures are enforced and safeguards are established to prevent a breach.
Practices face same improper disclosure liability as hospitals
Physician practices carry the same PHI disclosure liability as hospitals, although many groups lack the resources of a large health system to recover from a significant breach. HIPAA financial penalties can be as much as $50,000 per breach or $1.5 million annually for repeated occurrences. In addition to such penalties, there are soft costs associated with each breach, ranging from $8,000 to $300,000, according to the results of an American National Standards Institute (ANSI) survey of organizations that had been affected by a PHI breach. Those figures do not include the HIPAA violation civil penalties, but rather costs such as credit or identity-theft monitoring for breach victims, forensic and legal fees, and reputational harm, including loss of goodwill and of business, according to survey respondents. In addition, the reputational harm suffered by practices due a breach may be more significant than a hospital due to the group’s more narrow patient population.
Just because practices typically have fewer overall ROI requests than hospitals or health systems doesn’t mean a breach is any less likely. MRO’s research shows there are more than 100 error types found across ROI authorizations and that 20 to 30 percent of authorizations are initially invalid. Plus, the PHI disclosure processes that many practices follow are highly susceptible to human error. These errors could include disclosing the wrong patient records due to co-mingled records, which affect at least 0.7 percent of releases.
Practices may not even be aware of how many unauthorized ROI requests are approved, or have tools to identify and prevent the release of comingled records. And without safeguards to mitigate risk, practices may facing the matter of “when” rather than “if” a breach will occur.
Reduce risk, increase efficiency
Standardizing PHI disclosure across physician practices with a centralized ROI solution can help reduce this risk by ensuring consistently enforced policies and procedures. With a single technology platform and an experienced, knowledgeable PHI disclosure management team than can offer best practices and tools, a physician group’s procedures can become compliant faster while reliving practice staff of the burdens of ROI, including Quality Assurance and billing.
Best of all, centralizing and standardizing ROI processes through an outsourced partner can give practices more time and resources to concentrate on revenue-generating activities, and most importantly, focus on patient care. The liability of establishing safeguards to mitigate breach risk should be a business partner’s concern so practice staff can focus on what truly matters: patients and their care.
To learn more how your group can reduce breach risk and increase efficiency, please read about Lehigh Valley Physician Group’s experience with centralizing their PHI disclosure here.