App-Based Release of Information Comes of Age

App-Based Release of Information Comes of Age

Jun 25, 2020 | Uncategorized

Date: July 15, 2:00 pm – 3:00 pm EST Presenters: Reginald Abadsantos, RHIT HIM Operations Supervisor, NCH Healthcare System Panel of HIM and ROI Leaders Linda Kloss, RHIA Kloss Strategic Advisors, Inc. and Regulatory Policy Leader, Disclosure Management, Verisma NCH Health System, Naples FL is a true pioneer in the use of Web-based App technology to support record request and release processes.  Implemented in 2018, NCH deployed Verisma’s Request App™ (VRA) to improve service to patients. NCH Health System is a large regional health system that also supports an older “snowbird” patient population living part of the year in Florida and often needing access to their health information from afar. It experienced rapid uptake VRA and strongly positive customer satisfaction feedback. What NCH could not anticipate was the key role VRA would play in a time of COVID-19, enabling paperless request processing and electronic release despite workflow and disruptions due to work from home and other adaptations. This is a lesson that many of our health systems clients have come to appreciate as the use of VRA has now grown to over 1,500 sites of care. While the Office of the National Coordinator for Health IT (ONC) announced rules supporting patient access to their health information, it was pioneers like NCH and others who have built the story of how the right technology at the right time can transform a process long overdue for disruption. In this Webinar, you will learn from NCH’s firsthand experience with use of VRA for release of information. You will also learn about the goals and experiences of other health systems using VRA. The essential technical, integration, security, and functionality requirements for an ROI app will be discussed as will implementation considerations. Presenters will describe the importance of teamwork among HIM, CIO, compliance and others working together to deploy Web technology to update what is often an outmoded fundamental building block for ROI. Learning Objectives
  • Learn from health systems’ experiences in implementing and using apps for release of information to patients and third parties,
  • Describe realized benefits and impact of use of apps for release of information on improved customer services, productivity, and cost management,
  • Understand the federal policy environment that encourages the use of apps to improve access and disclosure of protected health information, and
  • Review the technology and privacy and security requirements for release of information apps.
 Approved for 1 AHIMA CEU Credit for Information Protection: Access, Disclosure, Archival, Privacy and Security

VIEW RECORDING

Verisma Announces Opening of Three New Regional Training and Support Centers of Excellence

Jun 16, 2020 | News and Events

Verisma is excited to announce its continued expansion across the country with the grand opening of three new Regional Training and Support Centers of Excellence in Florida, Ohio, and Wisconsin to further support the demand and rapid growth from new and existing clients. These strategically placed regional offices led by our expert team of Client Operations Directors, professional trainers, HR management and oversight teams will enhance our comprehensive training and national operations management efforts, and provide even greater consistency and reliability in service quality and outcomes to our clients.

Verisma has always been dedicated to collaborative partnership, and these new hands-on training centers, in addition to our New York, Virginia and Colorado corporate locations, will help us continue to deliver on that commitment and our promise to putting patients first.

HIPAA Privacy Policy – Adapting and Evolving

HIPAA Privacy Policy – Adapting and Evolving

Jun 4, 2020 | Blog

By Linda Kloss

The Verisma disclosure management community was fortunate to be briefed last week by Timothy Noonan, JD, Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (OCR). OCR administers and enforces the Health Insurance Portability and Accountability Act (HIPAA) and compliance with HIPAA’s Privacy Rule is a central focus for release of information professionals. His webinar update covered three very timely and important topics:

  • Recent privacy-related COVID-19 guidance and bulletins
  • OCR’s Right of Access Initiative, and
  • Developments regarding the Right to Direct health records to a third party.

Mr. Noonan had been scheduled to address Verisma’s 4th Annual Disclosure Management Summit in early May, cancelled due to the COVID-19 pandemic. The Webinar provided an opportunity to cover COVID-related guidance and as Noonan noted, it was a first opportunity this year for OCR to address its Right of Access Initiative.  (The webinar archive is available from Davy Simanivanh at DSimanivanh@verisma.com).

 COVID-19 Guidance

We are grateful to Mr. Noonan and the team at the Office for Civil Rights for its rapid fire response to COVID-19 in issuing seven (7) guidance documents in about the same number of weeks. The guidance helps front line care givers, first responders, public health officials, privacy and compliance officers, and health information professionals by clarifying common Privacy Rule questions such as sharing patient information without authorization with family and friends and public health.  Guidance expands flexibility, where needed, to get essential (read ‘minimally necessary’) information to those who need it to care for people in a time of crisis.

Guidance also addresses challenges relating to rapid expansion of telehealth, the ramp up of community-based testing, and media and film crew access to protected health information in a public health emergency.  Guidance outlines limits to enforcement discretion where good faith efforts by covered entities and business associates to fully comply with the Privacy Rule are a barrier to supporting critical public health and health oversight needs. If you haven’t already done so, visit the HIPAA and COVID-19 Web Page and become familiar with the guidance and its cautions.[1]

Right of Access Initiative

OCR is responsible for teaching covered entities and business associates and educating communities about the Privacy Rule (and other areas of civil rights).  It is also responsible for investigating complaints to determine whether they constitute violations.  Often areas of violation can be resolved by education coupled with a corrective action plan. Generally, the agency encourages corrective action and such encouragement produces change. For areas of egregious violation or failed corrective action, OCR has enforcement authority.

Mr. Noonan reported that OCR recieves over 26,000 complaints each year on some aspect of HIPAA and that complaints regarding Right of Access violations are increasingly common. He emphasized that the Right of Access is the “cornerstone of the Privacy Rule.” Accordingly, in February 2019, OCR announced that Right of Access violations would be a priority for HIPAA enforcement and two enforcement actions were announced in late 2019.  (Verisma addressed these in its December 17, 2019 Webinar: Turning Up the Heat! HHS Initiates Access Enforcement)  Mr. Noonan reminded us that the enforcement actions taken represent demonstrated systemic non-compliance. Effective release of information is characterized by policies and procedures that advance an individual’s Right of Access, including the right of individuals to exercise their privacy preferences and assert their information rights.

Right to Direct Health Records to a Third Party

One of these rights is to direct health records to a third party. Mr. Noonan reviewed elements of the January 2020 lawsuit settlement that vacated previous OCR policy limiting fees for authorized provision of health records to third parties—such as law firms and life insurance companies.  Mr. Noonan reiterated that this policy revision does not affect the individual’s right to access their protected health information.

The Health Insurance Portability and Accountability Act (HIPAA) is a multi-part law enacted by Congress in 1996.  Its privacy provisions went into effect over 17 years ago, at a time when health information was largely stored on paper and population health and patient engagement were not yet central strategies for health improvement.  In 2018, OCR issued a Request for Information (RFI) on areas where the Rule might be improved.In 2018, OCR issued a Request for Information (RFI) on areas where the Rule might be improved.  Now, a Notice of Proposed Rulemaking (NPRM) based on feedback obtained through the RFI is under internal review.  Mr. Noonan encouraged our community to read, reflect, and comment on the NPRM when it is published in the Federal Register, most likely later this year.  While privacy rights are enduring, how they are best protected must evolve to be relevant.

[1] https://www.hhs.gov/hipaa/for-professionals/special-topics/hipaa-covid19/index.html