Dec 9, 2020 | Blog, Compliance & Regulations, Operational Outcomes, Release of Information, Uncategorized
By Linda Kloss, RHIA, FAHIMA
We are all eager to put 2020 in the rear view mirror. Even knowing that 2021 will be very challenging at home and around the globe, we see a path forward through vaccinations and a gradual return to stability. As this year without parallel draws to an end, I think it deserves a different thought process. No recriminations about the things you didn’t accomplish. No resolutions for the New Year please. Instead, focus on the many important ways you helped others throughout the year. Make a list of the best things you did this year–for your family, friends, and yourself. Make another list of how you helped professional colleagues and the people that you serve. The 2020 pandemic tested our resilience, ingenuity, and, oh yes, patience. This is a time to reflect on all you did and take a pause for a little well deserved self-congratulation!
In last week’s Verisma Webinar “Standardization and Partnership: The Baptist Health South Florida Story,” Rosie Hernandez and Karen Marhefka underscored key lessons about adapting Release of Information for not only the pandemic response, but the new realities of access and disclosure management going forward. Part of the New Fundamentals series, this case study illustrated how Health Systems Solutions (HSS), a partnership of Baptist Health South Florida and Guidehouse, strengthened the patient experience, achieved greater efficiency and improved compliance by partnering with Verisma. Baptist understood that these goals depended on automating the release of information workflow and selected the Verisma Release Manager™ (VRM) for use by HSS staff. In addition to end-to- end workflow automation, Hernandez and Markefka described the importance of a uniform or standard process across the Baptist system, inpatient and outpatient. As Hernandez explained, “standardizing is doing it the same way every time and doing it right.”
The Verisma Request App™ (VRA) was in place across most of the Baptist Health South Florida’s 7 hospitals, 54 ambulatory and associated centers just before COVID preparations began in earnest. Staff went to work from home using the very same work flow platform. HSS accelerated implementation of VRA to provide access without in-person processing or paper requests. Serving an international population made this even more compelling, offering VRA in English, Spanish, and Creole. VRA also made it easier to fulfil requests with e-records. So not only is VRA contributing to the goals of patient experience and compliance, it is bringing about new efficiencies including reduced supply costs. Reflecting from her position as CIO for health systems, Marhefka reminded us that success with this kind of change requires effective advocacy in communicating the need and securing support and collaboration.
In a year of intense change and in the Miami area, a persistent COVID hot spot, HSS’s release of information services have delivered some pretty amazing results. Turnaround time for processing requests is 3-5 days and in just 3 months, the volume of VRA requests exceeded 600 a month. The release of information team transitioned from a siloed workflow to an end to end process that required upskilling. While some staff were initially reluctant to change, good training, support, and encouragement—and the sudden shock of work from home—paid off with a realized shift from clerical tasks to higher-value knowledge work. VRM and VRA and other technology management and analytical tools, enables HSS to be fully accountable to Baptist for the quality of the work and for evidence of full compliance. Importantly, Hernandez described the team’s overall readiness to adapt more quickly, a New Fundamental for sure.
Congratulations to the team at HSS. Their foresight proved invaluable to their successes in 2020 and positioning for the future.
It’s been a year of loss. But it has also been a year of finding. Congratulations for the great work you did and know that it has prepared you for the challenges of 2021 and beyond.
Oct 23, 2020 | Blog, Health Information Solutions, Release of Information, Uncategorized
By Linda Kloss
The first AHIMA convention I attended was held in Colorado Springs in 1970, 50 years ago! Over the decades, I missed very few meetings. For 15 of those years, I was responsible for the meeting as AHIMA’s CEO. There were always challenges, like the month following 9/11, but nothing like a pandemic! Bottom line, my congratulations to the AHIMA team and all the speakers and exhibitors who pulled off AHIMA20. The technology platform worked well for live webcast education. The platform was less robust for exhibitors and social events, but for education delivery, I thought it worked very well. The speakers were live and it was easy to see and hear them and to read slides. And the room wasn’t freezing!
Most importantly, AHIMA20 programming was content rich. By this I mean that the education content was important and timely, forward looking, and thought provoking. Live webcast speakers were well prepared, and delivered their presentations professionally. The pandemic was a backdrop acknowledged in all the sessions I attended, but the focus was on the implications of this experience for health information management going forward. Speakers addressed the weaknesses laid bare by our pandemic response, but they focused on how it can help shape a more agile future.
Reflecting on education content, I have five takeaways:
- A renewed focus on privacy – a focus on evolving privacy policy preceded the pandemic, but COVID has made many questions more urgent. Speakers described data protection approaches and shortcoming of our fragmented, sector specific HIPAA approach. We learned about Europe’s General Data Protection Rule (GDPR)and similar approaches being legislated in US states and other countries around the world. Kaveh Safavi, Senior Managing Director Global Health, Accenture summed it up, “GDPR is the direction of travel.” But don’t expect new federal rules in the US soon because there are too many other burning issues that need to be front and center for some time to come. In the meantime, states will gain important experience setting new data protection boundaries.
- The breadth and depth of digital health – from a global focus on telehealth to an interesting discussion on electronic case reporting for public health, AHIMA20 examined emerging technologies and applications. Speakers addressed digital contract tracing, artificial intelligence for medical record indexing and in aid of surgical documentation, secure document exchange and skin applied patient identification technology. We learned about enterprise release of information systems and the consumer-facing Verisma Request App.
- More sophisticated data management – Speakers discussed integration of clinical and administrative data, two primary streams of health data that have too long been delinked. We learned about important initiatives to step up patient matching standards and reduce matching errors. Predictive and augmented analytics and their application to clinical, public health, and management use cases were described. While healthcare continue to lag other industries in analytics, access to data is improving and the next years should bring important breakthroughs.
- Health data is human information – A common thread through presentations was the importance of returning to a fundamental understanding that health information is about a person, about their health and well-being, and about their preferences. In the words of AHIMA CEO Wylecia Wiggs-Harris, ‘’When we focus on our higher purpose, we help drive the value of health data and ensure that health information, with all its complexity and nuances, stays human and relevant.”
- Innovative leadership – Speakers addressed leadership of the virtual workplace, managing culture in challenging times and process improvement for CDI, revenue cycle, coding and as noted earlier, to enterprise, technology-based release of information. We learned about evidence based operations management and about the challenge of leading change. In the words of Karen Marhefka, Principal, Impact Advisors “You can either be a catcher or a pitcher. A catcher waits for another to throw out a challenge; a pitcher, initiates change.” It is the pitchers who drive change.
Like all things virtual these days, we trade off connection for convenience, social experience for safety. Attendee chats revealed that there were many first time or new participants who noted they would not have been able to attend this year — or other years — if it involved the cost and employer approvals needed to travel. Long time meeting goers like me miss the casual meet ups and conversations with friends associated with a grand once a year gathering. But I took away a new appreciation of the virtual meeting for providing broader access and a solid learning environment. My prediction: we will not go back to a totally in-person model; there will be a creative blending of approaches for professional education so the opportunity can be more broadly shared. I look forward to seeing what AHIMA creates for AHIMA21.
One final observation. I was very proud of Verisma and the many AHIMA members who made possible the company’s $5,000 donation to the AHIMA Foundation. This donation reflects individual and state association pledges to protect the truth and accuracy of health information. Add your name to this pledge embracing the values of HIM at: https://verisma.com/pledge-to-protect-truth-and-accuracy/
Oct 11, 2020 | Compliance & Regulations, News, Verisma Company Updates
Verisma Adds to its Industry-Leading Online Suite of Self-Service Consumer Solutions
Extends convenience to attorneys
WASHINGTON, D.C., – October 14, 2020 – Verisma Systems, Inc., an industry leader in disclosure management technology and services to the US provider market, has announced the expansion of their ground-breaking Verisma Request App™ (VRA) technology. Verisma will now offer the same self-service capabilities, along with an expanded online request management portal, to 3rd party attorney organizations. Verisma’s expanded VRA platform and request management portal will provide attorneys with a remote, self-managed approach to electronic record ordering, tracking, payment, and delivery. This change will enhance efficiency and compliance, result in a more satisfied requestor experience, and eliminate the stress on providers of a paper-driven manual request process.
Benefits of VRA Attorney include:
- Up to a 50% reduction in total request turn-around-times with elimination of a paper driven request mail process, a manual paper request intake and logging process, and a manual delivery of paper record copies.
- Up to a 30% reduction in labor, supplies and postage costs with less need of a manual paper request intake, manual paper record copy distribution, and manual call support process.
- Strengthened compliance through advanced e-request/e-delivery capabilities significantly reducing common manual paper request entry and paper record copy delivery errors.
- Improved requestor satisfaction with ability to self-manage the entire request experience online while receiving record copies faster than ever before.
About Verisma
From our technology to our people and our partnerships, we believe our purpose is to protect truth and accuracy. Learn more about our disclosure management system at verisma.com.
Media Contact:
Davy Simanivanh
Phone (571) 205-6722
dsimanivanh@verisma.com
Oct 6, 2020 | Uncategorized
By Linda Kloss
Release of Information (ROI) functions as a gatekeeper for access and disclosure of confidential health information. ROI advances patient rights, enforces organizational policy, and complies with federal and state law. The gatekeeper role is more complex today because:
- Health delivery and information systems are more complex
- Request volumes are greater from patients and a range of requestors
- Regulatory ground rules were largely designed for a paper-based health system, and
- Privacy and security are being deliberately and inadvertently put at risk.
The first three factors above contribute to privacy and security risks. In our recent webinar, Mike Salsbury, JD Verisma’s Counsel and Privacy Officer and Jim Staley, CISPP, Verisma’s Chief Information Security Officer and Chief Compliance Officer discussed trends giving rise to privacy and security risk and important ways to harden systems to reduce risks.[1]
By design concepts
Their overarching premise is that the best way to mitigate risk is to avoid It in the first place. Contemporary by design approaches means that privacy and security are engineered in to technology, workflows and process, rather than being added after the fact.[2] Examples of Foundational principles include:
- Proactive not reactive; preventive not remedial
- Privacy and security are embedded into design
- Privacy as the default
- End-to-end security
It is not likely that there can be perfect design to avoid all risk, but Salsbury and Staley urged a by design anticipatory mindset. They emphasized the importance of up to date privacy and security risk assessments.
Privacy by design
Against the background of the industry’s response to COVID-19, Mike Salsbury reviewed the ways in which ROI has been impacted in 2020 and the implications for safeguarding privacy. He described characteristics of recent enforcement actions relating to non-compliance with Federal patient access regulations.
In addition to having an up to date privacy risk Assessment, Salsbury urges covered entities to:
- Ensure Business Associate Agreements (BAAs) are up to date
- Review staff onboarding/departure procedures
- Ensure up to date personnel training
- Carefully track ROI request intake to make certain required timeframes are met
- Review protocols and security for electronic transfer of PHI
- Review procedures for handling unauthorized disclosures (UADs)
Security by design
Jim Staley noted attempted cyber intrusions during the first half of 2020 exceeded the total for all of 2019. Healthcare organizations and their technology companies are a frequent target for intrusion attacks and health information is a high value cybertheft target.
Staley emphasized the importance of working with vendors who can demonstrate adherence to stringent security protocols and have earned security certifications. He urged attention to fundamental practices of encryption for sensitive data at rest and in motion. He urged use of multi-factor authentication in applications we use in our work and as part of our personal digital practices. Staley urged updated security risk assessment and referenced the new tool from OCR and ONC.[3]
ROI by design
ROI is a set of processes or workflows, guided by regulations, and explicit polices. It is comprised of the following four subprocesses in which risks can be identified and mitigated through smart technology, workflow design, training, and accountability:
- Request – request routes, authorizations, identity verification
- Retrieve – data sources, minimum necessary, quality checks
- Release – media-specific safe practices, compliant business operations
- Retain – accounting for disclosures, audits, process improvement
Verisma’s ROI technologies guide and prompt requestors and ROI staff to do the right things — and they create a record of that work. This is what by design is all about. It is also about taking steps to standardize ROI across the health care enterprise. ROI may be done in house, outsourced, or a combination, smart technology, workflow design, training, and accountability are keys to by design ROI.
We are in the third decade of the 21st century with privacy eroding and security under attack. It’s time to step up proactive vigilance so ROI remains an effective gatekeeper for access and disclosure of confidential health information.
Endnotes
[1] An archive of the webinar Privacy and Security by Design: A New Imperative is available upon request from DSimanivanh@verisma.com
[2] Cavoukian, Ann. Privacy by Design: The 7 Foundational Principles, Information & Privacy Commissioner, Ontario, Canada. January 2011.
[3] US Department of Health and Human Services, Security Risk Assessment Tool, v 3.2, User Guide. https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool
Oct 6, 2020 | Blog, Compliance & Regulations, Health Information Solutions, Information Sharing, Release of Information
By Linda Kloss
The 21st Century Cures Act was passed by Congress in December 2016 and long awaited final regulations were released earlier this summer. The Cures Act is a complex multi-part law that will be administered through a number of Federal agencies. The Verisma sponsored webinar on August 26 focused on the Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule that was developed and will be administered by the Office of the National Coordinator for Health IT(ONC). A special thanks to the ONC team of Elisabeth Myers, Deputy Director, Office of Policy and Michael Lipinski, Division Director, Regulatory & Policy Affairs, Office of Policy for providing a great overview of the Rule and taking audience questions.
The Rules
We learned that the ONC Rule is really two Rules in one: regulations designed to advance interoperability and prevent information blocking, key goals of the Cures Act that apply to providers, developers of certified health IT and health information networks and exchanges, and; regulations regarding revised and new criteria for health IT certification. While our webinar audience primarily represents the provider community, we understand that it is helpful to understand the scope because health systems do operate information networks and exchanges and provider organizations, of course, set specifications for vendors such as their certified EHR vendors.
From the 30,000 foot perspective, Cures Act represents a third important milestone in advancing a digital health ecosystem with its enormous potential to improve health and health care. The 1996 HIPAA law and associated regulations put in place essential preconditions for digital health – privacy, security, and standards for administrative simplification. The 2009 HITECH Act accelerated health IT adoption through EHR incentives, certification of health IT, and the development of approaches for health information exchange. The 2016 Cures is intended to unlock the fullest potential of digital health data to accelerate research into preventing and curing serious illnesses.
The ONC Final Rule advances interoperability using levers of government, such as its standards setting and enforcement roles, to remove barriers. It underscores the importance of patient access to information, a principle that is foundational to all three of the health information laws. We also learned that ONC worked closely to align with the Centers for Medicare and Medicaid Services (CMS) Cures Act Rule, the Interoperability and Patient Access final rule. This is important because aligned concepts, definitions, and standards will bridge clinical and administrative data interoperability, too long siloed.
The Implications for Disclosure Management
For Release of Information (ROI) professionals and service providers, the Cures Act has four clear implications:
- We are already seeing an increase in requests from patients for access to their health information. These Rules will drive further interest by patients and continue this trend. It is important that ROI modernize patient access through the use of request apps to both support requests and releases.
- While not directly addressed by the Cures Rules, ROI is today the prominent mechanism for disclosure of a single patient’s data. The Rules accelerate the urgency of adopting contemporary practices such as standardizing ROI across the enterprise and using smart end-to-end workflow technology that improves turn around and accuracy, while ensuring compliance and accountability.
- Move away from paper, fax and other outdated ways of handling requests and releases. If walk up windows and mail in request have slowed due to COVID-19 responses, redesign processes to use technology to improve the efficiency of request and release processes.
- Make efficient and accurate patient access a central goal for the ROI team. Shift from processing paper to helping people get access to their information. Then, help educate patients about how they can take steps to keep the health records in their possession safe and secure.
For HIM work generally, the interoperability-focused Final Rules from ONC and CMS include important concepts that will be part of our work in the years ahead.
- First, aligning administrative and clinical data standards begins to overcome the artificial separation of patient data for insurance and finance from that used in clinical care. HIM bridges these worlds and can play an important role in helping to unify them.
- As custodians of the health record, HIM maintains EHI and ePHI definitions for designated record sets. HIM should engage stakeholders in data governance for interoperability including USCDI and defining admission, discharge or transfer (ADT) and other patient event notifications addressed in the CMS Final Rule. Where needed, data capabilities, such as provenance, should be expanded.
- Working with stakeholders, HIM should step up data quality control for interoperability.
- The Rules do not change HIPAA privacy and security foundations, but they include a big step forward requiring privacy and security attestation for certified health IT. Join us for a discussion of the importance of ‘designing in’ privacy and security in a September 23 Webinar.
The Resources
Elisabeth and Michael described ONC’s commitment to providing education resources for stakeholders. The ONC Final Rule can be found at www.healthit.gov/curesrule along with fact sheets and previously recorded webinars.
The CMS Rule and resources can be found at https://www.cms.gov/Regulations-and-Guidance/Guidance/Interoperability/index. Information on the CMS ADT Notice Provisions can be found at https://chimecentral.org/wp-content/uploads/2020/03/CMS-Interoperability-and-Patient-Access-Final-Rule-summary.final_.pdf
Verisma’s webinar slides and recording are available upon request from DSimanivanh@verisma.com..
