Black Book Names Verisma #1 in Release of Information Third Year in a Row

Black Book Names Verisma #1 in Release of Information Third Year in a Row

WASHINGTON, D.C., November 16, 2022 – For the third year in a row, Black BookTM Market Research ranked Verisma as the #1 vendor in Release of Information. After surveying users of ROI technology and services across the country, Verisma scored highest in 11 of the 18 data points measured. These include:

  • Strategic alignment of client goals including VBC HIE ONC
  • Innovation & optimization
  • Training
  • Client relationships and cultural fit
  • Trust, accountability, transparency, ethics
  • Deployment and implementation
  • Integration and interfaces
  • Reliability, consistency
  • Marginal value adds and modules
  • Support and customer care
  • Best of breed technology and process improvement

Black Book’s unique research methodology focuses on front-end users of technology and services vs. executives who are more likely to have made the selection and purchase decisions of the vendors.

“As the Black Book information shows, our relationship with clients is our top priority,” said Verisma co-founder Andy McManus. “We have no way of telling who takes surveys like these, but our consistently high rank in a variety of measures three years in a row shows these are universal sentiments across our client base. It’s an honor to see this acknowledgement in the strength of our relationships and the solutions we provide.”

Full rankings for Release of Information Services & PHI Disclosure Management Solutions can be viewed at Black Book™ Announces Top Client-Rated Coding, Transcription, Clinical Documentation Improvement and Clinical Information Management Software and Services Vendors 2022 (

About Verisma

With Verisma® services and technology, health information managers elevate their organization’s method of securely disclosing confidential information to patients, attorneys, and other third parties. Built on the principles of truth and accuracy, Verisma is a trusted partner in complying with changing regulations while reducing errors, turnaround time, and cost. Verisma HITRUST® certified technology integrates with existing EHRs and portals for advanced automation and transparency uniquely designed for release of information (ROI), self-serve request tracking, and audits. Flexible service models including full-service, technology-only, or a hybrid seamlessly blend Verisma’s end-to-end solution with the needs of existing staff. Our partnership is truly a promise to put patient protection first.

Media Contact:
Delinda Tinkey

Webinar: Advancing Information Sharing – Understanding EHI

Webinar: Advancing Information Sharing – Understanding EHI

Date and Time

November 30, 2022
2:00-3:00 PM ET


Dan Healy

Dan Healy
Policy Coordinator

Rachel Nelson

Rachel Nelson, JD
Branch Chief

Barbara Carr

Barbara Carr, RHIA
Strategic Advisor


Information Protection; Access, Disclosure, Privacy and Security

Presentation Content

The information blocking definition of electronic health information (EHI) includes the entire scope of electronic protected health information (ePHI) that is or would be in a Designated Record Set (DRS). Prior to October 6, 2022, the definition of information blocking was focused only on the subset of EHI that is represented by elements in the United States Core Data for Interoperability (USCDI) v1. As of October 6, 2022, all EHI falls within the scope of the information blocking definition.

What is and what is not EHI for purposes of information blocking regulations? In this presentation you will hear from experts with the ONC (Office of the National Coordinator for Health IT) on what EHI is and how its definition relates to but differs from the definition of ePHI under the HIPAA Rules. Learn about current information blocking policy and what healthcare organizations and providers should bear in mind specific to information blocking regulations as they review and update their technical capabilities and workflows in context of their DRS to ensure they are sharing EHI consistent with all applicable laws.

Learning Outcomes

  1. Understand how EHI is an important part of the information blocking definition.
  2. Learn how to identify what is and what is not EHI.
  3. Learn more about how information blocking policy recognizes the importance of maintaining cybersecurity of your health IT and of respecting patients’ privacy rights and preferences.

Reference List

HHS Office of the National Coordinator for Health Information Technology.

Understanding Electronic Health Information (EHI)

Information Blocking Exceptions

Information Blocking FAQs

Using Technology to Achieve Centralized ROI

Using Technology to Achieve Centralized ROI

By Barbara Carr, RHIA

I have spoken often about how urgent it is to centralize your release of information (ROI) processes. COVID, hybrid workforces, Information Blocking requirements, as well as the upcoming anticipated HIPAA changes with a reduced turnaround time to 15 days, have put more pressure on healthcare organizations to move to a streamlined unified process to manage requests for healthcare information that are flowing into their organizations and landing in various locations.

Having disparate processes and various policies sets your organization up for compliance risks in addition to redundant and costly processing. Are all incoming requests making it to your ROI team in a timely way or are they sitting on fax machines, or desks waiting days to be entered into the system? We need to ask ourselves; can we truly account for all disclosures of protected health information taking place across our entire organizations?

Without a centralized intake process, the answer is probably no.

Once you make the commitment to centralize your ROI process, you will need the right technology to make it work. Some questions you may have include:

  • How will various requests get into a centralized system?
  • How will you be able to ascertain and prioritize the types of requests that are coming in across your system?
  • How will you know where the requests are coming from and what, if any, backlogs may be creeping in?
  • How will you be able to manage the input of requests?
  • How can you report on the success of centralized process?

All these questions can be answered by utilizing the right technology and partnering with the right ROI vendor. Of course, you will need sound policies and procedures, but without the technology, it just doesn’t work.

The Verisma Release Manager® (VRM®) platform with its powerful Verisma Inbox™ technology can help your organization centralize and streamline the request intake process and aid in reducing redundancy, improving productivity and turnaround time, and providing metrics and visibility into your ROI operations. Here’s how:

  • Utilizes smart barcode technology that automates the entire request intake by healthcare facility, giving you 100% visibility.
  • Centralizes and automatically categorizes all requests based on rules you specify. This helps effectively prioritize the time sensitive requests so they can be worked on first.
  • Requests can be received from multiple sources with duplicate requests flagged to reduce multiple releases of the same record to the same requestor.
  • Everything visible on one page enables faster processing of each request. The actual request/authorization images, its current status, who in production the request is assigned to, and any important instructions/notes regarding the request is all visible on one page.
  • Built in retrieval protocols available to the ROI workflow specialist so they know where to go across your disparate record sources for each record type being requested supported by built-in policies and procedures specific to your organization. No need to search elsewhere for this information.
  • Comprehensive analytics that produce metrics on volume, productivity, turn-around-times, workflow compliance, and financials by multiple data levels including by facility, employee, request types, delivery methods, etc., make managing a centralized process a more efficient and manageable process than ever before.

Examples of how the right technology can be an invaluable asset in the management, compliance, and overall efficiency of an enterprise-wide disclosure management process include a large, complex, multi-hospital health system who discovered, and quickly resolved, a significant request back-log challenge that was due to their previous decentralized ROI approach. Within weeks of implementing the Verisma Inbox tool, this organization is now realizing the benefits of one centralized solution to processing ROI requests. They now have immediate visibility into their volume and turnaround time metrics across all sites, greatly reducing the risk of future backlogs.

Utilizing advanced technology along with well thought out policies, procedures, and staff training, can make managing a centralized approach to ROI across your enterprise a highly achievable objective.

Software Supply Chain Risk – Effective Third Party, “Nth” Party Management

Software Supply Chain Risk – Effective Third Party, “Nth” Party Management

Information Protection; Access, Disclosure, Privacy and Security (for CEU certificate)

Barbara Carr
, , RHIA, Verisma Advisor, Former AVP of Health Information Management at Einstein Healthcare Network
Jim Staley, CISSP, Verisma’s Chief Information Security Officer

Presentation Content:
As healthcare providers continue to improve their own security, attackers are more frequently targeting third parties, vendors, and suppliers who provide services to healthcare companies. To make matters worse, they are also attacking not only your vendors, but also your vendor’s vendors! The idea that “you’re only as strong as the weakest link in the chain” has never been more true.

In this presentation you will hear from Verisma’s Chief Information Security Officer as he will share his risk management expertise and provide real world examples of third (and even fourth or fifth!) party attacks as well as software “supply chain” attacks. He’ll review what the “standards of care” are for third party management, decipher some of the ling around third party certifications, and provide some concrete “do’s and don’ts” for managing third-party risk.

Learning Outcomes:

  1. Understand why managing third party risk is more important than ever before.
  2. Understand the differences between third party attacks, “nth” party attacks, and “supply chain” attacks.
  3. Learn what different security frameworks and vendor certifications mean and what level of assurance they provide.
  4. Learn what’s important, what’s not important, and what things can even be counter-productive, when creating or participating in a third-party risk management process.
HIPAA Update from the Office of Civil Rights

HIPAA Update from the Office of Civil Rights

Wednesday, June 22, 2:00 – 3:00 PM EDT

Information Protection; Access, Disclosure, Privacy and Security

Timothy Noonan
Deputy Director for Health Information Privacy
Office of Civil Rights

Presentation Content:

Hear directly from the Deputy Director for Health Information Privacy at OCR on the latest news and trends related to HIPAA.  A lot has been happening over the last year with the announcement of the NPRM regarding HIPAA changes.  Comments have been received and are currently under review by OCR.

Hear about other updates on OCR rulemaking and guidance that directly impacts your HIM release of information operations.  Learn about the recent trends in breach reporting to OCR and what you can do to make sure your organization stays clear of being reported to OCR.   Mr. Noonan will also inform the attendees of recent HIPAA settlements and civil monetary penalties.

Attending this very informative webinar will help you learn where things are and where they are going under HIPAA and how to keep your organization compliant. 

Learning Outcomes:

  1. Understand about OCR rulemaking and learn how this directly impacts you in HIM.
  2. Learn the latest trends in breach reporting and how to avoid a breach in your organization.
  3. Understand what the latest HIPAA settlements are and how they could have been avoided.