How Leveraging an HIM Partner Helps Decrease Staff Stress

How Leveraging an HIM Partner Helps Decrease Staff Stress

“Everything Everywhere All at Once” isn’t just the title of an award-winning movie that many viewers found quite confusing. It’s how a lot of health information management (HIM) employees feel about their jobs. There aren’t enough hours in the day, and one person can’t do everything at once.

Many providers are exploring HIM support from outside partners to take all or some of the weight off their shoulders. The right Release of Information (ROI) and HIM partner can be a reliable and cost-effective solution for ensuring your quality standards are met without burdening you or your internal staff.

Following our acquisition of ScanSTAT Technologies, Verisma now offers a full suite of outsourced HIM solutions in addition to our industry-leading ROI service:

Prior Authorizations

Inbound Document Management

Chart Abstraction

EHR Conversion

Forms Completion

Document Scanning


Contact us to learn more!

Imagine a world where your team’s health information management responsibilities are supported by industry-leading experts at Verisma. What would that look like?

1. You would spend less time recruiting, hiring, training, retaining and scheduling employees.

Finding and hiring new talent has never been more challenging. HIM partners ensure you have the resources required to meet the demands on your organization. Your employees take time off for vacations, illnesses, and leaves of absence, but Verisma is always ready. We have the people and resources to meet your needs every day.

2. You could finally address your backlog.

When you partner with Verisma, you can breathe. Because Verisma:

  • Allows your in-house staff to focus on patient care
  • Keeps your medical records department current on requests
  • Assumes responsibility for HIPAA compliance
  • Fills the gaps in your department while you still maintain your own processes and standards


A dedicated team of experts can improve turnaround time and thus reduce staff stress while improving patient satisfaction.

3. You would reduce risk and achieve or maintain compliance.

As stewards of data integrity, health information managers understand that Protected Health Information (PHI) responsibilities—from compliance, workflows, training, and coding to document completion—are top priorities. But, realistically, each one of these PHI responsibilities is a full-time job. Recent regulatory changes related to release of information (ROI) are a potentially expensive pitfall as there are steep fines for violations. Verisma has in-house experts dedicated solely to staying on top of compliance and legislative activities. Working with an outsourced team of knowledgeable HIM experts can help you feel confident that your organization meets the new requirements for releasing electronic information. Furthermore, your organization will be compliant with laws regulating strict timeframes under which requests and information must be handled to avoid stiff fines.

4. You would have happier, more focused employees who are more likely to stay with your team.

Additional HIM functions, such as prior authorizations and faxing and scan filing, often fall on staff members with multiple other responsibilities. This necessity to multitask drains staff and contributes to lower job satisfaction.

By working with Verisma, you’ll know dedicated experts are:

  • Completing forms and requests efficiently and accurately
  • Improving your physicians’ satisfaction by eliminating the additional work and stress of tracking down accurate patient information
  • Helping ensure your processes are compliant with current regulations
  • Available to help train internal staff on new technology or processes

Get back to being in one place and thinking about one thing at a time. Reach out to us today to get started.

How to Use a Gap Analysis to Build Your ROI Roadmap

How to Use a Gap Analysis to Build Your ROI Roadmap

One of the best tools for ensuring organization-wide ROI compliance is a gap analysis. A gap analysis looks at the entire disclosure management process to give you a sense of where you are today versus where you need to be to achieve and maintain compliance. In addition to compliance, the benefits of a gap analysis include a full accounting of disclosures, improved productivity, reduced paper processing, increased electronic release, improved turn-around time, and improved requestor satisfaction. This is an especially relevant topic given Information Blocking and the upcoming proposed changes to HIPAA, which are presumed to go into effect this spring.

To begin a gap analysis, you must first assess your current state. We can break this down into six steps.

  1. Determine where the ROI flows into departments, practices, clinics, hospitals, etc.
  2. Layout a flowchart of all “on ramps.”
  3. Document the handling of all requests to include how many people touch a request. For example, does HIM forward a copy to radiology, the business office, sleep center, etc.?
  4. Analyze access to systems. Include all steps required to obtain access and what effort is needed to capture all pertinent information.
  5. Review current delivery method options (print, package, mail, email, fax, etc.)
  6. Determine current turn-around time. Start with the actual received date and remember that the TAT clock doesn’t stop and restart every time a request is forwarded to another department or location.

Once you’ve assessed your current state, it’s time to develop an action plan.

Working with a vendor partner who can automate this process will make this step much easier. Your action plan should involve a committee of location leaders or decision makers. You can use the “on ramp” flowchart from the previous step to make decisions on centralizing intake. Then provide access to all source systems to HIM or one centralized group. To reduce the number of patients wanting to review in-person, expand your delivery method options through automated technology like Verisma Request App®. Finally, establish a one-touch process to accomplish an accurate TAT.

The most difficult part of this process is building a unified ROI plan. Change projects are always challenging, especially within complex health systems, but your gap analysis will help as you move forward. Follow these five steps to build and implement your plan.


  1. Recognize the need for change. Get internal support and lay out your business case with benefits. HIM leadership should usually handle this step.
  2. Craft a vision. Your vendor partner can help you strategize for success.
  3. Implement change.
  4. Embed changes in your culture and practices. Make sure old ways aren’t creeping back in.
  5. Review your progress and analyze the results.

If you’d like to learn more about how Verisma can help you conduct a gap analysis and build an ROI roadmap, contact us.

Learn more about the gap analysis process and earn an AHIMA CEU through Verisma Academy. 
Verisma Academy
Advancing Information Sharing: Understanding EHI

Advancing Information Sharing: Understanding EHI

This blog summarizes the content from Verisma’s ROI Roundtable Webinar. The full recording and slidse are available.

The information blocking definition of electronic health information (EHI) includes the entire scope of electronic protected health information (ePHI) that is or would be in a Designated Record Set (DRS). Prior to October 6, 2022, the definition of information blocking was focused only on the subset of EHI that is represented by elements in the United States Core Data for Interoperability (USCDI) v1. As of October 6, 2022, all EHI falls within the scope of the information blocking definition. 

What is and what is not EHI for purposes of information blocking regulations?  In Verisma’s Nov 2022 ROI Roundtable Webinar we heard from two experts with the ONC – Rachel Nelson JD, Branch Chief, Compliance and Administration Branch, and Dan Healy, Policy Coordinator, Compliance and Administration Branch on what EHI is and how its definition relates to but differs from the definition of ePHI under the HIPAA Rules. The speakers provided important facts related to current information blocking policy and what healthcare organizations and providers should bear in mind specific to information blocking regulations as they review and update their technical capabilities and workflows in context of their DRS (Designated Record Set) to ensure they are sharing EHI consistent with all applicable laws. Some highlights from their presentation follow.

What is EHI as defined by the information blocking regulation?  According to ONC, EHI is as follows:

  • “Electronic Health Information (EHI) means electronic protected health information (ePHI) to the extent that the ePHI would be included in a designated record set as these terms are defined for HIPAA.”

The scope of EHI is relayed was shared in the following ONC graphic that can be found at

The expansion is “only” PHI that is in an electronic format. Noted in the webinar is that EHI is “electronic health information (ePHI) to the extent that it would be included in a designated record set.” Further explained during the webinar was that EHI “is individually identifiable health information, that is maintained in electronic media or transmitted by electronic media.” If the ePHI is included in any of the following records and not in the exclusions such as psychotherapy notes, then it would be considered EHI:

  • Medical records and billing records of a provider about an individual
  • Enrollment, payment, claim adjudication, and case or medical management record systems maintained by or for a health plan.
  • Records used in whole or in part to make decisions about individuals

What is not EHI was explained as well. For example, such things like psychotherapy notes, information complied in anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, employment records health information, and de-identified protected health information. EHI is not limited by when the information was generated.

Organizations should be looking at what they now include in their designated record set policy and revise if necessary, to ensure the that their policy includes the full scope of EHI that is now in effect as of the October 6, 2022 expansion of the EHI definition beyond the current USCDI v.1 definition.  Working with your Release of Information vendor is important as well, so they are aware of exactly what ePHI is defined in your designated record set and how to access all the ePHI for disclosure purposes. Many resources such as an EHI Fact Sheet, recorded Webinars, and an Infographic are available on

Dan and Rachel also spent time going over the Information Blocking definition and explaining how that relates directly to the exchange of ePHI. More details and explanation of the Information Blocking Regulation was shared with the attendees. Points that have caused some questions from health care providers and others in the health IT field were clarified. Information Blocking applies to “actors.” Actors are:

  • Health Care Providers
  • Health It Developers of Certified Health IT
  • Health Information Networks (HINs)
  • Health Information Exchanges (HIEs)

Exceptions to the Information Blocking Rule, which have caused a lot of questions from “actors,” in particular the “Content and Manner Exception” where it is not considered information blocking if the actor does not have all the requested EHI in their possession, cannot be shared using the technology requested, or where it must be “withheld due to laws or is permissible to be withheld, such as under the Preventing Har or Privacy exceptions.” One example would be if it would be impossible for an actor to segment out psychotherapy notes from the EHI. Another would be the cost to comply would be prohibitive. Other examples were given as well as resource information available on ONC’s Cures Act Final Rule website.  For more in-depth information on Information Blocking, resources can be found at where there are fact sheets, Webinars, and FAQs. 

Health Information Management leaders should be reviewing all the policies and procedures related to release of ePHI, especially their designated record set policy to ensure they are following the updated requirements that went into effect on October 6, 2022 and working closely to ensure their ROI vendor is up to date on all the requirements to ensure there are no risks of information blocking.






Webinar: Advancing Information Sharing – Understanding EHI

Webinar: Advancing Information Sharing – Understanding EHI

Date and Time

November 30, 2022
2:00-3:00 PM ET


Dan Healy

Dan Healy
Policy Coordinator

Rachel Nelson

Rachel Nelson, JD
Branch Chief

Barbara Carr

Barbara Carr, RHIA
Strategic Advisor


Information Protection; Access, Disclosure, Privacy and Security

Presentation Content

The information blocking definition of electronic health information (EHI) includes the entire scope of electronic protected health information (ePHI) that is or would be in a Designated Record Set (DRS). Prior to October 6, 2022, the definition of information blocking was focused only on the subset of EHI that is represented by elements in the United States Core Data for Interoperability (USCDI) v1. As of October 6, 2022, all EHI falls within the scope of the information blocking definition.

What is and what is not EHI for purposes of information blocking regulations? In this presentation you will hear from experts with the ONC (Office of the National Coordinator for Health IT) on what EHI is and how its definition relates to but differs from the definition of ePHI under the HIPAA Rules. Learn about current information blocking policy and what healthcare organizations and providers should bear in mind specific to information blocking regulations as they review and update their technical capabilities and workflows in context of their DRS to ensure they are sharing EHI consistent with all applicable laws.

Learning Outcomes

  1. Understand how EHI is an important part of the information blocking definition.
  2. Learn how to identify what is and what is not EHI.
  3. Learn more about how information blocking policy recognizes the importance of maintaining cybersecurity of your health IT and of respecting patients’ privacy rights and preferences.

Reference List

HHS Office of the National Coordinator for Health Information Technology.

Understanding Electronic Health Information (EHI)

Information Blocking Exceptions

Information Blocking FAQs

Enterprise ROI Improves Customer Satisfaction

Exploring Driver #5 of the “5 Things You Must Know Now About Release of Health Information

By: Linda Kloss, MA, RHIA, FAHIMA

People are becoming better informed about their rights and the value of information to inform health and healthcare decisions.   Increase in personal health spending is one reason consumers are becoming better informed.  So is the growing understanding that it’s wise to be knowledgeable and involved in one’s health and healthcare decisions.  Release of Information (ROI) teams see this trend firsthand with the growing number of requests for records from patients.

ROI is on the front line in helping patients become smart health information consumers. Patient requests will continue to increase and they will expect a reasonable customer service experience in requesting and obtaining records.  Those responsible for ROI should be monitoring changing requirements, exploring best practices and planning for innovation in a future-focused way.

Earlier blogs examined the value of standardizing ROI across the health care enterprise to improve quality and compliance.  Enterprise ROI also improves customer satisfaction and contributes to an organization’s patient engagement objectives.   Regardless of whether the patient initiates a request at the physician’s office or hospital, the request process should be the same and the patient should be able to secure the requested information without going from site to site.  Verisma clients are realizing quantifiable improvement in customer satisfaction, improved compliance, accuracy, and cost management by deploying ROI technology and consistent policy and process across the enterprise.   If full standardization is not possible for your organization, use ROI technology to unify the process as fully as possible and plan to further centralize over time.

The next wave of innovation will be self-service functionality enabling patients and other authorized requestors to request medical records via web at their convenience.  There will be no need to stand in line or to fill out a paper form.  Done well, self-service request apps use state of the art security, identity verification, and preserve a record of transactions.  As with enterprise ROI, Verisma clients are now introducing self-service into ROI thereby helping patients gain access to health information while also stepping up security and accountability.

Patients may want ease of access to their information, but they don’t want to trade off their privacy rights to gain it.  Recent research found that 49% of US online adults are concerned about the privacy of their healthcare information when using on line tools.[1]  On line request apps must meet HIPAA requirements and maintain a high bar for identity management and the accommodation of patients’ disclosure preferences. If implemented properly, request apps can help educate patients in the exercise of their rights process.  ROI teams can do a great deal to help educate patients about their rights, and a valuable source of educational materials is with HHS.[2] Proactive education about privacy rights and your organization’s practices benefits all.

HIM managers should evaluate the request process from the patients’ perspective.

  1. What data are available on volume of requests at various provider settings across the network?
  2. How similar or dissimilar is the patient experience at various settings?
  3. How does staff in various settings respond to a set of “test” questions that patients might pose that require working knowledge of HIPAA privacy regulations?
  4. How can customer facing processes be improved through greater standardization, through technology, education and request apps?

This is our final post in the “5 Things You Must Know Now About Release of Health Information” series.  Should you have any comments or questions please e-mail us at


[1] Khatibloo, F., Forester Research in testimony before the NCVHS, September 13, 2017, (

[2] Department of Health and Human Services, Office for Civil Rights (

It’s All About the Patient – Or Is It? Understanding Your Other Customers’ Needs and Ways to Deliver Superstar Service

The mantra of healthcare is “focus on the patient” and those of us in healthcare and healthcare IT live in a patient-centric world. However, for hospitals and healthcare organizations, the patient isn’t our only customer. In fact, there are many others who fall into that category and require a high level of customer service. This is extremely evident in the departments that interact with those authorized to request and receive copies of patient records.

We have to remember it’s NOT ONLY about the patient…there’s more to consider.

In the Release of Information (ROI) world, our customers are other healthcare providers, attorneys, payers, schools, and law enforcement, just to name a few. It’s the Health Information Management (HIM) department’s responsibility to make sure that ROI requests are met and completed with a high level of satisfaction. Given the variable types of documentation needed, requirements about the level of patient data that can be legally shared, and the sheer number of requests, it’s a challenging and time-consuming process.

So how do we ensure efficient and error-free customer service?

The key is technology-driven ROI workflows. In an age of technology-driven healthcare, so many healthcare providers still rely on manual ROI workflows where requests are touched multiple times during processing and request tracking is done in a log book or on a spreadsheet. This is a recipe for poor customer service based on an inability to quickly and accurately provide information about request status, generate invoices and distribute the requested patient information.

Patients want access to their doctors and hospital staff because the human touch is a cornerstone of patient care. But requestors simply need the information they seek. Think of it like this: Rarely do we call airlines unless there is an issue, we simply book tickets and check flight status online. The same goes for requestors. Technology provides an efficient way to request and retrieve information. And, efficiency goes a long way towards maintaining customer satisfaction.

ROI automation provides benefits to both the healthcare organization and the requestors:

  • Requestors can retrieve information they need independently.
  • Requestor satisfaction rises because self-sufficiency is built into the ROI process, where it has never been before.
  • HIM departments can respond quickly and automatically to requestors.
  • Hospitals can quickly distribute information, track data and reduce errors.
  • Healthcare organizations can ensure they are complying with strict federal, state and organization regulations.

ROI is one of a handful of touch points your customers have with your healthcare organizations. Let’s strive to make this experience the best it can be. With the right guide in place, the entire universe is within easy reach!