The Pandemic’s Lasting Effects on Access and Disclosure of Health Information

The Pandemic’s Lasting Effects on Access and Disclosure of Health Information

Jan 21, 2021 | Blog, Health Information Solutions, Release of Information

By Linda Kloss

Every crisis brings about change, some transient and some permanent. Last week we learned about ways that the COVID-19 pandemic changed day to day release of health information (ROI) and accelerated the transformation of access and disclosure. We are grateful to these terrific HIM leaders who shared their 2020 experiences and forecast for changes yet to come: 

  • Stefanie Brumberg, RHIA, Corporate Director, HIM Services, ChristianaCare, Newark, DE
  • Steve Eddington, MHI, RHIA, Director, HIM , Boston Children’s Hospital, Boston, MA
  • Susan Tabickman, RHIA, HIM Manager of Operations, NewYork-Presbyterian Hospital, New York, NY
  • Lauren Zuckerman, RHIA , Director, HIM, Garnet Health, Middletown, NY

With 2020 barely in the rear view mirror and the pandemic still raging,  the experiences of these four prestigious health systems are remarkably consistent. Here are the major 2020 changes in release of information:

  1. ROI is now predominantly performed by an offsite workforce

Work from home is a familiar part of the HIM scene for transcription and coding, but unless outsourced, ROI was generally performed on site. This changed overnight and importantly, panelists agree that it is unlikely to return to its pre-pandemic state.  Success in this abrupt transition challenged managers to find new ways of supporting their workforce.  Lessons learned underscore that a team does not have to be physically together to properly function well together. Flexibility, effective communications, and composure under pressure have been managerial traits contributing to this success. 

2. ROI is now technology-supported knowledge work

Remote work is only possible if guided by workflow technology that ensures a consistent and compliant process and accountability. The pandemic accelerated recognition that ROI can no longer be decentralized clerical transactions relying on faxes, paper processing, phones and service windows. It must be a largely paperless automated workflow that is uniformly executed.  Panelists agree that the end-to-end workflow is not yet fully optimized, but the basics are in place and optimization will be the work of the next several years. This is important from a service and compliance perspective, but it’s also essential as sources of revenue to support the function are shrinking.

3. Request and release goes digital

Powered by the Verisma Request App™ (VRA), digital requests and e-release has quickly transplanted paper requests, walk-up windows, and faxes. One panelist’s health system had implemented VRA before the outbreak of COVID-19, two others accelerated implementation as part of their rapid response, and the fourth is implementing an expanded version in the near future. All agree that digital requests and e-release is the new normal and that while we are in early stages, the VRA technology is an essential part of access and disclosure management.

4. ROI begins a shift from reactive to proactive

The COVID-19 response has ushered in a new paradigm that positions ROI as an enabler not a barrier to access. Consistent with recent federal policy, the fundamental mission of access and disclosure management is most likely forever changed.  Future goals will be to anticipate patients’ needs for information and make it easier for these needs to be met. There will be plenty of challenges as this new paradigm takes hold. With greater patient access, comes increased requests for amendments and corrections.  Interoperability, expanded access to EHR information via portals and other health information ecosystem changes will shape continued ROI transformations. ROI no longer operates in a vacuum. Teamwork around a vision of patient access and secure disclosure is the new normal. 

Despite the challenges of the past year, panelists agreed that their resourcefulness has been an important contributor to their leadership successes. ROI isn’t what it was a year ago.  COVID-19 accelerated many changes that have already redrawn the landscape. With new building blocks in place, complex information management challenges abound. Still, in the words of one panelist, “it’s a great time to be in HIM, as usual.” 

Standardization and Partnership: The Baptist Health South Florida Story

Standardization and Partnership: The Baptist Health South Florida Story

Dec 9, 2020 | Blog, Compliance & Regulations, Operational Outcomes, Release of Information, Uncategorized

By Linda Kloss, RHIA, FAHIMA

We are all eager to put 2020 in the rear view mirror. Even knowing that 2021 will be very challenging at home and around the globe, we see a path forward through vaccinations and a gradual return to stability. As this year without parallel draws to an end, I think it deserves a different thought process. No recriminations about the things you didn’t accomplish. No resolutions for the New Year please.  Instead, focus on the many important ways you helped others throughout the year. Make a list of the best things you did this year–for your family, friends, and yourself. Make another list of how you helped professional colleagues and the people that you serve. The 2020 pandemic tested our resilience, ingenuity, and, oh yes, patience. This is a time to reflect on all you did and take a pause for a little well deserved self-congratulation!

In last week’s Verisma Webinar “Standardization and Partnership: The Baptist Health South Florida Story,” Rosie Hernandez and Karen Marhefka underscored key lessons about adapting Release of Information for not only the pandemic response, but the new realities of access and disclosure management going forward. Part of the New Fundamentals series, this case study illustrated how Health Systems Solutions (HSS), a partnership of  Baptist Health South Florida and Guidehouse, strengthened the patient experience, achieved greater efficiency and  improved compliance by partnering with Verisma. Baptist understood that these goals depended on automating the release of information workflow and selected the Verisma Release Manager™ (VRM) for use by HSS staff.  In addition to end-to- end workflow automation, Hernandez and Markefka described the importance of a uniform or standard process across the Baptist system, inpatient and outpatient. As Hernandez explained, “standardizing is doing it the same way every time and doing it right.”  

The Verisma Request App™ (VRA) was in place across most of the Baptist Health South Florida’s 7 hospitals, 54 ambulatory and associated centers just before COVID preparations began in earnest. Staff went to work from home using the very same work flow platform. HSS accelerated implementation of VRA to provide access without in-person processing or paper requests. Serving an international population made this even more compelling, offering VRA in English, Spanish, and Creole. VRA also made it easier to fulfil requests with e-records. So not only is VRA contributing to the goals of patient experience and compliance, it is bringing about new efficiencies including reduced supply costs. Reflecting from her position as CIO for health systems, Marhefka reminded us that success with this kind of change requires effective advocacy in communicating the need and securing support and collaboration. 

In a year of intense change and in the Miami area, a persistent COVID hot spot, HSS’s release of information services have delivered some pretty amazing results. Turnaround time for processing requests is 3-5 days and in just 3 months, the volume of VRA requests exceeded 600 a month. The release of information team transitioned from a siloed workflow to an end to end process that required upskilling. While some staff were initially reluctant to change, good training, support, and encouragement—and the sudden shock of work from home—paid off with a realized shift from clerical tasks to higher-value knowledge work. VRM and VRA and other technology management and analytical tools, enables HSS to be fully accountable to Baptist for the quality of the work and for evidence of full compliance. Importantly, Hernandez described the team’s overall readiness to adapt more quickly, a New Fundamental for sure.  

Congratulations to the team at HSS. Their foresight proved invaluable to their successes in 2020 and positioning for the future. 

It’s been a year of loss. But it has also been a year of finding. Congratulations for the great work you did and know that it has prepared you for the challenges of 2021 and beyond. 

 

 

Reflections on AHIMA20

Reflections on AHIMA20

Oct 23, 2020 | Blog, Health Information Solutions, Release of Information, Uncategorized

By Linda Kloss

The first AHIMA convention I attended was held in Colorado Springs in 1970, 50 years ago! Over the decades, I missed very few meetings. For 15 of those years, I was responsible for the meeting as AHIMA’s CEO. There were always challenges, like the month following 9/11, but nothing like a pandemic! Bottom line, my congratulations to the AHIMA team and all the speakers and exhibitors who pulled off AHIMA20. The technology platform worked well for live webcast education. The platform was less robust for exhibitors and social events, but for education delivery, I thought it worked very well. The speakers were live and it was easy to see and hear them and to read slides. And the room wasn’t freezing!

Most importantly, AHIMA20 programming was content rich. By this I mean that the education content was important and timely, forward looking, and thought provoking. Live webcast speakers were well prepared, and delivered their presentations professionally. The pandemic was a backdrop acknowledged in all the sessions I attended, but the focus was on the implications of this experience for health information management going forward. Speakers addressed the weaknesses laid bare by our pandemic response, but they focused on how it can help shape a more agile future. 

Reflecting on education content, I have five takeaways:

  1. A renewed focus on privacy a focus on evolving privacy policy preceded the pandemic, but COVID has made many questions more urgent. Speakers described data protection approaches and shortcoming of our fragmented, sector specific HIPAA approach. We learned about Europe’s General Data Protection Rule (GDPR)and similar approaches being legislated in US states and other countries around the world. Kaveh Safavi, Senior Managing Director Global Health, Accenture summed it up, “GDPR is the direction of travel.” But don’t expect new federal rules in the US soon because there are too many other burning issues that need to be front and center for some time to come.  In the meantime, states will gain important experience setting new data protection boundaries.
  2. The breadth and depth of digital health from a global focus on telehealth to an interesting discussion on electronic case reporting for public health, AHIMA20 examined emerging technologies and applications. Speakers addressed digital contract tracing, artificial intelligence for medical record indexing and in aid of surgical documentation, secure document exchange and skin applied patient identification technology. We learned about enterprise release of information systems and the consumer-facing Verisma Request App.
  3. More sophisticated data managementSpeakers discussed integration of clinical and administrative data, two primary streams of health data that have too long been delinked. We learned about important initiatives to step up patient matching standards and reduce matching errors.  Predictive and augmented analytics and their application to clinical, public health, and management use cases were described. While healthcare continue to lag other industries in analytics, access to data is improving and the next years should bring important breakthroughs.
  4. Health data is human information – A common thread through presentations was the importance of returning to a fundamental understanding that health information is about a person, about their health and well-being, and about their preferences. In the words of AHIMA CEO Wylecia Wiggs-Harris, ‘’When we focus on our higher purpose, we help drive the value of health data and ensure that health information, with all its complexity and nuances, stays human and relevant.”
  5. Innovative leadership – Speakers addressed leadership of the virtual workplace, managing culture in challenging times and process improvement for CDI, revenue cycle, coding and as noted earlier, to enterprise, technology-based release of information. We learned about evidence based operations management and about the challenge of leading change. In the words of Karen Marhefka, Principal, Impact Advisors “You can either be a catcher or a pitcher. A catcher waits for another to throw out a challenge; a pitcher, initiates change.” It is the pitchers who drive change. 

Like all things virtual these days, we trade off connection for convenience, social experience for safety. Attendee chats revealed that there were many first time or new participants who noted they would not have been able to attend this year — or other years — if it involved the cost and employer approvals needed to travel. Long time meeting goers like me miss the casual meet ups and conversations with friends associated with a grand once a year gathering. But I took away a new appreciation of the virtual meeting for providing broader access and a solid learning environment. My prediction: we will not go back to a totally in-person model; there will be a creative blending of approaches for professional education so the opportunity can be more broadly shared. I look forward to seeing what AHIMA creates for AHIMA21. 

One final observation. I was very proud of Verisma and the many AHIMA members who made possible the company’s $5,000 donation to the AHIMA Foundation. This donation reflects individual and state association pledges to protect the truth and accuracy of health information. Add your name to this pledge embracing the values of HIM at: https://verisma.com/pledge-to-protect-truth-and-accuracy/

 

The 21st Century Cures Act and Its Impact on Disclosure Management

The 21st Century Cures Act and Its Impact on Disclosure Management

Oct 6, 2020 | Blog, Compliance & Regulations, Health Information Solutions, Information Sharing, Release of Information

By Linda Kloss

The 21st Century Cures Act was passed by Congress in December 2016 and long awaited final regulations were released earlier this summer.  The Cures Act is a complex multi-part law that will be administered through a number of Federal agencies.  The Verisma sponsored webinar on August 26 focused on the Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule that was developed and will be administered by the Office of the National Coordinator for Health IT(ONC).   A special thanks to the ONC team of Elisabeth Myers, Deputy Director, Office of Policy and Michael Lipinski, Division Director, Regulatory & Policy Affairs, Office of Policy for providing a great overview of the Rule and taking audience questions. 

The Rules

We learned that the ONC Rule is really two Rules in one:  regulations designed to advance interoperability and prevent information blocking, key goals of the Cures Act that apply to providers, developers of certified health IT and health information networks and exchanges, and; regulations regarding revised and new criteria for health IT certification.  While our webinar audience primarily represents the provider community, we understand that it is helpful to understand the scope because health systems do operate information networks and exchanges and provider organizations, of course, set specifications for vendors such as their certified EHR vendors. 

From the 30,000 foot perspective, Cures Act represents a third important milestone in advancing a digital health ecosystem with its enormous potential to improve health and health care. The 1996 HIPAA law and associated regulations put in place essential preconditions for digital health – privacy, security, and standards for administrative simplification.  The 2009 HITECH Act accelerated health IT adoption through EHR incentives, certification of health IT, and the development of approaches for health information exchange.  The 2016 Cures is intended to unlock the fullest potential of digital health data to accelerate research into preventing and curing serious illnesses. 

The ONC Final Rule advances interoperability using levers of government, such as its standards setting and enforcement roles, to remove barriers. It underscores the importance of patient access to information, a principle that is foundational to all three of the health information laws.  We also learned that ONC worked closely to align with the Centers for Medicare and Medicaid Services (CMS) Cures Act Rule, the Interoperability and Patient Access final rule.  This is important because aligned concepts, definitions, and standards will bridge clinical and administrative data interoperability, too long siloed. 

The Implications for Disclosure Management

For Release of Information (ROI) professionals and service providers, the Cures Act has four clear implications:

  • We are already seeing an increase in requests from patients for access to their health information.  These Rules will drive further interest by patients and continue this trend.  It is important that ROI modernize patient access through the use of request apps to both support requests and releases.
  • While not directly addressed by the Cures Rules, ROI is today the prominent mechanism for disclosure of a single patient’s data.  The Rules accelerate the urgency of adopting contemporary practices such as standardizing ROI across the enterprise and using smart end-to-end workflow technology that improves turn around and accuracy, while ensuring compliance and accountability.
  • Move away from paper, fax and other outdated ways of handling requests and releases.  If walk up windows and mail in request have slowed due to COVID-19 responses, redesign processes to use technology to improve the efficiency of request and release processes.   
  • Make efficient and accurate patient access a central goal for the ROI team.  Shift from processing paper to helping people get access to their information.  Then, help educate patients about how they can take steps to keep the health records in their possession safe and secure.  

For HIM work generally, the interoperability-focused Final Rules from ONC and CMS include important concepts that will be part of our work in the years ahead. 

  • First, aligning administrative and clinical data standards begins to overcome the artificial separation of patient data for insurance and finance from that used in clinical care.  HIM bridges these worlds and can play an important role in helping to unify them. 
  • As custodians of the health record, HIM maintains EHI and ePHI definitions for designated record sets.  HIM should engage stakeholders in data governance for interoperability including USCDI and defining admission, discharge or transfer (ADT) and other patient event notifications addressed in the CMS Final Rule. Where needed, data capabilities, such as provenance, should be expanded.
  • Working with stakeholders, HIM should step up data quality control for interoperability.
  • The Rules do not change HIPAA privacy and security foundations, but they include a big step forward requiring privacy and security attestation for certified health IT.  Join us for a discussion of the importance of ‘designing in’ privacy and security in a September 23 Webinar.   

The Resources

Elisabeth and Michael described ONC’s commitment to providing education resources for stakeholders.  The ONC Final Rule can be found at www.healthit.gov/curesrule along with fact sheets and previously recorded webinars. 

The CMS Rule and resources can be found at https://www.cms.gov/Regulations-and-Guidance/Guidance/Interoperability/index.  Information on the CMS ADT Notice Provisions can be found at https://chimecentral.org/wp-content/uploads/2020/03/CMS-Interoperability-and-Patient-Access-Final-Rule-summary.final_.pdf

Verisma’s webinar slides and recording are available upon request from DSimanivanh@verisma.com.. 

Enabling Patient Access in a Pandemic

Enabling Patient Access in a Pandemic

Jul 23, 2020 | Blog, Compliance & Regulations, Health Information Solutions, Operational Outcomes, Release of Information

By Linda Kloss

The tragic surge in coronavirus cases and deaths continues through the long hot summer. Healthcare systems are fully focused on caring for pandemic victims and the health of our communities. We witness heroism every day in lives saved, new treatments, and compassionate attention to peoples’ needs. And we are proud to have health care as our life’s work. While we may not directly treat a person’s illness, we know that managing their health information is an essential element of managing illness and promoting health, including public health.

We are in a time of profound personal and professional uncertainty. Decisions require continually adjusting assessments of risks about how to protect ourselves and our families and in making sound business decisions.  There have been furloughs and layoffs due to shifting patient care services and workloads. Work from home is the new normal for many more in HIM. Workflows and procedures have been redesigned to adapt to physical distancing. Long days and nights of work and uncertainty.

Against this background it is great to learn about an innovation that offers demonstrated benefit now and will also be an important bridge to a new era. That innovation is the Verisma Request App (VRA). Reggie Abadsantos, RHIT, HIM Operations Supervisor, NCH Healthcare System, Naples Florida was guest speaker at the July 15 webinar “App-Based Release of Information Comes of Age.”[i] NCH implemented VRA in 2018 to improve patient satisfaction with a convenient and secure web-based  method to  obtain their health records.

With VRA and a centralized ROI workflow firmly in place, Reggie described how NCH quickly adapted to physical distancing and work from home without missing a beat in patient access. When walk in services were abruptly suspended in March, patients were redirected to the web App.  Patients could use their smart phone, tablet, laptop, or desktop to request their medical records; and like any App, it is available 24/7. VRA enables the request, authorization, and authentication process, creating a complete record that feeds the release of information management software and triggers the release. NCH consistently averages a 24 to 48 hour turnaround in fulfilling patient requests!  This performance level was not disrupted as NCH responded to COVID-19 and the volume of requests via VRA increased sharply.

Serving an elderly population, Reggie reports that having reduced paper and fax processing, team members are freed up to help patients who may need telephone assistance in walking through the use of the App. For people who wish to pick  up a physical copy of their health record or imaging, NCH offers a curb-side delivery service.  These unique ways to serve patients are consistent with NCH’s 2018 service goals for VRA.

We spotlighted NewYork-Presbyterian Hospital’s journey with VRA last October before New York City was the epicenter of the pandemic.[ii] We revisited NYP’s experiences in April in the midst of the surge. Like NCH, NYP was able to send staff home, close walk in service, yet continue to enable timely patient access.[iii] In fact, in the past 2 months, 20+ health systems comprising over 1500 sites of care, are now live with VRA to mitigate the impact of closed request services and work from home.    Further, the rate releasing e-records rather than paper, has significantly increased. VRA fulfills the requirements of HIM for completeness, security, compliance and cost-effectiveness. And when integrated with a comprehensive ROI workflow platform, it creates a seamless record of the request and its fulfillment.

Times of great challenge bring innovation.  Apps are no longer disruptive technology, but their application to Release of Information is! VRA’s value was well demonstrated as a popular adjunct request route prior to the pandemic. The pandemic has shown that VRA is the right technology for the time and for the future.  Health systems report that they will rethink walk up services, paper requests, faxing, and release of paper documents when physical distancing is no longer needed. They have learned we can do a better job in enabling patient access while strengthening business goals such as patient satisfaction, compliance, and cost effectiveness. Release of Information will never be the same…it will be vastly improved.

[i] www.Verisma.com:  July 15, 2020 webinar “App based Release of Information Comes of Age”

[ii] www.Verisma.com:  October 30, 2019 webinar “There’s an App for That! Connecting People with their Health Information”

[iii] www.Verisma.com:  April 29, 2020 webinar “COVID-19 Response:  Emerging Best Practices for Health Information Disclosure Management- Part 2”

HIPAA Privacy Policy – Adapting and Evolving

HIPAA Privacy Policy – Adapting and Evolving

Jun 4, 2020 | Blog, Compliance & Regulations, Information Sharing, Release of Information

By Linda Kloss

The Verisma disclosure management community was fortunate to be briefed last week by Timothy Noonan, JD, Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (OCR). OCR administers and enforces the Health Insurance Portability and Accountability Act (HIPAA) and compliance with HIPAA’s Privacy Rule is a central focus for release of information professionals. His webinar update covered three very timely and important topics:

  • Recent privacy-related COVID-19 guidance and bulletins
  • OCR’s Right of Access Initiative, and
  • Developments regarding the Right to Direct health records to a third party.

Mr. Noonan had been scheduled to address Verisma’s 4th Annual Disclosure Management Summit in early May, cancelled due to the COVID-19 pandemic. The Webinar provided an opportunity to cover COVID-related guidance and as Noonan noted, it was a first opportunity this year for OCR to address its Right of Access Initiative.  (The webinar archive is available from Davy Simanivanh at DSimanivanh@verisma.com).

 COVID-19 Guidance

We are grateful to Mr. Noonan and the team at the Office for Civil Rights for its rapid fire response to COVID-19 in issuing seven (7) guidance documents in about the same number of weeks. The guidance helps front line care givers, first responders, public health officials, privacy and compliance officers, and health information professionals by clarifying common Privacy Rule questions such as sharing patient information without authorization with family and friends and public health.  Guidance expands flexibility, where needed, to get essential (read ‘minimally necessary’) information to those who need it to care for people in a time of crisis.

Guidance also addresses challenges relating to rapid expansion of telehealth, the ramp up of community-based testing, and media and film crew access to protected health information in a public health emergency.  Guidance outlines limits to enforcement discretion where good faith efforts by covered entities and business associates to fully comply with the Privacy Rule are a barrier to supporting critical public health and health oversight needs. If you haven’t already done so, visit the HIPAA and COVID-19 Web Page and become familiar with the guidance and its cautions.[1]

Right of Access Initiative

OCR is responsible for teaching covered entities and business associates and educating communities about the Privacy Rule (and other areas of civil rights).  It is also responsible for investigating complaints to determine whether they constitute violations.  Often areas of violation can be resolved by education coupled with a corrective action plan. Generally, the agency encourages corrective action and such encouragement produces change. For areas of egregious violation or failed corrective action, OCR has enforcement authority.

Mr. Noonan reported that OCR recieves over 26,000 complaints each year on some aspect of HIPAA and that complaints regarding Right of Access violations are increasingly common. He emphasized that the Right of Access is the “cornerstone of the Privacy Rule.” Accordingly, in February 2019, OCR announced that Right of Access violations would be a priority for HIPAA enforcement and two enforcement actions were announced in late 2019.  (Verisma addressed these in its December 17, 2019 Webinar: Turning Up the Heat! HHS Initiates Access Enforcement)  Mr. Noonan reminded us that the enforcement actions taken represent demonstrated systemic non-compliance. Effective release of information is characterized by policies and procedures that advance an individual’s Right of Access, including the right of individuals to exercise their privacy preferences and assert their information rights.

Right to Direct Health Records to a Third Party

One of these rights is to direct health records to a third party. Mr. Noonan reviewed elements of the January 2020 lawsuit settlement that vacated previous OCR policy limiting fees for authorized provision of health records to third parties—such as law firms and life insurance companies.  Mr. Noonan reiterated that this policy revision does not affect the individual’s right to access their protected health information.

The Health Insurance Portability and Accountability Act (HIPAA) is a multi-part law enacted by Congress in 1996.  Its privacy provisions went into effect over 17 years ago, at a time when health information was largely stored on paper and population health and patient engagement were not yet central strategies for health improvement.  In 2018, OCR issued a Request for Information (RFI) on areas where the Rule might be improved.In 2018, OCR issued a Request for Information (RFI) on areas where the Rule might be improved.  Now, a Notice of Proposed Rulemaking (NPRM) based on feedback obtained through the RFI is under internal review.  Mr. Noonan encouraged our community to read, reflect, and comment on the NPRM when it is published in the Federal Register, most likely later this year.  While privacy rights are enduring, how they are best protected must evolve to be relevant.

[1] https://www.hhs.gov/hipaa/for-professionals/special-topics/hipaa-covid19/index.html