ONC Update on AI in Healthcare

ONC Update on AI in Healthcare

By Barbara Carr, RHIA
Strategic Advisor

March 21, 2024

In recent years, artificial intelligence’s (AI) use in healthcare has grown into a realm of profound innovation, promising to revolutionize the very landscape of medical practice and patient care. From performing labor intensive repetitive tasks, enhancing diagnostic accuracy, treatment efficacy, and operational efficiency, AI stands as a beacon of hope to address some of the most pressing challenges facing the healthcare industry.


The Office of the National Coordinator for Health Information Technology (ONC) actively promotes the adoption and responsible use of AI in healthcare. During the February Verisma Academy webinar, Elisabeth Myers, Deputy Director, Office of Policy, ONC, presented their current guidance regarding the use of AI in clinical decision support.


Myers also outlined numerous challenges surrounding the use of AI in healthcare such as perpetuating information asymmetries that may lead to healthcare inequalities. AI can also magnify ethical, legal and social concerns during data collection and use, leading to ineffective or even unsafe recommendations.

Guidelines and Initiatives

Given this, the ONC developed guidelines to facilitate the responsible and ethical use of AI in healthcare, including considerations for data privacy, security, and equity. A few of their key initiatives are:

  • Interoperability Standards facilitating the seamless exchange of healthcare data, crucial for AI applications to access and analyze data from various sources
  • Ethical Guidelines ensuring AI is used responsibly — protecting patient privacy and promoting equitable healthcare delivery
  • Data Governance Frameworks addressing data quality, security, and privacy issues


As a result, the ONC issued a final rule regarding Decision Support Intervention (DSI) which revises existing Clinical Decision Support (CDS) criterion, streamlining and simplifying requirements for all Health IT Modules. In addition, it establishes new maintenance of certification requirements to continuously review and update DSI-related information. Myers describes the policy impact of DSI Certification Criterion as follows:

  • Improving transparency
  • Enhancing trustworthiness
  • Fostering an information ecosystem
  • Advancing health equity by design

The final rule preamble describes each characteristic and associated approaches that can be taken to assess and mitigate risks. Myers provided participants with a link to ONC’s website for more information on their AI initiatives and fact sheets regarding DSI’s final rule.

Education and Training

The ONC also has initiatives to educate and train providers and organizations about the potential benefits and challenges of AI in healthcare. In addition, ONC works closely with other federal agencies, such as the Food and Drug Administration, to develop regulatory frameworks for AI-based medical devices and software applications.

AI is growing rapidly and the ONC is staying on top of it by developing standards and rules for the safe and effective use of AI in healthcare. Interested in learning more? Access Verisma Academy’s on-demand course: Exploring HTI-1, TEFCA and AI in Healthcare – Where are we in 2024?

Verisma Compliance Resources

Get the latest updates written and curated by HIM compliance experts and subscribe to our weekly newsletter.
Verisma Achieves HITRUST Risk-based, 2-year Re-certification Demonstrating the Highest Level of Information Protection Assurance

Verisma Achieves HITRUST Risk-based, 2-year Re-certification Demonstrating the Highest Level of Information Protection Assurance

HITRUST Risk-Based, 2-year (r2) Certification validates Verisma® is committed to strong cybersecurity and protecting sensitive data.

Alpharetta, GA, February 9, 2024 – Verisma, a leading provider of health information solutions, today announced its flagship technology, Verisma Release Manager®, has earned its HITRUST Risk-based 2-year (“r2”) re-certification status for information security. This includes the underlying Azure hosting environment as well as supporting features such as Verisma Release Application®, Verisma AnalyticsTM, Verisma SpotlightTM, Verisma InboxTM, Verisma Technology Assisted ReviewTM (TAR), and the ROIS application.

HITRUST Risk-based, 2-year (r2) Certification, first earned by the company in 2021, demonstrates that the organization’s Verisma Release Manager® platform has met demanding regulatory compliance and industry-defined requirements and is appropriately managing risk. This achievement places Verisma in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards, and frameworks and incorporating a risk-based approach, the HITRUST Assurance Program helps organizations address security and data protection challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

“Organizations like ours are continually under pressure to address current and emerging threats and meet complex compliance, information protection, and privacy requirements,” said Marty McKenna, Chief Executive Officer at Verisma. “We are pleased to demonstrate to our customers the highest standards for data protection and information security by achieving the rigorous HITRUST r2 Certification.”

“Without consistency, transparency, and reliability, an information security assessment can’t provide the requisite level of assurances needed to make important business decisions. That’s why we focus on producing the highest quality reports available,” said Vincent Bennekers, Vice President, Quality at HITRUST. “Achievement of a HITRUST r2 Certification is an assurance that Verisma takes compliance and information risk management seriously.”


About Verisma®

Verisma’s leading technology and solutions empower healthcare providers to streamline the exchange of protected health information that facilitates value-based care programs, bridges gaps in care coordination and supports legal proceedings. Verisma’s HITRUST®-certified technology enhances interoperability to deliver cutting-edge release of information (ROI) and care coordination solutions that adhere to the highest standards in data security and patient protection.

What HI Professionals Can Expect in 2024

What HI Professionals Can Expect in 2024

By Elizabeth McElhiney, MHA, CHPS, CPHIMS, CRIS
Director of Compliance and Government Affairs

January 2, 2023

Privacy gets (more) complicated

We’ve said it before – the US is overdue for a national conversation on privacy. 2023 only increased the stakes with the increased adoption of AI, stark state-level differences on social policies, and the prevalence of cybersecurity threats.  Navigating these conflicts – in the absence of a national privacy framework – will be increasingly time-consuming and high-stakes for privacy and compliance professionals.

Patients will be the primary focus

Healthcare consumerism and patient-centered care have been hot topics in 2023 and will remain so in 2024. One area that hasn’t received as much attention is the emphasis on individual patient factors – for example, what constitutes a burden for some patients when requesting records is not for others.  Information blocking exceptions specifically prioritize individual factors in the preventing harm and content/manner exceptions. It will no longer be enough to have a black-and-white procedure manual; instead, organizations may want to consider a “playbook” of factors to be considered.

Expect regulatory activity, especially in early 2024

The last Congress will be one of the least productive in memory – and there weren’t high hopes given the ideological polarization and thin margins in both chambers. Expect to see regulatory agencies attempt to step in through rulemaking.  Early 2024 will likely see the most activity – agencies will want to publish or enact any rules prior to 60 days before a potential change in administrations.

and as always …

Executing on fundamentals is key

This one goes across all areas – we can’t stop emphasizing fundamentals while we handle increasing complexities. It’s the little things that get you in the end. Keep on top of cybersecurity by emphasizing employee cyberhygiene, patient privacy and safety by verifying patients with two identifiers, and patient access by improving request processes and adding new delivery options.

Verisma Compliance Resources

Get the latest updates written and curated by HIM compliance experts and subscribe to our weekly newsletter.
Recap on Recent Regulatory Announcements

Recap on Recent Regulatory Announcements

By Elizabeth McElhiney, MHA, CHPS, CPHIMS, CRIS
Director of Compliance and Government Affairs

October 30, 2023

Compliance Connect: Virtual Roundtable

Join us November 8, 2023 for a special interactive discussion on these regulatory topics. Seats are limited, so register today!
While there were multiple regulatory announcements in the news this week, we’ll recap the President’s Executive Order on AI and ONC’s proposed rule on appropriate provider disincentives.

White House

The White House announced that President Biden was issuing a new Executive Order (EO) on Safe, Secure, and Trustworthy Artificial Intelligence.  The EO contains several overarching themes, which includes New Standards for AI Safety and Security; Protecting Americans’ Privacy; Standing Up for Consumers, Patients, and Students; Promoting Innovation and Competition.

  • Promote national cybersecurity by ensuring that creating an advanced cybersecurity program to leverage AI to find/fix vulnerabilities in critical software.
  • Promote the responsible use of AI in health care; requires the creation of safety program to intake reports of AI harm/unsafe behaviors as well as remedy these complaints.
  • Evaluate how government agencies collect and use commercially available information – including information obtained through data brokers.
  • Seeks to prioritize federal support for promoting the development/deployment of privacy-preserving techniques. Additionally, establish guidelines for federal agency use in testing the efficacy of privacy-preserving techniques.

You can find the fact sheet at this website: EO on Safe, Secure, and Trustworthy Artificial Intelligence fact sheet


The ONC announced this morning that the long awaited NPRM on appropriate provider disincentives for committing information blocking will be published in the Federal Register on Wednesday, November 1st.  The previously announced disincentives were intended for health information exchanges (HIEs), health information networks (HINs), and developers of Certified EHR Technology (CEHRT).

The identified disincentives would pertain to certain health care providers that also are Medicare-enrolled providers or suppliers.  Consequently, these disincentives are related to qualification as a meaningful EHR user under specific programs.

Some notable disincentives include:

  • An eligible hospital or critical access hospital would not be classified as a meaningful EHR user under the MPI program for the associated reporting period. Financial disincentives differ according to the type of hospital.
  • Similarly, a health care provider or group would not be classified as a meaningful EHR user under the MIPS program.
  • Health care providers who are an ACO, participants in an ACO, or a supplier/provider of an ACO would not be eligible to participate for a minimum of 1 year. Ineligibility may result a provider being ineligible to join an ACO or removal from an ACO.

The Comment Period will be open from November 1st, 2023 to January 2nd, 2024. You can make a comment in a number of different ways; the simplest would be to click the “Submit a Formal Comment” button on the Federal Register page for the proposed rule (link below).

Upon finalization of the proposed rule, OIG would begin enforcing the provider disincentives.

ONC NPRM:  21st Century Cures Act: Establishment of Disincentives for Health Care Providers That Have Committed Information Blocking

ONC Press ReleaseHHS Press Release: Appropriate Disincentives for Providers who Engage in Information Blocking


Additional News

October 2023 OCR Cybersecurity Newsletter: How Sanction Policies Can Support HIPAA Compliance (10/19/23)

FTC Amends Safeguards Rule to Require Non-Banking Financial Institutions to Report Data Security Breaches

Upcoming Events

ONC Tech Forum: Aligning USCDI, FHIR US Core, C-CDA and other Heath IT Standards – November 3, 2023

Information Blocking Disincentives Proposed Rule Information Session – November 15, 2023

Verisma Compliance Resources

Get the latest updates written and curated by HIM compliance experts and subscribe to our weekly newsletter.
Top Reasons to Optimize Payer Audit Management

Top Reasons to Optimize Payer Audit Management

By Barbara Carr, RHIA
In today’s ever-evolving healthcare landscape, navigating the challenges posed by increasing payer audits and denials demands a proactive and expertly crafted approach to claims accuracy and compliance. To effectively tackle these challenges, healthcare organizations must adopt an integrated solution that tracks the entire audit process from initial request receipt to denial and appeal resolution. This comprehensive and systematic approach is vital for mitigating the financial risks associated with payer audits and ensuring sustained success.

Herea are some top reasons you should focus on optimizing your payer audit management process:

Enhanced Efficiency and Organization: The integration of all audit-related information and documents into a centralized system streamlines the entire audit process. This eliminates manual tracking, reduces administrative burdens, and safeguards against missing critical deadlines.

Timely Response to Audits: By diligently tracking audits from the moment of request, Release of Information Specialists (ROIS) can promptly respond to audit inquiries, reducing the likelihood of delayed or incomplete responses that may lead to denials. An integrated system also provides valuable data on the status of audits, ensuring that deadlines are met.

Improved Visibility and Transparency: Payer audits involve multiple steps and stakeholders. A comprehensive system offers real-time visibility into the audit status, empowering coding teams, clinical documentation teams, compliance officers, and management to stay informed about audit progress, denials, and appeals.

Identification of Patterns and Trends: With an effective audit management process, organizations can identify patterns and trends in coding audits and denials. Analyzing this data enables a proactive approach to address root causes and prevent future denials, ultimately leading to improved financial outcomes.

Compliance and Regulatory Adherence: Adherence to coding and billing regulations is critical for healthcare organizations. Your audit tracking solution should be built to ensure systematic compliance with these requirements.

Effective Appeals Management: Tracking audits through the denial and appeal process is essential for efficient appeals management. With proper audit management technology, an audit team can identify common reasons for denials and develop targeted strategies to overturn them.

Data-Driven Decision Making: Comprehensive reporting capabilities (beyond spreadsheets) enables an audit team to gather data on audit outcomes, denials, and appeal success rates. Armed with this critical data, financial teams can make informed decisions regarding coding practices, training needs, and resource allocation.

Proactive Risk Mitigation: Vigilant monitoring of audits and denials allows organizations to proactively address potential compliance risks and coding errors. This approach reduces the financial impact of denials and minimizes the risk of audits leading to legal or regulatory issues.

Verisma Claims Audit Manager

Verisma recently announced the launch of Verisma Claims Audit Manager (VCAM) in collaboration with Office Ally. VCAM connects ROI with business office in an end-to-end solution that offers unmatched enterprise reporting capabilities.
A comprehensive approach to payer audit management supported by advanced technology is essential for healthcare organizations to achieve sustained success in an increasingly complex healthcare landscape. By focusing on optimizing this process, organizations can stay ahead of payer audits and denials, safeguard financial stability, and maintain a commitment to delivering high-quality patient care.
Five Ways an FQHC Can Save on Administrative Costs

Five Ways an FQHC Can Save on Administrative Costs

Federally Qualified Health Centers (FQHCs) provide critical care for underserved patients nationwide, but on a limited budget supported mostly by donations and grant funding. By focusing on decreasing administrative costs, FQHCs can make their dollars more impactful to patient care initiatives, improving the lives of millions of people across the United States. The following are five ideas FQHCs can consider to reduce their administrative costs to focus their attention on more impactful care within their communities.


In an ever-changing healthcare industry, all organizations are constantly updating process and operations workflows to meet new requirements. FQHCs can implement regular analysis of all workflows to analyze for operational efficiencies. Reviewing patient activities while in the waiting room, as well as what administrative staff may be able to do prior to the patient visit, can ensure that patients are registered, roomed and seen as quickly as possible.

Because of the demand for FQHC visits and services, FQHCs need to make every minute a patient is in the office count. Part of the analysis may include whether offsite staff or partners can provide a more focused, cost-effective way to remove burden and time-consuming administrative tasks from patient-facing personnel. Streamlining staff, provider and patient interaction can create more impactful visit time and allow providers to see more patients in a day.

FQHCs can also find efficiencies by analyzing workflows and refining their tasks and best practices. By optimizing everyday functions and administrative tasks, FQHCs can find areas of savings and eliminate waste. Good examples of common culprits are paper and ink/toner, which can be greatly minimized with smarter filing and scanning workflows.

Streamlining staff, provider and patient interaction can create more impactful visit time and allow providers to see more patients in a day.

Information Technology is often seen as an investment and expenditure, but it comes with an upside. In many situations, IT updates can improve and thereby cut administrative costs for the future. Some government incentives like Pay-for-Performance programs also exist to help organizations offset the costs of implementing technologies. Using information technology to capture structured quality data about patient care can be reported to government and commercial entities, in some cases leading to increased reimbursement.

Additionally, as the industry moves from paper to electronic records, converting paper charts to electronic documents stored in the Electronic Health Record (EHR) can reduce administrative spending on chart storage, as well as free up space for FQHCs to pay less rent or utilize space in other ways that support the patient care mission. Ultimately, IT improvements can lead to increased efficiency and functionality and decreased administrative spending in the future.


Compliance doesn’t just mean HIPAA. Other regulatory programs require complying with certain objectives in exchange for funding. As the industry changes, meeting grant requirements and alternative payment model metrics is critical for keeping the doors open. By focusing energy into maintaining compliance protocols, FQHCs can avoid losing invaluable revenue sources. Of course, HIPAA is also important! Ensuring the proper protocols are implemented, staff is periodically trained, and quality assurance is in place in accordance with the HIPAA Privacy and Security rules is critical for preventing threats. Good compliance practices also help FQHCs avoid a costly and unexpected HIPAA breach adding to administrative costs and detracting from the mission.


One of the biggest administrative costs to a FQHC is staffing. These costs not only include payroll, benefits and other overhead expenses but also where the staff expends their time while they are on the clock. As FQHCs have a laundry list of items to achieve throughout the day, many staff members find they have too much on their “to do” list and something has to give.

Ultimately, staff members being tasked with too many duties can cause burnout, distractions and procrastination, all of which lead to costly mistakes, extra expenses and, in some instances, tasks not getting done altogether. Organizations like Verisma can help FQHCs reduce administrative costs by providing focused expertise related to specific administrative functions.

Utilizing a Business Associate can reduce the need for certain admin staff functions, in turn alleviating some payroll costs as well as the management tasks inherent in supervising hourly staff. Where workforce is in short supply, one of the greatest benefits of utilizing a partner for functions like document filing and release of records is the ability to focus or repurpose existing FQHC staff. When a partner is handling the administrative tasks, the FQHC staff can focus on patient needs and care. In an era of patient satisfaction and engagement tying to reimbursement, focusing on patients is of the utmost importance to FQHCs maximizing their dollars and serving the community.


Changing goals means fluctuating costs; by deploying and following a clear mission FQHCs can zero in on their wildly important purpose. Because FQHCs rely heavily on funding sources, planning too far into the future can be challenging. The mission of the organization, though, will remain steadfast and is the ultimate litmus test in financial planning for FQHCs. If an administrative expenditure doesn’t directly support the mission, is it worthy of investment? Administrative costs can often seep out unexpectedly, especially when the goal line is constantly moving. Reviewing the budget with the mission statement in mind can help FQHCs analyze their supportive and detractive administrative spend.

Need help implementing some of these strategies for maximizing your staff and minimizing administrative costs and workloads? Get in touch at verisma.com/contact-sales.