“Too Much Too Soon?” Or “An Idea Whose Time Has Come?” Information Blocking Regulations and Proposed HIPAA Access Changes

“Too Much Too Soon?” Or “An Idea Whose Time Has Come?” Information Blocking Regulations and Proposed HIPAA Access Changes

The year 2021 has been punctuated by a flurry of regulatory activity around individuals’ ability to access their own health information.  With access a hot button issue, the information blocking final rule went into effect April 5, compelling health care providers, health technology developers, and health information exchanges and networks to make specific information available to individuals without intentional and unnecessary delay, thus prohibiting interference with access and exchange. Additionally, May 6 marked the end of the public comment period for proposed modifications to the HIPAA Privacy Rule, which include extensive changes that would enhance individuals’ right of access to their PHI, such as the ability to inspect PHI at no cost by taking photos, videos, or notes of their information. Where, a mere five years ago, my attempt to take photos of my father’s nursing home record (to which I was legally permitted access) brought gasps of alarm from staff, the possibility that this practical use of technology might become a legal right brings palpable relief.

But are there negative ramifications to these new regulations and proposed changes? Having helplessly watched family members struggle to access their health records at a time when providers could ignore their requests without consequences, I believe the continual strengthening of the right to access is, in many ways, long overdue. But is there also a point where this right can go too far? I raise this question not because of the burden on healthcare providers (although that could be a separate conversation) but, rather, because of the emotional burden it places on patients and their families. Have we reached a point where access becomes “too much too soon?” As a fierce advocate of patients being able to access their own health information, I find this to be a painful question and – yet – one that needs to be addressed.

Several years ago, a friend of mine was diagnosed with an aggressive form of cancer. Following surgery, chemotherapy and radiation, she underwent a routine scan several months later. The healthcare provider – per meaningful use – posted the radiologist’s interpretation of her scan in the patient portal where she could view it. My friend was able to access that information, and what she read alarmed her. Unable to reach her physician and knowing that she would not be able to obtain clarification of the interpretation for several days, she and her family agonized until she was reassured at her follow-up visit that everything was normal.

The volume and velocity of information, and the ability to push it out to patients in an effort to promote access, is not unlike a gushing fire hose. In other words, we should ask ourselves whether there is a point where there is too much of a good thing, particularly when balanced against patients’ health literacy and the limited bandwidth of providers to provide their patients with prompt explanations. After all, while technological capabilities have increased, the number of hours in a day have not. Too, there is concern about erroneous or incomplete health information being pushed out to patients, resulting in panic, confusion, or – at its worst – substantial emotional or physical harm.

Access to health information is critical to patient empowerment, and empowerment is a crucial paradigm shift in the patient experience. Technology is enabling this shift.  Further, health policy and –with it — laws that foster patient engagement are propelling access to health information forward. At the same time, we need to ensure that technological, policy, and legal advances are keeping pace with human need. We must take care not to be so focused on the patient that in the process we lose sight of that same patient, with detrimental effects.

Laurie A. Rinehart-Thompson, JD, RHIA, CHP, FAHIMA is Professor and Program Director, Health Information Management and Systems at The Ohio State University. Rinehart-Thompson is author of Introduction to Health Information Privacy and Security, 2nd Edition, AHIMA Press. 

TAKE QUIZ

It’s Block and Tackle:  Are Consumers and Providers Ready for the Heavy Lifting?

It’s Block and Tackle: Are Consumers and Providers Ready for the Heavy Lifting?

It seems not too long ago I was living a completely normal “mom life.” Normal routines, happy family, and happy life. Eight years ago, seems like yesterday. Our world changed with one routine doctor’s visit and with one diagnostic test. I can remember that day very clearly. I can remember every detail. My 11-year-old adopted daughter was diagnosed of Cystic Fibrosis. How could this diagnosis be found so many years after birth? Believe it or not, it is not that uncommon. Since that day, we live a very different kind of normal.  Our lives and routines have changed dramatically. My now 19-year-old daughter is acutely aware of her diagnosis and plays a very active role in her care and the maintenance and review of her electronic health information. She often tells everyone “Personal health information is saving Grace.” She generates and shares quite a bit of data collected by medical equipment, wearables, and other devices. My daughter’s chronic diagnosis requires her to be seen by multiple providers in-state and often across state lines. She is intimately involved in the collection, review, and sharing of her personal and electronic health information.

Our quest for interoperability is ongoing and while many believe interoperability exists, that is not always true or at least not true in every circumstance. It is often a challenge to receive access to every element of electronic health information required for care. APIs exist but are often underutilized placing the burden on the consumer. We have access to electronic health information, but it is often not comprehensive or interoperable. Electronic health information should not be leveraged to hold consumers hostage to a particular provider, service, or location. Recommended lean data sharing solutions are not appropriate for every consumer. In addition, provider utilization of legacy systems can interfere or prevent exchange of electronic health information. These systems may have checked the boxes for meaningful use but lack the capability to provide meaningful exchange of information. The challenges faced by providers and consumers are perplexing. Many times, we continue to rely on paper records to be transferred from provider to provider. Believe it or not, we still maintain scanned and indexed copies of health records to support care and in many cases the provider will request that we share. Technology is invisibly integrated into our daily lives. I am amazed that in 2021 I can electronically unlock the doors of my home and car, track items in my refrigerator, bank, shop, and be seen by a physician digitally but still struggle with electronic access to complete health information.

Information Blocking Final Rule removed intentional obstacles to patient access to electronic health information. The long-awaited rule handed patients greater control over information sharing and use of electronic health data. But will it really live up to consumer expectations? In conversations with providers, I have often been told that “our vendor will accommodate our data sharing needs.”  What does that mean? Will your vendor meet the consumer’s need for electronic health information? Will meeting the providers need, improve the quality of care for patients? I believe it can, but the journey will not be an easy lift. The burden cannot be placed solely on the vendor. It is a heavy lift that will require an ongoing commitment to an interoperable system that supports health information exchange and embraces education. Providers and consumers alike will play an important role in leading change.

For the 21st Century Cures Act to reach its potential as a catalyst for better healthcare and outcomes, advocating for and adoption of a systemic free-flow of electronic health information with a consumer-centric focus will be required. It should be a partnership between provider and consumer. Health Information Management (HIM) professionals can play a key role in accessing organization readiness and ongoing compliance. The HIM professional’s vast knowledge of HIPAA, electronic data access and exchange, as well as privacy and security standards position HIM professionals to be leaders in developing organization policies and educational programs that will benefit providers and consumers. Deliberate attention must be given to the eight exceptions outlined in the Cures Act related to information blocking. Aiding providers and consumers in understanding these exceptions are essential in achieving a successful partnership. Knowledge is key to access innovation and in mitigating future challenges.

Angela Kennedy, EdD, MBA, RHIA is CEO, Commission on Accreditation for Health Informatics and Information Management Education and former Professor and Chair, Health Informatics and Information Management Program, Louisiana Tech University.  She is a Past President of AHIMA and in recent years has become a Consumer Advocate.

TAKE QUIZ

Unifying ROI Across Your Health System:  Your Leadership Priority

Unifying ROI Across Your Health System: Your Leadership Priority

By Linda Kloss

I first wrote about the value of uniform ROI practices throughout a health system in the fall of 2016. At the time, I cited risk mitigation and cost control as key drivers. I described the experiences of health systems who had achieved centralized release processing and argued that when centralization is not possible, at minimum, release should be guided by uniform policies and procedures.

Fast forward five years. The imperative has come into even sharper focus today. First, fines and compliance plans are being regularly levied by the Office for Civil Rights for failure to comply with patient access regulations. In the past 18 months, 18 enforcement actions have been announced. What’s amazing is that in each of these cases, covered entities were notified of the complaint and received technical assistance. They were given a chance to self-correct, but still failed to come into compliance. Reasonable risk management was clearly lacking as was quality control and accountability.

Cost control remains a key driver and this too has become more urgent. Many health systems have decided that they will absorb the cost of patient requests, which comprise 15-20% of all requests. Further, per page reimbursement which helped subsidize ROI operations for decades is eroding with limits on what can be charged for electronic release. The business model for ROI has changed irrevocably. Like any other form of transaction processing, ROI must be fully automated with an emphasis on doing it right the first time. This just isn’t possible when release is handled differently across the health system.

Today there is a third driver and that is the consumer. People have a greater interest and need to access their health information. Health systems now see patient access as a customer service requirement.  Fortunately, technology supports this focus. Patients have responded positively to use of the Verisma Request App™ (VRA). It enables them to submit requests via Web and receive e-records—all with state of the art security. VRA also feeds the ROI system to eliminate data entry, reduce costs, and improve productivity. It is a key tool in the unification toolkit.

The May 19th Verisma Webinar “Unifying ROI Across the Enterprise: Large Health Systems Leading the Way” opened my eyes to how the value of unifying ROI across the enterprise can be further expanded. Lisa Perez, RHIA, Assistant Vice President Health Information Management, NYC Heath + Hospitals (the nation’s largest public health system) and Lloyd Torres, MHA, Senior Director, Health Systems Projects, ColumbiaDoctors (the faculty practice organization for Columbia University Irving Medical Center and NewYork-Presbyterian Hospital) described how their very complex health systems achieved enterprise standardization for ROI.  And then they went further.

They are leveraging  ROI technology and service to meet the access needs of internal customers including revenue cycle, case management, utilization review and others who need access to patient records to carry out their responsibilities, access permitted under the TPO (treatment-payment-operation) definitions of HIPAA. Working with managers of these services, they analyzed needs and workflows and designed new processes for access and disclosure using the ROI system. This really was a very remarkable discussion, casting the imperative for unification in a very important new light.

What Lloyd and Lisa taught me is that unifying ROI across the enterprise is not the end point of transformation, it is the starting point. Once uniform across the system, access and disclosure management processes can be optimized. Traditional ROI services can be optimized by deploying VRA, by organizing work to meet user requirements, by deploying consistent invoicing and collections, and by using smart tools to identify requests that may require closer monitoring. In fact, the proposed modifications to the HIPAA Privacy Rule call for “Covered entities having a policy to prioritize urgent or otherwise high priority requests.” How do you administer that in a fragmented non-automated system?  In a unified technology-supported system, smart tools such as Verisma’s Spotlight ™, a rules engine, can be set up to monitor the status of the types of requests you specify.  It’s automatic, it’s consistent, and managers can stay on top of high-risk requests.

In addition to optimizing ROI, Lloyd and Lisa have tackled  other access and disclosure management challenges. In doing so, they now serve a broader set of customers who require reliable access to patient information to do their jobs. This may be information to demonstrate medical necessity and support a claim. It may be information to enable the case manager to plan care continuity. In broadening the use of the ROI platform and service their investments in ROI technology and service are leveraged reducing the overall cost and amping up benefits. By bolting this on to ROI, they also improve compliance and accountability.

We often consider change from the familiar frame; in this instance, the frame of ROI. We look at how this improvement can avoid untoward events, such as compliance failure. We look at how it can improve the productivity of existing processes. We don’t often look at change from the perspective of the new opportunities it might create for the health system. That’s what Lisa and Lloyd did. They achieved the desired improvements in ROI and then considered what other functions could benefit from this new technology. They went looking for opportunity to bring even greater value to their organizations. We congratulate them for showing us a new frame for ROI managing the access and disclosure needs of a broader set of customers.

Standardization and Partnership: The Baptist Health South Florida Story

Standardization and Partnership: The Baptist Health South Florida Story

By Linda Kloss, RHIA, FAHIMA

We are all eager to put 2020 in the rear view mirror. Even knowing that 2021 will be very challenging at home and around the globe, we see a path forward through vaccinations and a gradual return to stability. As this year without parallel draws to an end, I think it deserves a different thought process. No recriminations about the things you didn’t accomplish. No resolutions for the New Year please.  Instead, focus on the many important ways you helped others throughout the year. Make a list of the best things you did this year–for your family, friends, and yourself. Make another list of how you helped professional colleagues and the people that you serve. The 2020 pandemic tested our resilience, ingenuity, and, oh yes, patience. This is a time to reflect on all you did and take a pause for a little well deserved self-congratulation!

In last week’s Verisma Webinar “Standardization and Partnership: The Baptist Health South Florida Story,” Rosie Hernandez and Karen Marhefka underscored key lessons about adapting Release of Information for not only the pandemic response, but the new realities of access and disclosure management going forward. Part of the New Fundamentals series, this case study illustrated how Health Systems Solutions (HSS), a partnership of  Baptist Health South Florida and Guidehouse, strengthened the patient experience, achieved greater efficiency and  improved compliance by partnering with Verisma. Baptist understood that these goals depended on automating the release of information workflow and selected the Verisma Release Manager™ (VRM) for use by HSS staff.  In addition to end-to- end workflow automation, Hernandez and Markefka described the importance of a uniform or standard process across the Baptist system, inpatient and outpatient. As Hernandez explained, “standardizing is doing it the same way every time and doing it right.”  

The Verisma Request App™ (VRA) was in place across most of the Baptist Health South Florida’s 7 hospitals, 54 ambulatory and associated centers just before COVID preparations began in earnest. Staff went to work from home using the very same work flow platform. HSS accelerated implementation of VRA to provide access without in-person processing or paper requests. Serving an international population made this even more compelling, offering VRA in English, Spanish, and Creole. VRA also made it easier to fulfil requests with e-records. So not only is VRA contributing to the goals of patient experience and compliance, it is bringing about new efficiencies including reduced supply costs. Reflecting from her position as CIO for health systems, Marhefka reminded us that success with this kind of change requires effective advocacy in communicating the need and securing support and collaboration. 

In a year of intense change and in the Miami area, a persistent COVID hot spot, HSS’s release of information services have delivered some pretty amazing results. Turnaround time for processing requests is 3-5 days and in just 3 months, the volume of VRA requests exceeded 600 a month. The release of information team transitioned from a siloed workflow to an end to end process that required upskilling. While some staff were initially reluctant to change, good training, support, and encouragement—and the sudden shock of work from home—paid off with a realized shift from clerical tasks to higher-value knowledge work. VRM and VRA and other technology management and analytical tools, enables HSS to be fully accountable to Baptist for the quality of the work and for evidence of full compliance. Importantly, Hernandez described the team’s overall readiness to adapt more quickly, a New Fundamental for sure.  

Congratulations to the team at HSS. Their foresight proved invaluable to their successes in 2020 and positioning for the future. 

It’s been a year of loss. But it has also been a year of finding. Congratulations for the great work you did and know that it has prepared you for the challenges of 2021 and beyond. 

 

 

Verisma Adds to its Industry-Leading Online Suite of Self-Service Consumer Solutions

Verisma Adds to its Industry-Leading Online Suite of Self-Service Consumer Solutions

Verisma Adds to its Industry-Leading Online Suite of Self-Service Consumer Solutions

Extends convenience to attorneys

WASHINGTON, D.C., – October 14, 2020 – Verisma Systems, Inc., an industry leader in disclosure management technology and services to the US provider market, has announced the expansion of their ground-breaking Verisma Request App™ (VRA) technology.  Verisma will now offer the same self-service capabilities, along with an expanded online request management portal, to 3rd party attorney organizations. Verisma’s expanded VRA platform and request management portal will provide attorneys with a remote, self-managed approach to electronic record ordering, tracking, payment, and delivery. This change will enhance efficiency and compliance, result in a more satisfied requestor experience, and eliminate the stress on providers of a paper-driven manual request process.

Benefits of VRA Attorney include:

  • Up to a 50% reduction in total request turn-around-times with elimination of a paper driven request mail process, a manual paper request intake and logging process, and a manual delivery of paper record copies.
  • Up to a 30% reduction in labor, supplies and postage costs with less need of a manual paper request intake, manual paper record copy distribution, and manual call support process.
  • Strengthened compliance through advanced e-request/e-delivery capabilities significantly reducing common manual paper request entry and paper record copy delivery errors.
  • Improved requestor satisfaction with ability to self-manage the entire request experience online while receiving record copies faster than ever before.

About Verisma

From our technology to our people and our partnerships, we believe our purpose is to protect truth and accuracy. Learn more about our disclosure management system at verisma.com.

Media Contact:
Davy Simanivanh
Phone (571) 205-6722
dsimanivanh@verisma.com

The 21st Century Cures Act and Its Impact on Disclosure Management

The 21st Century Cures Act and Its Impact on Disclosure Management

By Linda Kloss

The 21st Century Cures Act was passed by Congress in December 2016 and long awaited final regulations were released earlier this summer.  The Cures Act is a complex multi-part law that will be administered through a number of Federal agencies.  The Verisma sponsored webinar on August 26 focused on the Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule that was developed and will be administered by the Office of the National Coordinator for Health IT(ONC).   A special thanks to the ONC team of Elisabeth Myers, Deputy Director, Office of Policy and Michael Lipinski, Division Director, Regulatory & Policy Affairs, Office of Policy for providing a great overview of the Rule and taking audience questions. 

The Rules

We learned that the ONC Rule is really two Rules in one:  regulations designed to advance interoperability and prevent information blocking, key goals of the Cures Act that apply to providers, developers of certified health IT and health information networks and exchanges, and; regulations regarding revised and new criteria for health IT certification.  While our webinar audience primarily represents the provider community, we understand that it is helpful to understand the scope because health systems do operate information networks and exchanges and provider organizations, of course, set specifications for vendors such as their certified EHR vendors. 

From the 30,000 foot perspective, Cures Act represents a third important milestone in advancing a digital health ecosystem with its enormous potential to improve health and health care. The 1996 HIPAA law and associated regulations put in place essential preconditions for digital health – privacy, security, and standards for administrative simplification.  The 2009 HITECH Act accelerated health IT adoption through EHR incentives, certification of health IT, and the development of approaches for health information exchange.  The 2016 Cures is intended to unlock the fullest potential of digital health data to accelerate research into preventing and curing serious illnesses. 

The ONC Final Rule advances interoperability using levers of government, such as its standards setting and enforcement roles, to remove barriers. It underscores the importance of patient access to information, a principle that is foundational to all three of the health information laws.  We also learned that ONC worked closely to align with the Centers for Medicare and Medicaid Services (CMS) Cures Act Rule, the Interoperability and Patient Access final rule.  This is important because aligned concepts, definitions, and standards will bridge clinical and administrative data interoperability, too long siloed. 

The Implications for Disclosure Management

For Release of Information (ROI) professionals and service providers, the Cures Act has four clear implications:

  • We are already seeing an increase in requests from patients for access to their health information.  These Rules will drive further interest by patients and continue this trend.  It is important that ROI modernize patient access through the use of request apps to both support requests and releases.
  • While not directly addressed by the Cures Rules, ROI is today the prominent mechanism for disclosure of a single patient’s data.  The Rules accelerate the urgency of adopting contemporary practices such as standardizing ROI across the enterprise and using smart end-to-end workflow technology that improves turn around and accuracy, while ensuring compliance and accountability.
  • Move away from paper, fax and other outdated ways of handling requests and releases.  If walk up windows and mail in request have slowed due to COVID-19 responses, redesign processes to use technology to improve the efficiency of request and release processes.   
  • Make efficient and accurate patient access a central goal for the ROI team.  Shift from processing paper to helping people get access to their information.  Then, help educate patients about how they can take steps to keep the health records in their possession safe and secure.  

For HIM work generally, the interoperability-focused Final Rules from ONC and CMS include important concepts that will be part of our work in the years ahead. 

  • First, aligning administrative and clinical data standards begins to overcome the artificial separation of patient data for insurance and finance from that used in clinical care.  HIM bridges these worlds and can play an important role in helping to unify them. 
  • As custodians of the health record, HIM maintains EHI and ePHI definitions for designated record sets.  HIM should engage stakeholders in data governance for interoperability including USCDI and defining admission, discharge or transfer (ADT) and other patient event notifications addressed in the CMS Final Rule. Where needed, data capabilities, such as provenance, should be expanded.
  • Working with stakeholders, HIM should step up data quality control for interoperability.
  • The Rules do not change HIPAA privacy and security foundations, but they include a big step forward requiring privacy and security attestation for certified health IT.  Join us for a discussion of the importance of ‘designing in’ privacy and security in a September 23 Webinar.   

The Resources

Elisabeth and Michael described ONC’s commitment to providing education resources for stakeholders.  The ONC Final Rule can be found at www.healthit.gov/curesrule along with fact sheets and previously recorded webinars. 

The CMS Rule and resources can be found at https://www.cms.gov/Regulations-and-Guidance/Guidance/Interoperability/index.  Information on the CMS ADT Notice Provisions can be found at https://chimecentral.org/wp-content/uploads/2020/03/CMS-Interoperability-and-Patient-Access-Final-Rule-summary.final_.pdf

Verisma’s webinar slides and recording are available upon request from DSimanivanh@verisma.com..