Advancing Information Sharing: Understanding EHI

Advancing Information Sharing: Understanding EHI

Dec 20, 2022 | Blog, Compliance & Regulations, Information Sharing, Release of Information

This blog summarizes the content from Verisma’s ROI Roundtable Webinar. The full recording and slidse are available.
Get Recording & Slides
The information blocking definition of electronic health information (EHI) includes the entire scope of electronic protected health information (ePHI) that is or would be in a Designated Record Set (DRS). Prior to October 6, 2022, the definition of information blocking was focused only on the subset of EHI that is represented by elements in the United States Core Data for Interoperability (USCDI) v1. As of October 6, 2022, all EHI falls within the scope of the information blocking definition. 

What is and what is not EHI for purposes of information blocking regulations?  In Verisma’s Nov 2022 ROI Roundtable Webinar we heard from two experts with the ONC – Rachel Nelson JD, Branch Chief, Compliance and Administration Branch, and Dan Healy, Policy Coordinator, Compliance and Administration Branch on what EHI is and how its definition relates to but differs from the definition of ePHI under the HIPAA Rules. The speakers provided important facts related to current information blocking policy and what healthcare organizations and providers should bear in mind specific to information blocking regulations as they review and update their technical capabilities and workflows in context of their DRS (Designated Record Set) to ensure they are sharing EHI consistent with all applicable laws. Some highlights from their presentation follow.

What is EHI as defined by the information blocking regulation?  According to ONC, EHI is as follows:

  • “Electronic Health Information (EHI) means electronic protected health information (ePHI) to the extent that the ePHI would be included in a designated record set as these terms are defined for HIPAA.”

The scope of EHI is relayed was shared in the following ONC graphic that can be found at HealthIT.gov:

The expansion is “only” PHI that is in an electronic format. Noted in the webinar is that EHI is “electronic health information (ePHI) to the extent that it would be included in a designated record set.” Further explained during the webinar was that EHI “is individually identifiable health information, that is maintained in electronic media or transmitted by electronic media.” If the ePHI is included in any of the following records and not in the exclusions such as psychotherapy notes, then it would be considered EHI:

  • Medical records and billing records of a provider about an individual
  • Enrollment, payment, claim adjudication, and case or medical management record systems maintained by or for a health plan.
  • Records used in whole or in part to make decisions about individuals

What is not EHI was explained as well. For example, such things like psychotherapy notes, information complied in anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, employment records health information, and de-identified protected health information. EHI is not limited by when the information was generated.

Organizations should be looking at what they now include in their designated record set policy and revise if necessary, to ensure the that their policy includes the full scope of EHI that is now in effect as of the October 6, 2022 expansion of the EHI definition beyond the current USCDI v.1 definition.  Working with your Release of Information vendor is important as well, so they are aware of exactly what ePHI is defined in your designated record set and how to access all the ePHI for disclosure purposes. Many resources such as an EHI Fact Sheet, recorded Webinars, and an Infographic are available on https://www.healthit.gov/.

Dan and Rachel also spent time going over the Information Blocking definition and explaining how that relates directly to the exchange of ePHI. More details and explanation of the Information Blocking Regulation was shared with the attendees. Points that have caused some questions from health care providers and others in the health IT field were clarified. Information Blocking applies to “actors.” Actors are:

  • Health Care Providers
  • Health It Developers of Certified Health IT
  • Health Information Networks (HINs)
  • Health Information Exchanges (HIEs)

Exceptions to the Information Blocking Rule, which have caused a lot of questions from “actors,” in particular the “Content and Manner Exception” where it is not considered information blocking if the actor does not have all the requested EHI in their possession, cannot be shared using the technology requested, or where it must be “withheld due to laws or is permissible to be withheld, such as under the Preventing Har or Privacy exceptions.” One example would be if it would be impossible for an actor to segment out psychotherapy notes from the EHI. Another would be the cost to comply would be prohibitive. Other examples were given as well as resource information available on ONC’s Cures Act Final Rule website.  For more in-depth information on Information Blocking, resources can be found at https://www.healthit.gov/ where there are fact sheets, Webinars, and FAQs. 

Health Information Management leaders should be reviewing all the policies and procedures related to release of ePHI, especially their designated record set policy to ensure they are following the updated requirements that went into effect on October 6, 2022 and working closely to ensure their ROI vendor is up to date on all the requirements to ensure there are no risks of information blocking.

 

 

 

 

 

Webinar: Advancing Information Sharing – Understanding EHI

Webinar: Advancing Information Sharing – Understanding EHI

Nov 30, 2022 | Compliance & Regulations, Information Sharing, News

Date and Time

November 30, 2022
2:00-3:00 PM ET

Speakers

Dan Healy

Dan Healy
Policy Coordinator
ONC

Rachel Nelson

Rachel Nelson, JD
Branch Chief
ONC

Barbara Carr

Barbara Carr, RHIA
Strategic Advisor
Verisma

Category

Information Protection; Access, Disclosure, Privacy and Security

Presentation Content

The information blocking definition of electronic health information (EHI) includes the entire scope of electronic protected health information (ePHI) that is or would be in a Designated Record Set (DRS). Prior to October 6, 2022, the definition of information blocking was focused only on the subset of EHI that is represented by elements in the United States Core Data for Interoperability (USCDI) v1. As of October 6, 2022, all EHI falls within the scope of the information blocking definition.

What is and what is not EHI for purposes of information blocking regulations? In this presentation you will hear from experts with the ONC (Office of the National Coordinator for Health IT) on what EHI is and how its definition relates to but differs from the definition of ePHI under the HIPAA Rules. Learn about current information blocking policy and what healthcare organizations and providers should bear in mind specific to information blocking regulations as they review and update their technical capabilities and workflows in context of their DRS to ensure they are sharing EHI consistent with all applicable laws.

Learning Outcomes

  1. Understand how EHI is an important part of the information blocking definition.
  2. Learn how to identify what is and what is not EHI.
  3. Learn more about how information blocking policy recognizes the importance of maintaining cybersecurity of your health IT and of respecting patients’ privacy rights and preferences.

Reference List

HHS Office of the National Coordinator for Health Information Technology.

Understanding Electronic Health Information (EHI)

Information Blocking Exceptions

Information Blocking FAQs

Register Today

AHIMA22 Overview and Takeaways

AHIMA22 Overview and Takeaways

Oct 26, 2022 | Blog, Health Information Solutions, Information Sharing, Operational Outcomes, Release of Information

AHIMA22 brought us to Columbus this year, the capital and heart of Ohio. It’s been three years since we’ve all been together and there was so much catching up to do! The American Health Information Management Association (AHIMA) is the leading voice and authority in health information where the associated experts work at the intersection of healthcare, technology, and business. Today more than ever, in an era where technology drives change and efficiencies on one hand and on the other hand increases the risk of interfering with privacy and security, managing the complexity of patient’s information is critical. Healthcare professionals must ensure that sensitive health stories remain accurate, accessible, protected, and complete at all times.

We all know the tremendous effects COVID had on our healthcare and the gaps it highlighted in our systems. It changed the workforce landscape with an increased need for healthcare professionals and the reality that jobs require more technical skills than ever before. AHIMA22 highlighted the emerging changes and responsibilities that healthcare information management professionals face today.

The conference kicked off with sessions on “Design Thinking for Innovation in Healthcare” and “What Does it Take to Become a Revenue Cycle Executive” and a marching band performance! There were over 40 in-person sessions led by health data experts and visionaries, new product tech demos in the exhibit hall, networking opportunities, and social events with over 3,00 attendees. Thinking back on all that I heard and witnessed at this convention, there are a few key takeaways I’d like to share:

Design Thinking for Innovation in Healthcare

This workshop kicked off the conference and set the tone for the rest of the week. Design thinking process is a theory that many startups and innovative companies use to solve real end user problems and it’s one of my favorite methods to use to develop user centric products. Design thinking is taught at top universities like Harvard and is adopted by brand name companies such as Apple, Google, and Samsung. It’s a 5-part problem solving approach you can apply in both your organization and your daily life. It centers around end user challenges and how to put aside limiting beliefs and our own perspectives to solve a problem based on observation and thinking outside the box.

“Healthcare requires continuous innovation to meet the needs of patients and providers,” says Mary Ann Sullivan, MA, CCMP, senior director, professional development and education operations and innovation at AHIMA. But important stakeholders are not always considered when new interventions or processes are designed. This can lead to products and services that do little more than gather dust, while the underlying issues remain unaddressed. “Design thinking,” Sullivan says, “can be used to improve clinician-patient workflows, healthcare spaces, customer service, and community programs.” In a healthcare landscape where there are so many silos, this methodology can be useful to bridge the gap and deliver real solutions that bring back the patient to the center of care.

Privacy and Security

AHIMA22 had top experts on information blocking, electronic health record vendor efforts to protect privacy and achieve interoperability, cyberthreats, and risks associated with the Internet of Medical Things (IoMT). There is an ongoing responsibility to understand and comply with laws that govern the privacy and security of health information. It’s important to learn unique security gaps and how to mitigate the IoMT risk as healthcare increases its use of devices that interact directly with patients. Furthermore, understanding the current drive to achieve an interoperable landscape requires heightened privacy and security.

Consumerism

The last several years was a turning point in healthcare with consumers finally empowered to make more informed decisions about their health. AHIMA22 included a focus on consumerism with sessions that offered incredible insight for health leaders to learn about new and emerging technologies and roles in health information that place the patient at the center of it all. Returning consumers to the center of patient care will impact healthcare for generations to come. Healthcare professionals can be both patient advocates and liaisons to help patients better understand the ever-changing environment. The pandemic has accelerated patients’ usage of health-related digital devices, which can provide more productivity, but also isolates the patient from human care. Healthcare professionals need to understand technology and find ways to humanize the experience.

Data

There were many lectures and vendor demos of products related to data. Because we use the science of collected information to have predictable results in a complex system, more data can lead to more informative decision making. This is vital because health data, including population health information, must be accurate and trusted as many strategic and patient care decisions rely on it. Also, health data and data models have a significant impact on business intelligence and initiatives. It can shed light on gaps in the systems or reasons for failure in the workflows and showcase and inefficiencies. Data governance is the yellow brick road to health data integrity and must be followed to ensure the reliability of the data. Organizations seek to improve patient care and outcomes through the collection of Social Determinants of Health data. Health data lies at the center of interoperability and interoperability is the key to getting the right information at the right time to the right person. Here at Verisma, we have a leading data and analytics tool, that is easy to use and all the reports related to Release of Information can be customized in a easy to understand format to drive real engagement with the process of providing real and accurate health records.

It was interesting to flow between so many fascinating topics while acknowledging how much the role of Health Information Managers is changing. That’s why Verisma is changing ROI for a changing world. I look forward to showing you the new products and services we’re developing to support you!

If you or your colleagues plan to attend AHIMA’s virtual conference in November, don’t miss Verisma’s session on the top disclosure management trends.

 

AHIMA 22 Verisma Team
3 Reasons You Miss Turnaround Times (and what to do about it)

3 Reasons You Miss Turnaround Times (and what to do about it)

Sep 13, 2022 | Blog, Compliance & Regulations, Information Sharing, Release of Information

It’s 4:45 pm and your shift is about to end. You take one final glance at the queue of new patient record requests and unbelievably, it’s at zero. “Great!” you think, “My team has visibility on everything that needs to be processed and is well on their way to responding within 30 days. Even if we only had 15 days, we could handle this!”

Now let’s be honest – this is a fantastical scenario. Most, if not all, healthcare organizations have a backlog of requests they’re aware of but haven’t processed. Thankfully, if you track the date those requests entered your system, reaching the HIPAA-required turnaround time should be doable, right?

Not always. Here’s three reasons why:

1. Your backlog is bigger than you think

If you manage turnaround times based on your intake queue, you need 100% certainty that record requests make it to the queue on day one. Are there requests sitting on the fax machine? Are there several sitting in someone’s email inbox? Are they on vacation?

There’s risk in what you can’t see. If your organization has multiple locations with a decentralized ROI process, this problem compounds.

To confidently say your organization meets required turnaround times, you need 100% visibility across the intake process.

2. Your backlog is smaller than you think

We all know it’s unavoidable – duplicate requests. Whether by accident or due to impatience, this redundancy is an inefficient use of time and resources.

3. You’re not prioritizing effectively

First in first out isn’t always the best process. If all record requests in your system look the same, how do you know which are from patients vs attorneys? How many are for continuity of care?

COVID, hybrid workforces, Information Backlog requirements, and the upcoming anticipated HIPAA changes with a reduced turnaround time to 15 days have put more pressure on healthcare organizations to move to a streamlined unified process.

Verisma’s disclosure management experts are here to guide you through the process. Well-orchestrated policies and procedures paired with leading technology designed for ROI workflows are the key to achieving improved productivity, enhanced patient/requestor experience, and actionable metrics on your ROI operations success.

Specifically, the Verisma® advanced Release Management (VRM®) platform with its powerful Verisma Inbox™ technology:

  • Utilizes smart barcode technology that automates the entire request intake by healthcare facility, giving you 100% visibility
  • Flags duplicate requests to reduce multiple releases of the same record to the same requestor
  • Centralizes and automatically categorizes all requests based on rules you specify so you can prioritize effectively

Verisma Inbox™ technology is the first of its kind and continues to offer more automation capabilities at no extra cost to our clients. Come see our latest innovations at AHIMA 22 booth #411.

Not going to AHIMA? Request a demo any time here.

Managing Patient Requests for Amendments – One Health Systems’ Story

Managing Patient Requests for Amendments – One Health Systems’ Story

May 25, 2022 | Blog, Compliance & Regulations, Health Information Solutions, Information Sharing, Operational Outcomes, Release of Information

By Barbara Carr, RHIA

The 21st Century Cures Act’s goal of increasing information sharing and enabling patients to have their healthcare data delivered conveniently to their computers, cell phones, and mobile applications has increased privacy and security worries for many healthcare organizations. Having the right data security and processes in place to enable information sharing is forefront as this new era of patient access continues to drive a more educated and engaged patient population demanding governance over their health information. We can expect that the once rare occurrence of record amendment requests will soon be a regular activity that will need to be carefully and accurately managed.

Presently, the Patients’ Right to Access must be granted within 30 days regardless of record location (onsite vs. offsite), and regardless of media type. One 30-day extension applies but must be communicated to the patient and documented. Any denial of access also needs to fit within this 30 day/60 day time frame.

The growing tech savvy and health aware public wants access and control over their health information. This has led to an increase in demand for the release of information to the patient. As we are all aware, the electronic health record is not always neat and tidy and easy to digest. Patient records also have a high degree of “copy and paste” type notes leading to issues with accuracy of information from visit to visit. With more patients reviewing their records than ever before, perceived interpretations and actual transcription errors require a more robust ability to address the influx of questions, corrections, and possible amendments.

It requires a dedicated team to handle these requests to ensure consistency of process and compliance and should not be left up to each area within the organization to address on their own. Having a streamlined way in which you handle requests for amendments is imperative for HIPAA compliance and overall patient satisfaction.

During our May ROI Roundtable Webinar Series, we were honored to have Mercy del Rey, Assistant Vice President and Chief Privacy Officer for Baptist Health System South Florida, and a Verisma client, speak to us on how their 12 hospital and 200+ outpatient center health system has employed a centralized process to address the significant growth of patient record amendment requests over the past decade.

Baptist Health South FLorida began their journey to a centralized process right from the inception of HIPAA, by establishing a corporate privacy office that would also be responsible for handling all patient amendment requests. With the advent of HIPAA and Right to Access, HITECH, Meaningful Use, and the explosion of the electronic medical record, they saw the volume of requests for amendments dramatically increase. The advent of patient portals, the information demand related to a global pandemic , and the government’s increased push for information interoperability and sharing, has further increased the volume of requests. In 2003, Baptist Health South Florida received 7 requests to amend healthcare information. That number has steadily grown to well over 300 requests a year at present.

Mercy demonstrated how they carefully evaluate each amendment request with questions that include:

  • Does this error affect the care received?
  • How will this affect future care?
  • Legitimacy of the request such as “I fell at Walmart, not at home”.
  • Where are all the places in the record that we need to have addendums?
  • Will the record need to be re-coded and re-billed once a change has been made?

 

Having a central and dedicated trained and knowledgeable team review each request and make these determinations is essential for process consistency and overall amendment accuracy. This requires a detail review of the request and the medical record in question, as well as the ability to reach out to the clinician(s) involved who will review the request and review the medical record to determine whether the amendment can/will be made.

Some of the many roadblocks/challenges her team faces include a clinician’s willingness to review and amend a record, technical challenges that may affect the ability to capture the associated information across the record set, detangling medical records across multiple platforms, old paper records, complex requests that may require varying degrees of interpretation, and the careful management of unrealistic patient expectations. To help with these challenges, Mercy’s team looks to others in the organization for assistance in removing these roadblocks. They work hand-in-hand with the Patient Experience team to help manage to the patient communication process. For clinicians unwilling to cooperate, they have stablished an escalation process up the chain of command to their Chief Medical Officer. In addition, they work closely with Health Information Management on issues such as the detangling and updating of a medical record. As Mercy relayed, “It takes a Village”.

Key to process compliance and overall success, includes all new employees, including the physician staff, are trained on the amendment process as a part of their orientation and onboarding. This ensures that everyone is aware of the process from the beginning of their employment. Baptist Health System South Florida makes their patient amendment request form available on-line which automatically routes all new requests directly to Mercy and her Privacy Office. In addition, they receive requests from the Patient Experience team who sometimes receives the request as a part of their patient complaint filing process.

This centralized and accountable approach to handling patient amendment requests has enabled Baptist Health South Florida to maintain a scalable, highly organized, and compliant approach to handling patient requests for amendments all while keeping the patient’s needs, safety, and overall satisfaction at the forefront of their efforts.

Patient Request for Amendments – The Impact of Increased Patient Access to EHI

Patient Request for Amendments – The Impact of Increased Patient Access to EHI

Apr 29, 2022 | Compliance & Regulations, Information Sharing, News

Date: May 18, 2:00 – 3:00 PM EDT

Presenters:

Mercy del Rey
Assistant Vice President/Chief Privacy Officer, Baptist Health South Florida

Barbara Carr, RHIA
HIM Advisor, Verisma Systems, Inc.

The 21st Century Cures Act’s goal of increasing information sharing and enabling patients to have their healthcare data delivered conveniently to their computers, cell phones, and mobile applications has increased privacy and security worries for many healthcare organizations. Having the right data security in place to enable information sharing is forefront, the opening up of access and sharing has also increased the volume of patients’ requests to amend their healthcare information.

Baptist Health South Florida is a large multi-facility health system in South Florida that treats over 1.5 million patients per year.  Hear from Mercy Del Ray, Baptist’s VP and Chief Privacy Officer, how Baptist Health protects patient privacy and patient rights and what processes they have implemented to handle the increased patient requests for amendments.

Learning Objectives:

• Learn from Baptist Health South Florida experience on how they have met the demands and are processing requests for amendments.   

• Learn how centralizing the amendment process has benefited the healthcare organization and patients.

Pre-Approved for 1 AHIMA CEU Credit.

 

REGISTER TODAY