Unifying ROI Across Your Health System:  Your Leadership Priority

Unifying ROI Across Your Health System: Your Leadership Priority

By Linda Kloss

I first wrote about the value of uniform ROI practices throughout a health system in the fall of 2016. At the time, I cited risk mitigation and cost control as key drivers. I described the experiences of health systems who had achieved centralized release processing and argued that when centralization is not possible, at minimum, release should be guided by uniform policies and procedures.

Fast forward five years. The imperative has come into even sharper focus today. First, fines and compliance plans are being regularly levied by the Office for Civil Rights for failure to comply with patient access regulations. In the past 18 months, 18 enforcement actions have been announced. What’s amazing is that in each of these cases, covered entities were notified of the complaint and received technical assistance. They were given a chance to self-correct, but still failed to come into compliance. Reasonable risk management was clearly lacking as was quality control and accountability.

Cost control remains a key driver and this too has become more urgent. Many health systems have decided that they will absorb the cost of patient requests, which comprise 15-20% of all requests. Further, per page reimbursement which helped subsidize ROI operations for decades is eroding with limits on what can be charged for electronic release. The business model for ROI has changed irrevocably. Like any other form of transaction processing, ROI must be fully automated with an emphasis on doing it right the first time. This just isn’t possible when release is handled differently across the health system.

Today there is a third driver and that is the consumer. People have a greater interest and need to access their health information. Health systems now see patient access as a customer service requirement.  Fortunately, technology supports this focus. Patients have responded positively to use of the Verisma Request App™ (VRA). It enables them to submit requests via Web and receive e-records—all with state of the art security. VRA also feeds the ROI system to eliminate data entry, reduce costs, and improve productivity. It is a key tool in the unification toolkit.

The May 19th Verisma Webinar “Unifying ROI Across the Enterprise: Large Health Systems Leading the Way” opened my eyes to how the value of unifying ROI across the enterprise can be further expanded. Lisa Perez, RHIA, Assistant Vice President Health Information Management, NYC Heath + Hospitals (the nation’s largest public health system) and Lloyd Torres, MHA, Senior Director, Health Systems Projects, ColumbiaDoctors (the faculty practice organization for Columbia University Irving Medical Center and NewYork-Presbyterian Hospital) described how their very complex health systems achieved enterprise standardization for ROI.  And then they went further.

They are leveraging  ROI technology and service to meet the access needs of internal customers including revenue cycle, case management, utilization review and others who need access to patient records to carry out their responsibilities, access permitted under the TPO (treatment-payment-operation) definitions of HIPAA. Working with managers of these services, they analyzed needs and workflows and designed new processes for access and disclosure using the ROI system. This really was a very remarkable discussion, casting the imperative for unification in a very important new light.

What Lloyd and Lisa taught me is that unifying ROI across the enterprise is not the end point of transformation, it is the starting point. Once uniform across the system, access and disclosure management processes can be optimized. Traditional ROI services can be optimized by deploying VRA, by organizing work to meet user requirements, by deploying consistent invoicing and collections, and by using smart tools to identify requests that may require closer monitoring. In fact, the proposed modifications to the HIPAA Privacy Rule call for “Covered entities having a policy to prioritize urgent or otherwise high priority requests.” How do you administer that in a fragmented non-automated system?  In a unified technology-supported system, smart tools such as Verisma’s Spotlight ™, a rules engine, can be set up to monitor the status of the types of requests you specify.  It’s automatic, it’s consistent, and managers can stay on top of high-risk requests.

In addition to optimizing ROI, Lloyd and Lisa have tackled  other access and disclosure management challenges. In doing so, they now serve a broader set of customers who require reliable access to patient information to do their jobs. This may be information to demonstrate medical necessity and support a claim. It may be information to enable the case manager to plan care continuity. In broadening the use of the ROI platform and service their investments in ROI technology and service are leveraged reducing the overall cost and amping up benefits. By bolting this on to ROI, they also improve compliance and accountability.

We often consider change from the familiar frame; in this instance, the frame of ROI. We look at how this improvement can avoid untoward events, such as compliance failure. We look at how it can improve the productivity of existing processes. We don’t often look at change from the perspective of the new opportunities it might create for the health system. That’s what Lisa and Lloyd did. They achieved the desired improvements in ROI and then considered what other functions could benefit from this new technology. They went looking for opportunity to bring even greater value to their organizations. We congratulate them for showing us a new frame for ROI managing the access and disclosure needs of a broader set of customers.

The 21st Century Cures Act and Its Impact on Disclosure Management

The 21st Century Cures Act and Its Impact on Disclosure Management

By Linda Kloss

The 21st Century Cures Act was passed by Congress in December 2016 and long awaited final regulations were released earlier this summer.  The Cures Act is a complex multi-part law that will be administered through a number of Federal agencies.  The Verisma sponsored webinar on August 26 focused on the Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule that was developed and will be administered by the Office of the National Coordinator for Health IT(ONC).   A special thanks to the ONC team of Elisabeth Myers, Deputy Director, Office of Policy and Michael Lipinski, Division Director, Regulatory & Policy Affairs, Office of Policy for providing a great overview of the Rule and taking audience questions. 

The Rules

We learned that the ONC Rule is really two Rules in one:  regulations designed to advance interoperability and prevent information blocking, key goals of the Cures Act that apply to providers, developers of certified health IT and health information networks and exchanges, and; regulations regarding revised and new criteria for health IT certification.  While our webinar audience primarily represents the provider community, we understand that it is helpful to understand the scope because health systems do operate information networks and exchanges and provider organizations, of course, set specifications for vendors such as their certified EHR vendors. 

From the 30,000 foot perspective, Cures Act represents a third important milestone in advancing a digital health ecosystem with its enormous potential to improve health and health care. The 1996 HIPAA law and associated regulations put in place essential preconditions for digital health – privacy, security, and standards for administrative simplification.  The 2009 HITECH Act accelerated health IT adoption through EHR incentives, certification of health IT, and the development of approaches for health information exchange.  The 2016 Cures is intended to unlock the fullest potential of digital health data to accelerate research into preventing and curing serious illnesses. 

The ONC Final Rule advances interoperability using levers of government, such as its standards setting and enforcement roles, to remove barriers. It underscores the importance of patient access to information, a principle that is foundational to all three of the health information laws.  We also learned that ONC worked closely to align with the Centers for Medicare and Medicaid Services (CMS) Cures Act Rule, the Interoperability and Patient Access final rule.  This is important because aligned concepts, definitions, and standards will bridge clinical and administrative data interoperability, too long siloed. 

The Implications for Disclosure Management

For Release of Information (ROI) professionals and service providers, the Cures Act has four clear implications:

  • We are already seeing an increase in requests from patients for access to their health information.  These Rules will drive further interest by patients and continue this trend.  It is important that ROI modernize patient access through the use of request apps to both support requests and releases.
  • While not directly addressed by the Cures Rules, ROI is today the prominent mechanism for disclosure of a single patient’s data.  The Rules accelerate the urgency of adopting contemporary practices such as standardizing ROI across the enterprise and using smart end-to-end workflow technology that improves turn around and accuracy, while ensuring compliance and accountability.
  • Move away from paper, fax and other outdated ways of handling requests and releases.  If walk up windows and mail in request have slowed due to COVID-19 responses, redesign processes to use technology to improve the efficiency of request and release processes.   
  • Make efficient and accurate patient access a central goal for the ROI team.  Shift from processing paper to helping people get access to their information.  Then, help educate patients about how they can take steps to keep the health records in their possession safe and secure.  

For HIM work generally, the interoperability-focused Final Rules from ONC and CMS include important concepts that will be part of our work in the years ahead. 

  • First, aligning administrative and clinical data standards begins to overcome the artificial separation of patient data for insurance and finance from that used in clinical care.  HIM bridges these worlds and can play an important role in helping to unify them. 
  • As custodians of the health record, HIM maintains EHI and ePHI definitions for designated record sets.  HIM should engage stakeholders in data governance for interoperability including USCDI and defining admission, discharge or transfer (ADT) and other patient event notifications addressed in the CMS Final Rule. Where needed, data capabilities, such as provenance, should be expanded.
  • Working with stakeholders, HIM should step up data quality control for interoperability.
  • The Rules do not change HIPAA privacy and security foundations, but they include a big step forward requiring privacy and security attestation for certified health IT.  Join us for a discussion of the importance of ‘designing in’ privacy and security in a September 23 Webinar.   

The Resources

Elisabeth and Michael described ONC’s commitment to providing education resources for stakeholders.  The ONC Final Rule can be found at www.healthit.gov/curesrule along with fact sheets and previously recorded webinars. 

The CMS Rule and resources can be found at https://www.cms.gov/Regulations-and-Guidance/Guidance/Interoperability/index.  Information on the CMS ADT Notice Provisions can be found at https://chimecentral.org/wp-content/uploads/2020/03/CMS-Interoperability-and-Patient-Access-Final-Rule-summary.final_.pdf

Verisma’s webinar slides and recording are available upon request from DSimanivanh@verisma.com.. 

HIPAA Privacy Policy – Adapting and Evolving

HIPAA Privacy Policy – Adapting and Evolving

By Linda Kloss

The Verisma disclosure management community was fortunate to be briefed last week by Timothy Noonan, JD, Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (OCR). OCR administers and enforces the Health Insurance Portability and Accountability Act (HIPAA) and compliance with HIPAA’s Privacy Rule is a central focus for release of information professionals. His webinar update covered three very timely and important topics:

  • Recent privacy-related COVID-19 guidance and bulletins
  • OCR’s Right of Access Initiative, and
  • Developments regarding the Right to Direct health records to a third party.

Mr. Noonan had been scheduled to address Verisma’s 4th Annual Disclosure Management Summit in early May, cancelled due to the COVID-19 pandemic. The Webinar provided an opportunity to cover COVID-related guidance and as Noonan noted, it was a first opportunity this year for OCR to address its Right of Access Initiative.  (The webinar archive is available from Davy Simanivanh at DSimanivanh@verisma.com).

 COVID-19 Guidance

We are grateful to Mr. Noonan and the team at the Office for Civil Rights for its rapid fire response to COVID-19 in issuing seven (7) guidance documents in about the same number of weeks. The guidance helps front line care givers, first responders, public health officials, privacy and compliance officers, and health information professionals by clarifying common Privacy Rule questions such as sharing patient information without authorization with family and friends and public health.  Guidance expands flexibility, where needed, to get essential (read ‘minimally necessary’) information to those who need it to care for people in a time of crisis.

Guidance also addresses challenges relating to rapid expansion of telehealth, the ramp up of community-based testing, and media and film crew access to protected health information in a public health emergency.  Guidance outlines limits to enforcement discretion where good faith efforts by covered entities and business associates to fully comply with the Privacy Rule are a barrier to supporting critical public health and health oversight needs. If you haven’t already done so, visit the HIPAA and COVID-19 Web Page and become familiar with the guidance and its cautions.[1]

Right of Access Initiative

OCR is responsible for teaching covered entities and business associates and educating communities about the Privacy Rule (and other areas of civil rights).  It is also responsible for investigating complaints to determine whether they constitute violations.  Often areas of violation can be resolved by education coupled with a corrective action plan. Generally, the agency encourages corrective action and such encouragement produces change. For areas of egregious violation or failed corrective action, OCR has enforcement authority.

Mr. Noonan reported that OCR recieves over 26,000 complaints each year on some aspect of HIPAA and that complaints regarding Right of Access violations are increasingly common. He emphasized that the Right of Access is the “cornerstone of the Privacy Rule.” Accordingly, in February 2019, OCR announced that Right of Access violations would be a priority for HIPAA enforcement and two enforcement actions were announced in late 2019.  (Verisma addressed these in its December 17, 2019 Webinar: Turning Up the Heat! HHS Initiates Access Enforcement)  Mr. Noonan reminded us that the enforcement actions taken represent demonstrated systemic non-compliance. Effective release of information is characterized by policies and procedures that advance an individual’s Right of Access, including the right of individuals to exercise their privacy preferences and assert their information rights.

Right to Direct Health Records to a Third Party

One of these rights is to direct health records to a third party. Mr. Noonan reviewed elements of the January 2020 lawsuit settlement that vacated previous OCR policy limiting fees for authorized provision of health records to third parties—such as law firms and life insurance companies.  Mr. Noonan reiterated that this policy revision does not affect the individual’s right to access their protected health information.

The Health Insurance Portability and Accountability Act (HIPAA) is a multi-part law enacted by Congress in 1996.  Its privacy provisions went into effect over 17 years ago, at a time when health information was largely stored on paper and population health and patient engagement were not yet central strategies for health improvement.  In 2018, OCR issued a Request for Information (RFI) on areas where the Rule might be improved.In 2018, OCR issued a Request for Information (RFI) on areas where the Rule might be improved.  Now, a Notice of Proposed Rulemaking (NPRM) based on feedback obtained through the RFI is under internal review.  Mr. Noonan encouraged our community to read, reflect, and comment on the NPRM when it is published in the Federal Register, most likely later this year.  While privacy rights are enduring, how they are best protected must evolve to be relevant.

[1] https://www.hhs.gov/hipaa/for-professionals/special-topics/hipaa-covid19/index.html

Recognizing HIM Leaders in this Pandemic:  Emerging Best Practices and Lessons (Part 1 of 4)

Recognizing HIM Leaders in this Pandemic: Emerging Best Practices and Lessons (Part 1 of 4)

By Linda Kloss

I want to recognize and applaud our HIM colleagues who are adapting quickly and smartly to the urgent needs of their health systems in this growing pandemic.  On behalf of Verisma, I had the privilege of interviewing HIM leaders at health systems in New York, New Jersey, Boston, Delaware, and North Carolina to understand their experiences to date.  They were eager to share what they are learning, so everyone does not have to figure this out on their own.   In a time of extreme disruption, it’s important to share, learn and adapt as quickly as possible.

Verisma hosted an important Webinar on April 1 entitled “COVID-19 Response:  Emerging Best Practices for Health Information Disclosure Management.”  The interviewees joined the Webinar to answer questions from hundreds of participants at various stages of their own planning and adaptation.  I want to congratulate and thank each HIM leader for the great work they are doing and for their willingness to invest some time to engage and share.

Two high level lessons capture their experiences to date:

    • First, this is an empowering time when one needs to draw from and trust their experience. Interviewees quickly prioritized and acted, not waiting for perfection or permission.
    • Second, it is a time for innovation where interviewees quickly discarded unworkable and outdated methods, staying focused on the desired outcomes, adapting process and policies as needed. Interviewees noted over and over that they acted knowing full well that they may have to make further adjustments.

We identified eight emerging best practices based on these leaders first 3 to 4 weeks of COVID-19 response efforts.  We called them emerging because the changes are not static.  Adjustments will continue to be made as disaster response circumstances evolve. The best practices can be rolled into three key initiatives:

    • physical distancing – staff and patients
    • optimizing electronic workflows, and
    • adapting policies to remove barriers

Change came abruptly as health systems issued work-from-home orders for non-clinical teams. Some organizations were given a 2-3 week period and were able to send staff home in phases.  One hospital got orders on Friday for staff to be working at home by Monday! Physical distancing of staff is the focus for emerging best practice #1: Accelerate and expand work from home. 

Interviewees recommended preparing work from home staffing plans that require as little residual on site work as possible.  They also recommended that continency plans be developed in case illness in a family or other circumstances keep a knowledge worker from contributing for a time.

HIM may have sent coders and transcriptionists working at home.  This means that the technology platform requirements are known and tested.  If this is not the case, part of staff planning is technology planning.  Interviewees urged that technology plans assess the needs of individuals as wifi speed, secure work site, and other factors have to be assessed for each staff member.  To meet a deadline, health system technology was sent home with a staff member.  An action like this can be adjusted later, but these leaders are empowered to take the steps necessary to meet a work from home deadline.

Interviewees advise careful attention to the needs of individuals, including supervisors, who may be very unprepared for an abrupt transition.  Good practices include using video conference for frequent –daily at first—one-on-one and group status and coaching meetings.  Reluctant supervisors need special coaching as do certain staff.  Understanding and supporting the needs of individuals is the bottom line.

The same holds true for the staff that must remain on site for critical jobs such as birth certificates, and scan residual paper into EHRs and direct mail.  Emerging best practice #2: Protect on site staff.  While most at home staff are grateful to be able to work from home, on site staff may be anxious and frightened of contracting COVID.  Interviewees describe approaches to distancing through longer shifts but fewer days on site and creating physical distance through their office layout.  The other important lessons involve infection control protocol for handling paper and the redesign of workflows to reduce paper handling.  We’ll take this up in our next blog that will cover the remaining emerging best practices.  In fact, we have three more blogs planned to cover the balance of the 8 emerging best practices. Coming next, emerging best practices #3: Close in person R-O-I request services, #4: Support use of patient portal, and #5 Use R-O-I workflow technology and request app.

In the meantime, be safe and stay well.  Please jump in and share your experiences and questions.  You can also request an archive of the April 1 Webinar by e-mailing Davy Simanivanh (dsimanivanh@verisma.com) and be on the lookout for upcoming webinars.

WEBINAR: Release of Patient Information: Increased Focus on Information Integrity

WEBINAR: Release of Patient Information: Increased Focus on Information Integrity

Date: March 19th, 2:00 pm – 3:00 pm EST

Presenters:

Jim Staley, CISSP
Chief Information Security Officer, Chief Compliance Officer   

Linda Kloss, MA, RHIA
Regulatory Policy Leader, Disclosure Management

Marcy Caudill
VP, Client Operations

Information Integrity is the dependability or trustworthiness of information.  Releasing protected health record and other high value information for continuity of care, patient engagement, payment and other purposes carries special obligations to ensure that the information is dependable and trustworthy.  But what do you know about the integrity of the information being released?  What controls are in place to identify integrity issues?  What standards are you using to monitor and manage information integrity?  If your release of information function is outsourced, how do you  really know whether the QA protocols in place are rigorous and reliable?

In this Verisma thought leadership webinar, release of information (R-o-I) integrity challenges are highlighted in the areas of content, process, and system.  The risks associated with these challenges are discussed.  A Release of Information Integrity Framework (ROII) is presented consisting of practical strategies for reducing risks while improving integrity. The ROII Framework lays out risk-based content, process, and system controls that should be in place, and key productivity and quality measures that you can use to apply the Framework.

Whether R-o-I is done in-house, outsourced or a combination, information integrity measures and measurement are essential tools.  Demonstrating the integrity of the R-o-I work performed is as important as its productivity.  This webinar will arm you with the essential concepts and means to check the adequacy of your current approaches.

The learning objectives for the webinar are to:

  1. Lay out the information integrity concerns relating to release of information functions
  2. Identify key monitors, measures, and controls that can help to mitigate integrity problems
  3. Offer a framework for systematic Release of Information Integrity management
  4. Suggest short term actions that participants can take to improve information integrity and reduce risk associated with release of information

Pre-Approved for 1 AHIMA CEU Credit for Management Development

REGISTER NOW

Patients in the Spotlight

Observations about the changing nature of health information practice

By Linda Kloss

Arriving for her mammogram, she is told that the radiologists will not read her digital mammography without the historical files. In following up, the staff at the “most wired” health system acknowledged that they had received the request, but the fax number didn’t work and they had called once to follow up but didn’t connect to a live person. The ROI team didn’t know about the digital files because those were handled elsewhere and they had no information or responsibility for that aspect of the request. Anxious follow up calls produced fairly quick responses and the mammography test results were interpreted and were normal. You have probably also guessed that I was the patient in this story. Ironic, eh?

This simple story is repeated over and over again. In this case, there were no quality of care consequences, just a frustrated delay and some worry. In other instances, such errors have real consequences. Getting access and disclosure right in the current environment is a complex systems challenge requiring coordination of three elements of change: technical, political, and cultural:

  • Technical systems include workflow procedures, transaction and analytic technologies, guiding policies, business practices, regulations, and standards.
  • Political systems are the ways that authority and responsibility for administering technical systems are assigned among stakeholders. Today there is a drive toward greater standardization and even centralization of ROI to improve accuracy and efficiency.
  • Cultural issues include the shifting organizational and societal values and pressures for change. The emphasis on patient access, patient-generated health information and use of apps at the same time there is growing concern about personal privacy and breaches demonstrates cultural dilemmas.

The technical systems failed in this example. There was no accountability baked into the processes of either organization. Obviously, their technology did not include any flagging about open requests. For a care coordination issue, they were way outside the range of efficient information sharing. The interpretation and digital records were not handled in a coordinated manner; these were unlinked transactions with no responsible party. While I did all the right things to start the process, I made the assumption that given enough time—5 months—the systems would work on my behalf. I did not follow up. But should I have to?  We live in a world where trillions of transactions across all aspects of our lives are handled reliably on line with feedback to the initiator and the ability to track transactions.

This blog, sponsored by Verisma, represents the company’s core commitment to serving patients with game-changing disclosure management technology and innovative management solutions designed for accurate, timely, and compliant disclosure management. At its 4th Disclosure Management Summit held in May, Verisma challenged participants to be working toward a goal of “your records in 5 minutes.” In the coming months, we are going to explore what it will take to meet this challenge. We look forward to your engagement and participation.