App-Based Release of Information Comes of Age

App-Based Release of Information Comes of Age

Date: July 15, 2:00 pm – 3:00 pm EST

Presenters:

Reginald Abadsantos, RHIT
HIM Operations Supervisor, NCH Healthcare System

Panel of HIM and ROI Leaders

Linda Kloss, RHIA
Kloss Strategic Advisors, Inc. and Regulatory Policy Leader, Disclosure Management, Verisma

NCH Health System, Naples FL is a true pioneer in the use of Web-based App technology to support record request and release processes.  Implemented in 2018, NCH deployed Verisma’s Request App™ (VRA) to improve service to patients. NCH Health System is a large regional health system that also supports an older “snowbird” patient population living part of the year in Florida and often needing access to their health information from afar. It experienced rapid uptake VRA and strongly positive customer satisfaction feedback.

What NCH could not anticipate was the key role VRA would play in a time of COVID-19, enabling paperless request processing and electronic release despite workflow and disruptions due to work from home and other adaptations. This is a lesson that many of our health systems clients have come to appreciate as the use of VRA has now grown to over 1,500 sites of care. While the Office of the National Coordinator for Health IT (ONC) announced rules supporting patient access to their health information, it was pioneers like NCH and others who have built the story of how the right technology at the right time can transform a process long overdue for disruption.

In this Webinar, you will learn from NCH’s firsthand experience with use of VRA for release of information. You will also learn about the goals and experiences of other health systems using VRA. The essential technical, integration, security, and functionality requirements for an ROI app will be discussed as will implementation considerations. Presenters will describe the importance of teamwork among HIM, CIO, compliance and others working together to deploy Web technology to update what is often an outmoded fundamental building block for ROI.

Learning Objectives

  • Learn from health systems’ experiences in implementing and using apps for release of information to patients and third parties,
  • Describe realized benefits and impact of use of apps for release of information on improved customer services, productivity, and cost management,
  • Understand the federal policy environment that encourages the use of apps to improve access and disclosure of protected health information, and
  • Review the technology and privacy and security requirements for release of information apps.

 Approved for 1 AHIMA CEU Credit for Information Protection: Access, Disclosure, Archival, Privacy and Security

VIEW RECORDING

HIPAA Privacy Policy – Adapting and Evolving

HIPAA Privacy Policy – Adapting and Evolving

By Linda Kloss

The Verisma disclosure management community was fortunate to be briefed last week by Timothy Noonan, JD, Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (OCR). OCR administers and enforces the Health Insurance Portability and Accountability Act (HIPAA) and compliance with HIPAA’s Privacy Rule is a central focus for release of information professionals. His webinar update covered three very timely and important topics:

  • Recent privacy-related COVID-19 guidance and bulletins
  • OCR’s Right of Access Initiative, and
  • Developments regarding the Right to Direct health records to a third party.

Mr. Noonan had been scheduled to address Verisma’s 4th Annual Disclosure Management Summit in early May, cancelled due to the COVID-19 pandemic. The Webinar provided an opportunity to cover COVID-related guidance and as Noonan noted, it was a first opportunity this year for OCR to address its Right of Access Initiative.  (The webinar archive is available from Davy Simanivanh at DSimanivanh@verisma.com).

 COVID-19 Guidance

We are grateful to Mr. Noonan and the team at the Office for Civil Rights for its rapid fire response to COVID-19 in issuing seven (7) guidance documents in about the same number of weeks. The guidance helps front line care givers, first responders, public health officials, privacy and compliance officers, and health information professionals by clarifying common Privacy Rule questions such as sharing patient information without authorization with family and friends and public health.  Guidance expands flexibility, where needed, to get essential (read ‘minimally necessary’) information to those who need it to care for people in a time of crisis.

Guidance also addresses challenges relating to rapid expansion of telehealth, the ramp up of community-based testing, and media and film crew access to protected health information in a public health emergency.  Guidance outlines limits to enforcement discretion where good faith efforts by covered entities and business associates to fully comply with the Privacy Rule are a barrier to supporting critical public health and health oversight needs. If you haven’t already done so, visit the HIPAA and COVID-19 Web Page and become familiar with the guidance and its cautions.[1]

Right of Access Initiative

OCR is responsible for teaching covered entities and business associates and educating communities about the Privacy Rule (and other areas of civil rights).  It is also responsible for investigating complaints to determine whether they constitute violations.  Often areas of violation can be resolved by education coupled with a corrective action plan. Generally, the agency encourages corrective action and such encouragement produces change. For areas of egregious violation or failed corrective action, OCR has enforcement authority.

Mr. Noonan reported that OCR recieves over 26,000 complaints each year on some aspect of HIPAA and that complaints regarding Right of Access violations are increasingly common. He emphasized that the Right of Access is the “cornerstone of the Privacy Rule.” Accordingly, in February 2019, OCR announced that Right of Access violations would be a priority for HIPAA enforcement and two enforcement actions were announced in late 2019.  (Verisma addressed these in its December 17, 2019 Webinar: Turning Up the Heat! HHS Initiates Access Enforcement)  Mr. Noonan reminded us that the enforcement actions taken represent demonstrated systemic non-compliance. Effective release of information is characterized by policies and procedures that advance an individual’s Right of Access, including the right of individuals to exercise their privacy preferences and assert their information rights.

Right to Direct Health Records to a Third Party

One of these rights is to direct health records to a third party. Mr. Noonan reviewed elements of the January 2020 lawsuit settlement that vacated previous OCR policy limiting fees for authorized provision of health records to third parties—such as law firms and life insurance companies.  Mr. Noonan reiterated that this policy revision does not affect the individual’s right to access their protected health information.

The Health Insurance Portability and Accountability Act (HIPAA) is a multi-part law enacted by Congress in 1996.  Its privacy provisions went into effect over 17 years ago, at a time when health information was largely stored on paper and population health and patient engagement were not yet central strategies for health improvement.  In 2018, OCR issued a Request for Information (RFI) on areas where the Rule might be improved.In 2018, OCR issued a Request for Information (RFI) on areas where the Rule might be improved.  Now, a Notice of Proposed Rulemaking (NPRM) based on feedback obtained through the RFI is under internal review.  Mr. Noonan encouraged our community to read, reflect, and comment on the NPRM when it is published in the Federal Register, most likely later this year.  While privacy rights are enduring, how they are best protected must evolve to be relevant.

[1] https://www.hhs.gov/hipaa/for-professionals/special-topics/hipaa-covid19/index.html

A Future Anchored in Integrity, Access, and Connection

A Future Anchored in Integrity, Access, and Connection

By Linda Kloss

Health information remains a critical part of the current and future healthcare environment and is no less important in the midst of a global pandemic” stated Dr. Wylecia Wiggs Harris in opening remarks on last week’s webinar entitled Integrity, Connection, Access: A Framework for the Future. Dr. Harris, CEO of American Health Information Management Association (AHIMA), shared the principles and assumptions that shape AHIMA’s 2020-2023 Enterprise Strategic Plan via Webinar instead of delivering the keynote address at Verisma’s 4th Annual Disclosure Management Summit cancelled due to COVID-19.[i]

The Strategic Framework bridges HIM’s legacy, today’s crisis, and tomorrow’s imperatives. Dr. Harris emphasized three grounding principles undergirding the Framework: Integrity, Access, and Connection.  These sustaining principles are reimagined for what Dr. Harris described as a time when AHIMA and health information professionals need to “show up as transformational leaders.” She noted that the health information professional may be more important in the pandemic and post pandemic world.

In a world where people are more engaged in their health and health care and where health is finally understood to be broader medical services, Dr. Harris stressed that AHIMA’s Strategy is “People-Centric “ and that health information professionals must always remember that their work is uniquely important because  “Health information Is Human Information.” In fact, we have seen this play out in recent years as health information professionals proactively help people gain access to their health information in portals and health information exchanges. More recently, the use of request Apps is transforming patient access and release of information specialists are stepping into new roles of supporting innovation in access.

Dr. Harris and I discussed how the Framework’s grounding principles of Integrity, Access, and Connection might guide transformational improvement in access and disclosure management. The table shows examples of desired outcomes for some well-known areas of vulnerability and those in need of transformational change.

Principle

Examples of Desired Outcomes

Integrity

·    QA processes confirm that the right information is released and that there is a record for accountability.

·    QA processes confirm that the release complies with minimum necessary rules and there is a record for accountability.

·    Authorizations are complete and valid and they are convenient to execute.

Access

·    People have access to their digital health records through a secure web App with rigorous authentication.

·    Paper request and release processes are replaced by smart technology.

·    Release of Information staff help patients and third party requestors learn to use e-tools.

Connection

·    Release of information processes are standardized across health systems.

·    Centralized access to “complete” record from ambulatory and acute care encounters.

·    Workflow technology with compliance prompts and rigorous security supports end-to-end processes.

AHIMA’s initiatives will be guided by the Framework in the years to come. The guiding principles are also useful in anchoring needed change in access and disclosure management and in other HIM domains such as  coding, revenue cycle, EHR management, privacy, data analytics.

What’s required is a commitment to achieving measurable improvement.  As reported in our recent blogs about HIM leaders’ responses to COVID-19, there is currently momentum for modernizing outmoded processes and a spirit of empowerment for transformational change.  Dr. Harris summed this up so well for us, “When surrounded by uncertainty, we must be crystal clear about what grounds us, what will guide our decisions, what will help us navigate our new norm.”   

Once again, we congratulate Wylecia Wiggs Harris and the AHIMA Board of Directors for its compelling Vision and Framework and we thank Dr. Harris for sharing it so eloquently with the Verisma community.

[i] American Health Information Management Association.  2020-2023 Enterprise Strategic Plan.
http://bok.ahima.org/PdfView?oid=302888

OCR Update on HIPAA Policy and Enforcement

OCR Update on HIPAA Policy and Enforcement

Date: May 27, 2:00 pm – 3:00 pm EST

Presenters:

Timothy Noonan, JD
Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (OCR)

Michael Salsbury, JD, MBA
Counsel and Privacy Officer, Verisma

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) administers and enforces the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules and federal civil rights laws that prohibit discrimination in the delivery of health and human services based on race, color, national origin, disability, age, sex, religion, and the exercise of conscience. Timothy Noonan, OCR’s Deputy Director for Health Information Privacy, is the featured speaker for this timely Webinar.

Throughout March, April, and May, OCR issued important COVID-19 and HIPAA-related bulletins, notifications of enforcement discretion, and guidance explaining how protected health information may be used and disclosed in response to the COVID-19 public health emergency. Mr. Noonan will discuss OCR’s recent HIPAA materials and answer participants’ questions, which you have the opportunity to submit when you register for this Webinar.

OCR has consistently advanced policies supporting the Individual Right of Access to health information to empower patients to be more in control of their health and health care. In 2019, OCR announced the Right of Access Initiative as an enforcement priority, and resolved two investigations by the end of the year with settlements. In 2020, a court issued a decision affecting the right of individuals to direct copies of their health information to another person. Mr. Noonan’s update will help all attendees understand the changes in the health information privacy legal landscape and move forward with greater confidence.

Webinar objectives:

This webinar will enable Privacy, HIM, compliance, and R-O-I teams to:

  • Review recent COVID-19 actions and the materials available
  • Reinforce the importance of advancing the Individual Right of Access
  • Describe OCR’s Right of Access Initiative

 Approved for 1 AHIMA CEU Credit

REGISTER NOW

Integrity, Connection, Access: A Framework for the Future

Integrity, Connection, Access: A Framework for the Future

Date: May 13, 2:00 pm – 3:00 pm EST

Presenters:

Wylecia Wiggs Harris, PhD, CAE
Chief Executive Officer, AHIMA

Linda Kloss, MA, RHIA
Regulatory Policy Leader, Disclosure Management, Verisma

The American Health Information Management Association (AHIMA) enters the new decade ready to execute a strategic Framework with three key impact areas — Integrity, Connection, and Access — to improve the management and value of health information. Wylecia Wiggs Harris, PhD, CAE, AHIMA’s CEO is a special guest for this important thought leadership webinar.

Dr. Harris will discuss how the Framework reflects AHIMA’s Vision of “A world where trusted information impacts health and healthcare by connecting people, systems, and ideas.” She will describe the environmental trends that have informed the impact areas.  She will also highlight some of the plans for 2020/21 and desired outcomes for HIM professionals and AHIMA and the ways in which the direction benefits the health system and those it serves.

Dr. Harris and Linda Kloss will discuss how the impact areas of Integrity, Connection, and Access apply to the access and disclosure management of health information, important HIM and compliance responsibilities. The integrity of release of information practice is being transformed by advanced release management technology and improved quality control; workflows from request through release are being standardized and automated, and; web-based apps are streamlining access to empower people. The impact areas of AHIMA’s plan reflect the future of release of information and this webinar will connect the dots so the industry can embrace and promote AHIMA’s Framework for the future.

Webinar objectives:

This webinar will enable HIM, compliance, and ROI teams to:

  • Describe AHIMA’s Framework for the Future and its intended benefits;
  • Translate AHIMA’s Framework to access and disclosure management, including release of information (ROI) practice,
  • Consider ways in which incorporating the Framework’s direction and impact areas can help to advance transformation of access and disclosure management, and
  • Enlist ROI practitioners in advancing change.

 Approved for 1 AHIMA CEU Credit

REGISTER NOW

HIM and Virtual Health: Emerging Best Practices and Lessons (Part 3 of 4)

HIM and Virtual Health: Emerging Best Practices and Lessons (Part 3 of 4)

By Linda Kloss

This is the third blog highlighting lessons learned by HIM leaders at health systems in New York, New Jersey, Boston, Delaware, and North Carolina in the midst of the COVID-19 pandemic. Their experiences teach us much about release of information best practices. They also identify broader health information access and disclosure challenges of dealing with this public health emergency. The first blog focused on best practices for protecting the safety of staff through rapid transition to work-from-home and protecting staff that must continue to perform their work on site.

The second blog addressed best practices in adapting release of information practices. By optimizing electronic workflows, health systems are flexing to ensure compliant and accurate work from request through fulfillment. A game changer is use of the Verisma Request App (VRA), which when integrated with the Verisma Release Management, is providing seamless continuity of work regardless of shifting workflows, who is doing the work, and where it is being done.

Our interviews with HIM leaders also described stepped up involvement with patient portals and a new focus on policies and procedures for telemedicine. I might not have anticipated these two areas of best practice as early responses, but it has quickly become clear that this pandemic is accelerating all aspects of virtual health services. In addition to experiences with Verisma’s VRA, interviews highlighted an uptick in use of patient portals. Thus, we identified Support for use of patient portals as a best COVID-19 practice for HIM working in collaboration with IT and others.

Despite years of somewhat sluggish use of patient portals, many health systems are now seeing a marked uptick as patients seek ways to connect and communicate, get test results, and general information. HIM leaders report stepped up involvement in helping patients enroll in patient portals and in supporting them in their use. This has required allocating HIM staff to focus on portal support. An important lesson is to be certain that current portal policies and procedures are documented and capturing changes or special procedures relating to reporting COVID test results and handling questions about those results.

Long standing barriers to broad adoption of telehealth services have been eliminated by recent federal and state regulatory changes. Virtual visits and remote monitoring services have surged for routine primary and specialty care, behavioral, and employee health. In the midst of the pandemic, this is a lifeline. Rapid adoption, however, may strain organizations who may not have robust policies and procedures or a broad understanding of them.

HIM leaders report greater involvement with the ramp up of telehealth and Support for telehealth information needs is another important HIM emerging best practice.  As with portals, they recommend telehealth policies and procedures be reviewed and adjusted as needed. Issues such as enrollment procedures and consents may need sharpening. Identity proofing — provider and patient, handling attachments, coding and health record protocols are cited as areas where HIM expertise is needed.  Telehealth may also increase patient access requests because patients and providers need to review current information to have an effective virtual encounter.

Long after this public health crisis comes under control, virtual health and health information applications will be indispensable elements of care delivery and patient engagement. There are sure to be many important health information best practices associated in this nascent era of virtual health and now is the time to capture these lessons. There is no going back…only going forward.

Once again, I want to thank the HIM leaders who continue to share their experiences as they learn and adapt for business continuity while supporting the needs of their staff, health systems, and the communities that they serve. Please join us on April 29th for our Webinar, COVID-19 Response:  Emerging Best Practices for Health Information Disclosure Management – Part 2