Optimizing Workflows While Decreasing Paper: Emerging Best Practices and Lessons (Part 2 of 4)

Optimizing Workflows While Decreasing Paper: Emerging Best Practices and Lessons (Part 2 of 4)

By Linda Kloss

This is the second blog highlighting lessons learned by HIM leaders at health systems in New York, New Jersey, Boston, Delaware, and North Carolina in the midst of responding to patients ill with the COVID-19 virus.  Once again, I want to thank these leaders for agreeing to be interviewed to share their experiences in the midst of this chaotic and frightening professional and social experience.

Their experiences pointed to 8 emerging best practices based on these leaders first several weeks of COVID-19 response efforts. We label them emerging because they describe adaptive, not static changes. Adjustments will continue to be made as disaster–and recovery–response circumstances evolve. The best practices comprise three key initiatives:

  • physical distancing – staff and patients
  • optimizing electronic workflows, and
  • adapting policies to remove barriers

The first blog described two best practices for protecting staff through work at home and by changing the on-site environment. Today, we share two more important best practices directly relating to release of information practices.

Best practice #3: Close in-person R-O-I request services turned out to be easier than expected. First, health systems were limiting all public traffic in and out of buildings. Interviewees uniformly reported that in-person requests dropped off abruptly simply because traffic was so diminished.  Second, routine and elective referrals were delayed, physician practices closed and this further depressed the volume of routine requests. In closing in-person services, interviewees advised careful attention to posting clear instructions, updating signage, web pages, and automated messaging systems.

Protected health information may be requested in five ways :  1) by completing request/authorizations at an in-person service window, 2) accessing a request/authorization on the health system website and submitting it via mail, 3) accessing a form on the health system website, scanning and e-mailing it, 4) processing verbal requests, and 5) using a request App.

Five routes have rapidly become four.  Routes 2, 3 involve handling and processing residual paper and these routes represent the biggest barriers to work from home. Verbal requests, route 4 may be tolerable alternative in a public health emergency, but shouldn’t become a new routine.  It is labor intensive, does not permit rigorous authentication, and can’t easily be audited.

The need to optimize electronic workflows is thus the key initiative and a key lesson from health systems on the front line. Thus, another best practice is to Use R-O-I workflow technology and the Verisma Request App.  Workflow technology and request apps eliminate paper, permit rigorous authentication, and create records of requests and their fulfillment.

One of the health systems interviewed had fully implemented the Verisma Request App (VRA) and integrated it with its patient portal 18 months ago.  For this large health system at the epicenter of the pandemic,  minimal adjustments were needed in request procedures. The HIM leader noted that the VRA provided “peace of mind” because the request, authentication and release processes were fully automated. Another interviewee was planning to implement VRA to eliminate in-person requests for security reasons.  This health system accelerated implementation, delaying full portal integration, but getting the App in place to ensure an electronic route.

In addition to using request apps, other workflow best practices involve redirecting whatever work you can to your R-O-I vendor. Because health system staff and the vendor staff use the Verisma Release Management (VRM) workflow platform, work distribution can keep pace with changing demands. Health systems that have centralized R-O-I across facilities and practices using VRM are in the best position to respond to the rapid changes in workflow required for these vexing times. One health system that was in process of centralizing R-O-I from hundreds of physician practices at the outset of the crisis. Their current challenges are with the practices that have yet to be centralized and are now closed, with unprocessed requests buried in incoming mail and virtually irretrievable. This health system also implemented a call center operated by Verisma, so all requests are processed uniformly and seamlessly.

In August of 2005, Hurricane Katrina hit the gulf coast and New Orleans leaving millions of people displaced and caregivers without any trustworthy information about their health conditions and medications.  We all remember the photos of people with their pill bottles in paper bags.  We remember photos of wet piles of records, detritus of the flood. Only the Veteran’s Administration hospitals could easily access electronic medical and medication records when people relocated. COVID-19 and the lessons being learned will irrevocably change health information access and disclosure. It is already clear from the experiences of the HIM leaders interviewed that automated ROI systems, including the request application,  is providing R-O-I business continuity and security flexibility.

Next week we will feature lessons learned about the importance of HIM engagement with portal and telemedicine workflows and policies. Our continued wishes for your safety and health in this very sad time. Please jump in and share your experiences and questions, request an archive of the April 1 Webinar by e-mailing Davy Simanivanh (dsimanivanh@verisma.com) and plan to join us on April 29 for a follow-up webinar.

WEBINAR: COVID-19 Response: Emerging Best Practices for Health Information Disclosure Management – Part 2

WEBINAR: COVID-19 Response: Emerging Best Practices for Health Information Disclosure Management – Part 2

Date: April 29, 2:00 pm – 3:00 pm EST

Presenters:

Julia Applegate
Senior Vice President of Client Operations   

Linda Kloss, MA, RHIA
Regulatory Policy Leader, Disclosure Management

This webinar continues Verisma’s discussion with HIM leaders on the front lines in New York, New Jersey, Delaware, Boston and North Carolina.  Four weeks ago, Verisma compiled emerging best practices for HIM continuity and safety as health systems rapidly prepared for the expected surge of COVID patients. Based on interviews with HIM leaders at various stages of preparation, 3 key initiatives and 8 emerging best practices were described and discussed in a special Webinar presented on April 1.

Now, four weeks later, this webinar will again provide insight into HIM responses and lessons learned at health systems that may now be on the downside of the COVID curve. This Part II webinar updates lessons across all 8 best practice areas.  It focuses on health information access and disclosure management practices, including release of information, and how they are impacted by the urgent need to distance workers, modify access processes, and innovating to maintain and improve services. Participants will learn about steps they should be taking now and what risks they should be planning for to ensure workforce and level of service during a time of extreme disruption.

This webinar is designed to answer your questions and share data and trends that will speed your decision-making. The discussion will be facilitated by Julia Applegate, Verisma’s SVP Client Operations and Linda Kloss, MA, RHIA, Regulatory Policy Leader for Verisma and President of Kloss Strategic Advisors.  Health system representatives will participate as live discussants and contributing interviewees.

This is a unique opportunity to confirm that your planning accounts for the range of issues for health information access and disclosure management business continuity, employee safety, service responsiveness, privacy and security. The webinar will also explore the possible ways in which the experiences of this pandemic may shape access and disclosure going forward.  By learning together, we can all move faster and with greater confidence.

Approved for 1 AHIMA CEU Credit

VIEW RECORDING

WEBINAR: COVID-19 Response: Emerging Best Practices for Health Information Disclosure Management

WEBINAR: COVID-19 Response: Emerging Best Practices for Health Information Disclosure Management

Date: April 1, 2:00 pm – 3:00 pm EST

Presenters:

Julia Applegate
Senior Vice President of Client Operations   

Linda Kloss, MA, RHIA
Regulatory Policy Leader, Disclosure Management

Health systems are rapidly adapting business practices for continuity and safety.  Health information access and disclosure management practices, including release of information, are impacted by the urgent need to distance workers, modify access processes, and innovate to maintain and improve services. This webinar brings together the lessons being learned in real-time by health systems across the country, but particularly those on the front lines in New York and New Jersey.

Based on interviews with health systems at various stages from full out crisis to planning, this webinar compiles advice from the front lines and from the experts they are turning to for advice. Participants will learn about steps they should be taking now and what risks they should be planning for to ensure workforce and level of service during a time of extreme disruption.

Using a unique Q & A format, this webinar is designed to answer your questions and share data and trends that will speed your decision-making.  The discussion will be facilitated by Julia Applegate, Verisma’s Senior Vice President of Operations and Linda Kloss, MA, RHIA, Regulatory Policy Leader for Verisma and President, Kloss Strategic Advisors.  Health system representatives will participate as live discussants and contributing interviewees.

Invest an hour with us to confirm that your planning accounts for all the important considerations in disclosure management business continuity, employee safety, and service responsiveness.  By learning together, we can all move faster and with greater confidence.

Approved for 1 AHIMA CEU Credit for Performance Improvement

REGISTER NOW

WEBINAR: Release of Patient Information: Increased Focus on Information Integrity

WEBINAR: Release of Patient Information: Increased Focus on Information Integrity

Date: March 19th, 2:00 pm – 3:00 pm EST

Presenters:

Jim Staley, CISSP
Chief Information Security Officer, Chief Compliance Officer   

Linda Kloss, MA, RHIA
Regulatory Policy Leader, Disclosure Management

Marcy Caudill
VP, Client Operations

Information Integrity is the dependability or trustworthiness of information.  Releasing protected health record and other high value information for continuity of care, patient engagement, payment and other purposes carries special obligations to ensure that the information is dependable and trustworthy.  But what do you know about the integrity of the information being released?  What controls are in place to identify integrity issues?  What standards are you using to monitor and manage information integrity?  If your release of information function is outsourced, how do you  really know whether the QA protocols in place are rigorous and reliable?

In this Verisma thought leadership webinar, release of information (R-o-I) integrity challenges are highlighted in the areas of content, process, and system.  The risks associated with these challenges are discussed.  A Release of Information Integrity Framework (ROII) is presented consisting of practical strategies for reducing risks while improving integrity. The ROII Framework lays out risk-based content, process, and system controls that should be in place, and key productivity and quality measures that you can use to apply the Framework.

Whether R-o-I is done in-house, outsourced or a combination, information integrity measures and measurement are essential tools.  Demonstrating the integrity of the R-o-I work performed is as important as its productivity.  This webinar will arm you with the essential concepts and means to check the adequacy of your current approaches.

The learning objectives for the webinar are to:

  1. Lay out the information integrity concerns relating to release of information functions
  2. Identify key monitors, measures, and controls that can help to mitigate integrity problems
  3. Offer a framework for systematic Release of Information Integrity management
  4. Suggest short term actions that participants can take to improve information integrity and reduce risk associated with release of information

Pre-Approved for 1 AHIMA CEU Credit for Management Development

REGISTER NOW

WEBINAR: Turning Up The Heat! HHS Initiates Access Enforcement

WEBINAR: Turning Up The Heat! HHS Initiates Access Enforcement

Date: December 17th, 2019 2:00 pm – 3:00 pm EST

Presenters:

Michael Salsbury, JD, MBA
Counsel and Privacy Officer 

Linda Kloss, MA, RHIA
Regulatory Policy Leader, Disclosure Management

Keri Bay
Director of Client Operations

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced its first monetary enforcement action against a health system for failure to deliver medical records in response to a valid request by a patient.  The health system paid a fine and entered into a corrective action agreement with HHS. The focus of OCR compliance has heretofore been on breaches of protected health information.  Authorized requests and release of information (ROI) is a new area of focus, ushering in a new era for ROI. And it comes at a time when the volume of requests for release of information are increasing as are the risks.

This development should not come as a surprise. Earlier this year, HHS announced its intent to vigorously enforce the rights of patients to receive copies of their medical records promptly and without being overcharged. This should serve as a wake-up call for health systems that have yet to build robust compliance checks built into their release of information management systems. 

This timely webinar will help participants understand HHS’ intent in using its enforcement authority in matters pertaining to ROI. They will learn about the elements of this first enforcement action and the compliance lessons it offers for all health systems. Participants will probe the elements of robust release of information compliance and how to hardwire compliance through sound practice and use technology to flag and identify cases that represent a compliance risk.    

Webinar objectives:

This webinar is designed to help compliance, HIM, Privacy and ROI teams understand:

  • The federal policy environment concerning enforcement of patient access rights,
  • Elements of a first ROI enforcement action,
  • A systems approach to ROI compliance, and
  • How technology can be used to anticipate and red flag ROI compliance risks.

Approved for 1 AHIMA CEU Credit for Management Development

VIEW RECORDING

HHS Steps Up Access Enforcement: Compliance Implications

HHS Steps Up Access Enforcement: Compliance Implications

By Linda Kloss

On September 9, 2019 the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced its first monetary enforcement action regarding the rights of patients to receive copies of their medical records.  Sadly, we’re all too familiar with the too long list of actions following breaches of health information.  In fact, OCR levied over $28 million in fines for 2018 breach actions.  Now, Bayfront Health, St. Petersburg, FL became the first covered entity to be fined for failure to comply with medical record access requirements.   

Earlier this year, OCR announced its initiative to vigorously enforce the rights of patients to receive copies of their medical records promptly and without being overcharged.  Empowering patients is one of four key strategies for HHS and access to information is a key tactic.  HHS is advancing access through its policy, standards, and enforcement levers. Patient access is a right ensured by the HIPAA Privacy Rule.  However, based on evidence of persistent barriers to patient access, HHS released Patient Access Guidance in 2016 that set out limits on what patients could be charged and reiterated process requirements. More recently, HHS is encouraging the use of apps for release of information to streamline the process and improve the flow of information.

The Bayfront case is a wake up call for all compliance and disclosure management professionals and their business associates.  An investigation was initiated by the OCR based on a complaint from a new mother who had requested fetal heart monitor records on her unborn child.  Bayfront first claimed that it did not have the requested records and later provided a partial set of records after repeated requests from the mother and her attorney.  The requested records were provided twenty-two (22) months after the initial request and only after a complaint was filed with OCR.  HIPAA Rules, of course, generally require covered entities to provide medical records within 30 days.

Bayfront agreed to pay a fine of $85,000, modest by comparison to fines paid for breaches, but not modest when one considers that this involves a single patient’s record set.  Bayfront also executed a one-year corrective action agreement that largely focuses on demonstrating that it has updated access policies and procedures, educated its workforce, and has mechanisms in place to monitor performance.  Bayfront is obligated to report instances whereby its employees or those of a business associate fail to comply, along with the results of its review and investigation.   It is also obligated to comply with documentation requirements as spelled out in HIPAA’s accounting for disclosures provisions. 

Enforcement is a powerful lever that only a governing entity can apply.  The fact that HHS is using this lever for patient access should prompt covered entities to evaluate the adequacy of their practices given the very rapid changes in health information disclosure management.  Reasonable disclosure management practices today include the following:

  • Technology enabled – Managing growing volumes of requests can’t be done without end to end disclosure management software that can track and prompt all phases of the request through release processes which include compliance prompts.
  • Optimized process – Migrating from siloed and fragmented release practices to standardized and even centralized practices across the health system—that are knit together by use of compliance-based technology.
  • Patient-centered – Proactive patient facing practices that enable patients to control the request and release processes through use of apps with rigorous authentication.
  • Knowledge work –Release of information personnel who understand guiding regulations and principles and are trained to do the jobs they do.
  • Accountability – Tracking, red flagging and trending the status of all requests and maintaining auditable accounting of disclosure records. 

We empathize with Bayfront’s unfortunate experience and that of the mother who experienced anguish and frustration through inexplicable delays.  This should not happen, but I bet many are whispering “there but for the grace….”  This is a learning moment.  Business as usual in release of information is no longer in our patients’ or our employers’ best interests.  Many health care organizations are rapidly moving to a new level of practice – and not a moment too soon.