By Barbara Carr, RHIA
On our January 26th Webinar we learned what disclosure management trends would be forefront for the upcoming year. Verisma’s Director of Compliance and Privacy, Debbie Lobb and Verisma’s SVP of Operations, Julia Applegate, shared first-hand knowledge and steps being taken operationally to prepare for these challenges and helping health system clients navigate through these changes.
COVID-19 continues to challenge our healthcare operations. The trend of a hybrid workforce and seeing increases in both digital requests for healthcare information along with increasing payor audits will continue to put an increased burden on the Health Information Management Departments disclosure management operations.
In addition to the ongoing COVID-19 challenges, the deadline has passed for comments on the proposed changes to HIPAA and we are all waiting on OCR to let us know if there will be any further changes and revisions based on the comments. While the proposed changes are to modernize the regulations, the new rules present new challenges for organizations to ensure compliance. For now, I believe it is important for all of us to prepare for these changes and educate our organizations. How will organizations ensure compliance? Will additional staffing be required? How will you train your organization on the changes? On the Webinar we explored what each of these changes mean to your HIM Department operations and how having the right vendor partner and technology can help you manage the changes and ensure compliance.
Debbie Lobb, Verisma’s Director of Compliance and Privacy reviewed the upcoming changes as well as the rationale behind the changes. The overall goal of the upcoming HIPAA changes is to move further toward a more patient centered process and delivering PHI efficiently and accurately to the requestor. Julia Applegate, SVP of Operations at Verisma, reviewed the operational challenges related to the proposed changes as well as demonstrated how having the right technology can help HIM Departments meet these challenges and remain compliant.
Proposed HIPAA changes and the challenges that were discussed:
Reduction in turnaround time from 30 days to 15 days
The clock starts when the request is received by the organization. The request must be fulfilled, with all authorized information to the requestor within 15 days.
Julia explained that the challenge to this requirement is many. Information being requested can be stored in multiple locations. Sometimes requests can float throughout several departments before reaching the release of information professional’s desk to be processed. Sometimes records with statutorily protected PHI require an additional level of review before being released, based on health system protocols.
Providing on-line access through your website, such as the Verisma Request App®, to request and receive records can reduce many of these challenges and ensure fast and accurate receipt and delivery of the records. In addition, Verisma Spotlight™ reports (our rule-based workflow engine) automatically alert you and your team when sensitive or high-risk requests are entered into the system. This too can cut down on any delays in processing the requests.
Patients Right to Access PHI in-person and allow taking of notes and/or photographs of their PHI
Both Julia and Debbie explained that this will require an additional layer of staff needed to queue up the electronic record, a secure/private area for the review and the presence of a HIM person will need to there in person throughout the onsite review. Many times, the record is not all neatly in one place on the system for review and this may require either signing onto different systems, printing, or actual paper chart or microfilm review. None of this is ideal.
Julia noted that one way to solve the in-person review is to make it easy to request and retrieve the records for the patient. Currently at Verisma, we partner with our clients to integrate with their patient portals and allow the patient to easily request records not available in the portal and once the records are retrieved, we then push the records back into the portal. If an organization does not have a well-functioning portal that can handle this, we then provide direct access for the patient through our Verisma Request App®.
Improved Information Sharing
Allowing for good faith disclosures to avert a threat to health or safety. The definition of healthcare operations has been broadened to cover care coordination and case management. This will ensure a pathway for individuals to direct sharing of ePHI amongst covered entities. An individual will be permitted to direct a covered entity to send their ePHI to a personal health application if requested by the individual.
Operationally, as Julia mentioned in the Webinar, not much would probably change with the current process of allowing “good faith” type of disclosures. Julia presented some operational challenges with these new proposed changes to information sharing. Again, one challenge is multiple sources for the information being requested, records that require special attention, per HIM policy for additional review around sensitive information. Some records being requested aren’t stored in a manner that will allow them to be uploaded to personal health applications. Keeping track of the requests pending review for good faith disclosures or records to be uploaded to personal health application present a challenge to ensure they are reviewed and processed timely, especially given that the turnaround time will be changing to 15 days. Some of the ways to meet these challenges are to have a centralized process, if possible, of ingesting requests from various sources such as fax, snail mail, email, hand delivery and more, and have it all gone into one system for one group of qualified people to account for each request and process for distribution. Having the technology to provide reports and alerts on pending urgent requests and those reaching the timely processing limit. Create protocols specifically detailing, where to go for what records is very important and should be clearly available to all ROI staff processing requests.
Reduced ID Verification Requirements
The proposed changes also reduce the ID verification requirement. For instance, a covered entity cannot require that a patient show up in person and present their ID. Other means of verification can be two factor identification for digital requests. Each covered entity will need to determine their procedures around ID Verification should this change go into effect. They should work with a ROI vendor that has the technology to assist them with this.
Posting Fee Schedules and Notice of Privacy Practices (NPP)
Covered entities will be required to post fee schedules on their websites for PHI access and disclosures. In addition, an estimate of the fees for providing an individual with a copy of their own PHI and if applicable when ePHI may be provided without charge. Some healthcare organizations already post this on their websites. If yours does not, now is the time to work with your IT Department to prepare to post the fees. A patient acknowledgement of receipt of the NPP will no longer be required, which will eliminate the administrative burden of having to require a signature of the patient’s receipt be kept on file. However, the following changes to the NPP will be required:
Information Blocking
Debbie reviewed information blocking as it relates to HIM and release of information. While most of the information blocking regulation is technical in nature and relates to technical barriers such as hardware and software, there are administrative barriers such as fees, forms, policies, and authorizations that HIM should be aware of and be prepared to address.
If a request is not fulfilled for a requestor when it would be allowed under HIPAA, that is considered information blocking. Having stricter security for access than what is required by HIPAA would be considered information blocking. Requiring more information than is needed to fulfill a request would be considered information blocking.
HIM leaders should be reviewing their policies and procedures as well as their authorizations and ID requirements to ensure they are incompliance with the information blocking rules.
Julia strongly recommends reviewing the rejection letter policies to ensure your best practices align with the new rules. Rejecting requests for reasons such as electronic signatures, original signatures, stricter rules around expiration dates, requests for any and all, etc. may represent information blocking concerns.
Continued Disclosure Management Trends Aside from HIPAA and Information Blocking
Digital requests are expected to continue to increase. Having the technology to intake these requests and manage them in a timely and accurate manner is of utmost importance. Working to centralize those requests to a group of individuals for managing, processing, and accountability is something to strive for in ensuring you can meet these demands. This is where it is vitally important to have the right vendor partner who has the technology to support your organization.
Hybrid workforces and staffing challenges will be a continuing trend. Verisma has workforce training and support centers located throughout the country with a main distribution center located in Syracuse, NY. Verisma can also supply on-site support as well. Again, having the right vendor who can be flexible and work with you to meet your needs will help your organization through these continuing workforce challenges.
In conclusion, it is not too soon to prepare your department and your organization for these proposed changes and ongoing disclosure management trends. Prepare your organization by educating your administration, legal, risk, and other department leaders on the proposed changes and what they will mean for your organization. Review your current policies, procedures, and authorizations and make the changes now. Seek out technology that can help you and work closely with an ROI vendor who can support you to achieve your goals. HIM leaders should be the ones to lead the way to their organization’s compliance and success!
By Barbara Carr, RHIA
As leaders in HIM, we understand that attorney requests for medical records are more complicated and require additional scrutiny and time than the average request for medical records. There are usually many calls back and forth regarding the status of their requests, questions over payment, and rejections due to missing information. Subpoenas are issued at the last minute and your HIM staff is expected to drop everything to respond. The attorney requests are mixed in with all the other release requests, making it more difficult to manage. The time required to stay on top of and ensure timely release of these requests often takes time away from the general release requests.
Verisma presented a webinar on October 28th featuring ChristianaCare, a 1,000+ bed teaching organization located in Newark, DE as they discussed their deployment of the Verisma Request App® (VRA) to offer attorneys the ability to easily submit, track and receive records. Stefanie Brumberg, RHIA, Corporate Director of HIM at ChristianaCare presented the business case, rationale and implementation of the app along with Anupriyo Chakravarti, Verisma’s CIO and SVP of R&D and Marcy Caudill, VP, Client Operations.
Stefanie described that ChristianaCare has a centralized Release of Information service that supports both acute care and ambulatory operations. She described their partnership with Verisma to implement VRA which required very limited support of the organization’s IT resources.
The Verisma team worked with ChristianaCare to install a link on their website specifically for attorney requests. The webpage is completed, supporting documents such as authorizations and subpoenas are uploaded and attached with the submission and electronically delivered to the ROI specialists for processing. The requestor receives a tracking number upon completion, as well as an e-mail with the tracking number, so they can keep track of their request. A busy attorney’s office can even see all their active requests by just entering one tracking number. An attorney can submit payment and once paid, can securely receive the records. No more phone calls back and forth regarding the status of the request, there is full visibility from start to the receipt of the requests. In addition, turnaround times and delivery are much faster because there is less missing information and data entry errors.
This was followed by a live demo of the solution by Anuyprio Chakrakarti. Following the demo, Stefanie and Marcy described the benefits seen thus far. Major benefits noted include:
A survey performed of the attorney’s that have used VRA was also conducted and showed great results! A summary of the responses received are:
Some highlighted comments are as follows:
As you can see the Verisma Request App® has achieved the goals of improving the attorney request process and overall satisfaction, and thus has made HIM’s dealing with attorney requests a much more efficient and positive experience.
To receive a recording of the webinar, please contact Davy Simanivanh at dsimanivanh@verisma.com.
In 2020, The Office of the National Coordinator’s (ONC) and the Centers for Medicare and Medicaid Services’ (CMS) released Regulations for Interoperability and Patient Access as required by the 21st Cures Act. Regulations increase access to medical information through application programing interfaces (API) to empower patients in their health care decisions. The API allows information to be shared and exposed within a consumer’s application-based solution of choice (e.g., wellness app). The information is portable, provides ability to share clinical information with care team, caregiver or other party and better understand healthcare costs and financial obligations.
The focus has been on the Information Blocking Regulations issued by ONC, but the companion CMS Interoperability and Patient Access Rules also have important implications. ONC information blocking allows consumers health information access from a provider setting. However, health insurers have most of their enrollee’s financial and clinical information across care settings (i.e., provider, hospital, pharmacy, laboratory, or other setting that submits claims to health insurer) to provide a more complete picture of the consumer’s healthcare experience.
The CMS rules require CMS-regulated plans to provide a patient access API, provider directory API and payer-to payer API by January 1, 2021. However, enforcement has been delayed to July 1, 2021.
Patient Access API
Medicare Advantage, Medicaid, Children’s Health Insurance Program (CHIP) and Qualified Health Plan (QHP) on the federal exchanges are required to provide the Patient Access API. This API includes adjudicated claims (including Pharmacy), enrollee cost-sharing, encounter information, provider remittances, select clinical data, including lab results, formularies or preferred drug lists.
The health insurer provides updates within 24 hours of receiving an encounter or processing a claim containing the cost and services provided to a patient. This financial information will assist consumers in tracking submitted claims, expected and current financial responsibility, in and out-of-network deductible amounts and other financial information for themselves and their dependents.
The clinical information includes clinical notes that are written to track patient progress, inform other medical staff and explain treatment options. Typically, these notes are written using medical terminology and abbreviations that may not be familiar or understandable. The evolution of documentation narratives toward the inclusion of easy-to-understand layman’s terms and description of the patient and clinician team interaction and decision making will increase the value of the medical information to the consumer. This information needs to be boiled down into brief, understandable and actionable problem lists for the patient that add value, not burden.
Commercial payers may consider voluntarily providing this API to empower their enrolled consumers and assist providers participating in their alternative payment models. Value-based care, including capitation payment shift more of the medical risk to the provider including costs that occur outside of the facility or system. Therefore, providers need costs and clinical information across provider settings for attributed patients.
Provider Directory API
Medicare Advantage, Medicaid, Children’s Health Insurance Program (CHIP) fee for service and managed care entities are required to provide the Provider Directory API. This API requires the provider names, addresses, phone numbers and specialties. An effective provider API will inform consumers what providers are in the health insurer’s network and if the provider is in the consumer’s specific health plan.
Payer to Payer API
Medicare Advantage, Medicaid managed care plans, Children’s Health Insurance Program (CHIP) managed care entities and Qualified Health Plans (QHP) on the federal exchanges are required to provide the Payer to Payer API. This API requires an individual’s past health insurer to transmit their claims and encounter information, and subset of clinical information to their new health insurer. This sharing of history allows a longitudinal medical record to be compiled no matter how many times a consumer changes their health insurance.
Commercial payers may consider voluntarily providing this API to maintain longitudinal records and ensure new enrollees are in the appropriate wellness programs and receive any gaps in current care.
ONC and CMS’s information sharing requirements allow vendors and payers to enable a one stop shop that is secure, easy to access, actionable and meet a priority consumer need. This may include promotion of wellness through integration with wearables, reduce redundant paperwork at provider settings, make payments, appeal claim payment, store and share medical records for a chronic patient or their caregiver, provide dashboard with tracking/monitoring of hospital at home activities, maintain current drug list, order medical supplies, access care through telemedicine and more from the comfort of home.
Expanded access to health information, including insurance-related information, has the potential to be inform and transform. Getting accurate and useful information to securely flow to consumers, across provider organizations, between providers and payers and payer to payer will be the work of healthcare over the next decade. This will be a heavy lift for consumers, covered entities, vendors and business associates. For decades I have worked on the standards and policies to enable us to realize this vision. Still, I have no illusion that this will be accomplished without significant challenges and protecting privacy and security will be among the most vexing. It’s an all hands on deck time to learn to use information for the benefit of consumer health and health services.
Tammy Banks, MBA is a Healthcare Consultant with ImpactQue and previously served as Vice President Interoperability Program Development for Optum and as Director Practice Management Center and Payment Advocacy for the American Medical Association. Outstanding Leadership and Distinguished Service Awards from WEDI.
By Linda Kloss, RHIA, FAHIMA
We are all eager to put 2020 in the rear view mirror. Even knowing that 2021 will be very challenging at home and around the globe, we see a path forward through vaccinations and a gradual return to stability. As this year without parallel draws to an end, I think it deserves a different thought process. No recriminations about the things you didn’t accomplish. No resolutions for the New Year please. Instead, focus on the many important ways you helped others throughout the year. Make a list of the best things you did this year–for your family, friends, and yourself. Make another list of how you helped professional colleagues and the people that you serve. The 2020 pandemic tested our resilience, ingenuity, and, oh yes, patience. This is a time to reflect on all you did and take a pause for a little well deserved self-congratulation!
In last week’s Verisma Webinar “Standardization and Partnership: The Baptist Health South Florida Story,” Rosie Hernandez and Karen Marhefka underscored key lessons about adapting Release of Information for not only the pandemic response, but the new realities of access and disclosure management going forward. Part of the New Fundamentals series, this case study illustrated how Health Systems Solutions (HSS), a partnership of Baptist Health South Florida and Guidehouse, strengthened the patient experience, achieved greater efficiency and improved compliance by partnering with Verisma. Baptist understood that these goals depended on automating the release of information workflow and selected the Verisma Release Manager™ (VRM) for use by HSS staff. In addition to end-to- end workflow automation, Hernandez and Markefka described the importance of a uniform or standard process across the Baptist system, inpatient and outpatient. As Hernandez explained, “standardizing is doing it the same way every time and doing it right.”
The Verisma Request App™ (VRA) was in place across most of the Baptist Health South Florida’s 7 hospitals, 54 ambulatory and associated centers just before COVID preparations began in earnest. Staff went to work from home using the very same work flow platform. HSS accelerated implementation of VRA to provide access without in-person processing or paper requests. Serving an international population made this even more compelling, offering VRA in English, Spanish, and Creole. VRA also made it easier to fulfil requests with e-records. So not only is VRA contributing to the goals of patient experience and compliance, it is bringing about new efficiencies including reduced supply costs. Reflecting from her position as CIO for health systems, Marhefka reminded us that success with this kind of change requires effective advocacy in communicating the need and securing support and collaboration.
In a year of intense change and in the Miami area, a persistent COVID hot spot, HSS’s release of information services have delivered some pretty amazing results. Turnaround time for processing requests is 3-5 days and in just 3 months, the volume of VRA requests exceeded 600 a month. The release of information team transitioned from a siloed workflow to an end to end process that required upskilling. While some staff were initially reluctant to change, good training, support, and encouragement—and the sudden shock of work from home—paid off with a realized shift from clerical tasks to higher-value knowledge work. VRM and VRA and other technology management and analytical tools, enables HSS to be fully accountable to Baptist for the quality of the work and for evidence of full compliance. Importantly, Hernandez described the team’s overall readiness to adapt more quickly, a New Fundamental for sure.
Congratulations to the team at HSS. Their foresight proved invaluable to their successes in 2020 and positioning for the future.
It’s been a year of loss. But it has also been a year of finding. Congratulations for the great work you did and know that it has prepared you for the challenges of 2021 and beyond.
By Linda Kloss
The first AHIMA convention I attended was held in Colorado Springs in 1970, 50 years ago! Over the decades, I missed very few meetings. For 15 of those years, I was responsible for the meeting as AHIMA’s CEO. There were always challenges, like the month following 9/11, but nothing like a pandemic! Bottom line, my congratulations to the AHIMA team and all the speakers and exhibitors who pulled off AHIMA20. The technology platform worked well for live webcast education. The platform was less robust for exhibitors and social events, but for education delivery, I thought it worked very well. The speakers were live and it was easy to see and hear them and to read slides. And the room wasn’t freezing!
Most importantly, AHIMA20 programming was content rich. By this I mean that the education content was important and timely, forward looking, and thought provoking. Live webcast speakers were well prepared, and delivered their presentations professionally. The pandemic was a backdrop acknowledged in all the sessions I attended, but the focus was on the implications of this experience for health information management going forward. Speakers addressed the weaknesses laid bare by our pandemic response, but they focused on how it can help shape a more agile future.
Reflecting on education content, I have five takeaways:
Like all things virtual these days, we trade off connection for convenience, social experience for safety. Attendee chats revealed that there were many first time or new participants who noted they would not have been able to attend this year — or other years — if it involved the cost and employer approvals needed to travel. Long time meeting goers like me miss the casual meet ups and conversations with friends associated with a grand once a year gathering. But I took away a new appreciation of the virtual meeting for providing broader access and a solid learning environment. My prediction: we will not go back to a totally in-person model; there will be a creative blending of approaches for professional education so the opportunity can be more broadly shared. I look forward to seeing what AHIMA creates for AHIMA21.
One final observation. I was very proud of Verisma and the many AHIMA members who made possible the company’s $5,000 donation to the AHIMA Foundation. This donation reflects individual and state association pledges to protect the truth and accuracy of health information. Add your name to this pledge embracing the values of HIM at: https://verisma.com/pledge-to-protect-truth-and-accuracy/