The future of PHI disclosure management

Staying on top of today's complex and ever-changing regulatory, privacy and technology issues required for successful Protected Health Information (PHI) disclosure management can be a daunting task for hospitals and health systems.

That said, there are several trends and emerging market drivers that will impact disclosure management in even more significant and profound ways in the future. This article will identify these seminal issues and describe how hospital and health system executives can position their organizations for future success.

Let's start by looking at the macro trends. First, there is the increasing need to provide more health information (primary and specialty care, PT/OT, lab, imaging, medications, demographic and other data) to more constituents (patients, providers, attorneys, payers and other third party requesters). Second, there is an evolving need for effective control and oversight over health information as record request volumes continue to soar. Third, as value-based care, at-risk contracts, and other collaborative arrangements expand across the healthcare ecosystem, there will be an escalating need to provide accurate and timely health information to manage quality and payment initiatives.

In addition to these macro trends, there are also a number of market drivers impacting PHI disclosure management, Release of Information (ROI) and other related services, in some very concrete ways including:

Payer-Provider Collaborations – Accountable Care Organizations (ACOs) and a growing number of provider-payer partnerships are gaining traction across the country as over 24 million Americans are part of approximately 750 ACOs that exist in all 50 states. As these and other collaborations continue to expand, they will create new disclosure management challenges for providers including the need to determine appropriate rates for payer requests for health information and the establishment of secure connections with high volume payer requesters.

Expanding Number of Breaches – Since 2009, there have been more than 1,700 large breaches impacting over 500 people and over 180,000 small breaches impacting fewer than 500 people, often resulting from human errors such as those in the ROI process. The Office for Civil Rights (OCR) is taking an increasingly active stance in enforcement of HIPAA regulations and investigations into small breach violations by all providers. Over the next few years, providers will face the challenge of managing risk during what may well be a breach investigation epidemic. The stakes are high as even HIPAA violations unknown to the covered entity have serious consequences i.e., a maximum penalty of $50,000 per violation with an annual maximum of $1.5 million per year – and offenses committed with the intent to sell, transfer or use individually identifiable health information for commercial advantage, personal gain or malicious harm permit fines of $250,000 and imprisonment up to 10 years.

Growing Number of Disclosure Points – As more health systems acquire hospitals, and hospitals acquire physician practices, they will experience an increase in the number of PHI disclosure points. In addition, healthcare enterprises are accelerating their use of smart phones, mobile applications and remote monitoring devices – and are expanding record sharing via HIEs as well as increasing deployment of electronic health records (EHRs), patient portals, and secure messaging. As the industry continues to provide innovative ways to connect patients and providers, the number of PHI disclosure points and the associated liabilities will continue to grow.

Increasing Patient-Generated Health Data (PGHD) and Telemedicine –The rise of PGHD and telemedicine continues to impact disclosure management and present ongoing challenges including how to address the increased use of patient portals and unencrypted personal devices. Deciding how to incorporate these new data types into health records, along with developing a plan for managing and releasing patient-generated data will need to be an integral part of PHI disclosure management and information governance strategies moving forward.

Keeping Pace with the Disclosure Management Trends

Here's a checklist of seven key initiatives that hospital and health system executives should consider as they prepare their institutions for the future of PHI disclosure management:

1. Deploy enterprise-wide disclosure management systems and ROI processes to provide better control over the growing number of disclosure points.

2. Ensure you have access to the expertise to help you capitalize on payer/provider collaborations including the capabilities to determine appropriate rates and the use of new technologies to handle large volume requesters.

3. Ratchet up your efforts to incorporate best practices to minimize breaches. This includes having access to a highly-trained workforce specialized in disclosure management that understands the complexities of federal, state and facility regulations to ensure the proper handling of complex record requests. In addition, make sure you provide multiple layers of quality assurance on authorizations and PHI disclosures and utilize record integrity checks to enhance your breach prevention initiatives.

4. Re-assess your HIPAA compliance program in light of the increased scrutiny coming from OCR and amend any policies or procedures that could cause a finding of noncompliance.

5. Evaluate if you have the expertise to drive system integration with hospital IT systems and government agencies like CMS and SSA. In addition, fast track deployment of record integrity technologies and electronic delivery methods including direct secure messaging, portals, etc. These initiatives will both enhance compliance and improve productivity.

6. Begin now to evaluate whether and what type of PGHD and telemedicine information to include in the patient record, as well as how to ensure data integrity and address the increased liability and accountability issues.

7. Make sure you are able to support various requesters of health information especially patients who will want personal touch/customer service even in this age of self-service technology.

Don't Go It Alone

According to the Association of Health Information Outsourcing Services (AHIOS), nearly 80 percent of hospitals nationwide have already outsourced some or all of their disclosure management functions to alleviate the administrative burden of fulfilling medical record requests. Given the industry trends and the complexities that lie ahead, healthcare providers should consider expanding their outsourcing to organizations that specialize in disclosure management and who have the expertise and technologies to ensure compliance with federal, state and facility regulations. These organizations employ industry best practices and utilize innovative disclosure management systems that can effectively manage skyrocketing record request volumes while mitigating the associated risks.

Outsourcing disclosure management should be a key consideration as you look to "future-proof" your institution and gain peace of mind in what is fast-becoming an incredibly complex and high risk world of disclosure management.

The authors of this article are the following members of the Association of Health Information Outsourcing Services (AHIOS): Stephen Hynes, CEO of MRO and Jeff Gartland, President, Provider Solutions, CIOX Health

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months