Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

How to Train Business Office Staff to Perform Like ROI (Release of Information) Pros – HIM Scene

Posted on September 27, 2017 I Written By

The following is a HIM Scene guest blog post by Mariela Twiggs, MS, RHIA, CHIP, FAHIMA, National Director of Motivation & Development at MRO.  This is the third blog in a three-part sponsored blog post series focused on the relationship between HIM departments and third-party payers. Each month, a different MRO expert will share insights on how to reduce payer-provider abrasion, protect information privacy and streamline the medical record release process during health plan or third-party commercial payer audits and reviews.

Millions of payer requests for medical records are sent to hospital business offices every day. Business office staff are often tasked with pulling, compiling and sending Protected Health Information (PHI) to meet these requests.

Many payer requests are part of treatment, payment and operations (TPO) according to HIPAA. Payer requests are the “P” in TPO. However, others such as Medicaid assistance applications and disability requests are not covered under TPO. Knowing the difference and managing each request with the upmost regard for patient privacy is the focus of this month’s HIM Scene post.

Business Office Disclosures: Haste Makes Breach

Time is of the essence in the business office. Staff are focused on submitting claims, appealing denials or responding to audits and reviews as covered in last month’s HIM Scene. During the rush to get claims paid, key steps in the Release of Information (ROI) process may be skipped, compromised or mistakenly omitted. It’s during these situations that privacy concerns arise and PHI breaches may occur.

To ensure business office disclosures are kept safe and secure, organizations should train their financial staff using the same information, curriculum and courses presented to Health Information Management (HIM) teams. The ROI steps are the same. And disclosure management processes must be consistent to reduce breach risk. Here are five key areas of disclosure management to cover with your business office employees.

1. ROI and HIPAA Basics

Ensure employees understand the definition of  HIPAA, the privacy rule, ARRA HITECH Omnibus, PHI and differences between federal versus state law. Each state is different and laws apply to where the care was given, not where the organization is headquartered. This is an important distinction for central business offices processing requests for care locations across several states.

Also emphasize which types of payer requests fall under HIPAA’s TPO exemption and which don’t. For those that aren’t considered disclosures for TPO, a patient authorization is required.

Another important topic to cover is the Health and Human Services (HHS) minimum necessary guidance under the HIPAA privacy rule. This guidance helps organizations determine what information can be used, disclosed or requested by payers for a particular purpose. Payers don’t need entire copies of records. They only need specific documents depending on the type of request. By helping business office staff thoroughly understand and apply the minimum necessary guidance, organizations tighten privacy compliance and mitigate breach risk.

2. The Medical Record

Define the various components of the medical record to business office staff. These include common documents, various types of encounters, and properly documented corrections and amendments.

3. Confidentiality and Legal Issues

Outline the legal health record concept and what it includes for your organization. All the various confidentiality and legal issues should also be fully explained. For example, with regard to state subpoena laws, one needs to know quash periods and whether special documentation must be provided. Louisiana requires affidavits while Virginia requires certifications from attorneys saying a notice of patient objection was not received.

4. Types of Requests

List all the various types of requests that might be received in the business office. For each category, differentiate which are part of TPO and which are not. Those that fall outside of TPO require a patient authorization and should be forwarded to HIM for processing. The types of requests to discuss with the business office include:

  • Treatment requests
  • Internal requests
  • Patient requests
  • Government agency requests
  • Disability requests
  • Insurance requests
  • Post-payment audit requests
  • Attorney requests
  • Law enforcement requests
  • Court orders
  • Subpoenas
  • Research requests

5. Sensitive Records and Other Special Situations

Identify and describe specific disclosure management practices related to sensitive records. These cases can include information on genetics, HIV/AIDS, STDs, mental/behavioral health, substance abuse and other sensitive issues. There are also special situations surrounding disclosures for deceased patients and minors. Sensitive records require special handling. Complex federal and state legal issues may be involved with these cases and business office personnel should be aware of them.

With so many details to know, many hospitals and health systems are opting to centralize all disclosures within the HIM department or with a single outsourced ROI vendor.

Make the Case for Centralized ROI

There is a national trend toward centralized disclosure management versus each department handling information requests internally. Beyond the business office, requests are also frequently received in the radiology department, clinical locations, human resources, physician practices, nursing units and HIM.

Maintaining oversight and privacy compliance for all these areas is an arduous task—and opens the door for breach risk. If you are in doubt about the ability of business office or other staff to properly and securely process requests, a centralized ROI model may be your organization’s safest approach.

About Mariela Twiggs
In her role as Director of Motivation and Development, Twiggs leads MRO’s internal motivational efforts and manages MRO Academy, a rigorous and required online educational and testing platform for all employees, which is comprehensive and current with external developments and regulations. Prior to joining MRO, she was CEO of MTT Enterprises, LLC, a Release of Information business. Previously, she worked as a Health Information Management (HIM) Director. Twiggs is the past president of the Association of Health Information Outsourcing Services (AHIOS), Louisiana Health Information Management Association (LHIMA) and Greater New Orleans Health Information Management (GNOHIMA); a fellow of the American Health Information Management Association (AHIMA); recipient of LHIMA’s Distinguished Member & Career Achievement Awards; past treasurer of LHIMA and GNOHIMA; and serves on the advisory board of the Delgado Community College Health Information Technology Program. Twiggs holds a B.S. in Medical Record Administration and a Master’s Degree in Health Care Administration. She is also certified in healthcare privacy (CHP) and is a Certified Document Imaging Architect (CDIA+) with expertise in electronic document management.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

ROI in the Business Office: Why HIM Should Keep a Watchful Eye – HIM Scene

Posted on August 16, 2017 I Written By

The following is a HIM Scene guest blog post by Lula Jensen, MBA, RHIA, CCS, Director of Product Management at MRO.  This is the second blog in a three-part sponsored blog post series focused on the relationship between HIM departments and third-party payers. Each month, a different MRO expert will share insights on how to reduce payer-provider abrasion, protect information privacy and streamline the medical record release process during health plan or third-party commercial payer audits and reviews.

According to most business office staff, pulling information and releasing medical record documentation to payers is a necessary evil to get claims paid and reduce accounts receivables. It is not their core competency.

Whether the request is unsolicited or solicited by the payer, time required to compile information and respond wreaks havoc on business office productivity. Also in efforts to meet payer deadlines and expedite claims, human mistakes can be made. Incorrect patient information might slip through the cracks.

Despite concerns, many business office directors prefer that payer disclosures be sent out by their own business staff—versus by the HIM department. If your organization follows that practice, this HIM Scene blog post is for you.

Two Types of Business Office Requests

There are two instances of business office Release of Information (ROI) to know: unsolicited and solicited requests. The unsolicited process takes place when medical documentation containing all the additional information pertinent to the service being billed is submitted proactively by the provider with the initial claim. The solicited process occurs when the original claim is sent without additional supporting medical record documentation and the payer subsequently (during the adjudication process) determines that additional information is needed. The payer then places a request for the additional documentation from the provider.

Unsolicited Releases During Claims Processing

The purpose of releasing information during claims processing is to expedite payment. In an effort to get the claim paid faster, medical records are sent proactively with the claim. This is especially true for high-dollar claims, payer policies, readmissions within 30 days and the published Office of Inspector General (OIG) Work Plan.

Sounds like a good intention with the organization’s best financial interests in mind. However, three concerns arise when business offices send medical record documentation to payers—versus having HIM professionals take charge.

  1. Business office staff may not know which parts of the medical record will be required to support the claim. Often, the entire chart is sent—a process that is not practical for high-dollar or long-length-of-stay cases.
  2. Sending the entire record is also not compliant with HIPAA’s Minimum Necessary Standard. By sending too much information, hospitals are at risk for HIPAA breach.
  3. Upon receipt of prepay documentation, the payer’s staff logs each record received, scans or otherwise digitizes the documents, and incorporates them into their own electronic systems. This creates a huge administrative burden on payers.

Similar challenges ensue with solicited payer medical record requests that occur during the adjudication process or retrospective reviews.

Business Office Disclosures for Payer Audits and Reviews

There has been significant uptick in payer audits and reviews, a topic that was covered by HIM Scene last month. This includes governmental and third-party commercial. According to one central business office director at an MRO client site, “The pull lists for payer audits and reviews keep getting longer and the piles of medical records to send keep getting higher.”

To reduce administrative burdens with payers, some organizations are allowing payers direct access to their EMRs and EHRs to obtain the required information during audits and reviews. While this process may lighten the load for billing personnel, it is laden with additional privacy risks.

Business office personnel complain about the travails of responding to all the various requests for records. However, a significant number of business office directors still insist on owning the ROI process for payer audits and reviews. When this is the case, there are several important steps for HIM directors to consider.

Three Steps for HIM: Educate, Track and Talk

For both types of business office disclosures, it is important to educate billing staff about the implications of a HIPAA breach and privacy risks listed above. Establish an organization-wide standard for ROI to keep PHI safe during all types of business office disclosures. Educating all personnel involved in business office ROI (whether for claims processing, audits or reviews) helps relieve frustration with the record release process.

Billers should also track which specific records, and what sections of each, were sent. By documenting and then reviewing this information, organizations gain valuable knowledge about payer trends—insights that can be used to prevent denials and negotiate more favorable terms for payer contracts.

Collaborate with privacy and the business office to determine which release information to track. Then establish a common database or software application to document each release to payers. Here are four ways to make the most of business office ROI tracking data:

  • Look for patterns in what payers are requesting. Any trends in payer request activity could offer opportunities for provider improvement.
  • Identify risk. Analytics can help business offices detect weaknesses in the revenue cycle, involving coding, documentation or other internal processes.
  • Educate coders, biller, collectors, physicians, etc. on payer trends and how collaboration can promote accurate, complete billing for services rendered and support a claim via medical record documentation.
  • Use data analysis. When payer contract negotiations arise, use payer trend statistics to your advantage in the next round of negotiations.

Talk with local payers and stay updated on policy changes related to claims processing, audits and retrospective reviews. Open communication with each payer is recommended to ensure records are sent in the most secure way possible. Communication with payers also reduces phone tag and minimizes payer-provider abrasion.

Finally, due to the importance of collecting medical record documentation, health plans are willing to pay for records. Business offices and HIM departments fulfilling these requests are encouraged to discuss and pursue reimbursement from payers.

About Lula Jensen

In her role as Director of Product Management for MRO, Jensen drives product enhancements and new product initiatives to ensure MRO’s suite of solutions enable the highest levels of client success and end-user satisfaction. She has more than 15 years of experience in healthcare, focusing on Health Information Management (HIM), Revenue Cycle Management, analytics, software development and consulting. In addition to holding product management roles at McKesson Health Solutions and CIOX Health, she also served as Revenue Cycle Manager at Fox Chase Cancer Center and taught a course on ICD-9 CM Coding and Reimbursement at Bucks County Community College. Jensen is an active member of the Healthcare Financial Management Association (HFMA), American Health Information Management Association (AHIMA) and Pennsylvania Health Information Management Association (PHIMA); she is a 2005 PHIMA Scholar Award recipient. Jensen holds a B.S. in HIM from Temple University and an M.B.A. in Health Care Administration from Holy Family University.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.