Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

How to Balance Privacy, Security and Quality with Offshore Coding: Three Critical Caveats for HIM – HIM Scene

Posted on October 4, 2017 I Written By

The following is a guest blog post by Sarah Humbert, RHIA, ICD-10 AHIMA Certified Trainer, Coding and Compliance Manager, KIWI-TEK. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

Prior to ICD-10 there was a shortage of domestic coders, making offshore services a necessity for many organizations. But in a post ICD-10 environment, experienced U.S. coders are more readily available and accessible. Domestic coding services are still considered best practice by most HIM professionals. In fact, 72 percent of hospital respondents outsource more than half of their coding needs according Black Book’s October 2016 Outsourced HIM Report.

While acceptance of offshore coding services has grown there are important caveats for HIM professionals to know according to the Black Book report. Price isn’t everything when it comes to protecting your patient’s privacy and your organization’s financial performance. Additional offshore concerns continue to be reported by U.S. hospitals and health systems:

  • Increased audit costs
  • Higher denial rates
  • Missed procedure codes

As Black Book states, it is imperative for offshore coding companies to tighten processes in three key areas: privacy, security and quality. With ransomware on the rise, hospitals, health systems and medical groups have greater levels responsibility to fully assess their business associates—especially those using protected health information (PHI) offshore.

Because of these concerns and those mentioned above, HIM professionals must carefully explore, vet and secure detailed service level agreements prior to even considering the offshore option. This month’s blog lays out three critical caveats to consider and weigh against the proven value of domestic coding services.

Verify and Test Privacy and Security for Offshore Coding

The first step for HIM professionals is to understand the annual attestation requirements. Originally required by CMS for Medicare Advantage (MA) plans, the following annual attestations have become best practice for healthcare provider organizations and other covered entities (CEs) working to protect PHI.

  1. Provide notice to CMS—30 days prior to beginning the contractual relationship—that offshore contractors will be used, providing CMS an opportunity to review and raise an objection if warranted.
  2. Sign an annual attestation to accurately report to CMS the use of any offshore contractors.

For example, if a hospital wants to use a coding or billing company with personnel located offshore, it must submit the initial notification, receive no objections from CMS, and then annually attest that protections are in place with the offshore vendor.

Beyond the two-step attestation process, HIM professionals must take the following five precautionary steps with all offshore HIM services vendors.

  • Discuss any offshore contacts with your legal counsel and the vendor prior to signing.
  • Include language to indicate that onshore vendors will not subcontract with offshore vendors or coders.
  • Make sure your vendors are aware of attestation rules and take precautions to safeguard PHI.
  • Obtain cybersecurity insurance that includes coverage for potential breaches of offshore data.
  • Identify any other clinical services that may be provided offshore, such as coding audits, and consult your legal counsel to determine if that service should be identified in the attestation.

Rigorous due diligence of offshore coding vendor privacy and security safeguards ensures HIM professionals are doing their part in reducing PHI breaches and ransomware attacks in healthcare. Six states went a step further by prohibiting Medicaid members from sending any PHI offshore: Arizona, Ohio, Missouri, Arkansas, Wisconsin and New Jersey. If your state provides healthcare services in any of these states, additional review by legal counsel is mandatory.

Watch Offshore Coding Quality

The second area for concern with offshore medical record coding services is accuracy.

Offshore coders are mostly former nurses or other well-educated candidates. Although global coding staff speak English and are highly competent, they may not be well trained in self-directed chart interpretation.

Our clients often report international coding accuracy concerns and the need for additional audits, higher denials and missed procedure codes—especially as global coders expand beyond relatively simple and repetitive ancillary testing and radiology cases. In fact, 22 percent of HIM executives continue to shy away from a non-U.S. workforce, according to Black Book.

When it comes to coding quality, here are five recommendations to measure, monitor and manage accuracy prior to engaging an offshore coder.

  • Confirm who is actually doing your coding initially, and after each month into the services engagement.
  • Know global coders’ credentials, testing results and accuracy scores.
  • Verify that less experienced coders aren’t engaged following the initial work assignment.
  • Conduct a minimum of monthly coding audits to quickly identify and correct any negative trend or patterns.
  • Refuse to accept lower quality standards for offshore coding.

Re-evaluate Your Options

The medical record coding industry has shifted. Now is the time to re-evaluate the risks and returns of offshore coding services—keeping privacy, security and quality top of mind.

About Sarah Humbert
Sarah serves as the manager of coding and compliance at KIWI-TEK, a 100% domestic coding and audit services company. She is responsible for coding quality control—accuracy, turnaround time and compliance.

Sarah oversees all coding processes, including coders’ performance, credentials and recurrent testing. She is a member of AHIMA, IHIMA, CHIMA, and she is also a Certified ICD-10 AHIMA trainer. Sarah has worked in a variety of health information management positions for Health Care Excel, MedFocus and St. Vincent Health System.

Kiwi-Tek is a proud sponsor of Healthcare Scene. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

How to Train Business Office Staff to Perform Like ROI (Release of Information) Pros – HIM Scene

Posted on September 27, 2017 I Written By

The following is a HIM Scene guest blog post by Mariela Twiggs, MS, RHIA, CHIP, FAHIMA, National Director of Motivation & Development at MRO.  This is the third blog in a three-part sponsored blog post series focused on the relationship between HIM departments and third-party payers. Each month, a different MRO expert will share insights on how to reduce payer-provider abrasion, protect information privacy and streamline the medical record release process during health plan or third-party commercial payer audits and reviews.

Millions of payer requests for medical records are sent to hospital business offices every day. Business office staff are often tasked with pulling, compiling and sending Protected Health Information (PHI) to meet these requests.

Many payer requests are part of treatment, payment and operations (TPO) according to HIPAA. Payer requests are the “P” in TPO. However, others such as Medicaid assistance applications and disability requests are not covered under TPO. Knowing the difference and managing each request with the upmost regard for patient privacy is the focus of this month’s HIM Scene post.

Business Office Disclosures: Haste Makes Breach

Time is of the essence in the business office. Staff are focused on submitting claims, appealing denials or responding to audits and reviews as covered in last month’s HIM Scene. During the rush to get claims paid, key steps in the Release of Information (ROI) process may be skipped, compromised or mistakenly omitted. It’s during these situations that privacy concerns arise and PHI breaches may occur.

To ensure business office disclosures are kept safe and secure, organizations should train their financial staff using the same information, curriculum and courses presented to Health Information Management (HIM) teams. The ROI steps are the same. And disclosure management processes must be consistent to reduce breach risk. Here are five key areas of disclosure management to cover with your business office employees.

1. ROI and HIPAA Basics

Ensure employees understand the definition of  HIPAA, the privacy rule, ARRA HITECH Omnibus, PHI and differences between federal versus state law. Each state is different and laws apply to where the care was given, not where the organization is headquartered. This is an important distinction for central business offices processing requests for care locations across several states.

Also emphasize which types of payer requests fall under HIPAA’s TPO exemption and which don’t. For those that aren’t considered disclosures for TPO, a patient authorization is required.

Another important topic to cover is the Health and Human Services (HHS) minimum necessary guidance under the HIPAA privacy rule. This guidance helps organizations determine what information can be used, disclosed or requested by payers for a particular purpose. Payers don’t need entire copies of records. They only need specific documents depending on the type of request. By helping business office staff thoroughly understand and apply the minimum necessary guidance, organizations tighten privacy compliance and mitigate breach risk.

2. The Medical Record

Define the various components of the medical record to business office staff. These include common documents, various types of encounters, and properly documented corrections and amendments.

3. Confidentiality and Legal Issues

Outline the legal health record concept and what it includes for your organization. All the various confidentiality and legal issues should also be fully explained. For example, with regard to state subpoena laws, one needs to know quash periods and whether special documentation must be provided. Louisiana requires affidavits while Virginia requires certifications from attorneys saying a notice of patient objection was not received.

4. Types of Requests

List all the various types of requests that might be received in the business office. For each category, differentiate which are part of TPO and which are not. Those that fall outside of TPO require a patient authorization and should be forwarded to HIM for processing. The types of requests to discuss with the business office include:

  • Treatment requests
  • Internal requests
  • Patient requests
  • Government agency requests
  • Disability requests
  • Insurance requests
  • Post-payment audit requests
  • Attorney requests
  • Law enforcement requests
  • Court orders
  • Subpoenas
  • Research requests

5. Sensitive Records and Other Special Situations

Identify and describe specific disclosure management practices related to sensitive records. These cases can include information on genetics, HIV/AIDS, STDs, mental/behavioral health, substance abuse and other sensitive issues. There are also special situations surrounding disclosures for deceased patients and minors. Sensitive records require special handling. Complex federal and state legal issues may be involved with these cases and business office personnel should be aware of them.

With so many details to know, many hospitals and health systems are opting to centralize all disclosures within the HIM department or with a single outsourced ROI vendor.

Make the Case for Centralized ROI

There is a national trend toward centralized disclosure management versus each department handling information requests internally. Beyond the business office, requests are also frequently received in the radiology department, clinical locations, human resources, physician practices, nursing units and HIM.

Maintaining oversight and privacy compliance for all these areas is an arduous task—and opens the door for breach risk. If you are in doubt about the ability of business office or other staff to properly and securely process requests, a centralized ROI model may be your organization’s safest approach.

About Mariela Twiggs
In her role as Director of Motivation and Development, Twiggs leads MRO’s internal motivational efforts and manages MRO Academy, a rigorous and required online educational and testing platform for all employees, which is comprehensive and current with external developments and regulations. Prior to joining MRO, she was CEO of MTT Enterprises, LLC, a Release of Information business. Previously, she worked as a Health Information Management (HIM) Director. Twiggs is the past president of the Association of Health Information Outsourcing Services (AHIOS), Louisiana Health Information Management Association (LHIMA) and Greater New Orleans Health Information Management (GNOHIMA); a fellow of the American Health Information Management Association (AHIMA); recipient of LHIMA’s Distinguished Member & Career Achievement Awards; past treasurer of LHIMA and GNOHIMA; and serves on the advisory board of the Delgado Community College Health Information Technology Program. Twiggs holds a B.S. in Medical Record Administration and a Master’s Degree in Health Care Administration. She is also certified in healthcare privacy (CHP) and is a Certified Document Imaging Architect (CDIA+) with expertise in electronic document management.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

Preview of #AHIMACon17 – HIM Scene

Posted on September 7, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

I thought it might be interesting to check out the #AHIMACon17 conference hashtag for the AHIMA Annual Convention to get an idea of what the hot topics were going to be going into the annual convention. Unfortunately, there wasn’t much conversation happening on the hashtag yet. Here’s a sample of a few things I found and some of my commentary about each.


I’m excited to hear Viola Davis as well. I’m sure she has some amazing stories. It’s not clear to me her connection to healthcare, but I’m all about hearing the stories of successful people. I hope they let her tell her story and not try to have her be a healthcare speaker. Ironically, the MGMA Annual Conference is happening at the same time as the AHIMA Annual Convention about 45 minutes away. Viola Davis is keynoting both. I’m not sure if they planned this together or if it’s just coincidence. Either way, I guess I get 2 chances to hear Viola, but trying to manage both events is hard.


This tweet from Ciox made me laugh. There’s a lot of things in healthcare that are still stuck in the 80s. As Mr. H from HIStalk likes to say, Healthcare is where old technology goes to die. There’s certainly some modernization that could happen at about every healthcare organization.


This tweet is ironic after the above tweet talking about the need to modernize. I wonder how many in the AHIMA community are familiar with NLP based technology. For those not familiar, NLP stands for natural language processing. It can be used in a variety of ways, but in the AHIMA world it’s most commonly used to analyze medical records and assess if the documentation matches the coding. It’s pretty amazing technology. I also love seeing NLP used on narrative sections of a note to identify granular data elements that could be used to better inform clinical decision support tools. Do many HIM professionals care about this technology? Are they using it? I think I’ll ask when I’m at the event.


I think security will be an extremely hot topic this year. Given HIM’s role in doing release of information (ROI), it’s always had an important role. In fact, they have a pre-conference Privacy & Security Institute that I’ve heard a lot of great things about. I’m hoping to go this year if they let press attend.

Will you be at #AHIMACon17? What do you expect to be the hot topics? Are there sessions you absolutely must attend? Who’s going to throw the best party? I hope to see many of you at the conference!

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

ROI in the Business Office: Why HIM Should Keep a Watchful Eye – HIM Scene

Posted on August 16, 2017 I Written By

The following is a HIM Scene guest blog post by Lula Jensen, MBA, RHIA, CCS, Director of Product Management at MRO.  This is the second blog in a three-part sponsored blog post series focused on the relationship between HIM departments and third-party payers. Each month, a different MRO expert will share insights on how to reduce payer-provider abrasion, protect information privacy and streamline the medical record release process during health plan or third-party commercial payer audits and reviews.

According to most business office staff, pulling information and releasing medical record documentation to payers is a necessary evil to get claims paid and reduce accounts receivables. It is not their core competency.

Whether the request is unsolicited or solicited by the payer, time required to compile information and respond wreaks havoc on business office productivity. Also in efforts to meet payer deadlines and expedite claims, human mistakes can be made. Incorrect patient information might slip through the cracks.

Despite concerns, many business office directors prefer that payer disclosures be sent out by their own business staff—versus by the HIM department. If your organization follows that practice, this HIM Scene blog post is for you.

Two Types of Business Office Requests

There are two instances of business office Release of Information (ROI) to know: unsolicited and solicited requests. The unsolicited process takes place when medical documentation containing all the additional information pertinent to the service being billed is submitted proactively by the provider with the initial claim. The solicited process occurs when the original claim is sent without additional supporting medical record documentation and the payer subsequently (during the adjudication process) determines that additional information is needed. The payer then places a request for the additional documentation from the provider.

Unsolicited Releases During Claims Processing

The purpose of releasing information during claims processing is to expedite payment. In an effort to get the claim paid faster, medical records are sent proactively with the claim. This is especially true for high-dollar claims, payer policies, readmissions within 30 days and the published Office of Inspector General (OIG) Work Plan.

Sounds like a good intention with the organization’s best financial interests in mind. However, three concerns arise when business offices send medical record documentation to payers—versus having HIM professionals take charge.

  1. Business office staff may not know which parts of the medical record will be required to support the claim. Often, the entire chart is sent—a process that is not practical for high-dollar or long-length-of-stay cases.
  2. Sending the entire record is also not compliant with HIPAA’s Minimum Necessary Standard. By sending too much information, hospitals are at risk for HIPAA breach.
  3. Upon receipt of prepay documentation, the payer’s staff logs each record received, scans or otherwise digitizes the documents, and incorporates them into their own electronic systems. This creates a huge administrative burden on payers.

Similar challenges ensue with solicited payer medical record requests that occur during the adjudication process or retrospective reviews.

Business Office Disclosures for Payer Audits and Reviews

There has been significant uptick in payer audits and reviews, a topic that was covered by HIM Scene last month. This includes governmental and third-party commercial. According to one central business office director at an MRO client site, “The pull lists for payer audits and reviews keep getting longer and the piles of medical records to send keep getting higher.”

To reduce administrative burdens with payers, some organizations are allowing payers direct access to their EMRs and EHRs to obtain the required information during audits and reviews. While this process may lighten the load for billing personnel, it is laden with additional privacy risks.

Business office personnel complain about the travails of responding to all the various requests for records. However, a significant number of business office directors still insist on owning the ROI process for payer audits and reviews. When this is the case, there are several important steps for HIM directors to consider.

Three Steps for HIM: Educate, Track and Talk

For both types of business office disclosures, it is important to educate billing staff about the implications of a HIPAA breach and privacy risks listed above. Establish an organization-wide standard for ROI to keep PHI safe during all types of business office disclosures. Educating all personnel involved in business office ROI (whether for claims processing, audits or reviews) helps relieve frustration with the record release process.

Billers should also track which specific records, and what sections of each, were sent. By documenting and then reviewing this information, organizations gain valuable knowledge about payer trends—insights that can be used to prevent denials and negotiate more favorable terms for payer contracts.

Collaborate with privacy and the business office to determine which release information to track. Then establish a common database or software application to document each release to payers. Here are four ways to make the most of business office ROI tracking data:

  • Look for patterns in what payers are requesting. Any trends in payer request activity could offer opportunities for provider improvement.
  • Identify risk. Analytics can help business offices detect weaknesses in the revenue cycle, involving coding, documentation or other internal processes.
  • Educate coders, biller, collectors, physicians, etc. on payer trends and how collaboration can promote accurate, complete billing for services rendered and support a claim via medical record documentation.
  • Use data analysis. When payer contract negotiations arise, use payer trend statistics to your advantage in the next round of negotiations.

Talk with local payers and stay updated on policy changes related to claims processing, audits and retrospective reviews. Open communication with each payer is recommended to ensure records are sent in the most secure way possible. Communication with payers also reduces phone tag and minimizes payer-provider abrasion.

Finally, due to the importance of collecting medical record documentation, health plans are willing to pay for records. Business offices and HIM departments fulfilling these requests are encouraged to discuss and pursue reimbursement from payers.

About Lula Jensen

In her role as Director of Product Management for MRO, Jensen drives product enhancements and new product initiatives to ensure MRO’s suite of solutions enable the highest levels of client success and end-user satisfaction. She has more than 15 years of experience in healthcare, focusing on Health Information Management (HIM), Revenue Cycle Management, analytics, software development and consulting. In addition to holding product management roles at McKesson Health Solutions and CIOX Health, she also served as Revenue Cycle Manager at Fox Chase Cancer Center and taught a course on ICD-9 CM Coding and Reimbursement at Bucks County Community College. Jensen is an active member of the Healthcare Financial Management Association (HFMA), American Health Information Management Association (AHIMA) and Pennsylvania Health Information Management Association (PHIMA); she is a 2005 PHIMA Scholar Award recipient. Jensen holds a B.S. in HIM from Temple University and an M.B.A. in Health Care Administration from Holy Family University.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

What’s Happening with HIM and Clinical Documentation Improvement (CDI) – HIM Scene

Posted on August 2, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is part of the HIM Series of blog posts. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

The world of HIM is constantly changing. It’s important for every HIM professional to stay on top of trends happening in the industry. With this in mind, I was excited to interview Steve Robinson, MS-HSM, PA-O, RN, SSBB, CDIP, who is the VP of Clinical Revenue Integrity at RecordsOne and ask him the following questions:

  • What’s the most exciting thing you see happening in the HIM world?
  • What’s the scariest thing people aren’t paying enough attention to in HIM?
  • What’s been the impact of CDI on healthcare and what will it be in the future?
  • How do you see the role of HIM changing in the next 5-10 years?
  • Make a big 20 years from now prediction for healthcare

Check out the full video interview we did with Steve Robinson to learn more about Steve’s perspectives on What’s Happening with HIM and CDI:

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

Finding Civility in Payer Relationships: Audits, Reviews and HIM – HIM Scene

Posted on July 19, 2017 I Written By

The following is a HIM Scene guest blog post by Greg Ford, Director, Requester Relations and Receivables Administration at MRO.  This is the first blog in a three-part sponsored blog post series focused on the relationship between HIM departments and third-party payers. Each month, a different MRO expert will share insights on how to reduce payer-provider abrasion, protect information privacy and streamline the medical record release process during health plan or third-party commercial payer audits and reviews.

Civility is defined by Webster’s as courtesy and politeness. It is a mannerly act or expression between two parties. While civility in politics has waned, it appears to be on the rise in healthcare.

New opportunities for civility between payers and providers have emerged with the shift from fee-for-service to value-based reimbursement. Population health, quality payment programs and other alternative payment models (APMs) are opening the door to better collaboration and communications with payers. Optimal patient care is a mutual goal between payers and providers.

HIM professionals can also contribute to stronger payer-provider relationships. Our best opportunity to build civility with health plans and payers is during audits and reviews. HIM professionals who take the time to understand the differences will make notable strides toward a more polite and respectful healthcare experience.

Payer Audits vs. Payer Reviews: What’s the Difference?

It’s no secret to most HIM professionals that the volume of health plan medical record requests continues to increase significantly. In fact, between 2013 and 2016 the number of requests for HEDIS and Risk Adjustment reviews increased from one percent to 11 percent of the total Release of Information requests received by MRO.

The main difference between audits and reviews is the potential negative financial impact to providers. Payer audits include risk for revenue recoupment while payer reviews do not.

For example, audits conducted by third-party payers are intended to recoup funds on overpaid claims. The most common reason for a post-payment payer audit is to confirm correct coding and sequencing as billed on the claim to determine if payment was made to the provider correctly. In audits, the health plan’s intention is to recoup funds on overpaid claims.

Payer reviews do not carry financial risk to the provider. Instead, payer reviews deliver valuable insights providers can use to improve their relationships with health plans and patient populations.

The Upside of Payer Reviews

HEDIS and Risk Adjustment reviews are the most common types of payer reviews. Payer data submissions for HEDIS are due to the National Committee for Quality Assurance (NCQA) by June of every year. Medicare Risk Adjustment results are due in January and Commercial in May.

Since these payer reviews both overlap and occur simultaneously, HIM departments are deluged with medical record requests. Understanding the importance of these reviews improves communication between HIM, Release of Information staff and health plan requesters.

HEDIS Reviews

HEDIS reviews can benefit providers during contract negotiations because the HEDIS performance rankings can be used to gauge the quality and effectiveness of different health plans for potential participation with the facility.

Risk Adjustment Reviews

With these reviews, health plans are required to prove the needs of the population to CMS so they can continue to provide services for higher risk patients and pay providers for the care of this population.

In both cases, medical records are needed to provide the analysis, so HIM is involved.

HIM’s Role: Reimbursable Release of Information

In 2015, 85 percent of MRO’s audit and review requests came from third-party vendors representing health plans. Both post-payment audit and review requests are typically chargeable to the requesting party. Due to the importance of collecting medical record documentation, health plans and payers are willing to pay for records.

HIM professionals are encouraged to pursue reimbursement for payer requests. This is especially true if your HIM department is working diligently to accommodate the payer deadline for record receipt.

A provider’s Release of Information staff should be able to work directly with these requesters to ensure payment for the timely delivery of records. HIM professionals can reduce payer-provider abrasion and ultimately strengthen relationships to improve compliance. It’s the first step to increasing civility in healthcare.

Watch for our August HIM Scene post to learn more about how to secure patient privacy when sending records to payers and health plans.

About Greg Ford
In his role as Director of Requester Relations and Receivables Administration for MRO, Ford serves as a liaison between MRO’s healthcare provider clients and payers requesting large volumes of medical records for purposes of post-payment audits, as well as HEDIS and risk adjustment reviews. He oversees payer audit and review projects end-to-end, from educating and supporting clients on proper billing practices and procedural obligations, to streamlining processes that ensure timely delivery of medical documentation to the requesting payers. Prior to joining MRO, Ford worked as Director of Operations and Sales at ARC Document Solutions for 15 years. He received his B.A. from Delaware Valley University.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

A Look at HIM and the Impact of ICD-10 – HIM Scene

Posted on July 6, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is part of the HIM Series of blog posts. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

After all of the noise that was made around the move to ICD-10, I’m now talking to more and more people about what impact the switch to ICD-10 has had on their organizations.  The reality for many organizations is they don’t really know what the new normal is under ICD-10.  So, they’ve had a hard time evaluating if their ICD-10 work has been going well or not.

With this in mind, I was excited to talk with Eileen Dano Tkacik, Director of Operations & Information Technology at AVIANCE Suite Inc, about a survey they did that looked at ICD-10 accuracy and productivity.  Learn more about the results of this survey in the video below and review the full survey results. Also, check out their 2017 ICD-10 coding contest which includes $5000 in prizes and begins July 17, 2017.

Eileen is so right that the transition to ICD-10 definitely sucked up people’s time and the QA process suffered. I hope now that ICD-10 has been around for almost 2 years that more efforts will go back to QA. We’re going to need to given the ICD-10 accuracy results from their survey.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

The Important Role of HIM in Healthcare Cybersecurity – HIM Scene

Posted on June 21, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is part of the HIM Series of blog posts. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

Healthcare organizations that rely on their CSO (Chief Security Officer) to handle cybersecurity in their organizations always annoy me. Cybersecurity requires everyone at the organization to be involved in the effort. One person can have a large influence, but your healthcare organization will never be secure if you don’t have everyone working their best to ensure your organization is secure.

A great example of someone who’s often forgotten in healthcare cybersecurity efforts are HIM professionals. Organizations that do this, do so at their own peril. If you’re not involving your HIM professionals in your cybersecurity efforts, I exhort you to do so today.

One of the best reasons to involve HIM professionals in your security efforts is that they’re often experts on the patchwork of healthcare privacy and security laws. It’s not enough to just ensure you’re being HIPAA compliant. That’s essential, but not sufficient.

Healthcare privacy and security are so important, there are multiple layers of laws trying to protect your health information. Or maybe the laws just aren’t well planned and that’s why we have so many. I’ll let you decide. Either way, in your privacy and security efforts you’re going to need to know HIPAA, HITECH, MACRA, and of course don’t forget the state specific privacy and security laws. No doubt there are more and your HIM professionals are likely some of the people in your organization that knows these laws the best.

Beyond the fact that HIM professionals know the privacy and security laws, HIM professionals are usually well versed in ensuring the right access to the right information in your system. One of the biggest form of breaches is internal breaches from people who were given the wrong permissions on your IT systems.

Making sure someone is auditing and monitoring these permissions is a very important part of your cybersecurity efforts. Plus, don’t forget to have a solid process for removing users when they leave your organization as well. Those zombie user accounts are a ticking time bomb in your security efforts. When your employees verify that their records are in order before they leave with HIM, that might be a good time to remove their access.

Another place HIM professionals can help with healthcare cybersecurity efforts is around information governance. More specifically, HIM can help you properly manage your health data and legacy systems. HIM can ensure that your legacy systems are properly managed until their end of life. No doubt this will be done in tandem with your IT professionals who have to keep these legacy systems secure (not always an easy task). However, an HIM professional can assist with your information governance efforts that impact cybersecurity.

In what other ways can HIM be involved in healthcare cybersecurity?

Cybersecurity is always going to be a team effort. That’s why it’s shocking to me when healthcare organizations don’t involve every part of their team. HIM professionals should step up and make the case for why they should be involved in healthcare’s cybersecurity efforts. However, when they don’t, a great leader will make sure HIM is involved just the same.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

A Look Into the Future of HIM with Rita Bowen – HIM Scene

Posted on June 14, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is part of the HIM Series of blog posts. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

One of my favorite people in the HIM world is Rita Bowen. She is currently Vice President, Privacy, Compliance and HIM Policy at MRO, but she has a really impressive HIM resume previous to MRO and a deep understanding of the evolution of HIM and their role in healthcare.

With this experience in mind, I was excited to interview her on the current state of HIM and where HIM is heading in the future. Here are the list of questions I asked Rita if you want to skip to a specific question or you can just watch the full video interview embedded at the bottom of this post.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

The Disconnect Between Patient Experience and Records Requests – HIM Scene

Posted on April 19, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is part of the HIM Series of blog posts. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

This week I met with one of the digital marketing team at a children’s hospital. We had a great conversation about the hospital website and the way the hospital’s website represented the organization to the patient. Plus, we talked about how patients choose to interact with the hospital through their website. There are a wide variety of patient requests through the website, but one of those requests was a request for their patient record.

It wasn’t really a surprise that this digital marketer didn’t really know the details of what’s required for a patient to make an appropriate medical record request from his hospital. In his defense, he didn’t usually answer the questions, but just created the website that collected the questions. However, it was quite clear that the workflow for any medical records request was to send it to their HIM department and let them figure it out.

Most organization then have their HIM staff play phone tag with the patient to explain how to make a proper records request which will allow them to release the information to the patient. The progressive organizations might send the patient an email. However, many of them will then ask the patient to mail, drop off or fax in the official records request. If this sounds painful, I can assure you that it’s as painful as it sounds.

This illustrates the massive disconnect between creating a great patient experience and most organization’s current records request process. Please note that I’m not blaming the digital team at hospitals for the issue and I’m not blaming the HIM people for this problem. I’m blaming the disconnect between the two organizations because the only way to solve this problem is to have both organizations involved.

The best patient experience would actually be for the patient to go to their patient portal and download their whole record. Maybe we’ll get their one day, but there are hundreds of systems in a hospital where a patient’s data is stored. So, it’s going to take a while for us to reach the point where a patient can self-service their data requests.

Since I’m not holding my breath on this amount of data sharing happening between disparate systems, I’m more interested in making the current processes so it’s a seamless experience for the patient. If you can model a medical records request on paper, then you can do it digitally. To their credit, I’ve seen a few organizations working on this. In fact, their system is part education about records requests and part getting the information that’s needed to fulfill a records request.

It’s time that HIM and a hospital’s digital and tech teams come together to make the process for requesting records a seamless patient experience. And if you think using a fax machine is a seamless experience for patients, then you’re part of the problem.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.