Though this high-tech era has been termed “The Information Age,” for many, it’s more like the “Request for Information Age”, especially in the ROI arena.
With healthcare initiatives and changing contract models, we all know that there are more and more records requests, for research, reporting, and payers (and beyond). Some days you might feel like a human Google – except personalized, confidential, by hand, and with the potential for massive penalties if mistakes are made.
Even if you subcontract personnel, monitoring ROI procedures and quality is essential. All your defined processes and policies mean little without checking up from time to time. Electronic systems offer many tools for data manipulation. These tools can provide individual production statistics, departmental request volumes, information regarding request turnaround times, and more.
While there’s no one-size-fits-all approach, the American Health Information Management Association offers some ROI advice to balance patient care, privacy, and compliance performance:
- Set goals. From a business standpoint, related but separate from the accounting of disclosures function of HIPAA, good ROI management requires productivity standards to facilitate continuity of care. These include goals for turnaround time and measures to address any backlog.
- Consider where record requests land within your health system. A key reason facilities run into problems is that so many departments can be affected. In addition to audit, denial, and managed care teams, requests may be received by quality, compliance, physician practices, billing, and chief operating officers.
- Centralize it. Assign receiving and logging requests to one department. Spread the word and be sure to back up your goals, reasoning and processes system-wide. Collaborative education is important. “Lunch and learns” are an ideal forum for educating teams.
- Ensure that your quality control practices are comprehensive. They should cover release of information for any purpose. The content of ROI management standards must conform to applicable state and federal law as well as the organization’s policies, procedures, and mission and business strategies.
- Record and monitor activity, tracking requests through their life cycle. Facilities that have minimum ROI activity might still have manual logs. An an electronic system can help with monitoring staff performance, recording turnaround times by type of request, and other measures.
- Record the time and date when a request is made. Also record the time and date by which the information is needed. Staff should prioritize requests on that basis. Electronic systems can help with data analysis for monitoring purposes.
- Make sure the tracking data are entered appropriately. Confirm that patient name, medical record number, birthdate, name of requestor, method of transmission, and name of employee completing the request are included.
- Check and check again, for every step. Verify that requests for information contain all data required by internal policy and state and federal regulations. When there are multiple individuals with similar demographics, staff should do additional investigation, such as comparing the patient signature on the consent with other consents, contained in the medical record.
- Incorporate continuity of care releases within general policy. Have staff “flag” requests for continuing care on receipt. This distinguishes them from more routine requests, such as third-party payer, legal, or research.
- Identify to whom the information is to be sent. Confirm that the request includes valid authorization. Evidence of legal authority may require a witness signature or notary public seal on the request form, or evidence of the relationship with the patient, documentation from a court of competent jurisdiction, or other means. For requests other than emergencies, where the care provider or requesting entity is not known to the healthcare organization processing the request, this may require direct contact with the patient.
- Verify appropriateness of information requested for release. For patient care, an authorization is not required by HIPAA, but it may be required by state law. Requirements vary. (The National Conference of State Legislatures offers an overview.)
- Provide only the minimum necessary information required to comply with the request. Information that pertains to behavioral health or substance abuse falls under more stringent state and federal regulations. Thus, it requires particular care in the review of the request.
The final aspect of the quality control process is evaluating completion. Electronic systems allow you to collect aggregate data by type of request, providing concrete information with which to evaluate compliance. Evaluation of processes, request volumes, and staff performance provides information needed to make adjustments.
- If the request does not meet the organization’s requirements, was the request returned with an explanation of what else is required?
- Was the information directed only to the individual or entity authorized for release?
- Was the information released recorded for internal auditing and record?
- If a patient picked up the information in person, was there a process in place to verify that person’s identity?
- Was the information delivered to the designated entity in accordance with the organization’s policies and procedures?
Finally, regardless of the method chosen to evaluate ROI performance, remember that it’s the organization’s overall management practices that define the foundation for accurate and compliant release of information.
For information on how to transition your health system to an automated, auditable, completely electronic record release process check out Moxe’s Chart Retrieval Solutions.