The Security Problem You Don’t Know You Have

The Security Problem You Don’t Know You Have

You likely have a problem with security. Only problem is, you don’t know about it.

My introduction to healthcare came from my mother. She worked as a physical therapist, recently retired, and we speak frequently.

Many of our conversations deal with how do we make healthcare better. “What do I know that will help you?” or “What do you know that will help me?”

Our discussions can get intense, especially since many of our talks center around health insurance. Our combined interest in the topic started a long time before my days at Moxe – where our work here centers on creating data connection solutions for health systems and health plans. I was first introduced to this subject matter when I started at Kaiser Permanente, and the learning continued through my time at Epic.

Wherein Lies the (Security) Problem

The problem with security presents itself when you rely on people to process and fulfill chart requests. People need to use their brain power plus documentation, or some rules-set which they either know firsthand or to which they can refer. They need to know what can be released. They need to know how can it be released in the right fashion. In the end, we’re all people, and people are fallible.

Many problems exist with manual chart release, and this one is easy to overlook. You needlessly spend one of your most important resources: your people’s time.

Your staff members fulfill the data needs of the insurers or lawyers or other third parties. You, on the front lines providing care, are obliged by HIPAA to give them the data. However, you don’t receive much in return other than payment for the paper it was printed upon or the flash drive to which it was saved.

All this data – needed to fulfill chart requests – exists in your EMR. Let’s say you are the CFO of a large health system. You invest a lot of time and money implementing a very sophisticated technology. People input valuable information into that technology, but you don’t fully leverage that information when you simply release the data.

Timing is Everything

The months of November and December present the busiest time of the year. You’re going to have a chart request for each and every patient where insurance was billed during the calendar year, regardless of the type of plan. Every health plan billed will want a copy of each of its  members’ charts.

It takes about 15 minutes to fulfill each request, so a staff member averages completion of about four requests an hour, not counting time to run quality assurance over the releases. When you have requests for a large number of charts, that adds up to a lot of hours. Plus, you get to a point where it’s extremely tough to manage the different releases and types of data released in a consistent fashion, because people must review the information and make judgement calls. “Here are the different types of notes. What can I include? What can’t I include?”

This entire process is open to human error (and security and compliance issues). And it doesn’t have to be.

Coming next: The weak link in manual chart retrieval and automated chart retrieval solutions to keep your health system secure.

The future of healthcare is in making it a conversation.