ROI Report: Stand Tall Against Information Blocking
By Diane E. Ferry, MS, RHIA
For The Record
Vol. 33 No. 4 P. 10
As HIM professionals know, the federal HIPAA legislation requires that health care providers provide authorized individuals copies of their health records in a timely, secure, and accurate fashion. Although the release of information (ROI) process has improved significantly since the law’s passage, many hurdles and challenges remain. While HIPAA has been in effect since 1996, there are still many reports of information not being obtained by patients or their designated recipients in a timely manner or, in too many situations, not being received at all.
The advent of widespread use of EMRs across the past several decades has been a major improvement in managing health care information in hospitals, clinics, physician offices, and other provider organizations. The presence of disparate IT applications within provider organizations as well as between and among health care systems and health information exchanges adds another layer of complexity to ROI practices. Varying system architectures and interface mechanisms result in a lack of interoperability between systems, which has been a significant hurdle for the effective sharing and transmitting health information. The lack of communication between these systems contributes to delays in the transfer or release of health information.
The 21st Century Cures Act was established to target technological and other barriers to the effective exchange and access to health records. No longer can a health care system shrug its shoulders and say that it’s trying to comply with ROI requirements when interoperability issues are preventing it or making it too difficult or costly.
The Cures Act rule on information blocking prohibits any practice that is likely to prevent, interfere with, or discourage access, exchange, or use of electronic health information, especially for the patients themselves. For a health care provider, information blocking is any practice that it knows is likely to have this effect. Similarly, for a certified HIT developer or health information exchange, information blocking is when it knows, or should know, its design or implementation of any EMR system or the system’s information exchange mechanism is likely to have this effect.
HIM departments should mark their calendars and take note of several upcoming deadlines. First, one that recently passed (April 5), when the Office of the National Coordinator for Health Information Technology’s information blocking provision went into effect for the data elements represented in the US Core Data for Interoperability (USCDI) standard; HIT developers are prohibited from restricting certain kinds of health information exchanges/communications.
On October 6, 2022, regulatory compliance around information blocking will be expanded to include all electronic protected health information instead of only the initial USCDI data elements. Then, on December 31, 2023, implementation of various additional requirements for certified HIT vendors are scheduled to become active.
Inside the HIM Department
For HIM professionals, avoiding information blocking has become an important aspect of ROI processes. In addition to the mandates concerning security, accuracy (correct patient, correct records, correct dates of care, correct recipient/destination), and timeliness, they must now ensure that any policies and procedures or EMR system functions that result in information blocking are eliminated.
The so-called Open Notes rule requires that patients be provided access to the health information in their EMR without charge by their health care provider. The following eight core data elements must be provided:
• consultation notes;
• discharge summary notes;
• history and physical records;
• imaging narrative reports;
• laboratory narrative reports;
• pathology narrative reports;
• procedure notes; and
• progress notes.
The rule does not apply to psychotherapy notes that are separated from the rest of the patient’s medical record and information compiled in reasonable anticipation of or use in a civil, criminal, or administrative proceeding.
On October 6, 2022, the covered data elements will be expanded to essentially cover the content of the entire health record. HIM professionals in provider organizations should be aware that, according to the American Medical Association (AMA), the following may be considered information blocking:
• policies or practices restricting authorized access, exchange, or use of electronic health information (EHI);
• implementing HIT in a nonstandard way that may significantly increase the complexity or burden of accessing, exchanging, or using EHI;
• limiting the interoperability of its HIT in a manner that restricts or prevents access, exchange, or use of EHI;
• implementing HIT in a manner that may restrict access, exchange, or use of EHI in exporting complete information sets or limiting transitions between IT systems;
• actions that lead to waste, fraud, or abuse or impede improvement in access, exchange, or use of EHI;
• having or entering into contracts, agreements, or licenses that include restrictions on access, exchange, or use of EHI, including business associate agreements; and
• practices that result in financial benefit from access, exchange, or use of EHI.
The AMA also notes the following “high-risk information blocking actions”: A physician or other practitioner knowingly interferes with patients seeking access to their own EHI, other providers seeking EHI for treatment or quality improvement, payers seeking EHI to confirm a clinical value, or patient safety or public health.
The following are exceptions that would allow the health care organization to not fulfill EHI access requests or exchanges:
• Preventing Harm: It is necessary and reasonable to prevent harm to a requesting patient or another patient.
• Privacy: It is necessary to protect a person’s privacy.
• Security: It is necessary to protect the security of EHI or an EMR system.
• Infeasibility: Fulfilling an EHI request is not feasible.
• HIT Performance: The IT is temporarily not available or fulfilling the request would damage the IT system or its information.
There are also exceptions related to the procedures used in actually fulfilling a request, including the following:
• Content and Manner: The content of the EHI provided may be limited as long as the required EHI elements are included or a different method is used to fulfill the request because the requested method is not possible.
• Fees: Fees may be charged within a reasonable margin.
• Licensing: Interoperability systems for fulfilling requests may be licensed.
HIM operations have grown increasingly complex and come under increasing scrutiny. HIM professionals best serve their organizations by leading a thorough review of all ROI policies and practices to identify threats to the Cures Act requirements. It is critical to find and correct the barriers that may prevent prompt access, exchange, and use of EHI while at the same time ensuring that patient data are secure and accurate and provided in a timely manner. Long-established routines (“We’ve always done it that way”) must be examined; otherwise, unintended delays or impediments to information access, exchange, or use may occur.
The understanding and support of organizational leadership is essential. HIM leaders must ensure that the C-suite understands the importance of meeting the Cures Act requirements and provides the necessary resources to achieve compliance.
The current ROI process requires close examination and retooling. The system is antiquated and must be improved. To think that most hospitals and physician offices rely on a paper authorization is “old school.” HIM professionals must bring this process into modern times, trusting technology to create new and better ways to provide patients access to their EHI.
Well-trained staff and ongoing performance review assessments are critical. ROI training will need to be much more detailed and focused. Formal training programs should be established to create consistent, accurate, and timely release of health information.
Detailed policies and procedures will best guide staff on efficient processing of requests. Also, the support of high-quality EMR systems with well thought out and efficient ROI modules will be essential. Those systems will also have to meet the HIPAA disclosure record-keeping requirements.
Whereas ROI has always been important, it naturally tends to get less priority from busy clinicians and support staff. Nevertheless, these personnel need to be on the team. With leadership support, they will understand ROI’s importance and eventually work the necessary processes into their daily workflows.
Ultimately, the Cures Act is intended to improve patient and community services. HIM professionals can help ensure that the act’s standards are met, thereby providing patients and others with medical record access in a compliant and timely manner.
— Diane E. Ferry, MS, RHIA, is president and CEO of Star-Med.
Do you have questions about ROI processes? How about interoperability? What are your thoughts on a universal authorization for ROI processes? Feel free to send questions and comments to email@example.com and a Star-Med expert will answer selected inquiries in an upcoming column.
We look forward to hearing from you.