HIM’s Top 10 Risks for 2014: The Right Preparation Means Everything
By Rita Bowen, MA, RHIA, CHPS, SSGB, and Jan McDavid, Esq
There’s a top 10 list for everything: the top 10 millionaires who have disappeared, top 10 weird eating habits, top 10 bizarre items confiscated at airports. Less odd but very important, HIM has a top 10 list, too.
The following list of top 10 HIM risks in 2014 can help professionals safely prepare for what’s coming. Our list doesn’t include the drum rolls or humor that accompany David Letterman’s famous top 10 lists, but it does rank HIM risks from largest to smallest. It includes everything from HIPAA Omnibus compliance to meaningful use. And yes, ICD-10, too.
10. Poor transition to ICD-10: The implementation of ICD-10 already is top of mind and top of list for providers, payers, and clearinghouses. Executives finally are on board, too. A recent HIMSS leadership survey confirms ICD-10 as the top financial system focus.
Organizations unable to produce a clean claim under ICD-10 will not be reimbursed for the services they provide. It’s that simple—and that important.
Denials are expected to surge immediately following the October 1, 2014, conversion and remain above normal for months following. An organization’s ability to streamline denials management workflow and quickly address denied claims is essential.
System updates, documentation assessments, dual coding, education, training, and end-to-end testing with all stakeholders are must-haves for the coming year. There’s no more thinking about ICD-10. In 2014, it’s all hands on deck.
9. Lack of information data governance: All health care provider organizations manage a mosaic of information systems and deal with information data governance in departmental silos—one tile at a time. However, the future of health care lies in data integrity across all systems and throughout the entire organization. HIM professionals play a fundamental role.
In 2014, team up with IT and executive teams to make strategic decisions regarding the organization’s information assets. Here are four steps to take:
• Define roles and responsibilities for data.
• Establish data-quality policies.
• Create metadata management practices.
• Arbitrate shared data questions.
Data are your most valuable asset. An enterprisewide information data governance plan leads to successful enterprise information management for years to come.
8: Lack of an incident response plan: The Office for Civil Rights conducted 115 audits of covered entities in 2012. Audits were conducted to measure compliance with the information privacy and security standards within HIPAA and HITECH. Results of the pilot program were presented at the 2013 Health Care Compliance Association Compliance Institute.
Security issues topped the list of concerns with “entity unaware of the requirement” most commonly cited by auditors. Now is the time for HIM professionals to act.
When organizations have a privacy or security breach, a fully vetted and adopted incident response plan must be in place. Share this plan and conduct educational sessions throughout your organization, with particular focus on departments that release protected health information (PHI). The three biggest areas of concern are business office, radiology, and emergency department services. Finally, ensure all business associates also have incident response plans in place.
Omnibus changes to HIPAA require that covered entities and business associates now assess the probability that PHI was compromised based on a thorough risk assessment. Assessment is a multistep process that HIM professionals must thoroughly understand in 2014.
7. Information integrity issues: HIM professionals play a pivotal role in ensuring data and content are accurate, reliable, up-to-date, consistent, and fit for use. Data architecture, definitions, processes, and auditing requirements must all be assessed and strengthened in 2014. Specific tactical areas for HIM leadership include the following:
• ensuring consistent definitions;
• separating active vs. inactive problems on electronic problem lists;
• eliminating master patient index clutter and information duplications, overlaps, and overlays;
• requiring two-factor identification to appropriately identify the patient; and
• implementing and enforcing electronic documentation cut-and-paste policies.
Everyone reads the EMR, so every set of eyes should be leveraged to identify data errors, not just HIM.
6. Lack of specific language in business associate agreements: With the enforcement of new HIPAA Omnibus rules, covered entity and business associate relationships are all grown up. Business associates now are also liable for PHI breaches. HIM professionals must ensure that every business associate agreement is reviewed.
There are new required elements and breach reporting guidelines for business associations, and sample language for such agreements is available on the HHS website.
5. Failure to achieve meaningful use: More than $9 billion in meaningful use incentives were paid out to eligible professionals and hospitals through June 2013. Ensuring that each and every organization receives its share of Medicare incentive payments through the EHR Incentive Program continues to be a primary objective.
Meaningful use addresses five national health policy goals, and the incentive program has widespread awareness and executive focus. For HIM, here are six meaningful use tips for the journey ahead:
• Integrate clinical decision support and medical necessity for charge structure.
• Help physicians transition to the EHR and avoid alert fatigue (may require data preloading).
• Manage new types of electronic information within your EHR (eg, videos, voice files).
• Bring clinical data analytics up to par.
• Revisit EHR documentation templates with ICD-10 and stage 2 meaningful use in mind.
• Avoid focusing too much on the measures required vs. achieving overall goals.
4: No HIM involvement in overall IT/informatics: 2014 is the year for HIM professionals to raise their hands with chief information officers and IT peers. IT professionals govern the pipes used for information access and transport, but HIM manages the water that runs through those pipes.
Strong IT/HIM collaboration not only is essential for a successful transition to ICD-10 but also is required for all the information governance and data integrity issues mentioned above. It can no longer be IT governance with HIM off to the side. The hidden gem or resource for organizations in 2014 must be you, the HIM professional.
3: Inability to innovate: New solutions help an organization better use existing processes and systems to meet industry requirements. Rather than doing the same thing better, innovation refers to the notion of doing something different.
A goal for HIM in 2014 should be to thread our expertise into every new system evaluation and implementation. Each new application must produce and share actionable data. HIM involvement ensures all data gathered and used by new applications feeds into an overall information governance plan.
2. Missed opportunities for public good: According to the Beryl Institute, 52% of all health care provider organizations have a formal mandate related to patient experience and consumer engagement. New environments spark new career opportunities for HIM professionals. Doors are opening in areas such as consumer advocate roles, PHR education, patient portal enrollment, and patient navigators. Engaging patients and their families to access, use, and safeguard their health information is an excellent opportunity for HIM to support the public good.
1: Health information exchanges (HIEs) and patient portals going awry: Finally, stage 2 meaningful use requires providers to participate in HIEs. And at least 50% of a provider’s patients must be enrolled in a patient portal. Most hospitals plan to implement some type of HIE in 2014, and more than 50% already have a patient portal in place.
HIM expertise is essential in determining what information will be shared with other providers and health care stakeholders via HIEs and patient portals. Furthermore, the quality of any patient portal is only as good as the physician documentation included within the EHR. The need for HIM participation in enterprisewide, information data governance continues to be enforced at every turn.
So Many Risks, So Little Time
Just like eating an elephant, the only way to mitigate this much risk is one bite at a time. HIM professionals are encouraged to start small and begin where they are. For each initiative listed above, narrow the scope if you must and then expand in the future. Begin where you can leverage an existing area of interest, executive edict, or organizational focus.
2014 promises new horizons for HIM professionals. Expand your current knowledge, skills, and set of disciplines. We all have a stake in getting it right.
— Rita Bowen, MA, RHIA, CHPS, SSGB, is senior vice president of HIM and a privacy officer of HealthPort, where she is responsible for acting as an internal customer advocate. She has more than 20 years of experience in the HIM industry.
— Jan McDavid, Esq, is general counsel and chief compliance officer for HealthPort.