Whether those mistakes are due to the tedium of manual processes, the pressure of an overwhelming volume of requests, or simply the desire to get back to patient care, the repercussions remain the same. At best, they create more work and issues down the road. At worst, they elicit fines and other financial penalties, and even have the potential to damage the reputations of those responsible, if not the medical practice as a whole.
However, by having proper awareness and a plan of attack, you can minimize issues so your practice, health information managers, staff, patients, and requesters can all reap the benefits.
It’s safe to say both technology and legal requirements change at a rapid pace to accommodate the needs of the industry and those it serves. However, plenty of practices put their medical records management and release of information processes into action without considering the need for re-evaluation in the future.
This happens for a variety of reasons, from being too busy, to getting complacent with minor workarounds, to simply being resistant to change. Whatever the reason, it’s imperative to examine your procedures on a regular basis to ensure that they’re compliant and efficient.
In addition, you also need to make sure all staff is properly trained on these procedures from top to bottom and have access to resources should they have any questions or concerns.
Plenty of practices pay too much for staffing, put compliance at risk, and even risk breach simply because staff members are following outdated protocols or don’t know them well enough in the first place. Thus, it’s important to run a full audit of current practices to both identify and minimize current and potential issues. That includes both manual and digital workflows, security measures, billable and non-billable releases, state-mandated fee structures that change year over year in accordance with federal, state, and other municipal laws, and any technology you employ.
While delays in processing and fulfilling requests can be time-consuming regardless of the method, those that rely on manual communication, such as phone, fax, or even mail, are particularly susceptible.
Although HIPAA requires a turnaround in 30 days, there are plenty of situations in which the delivery is subject to an upcoming event, such as a patient needing to have important information prior to an appointment or to adhere to a legal obligation of their own, such as a subpoena for workers compensation or other urgent issues.
Realistically, the process of pulling records, verifying information, and getting it sent to the right party is laborious enough, but that doesn’t even account for the time required to address incomplete requests, rectify electronic medical record merging or transfer errors, log or retrieve disclosures, or update the requester on progress.
To minimize these delays, it’s best to employ a workflow that verifies all requester-related information and signatures first, as well as one that gives priority to requests on the tightest deadlines. In addition, digitized disclosure logs, record tracking, image retention, and third-party ROI services can help reduce your staff’s workload while increasing overall efficiency.
Release of information is both highly complicated and highly regulated. Because of it, simple mistakes can turn into big issues in a heartbeat—even for those who are highly experienced.
To get a true grasp of how wrought with potential problems the process can be, consider all the information you need to have correct to ensure secure, compliant, efficient, and accurate delivery.
Regardless of the method, you have to ensure the request is complete; verify authorization with multiple parties; locate and screen records on a page-by-page basis; remove unauthorized or sensitive information, including comments or notations; review and verify what’s being requested versus what’s being sent; log and track the disclosure and its steps; and deliver it—which can be a process in itself if you handle it manually versus digitally. Otherwise, you could be facing hefty fines and potential damage to your practice’s reputation.
Since every request is different, it can be difficult to design a comprehensive workflow that takes everything into account, but it’s certainly possible. Often, having if/then charts for various steps in the process can be helpful, as well as implementing additional review steps for qualified individuals who possess particularly wonderful attention to detail.
Wrongful Access or Disclosure of Patient Information
It may seem like a common mistake that may even go unnoticed, let alone unreported, but there are plenty of ways inappropriate access and disclosure can happen—and they should be minimized at all costs.
For instance, it could be something as simple as leaving a physical record on a desk unattended, asking or allowing an unauthorized person to access records, accessing from a non-secure device, or even sending information to the wrong person or wrong address entirely.
To reduce these occurrences, make sure your staff clearly knows the outcomes of any violations, have a strict system in place for accessing and transferring records (including the discouragement of access from any non-approved device or location) and have authorized parties act as additional review stages for each other to ensure records are being sent to the right person and location.
While there are many ways you can resolve each of these issues individually, one of the best ways to solve them all at once is to partner with a qualified and experienced third-party service provider that specializes in release of information.
By doing so, you’ll be able to effectively minimize a significant number of issues—from outdated processes, processing delays, and overlooked details, to the responsibility of wrongful access or disclosure—all while allowing your staff to focus on your patients, not paperwork.