The HIPAA Privacy Rule’s Right of Access

2020 Alliance sponsor feature article courtesy of Total Medical Compliance

One of the key goals of The Health Insurance Portability & Accountability Act of 1996 (HIPAA) is to ensure patients have the ability to access their protected health information (PHI) in a timely manner and in the format most convenient for them. Some providers have implemented electronic health record systems that offer patients the ability to view and download their health records at any time. However, patients do not always take advantage of that option. Some rather have a hardcopy of their records, or certain records might not be stored electronically. In these cases, a patient will submit a request for a copy of their health records.

HIPAA requires a provider to respond to a request from a patient for their health records (with some exceptions, like psychotherapy notes) as quickly as possible. The provider has up to 30 days to respond to the request, but The U.S. Department of Health & Human Services (HHS) strongly encourages providers to respond sooner, especially if the information is already in electronic format. An extension of 30 additional days is permitted, but the patient must be provided notice of the extension in writing along with the reason for the extension within the first 30 days. Some state laws require requests to be addressed in a shorter period of time.

A provider cannot refuse a patient’s request to send health records to them via unencrypted email if the patient has been informed of and has accepted the risk associated with the unencrypted transmission of their health record. The provider’s access request form should include an area where the patient can acknowledge that they accept the risk of having their records sent via unencrypted email.

Last year, HHS launched an initiative to “vigorously enforce the rights of patients to get access to their medical records promptly, without being overcharged, and in the readily producible format of their choice.” Since then, the HHS Office for Civil Rights (OCR) has settled 2 cases regarding a patient’s right to access health records. The most recent one was in December 2019. A penalty of $85,000 and a 1-year corrective action plan were imposed by the OCR. The first enforcement action was in September 2019 under the same terms. The decision emphasized, “This right to patient records extends to parents who seek medical information about their minor children.” It is hard to say whether that will be the OCR’s standard enforcement arrangement, but history shows that generally, penalties have been decided on a case by case basis.

A reasonable, cost-based fee can be assessed, but HHS encourages providers to give records (especially if in electronic format) to patients at no cost when possible. It is important to note, though, that a patient does not lose their right to access their health record even if they have an outstanding balance with a provider. The fundamental point is clear: a patient’s access to their health record may not be obstructed or delayed by a provider, so it is important to be diligent and address a patient’s request as soon as possible.

Tips for Responding to Online Reviews

2020 Alliance sponsor feature article courtesy of MagMutual

Top Five Recommendations:

Acknowledge feedback quickly – Consumers turn to social media for information and expect healthcare organizations to monitor online feedback, especially on their own social media pages and high-traffic sites. It’s important for organizations to perceive online reviews as valuable patient feedback. Acknowledging those activities validate patient feelings and show an organization’s commitment to providing quality care. Consider having individuals closely monitoring accounts and providing feedback within 24 hours.

Keep responses anonymous – It is extremely important to maintain HIPAA compliance when responding to online reviews. By providing generic responses, without PHI or individual patient care details, an organization can safeguard itself against fines and other penalties.

Adhere to standard protocols – Create and follow standard protocols for responding to online reviews. Determine the appropriate individual(s) to monitor online feedback. Establish time frames for online feedback reviews and responses. Use pre-approved, HIPAA-compliant responses for positive and negative feedback. If possible, remove feedback that contains offensive language or hate speech and use a templated statement about removing that type of language.

Use templated responses – Developing a few responses for positive and negative reviews can ensure that they are generic, HIPAA-compliant, timely and remove any bias or anger that might present itself in individual responses. These templates can be reviewed by your insurance risk management team and providers for approval and quickly used when a new review is submitted.

Address direct issues offline – If an organization receives an online review with allegations of negligence or non-factual information, use a generic response online and don’t address any specifics. If appropriate, ask the reviewer to contact the organization to address any concerns. Communication over the phone or in person will increase the likelihood of understanding and compromise.

Top Five Cautions:

Don’t respond in anger – Unfortunately, there are times when consumers will post incorrect, rude or defamatory reviews. Responding in anger could lead to HIPAA privacy violations or online back and forth fighting for the world to see. It’s better to use a templated response and try to address the issue offline.

Don’t private message – Online messaging and email is not private, and HIPAA violations may occur if PHI is included in any online activities on behalf of an organization.

Don’t give medical advice – Medical advice, appointment scheduling, medication prescriptions/refills, lab results, billing issues, etc. should never be provided or discussed online. Those actions should only be conducted with established patients in person, over the phone or through a secure healthcare portal after patients have consented to participate and understand emergency issues shouldn’t wait for online portal responses.

Don’t delete reviews – Consumers understand that even the best organizations and providers receive negative online reviews. Unless the review contains profane language or hate speech, organizations should leave the review and ensure they have responded, showing other consumers that they review feedback and are committed to communication and improving their quality/service.

Don’t alter content – Loss of confidence in an organization will occur if responses are altered. In today’s world, online consumers routinely take screen shots of online reviews and reply messages. If a message is altered, the evidence might still remain available and could be used against an organization. Also, it’s important to remember that patients can disclose their own PHI, but the organization cannot repeat or verify/deny without authorization.

Sample Online Compliment/Complaint Responses:

Compliment – Our practice aims to deliver the highest quality patient care. We love to hear about positive experiences. Thank you for your comments.

Compliment – Thank you so much. We really appreciate your kind words and will be sure to pass your feedback on to the staff.

Compliment – Thanks for sharing this feedback with us!

Complaint – Thank you for sharing your feedback with us. We apologize for your recent experience. Please call us at [phone number] so we can improve next time.

Complaint – We are sorry to hear about your experience. We are committed to providing the best patient care. Please contact us at [phone number] so that we may speak with you and address any concerns.

Complaint with profanity – Your message was removed because it did not meet our site standards. If you have any questions or concerns, please contact our office at [phone number].

Strategies for Managing Your Revenue Cycle During COVID-19 and Beyond

2020 Alliance sponsor feature article courtesy of Availity

COVID-19 has forced most healthcare organizations to restructure the ways they operate. Practices and hospitals not on the frontlines of fighting the pandemic have seen reduced—or non-existent—in-person patient visits, and perhaps an increase in telehealth visits. As we head into summer, many states have started loosening shelter-at-home restrictions, and patient volume is beginning to increase for non-urgent and elective procedures. But it’s possible that many organizations won’t see a return to pre-COVID levels for some time.

Whatever happens over the next few months, revenue cycle staff must stay focused on cash flow. How can your organization optimize operations to reduce claim errors, manage denials, file timely appeals, and maintain patient satisfaction? Here are some strategies to consider:

1. Submit transactions electronically

The pandemic has demonstrated how much we still rely on printers, faxes, and postage meters to process paper-based claims. When staff is at home without access to that equipment, it can delay timely processing. One of the most impactful things you can do to streamline operations and reduce costs is to make sure your organization is leveraging all the ways it can submit electronic transactions.

Availity RCM users can use the Drop-to-Paper Claims Report/Unmapped Payer Report to see if there are any payers marked as drop to paper that can be set to electronic. You can also ask your account manager to run an ERA gap analysis to identify all remits that are being sent via paper. Check to see if those payers now offer electronic ERA enrollment and take the time to complete the enrollment process. And it may be time to finally upgrade to one of Availity’s paper-to-electronic solutions, such as Workers’ Compensation and Automobile Liability, Drop-to-Paper for Secondary Claims, or All-Payer Attachments for Medical Claims.

2. Clean up claim errors

Whether your organization has been holding COVID claims to ensure they are as clean as possible before submitting, or you’re seeing reduced volume because of fewer visits, now is a good time to focus on cleaning up all outstanding claim submission errors and getting them out the door. Availity RCM users can check the Edit/Error queue, which allows you to sort and filter claims to determine what to prioritize. You can also use the Edit/Error Management Report to track errors and identify trends. Consider implementing new edits to stay on top of these trends.

3. Follow up on account receivables

How many times have you wished you had a few extra hours in the day to get ahead of your account receivables? With patient volume down, this is your chance to focus staff on critical follow-up activities and get cash flow moving. Start by reviewing your oldest claims and your high-dollar claims. Are there claims waiting for supporting medical documentation? Are you filing appeals wherever possible? Availity RCM users can leverage the Remit Delivery Report to track remits and monitor any delays in payments and the Remit Adjustment Detail Report to better understand denial reasons.

As you complete this work, consider what processes can be put in place to prevent denials in the future. Can you address common coding errors with targeted staff training? Are there adjustments to the check-in process that will reduce eligibility issues? Investing the time now to identify the root cause of problems can pay off when the office gets busier.

4. Review your organization’s financial policies

The unemployment rate is rising as a result of the economic slowdown, so you should expect to see more patients without health insurance coverage. As you prepare for questions from patients and staff, your organization may want to reevaluate its financial policies as they relate to charity care, bad debt, and patient payments.

If you decide to make changes, be sure to communicate the new policies to the entire organization. Too often, financial decisions are made and disseminated among back-office staff, but the information is not effectively rolled out to the individuals answering patient questions at check in. Also, if you have financial scripts integrated into your pre-service workflow, make sure those are updated with the revised talking points.

5. Reassign responsibilities with staff strengths in mind

Many organizations have had to reduce staff hours or temporarily reassign employees to other roles. In making decisions about how best to deploy resources, consider leveraging overlooked skills. For example, do you have an employee who is a Medicare expert who can focus on working those denials? Or are there experienced patient account representatives who can temporarily handle patient registration and intake? This may also be an opportunity for less experienced employees to shadow seasoned staff members. Cross-training staff in different roles can help your organization build capacity for when operations return to normal. Don’t forget: Availity RCM has several reports that provide insight into staff productivity.