Changes to HIPAA, New Data Interoperability Rules, and the Impact of COVID-19 on ROI

As mentioned previously, we’re taking part on the Virtual AHIMA conference this week.  Exploring how things work in the virtual world, we tried something new today and did a text based chat interview with Rita Bowen, VP of Privacy, Compliance and HIM Policy from MRO.

In this wide ranging text interview, we talked with Rita about Changes to HIPAA, New Data Interoperability Rules, and the Impact of COVID-19 on ROI.  Here’s a slightly cleaned up version of the live chat interview (please excuse any grammar or spelling issues since this was done live):

John Lynn:
Does HIPAA Need to be Updated?

Rita Bowen:
Yes, the rule is 20+ years old and the practice of medicine has changed, the maintenance of the health information, etc.. so yes, it is time for a face lift

John Lynn:
Where is HIPAA falling short?

Rita Bowen:
HIPAA was written as the floor/minimum standards, in my opinion the floor should be raised. Also align more with the interoperability rules

John Lynn:
Where do you think the HIPAA rules aren’t really aligned with the interoperability rules?

Rita Bowen:
The main gap is that Interoperability is a “must” share if legally acceptable where HIPAA is a “shall” if so authorized or directed. Organizations may not have embraced Information Governance totally and may not have the ability or readiness to segment data up on presented need.

John Lynn:
That highlights the gap I’m trying to figure out in the new data interoperability regulations. What data is really “required” to be shared with the patient? Is is the legal health record?

Rita Bowen:
The first two years the USCDI or CCDA (if the facility E-HR is already certified} should be pushed with special effort or as we say with out manual intervention.. from the E-HR to the patient portal. Only the data elements in the USCDI version 1 are required at this time. The push for additional E-PH is not for two years, and potentially later if delays occur as rumored. The ability for the patient to down load to an API is also at a later date. The Nov 2nd compliance date refers to the push to the patient’s portal at the facility

John Lynn:
Good point. It will be phased in for sure.

Rita Bowen:
For sure, this is like eating an elephant, one bite at a time.

John Lynn:
Is eating elephants allowed under the new regs? 😉

Rita Bowen:
If the elephants are covered in chocolate and we add some whip cream… yes… I hope you can hear my laughter, I can hear yours.

John Lynn:
Laughter is better than choking on popcorn #insidejoke [Insider’s Note: In a previous interview I did while Rita was present, she nearly choked on popcorn while I was doing the interview.  Thankfully she didn’t choke and is doing fine.]

John Lynn:
I think we’re going to have implementations all over the place because it’s not clear. And patients will still have to do a records request to get all the info they need. Thoughts?

Rita Bowen:
Yes, a full record request will be needed to obtain a full record… so if MRO supplies a response, we provide that information in PDF – which is not machine readable. The rule does not apply to our ROI functionality.

John Lynn:
What are the “face lift” changes to HIPAA that you’d make? My fear is that they’ll make HIPAA worse. I think HIPAA is pretty flexible now. 🙂

Rita Bowen:
Face lift is needed because the current rule is 20+ years old and there have been very few updates but our world and use of technology certainly has expanded. Yes the rules may remove some of the ambiguity that we currently deal with.. which could make compliance harder… but I contend it would be clearer to meet expectations. The one area that many hope will be the codification of the CIOXversusAzar case whereby it allows third parties to be charged state rates for health information

John Lynn:
What would that change accomplish?

Rita Bowen:
If you are referring to the change to codify the state rates for third parties – it would put a stop to the constant debate organizations are undergoing with “bad actors” who either don’t understand the current rule, don’t care or are just cherry picking words from the rule to get health information for cheap… these bad actors are not patients and they are not standing in the shoes of the patients to make a health care decision. I could go on… this area would require a phone call… and yes I might choke talking about it…

John Lynn:
It seems like that’s the challenge the regulators have when it comes to release of information. They say patients should have their info for free or cheap (ie. at cost) and I think we all generally agree with this. Although, a huge percentage of ROI requests aren’t from patients. Do you know what percentage of records requests are from third parties vs patients?

Rita Bowen:
That is a good question, you just stumped me, we would have to obtain that statistic. Although if I were guessing I would say the 80 – 20 rule applies with 20% or less actually coming directly from the patient. [Note: We checked with the MRO Operations team and through September of 2020 patient requests are 8% of requests received by MRO on clients’ behalf.]

John Lynn:
Will we see any changes to HIPAA? How about a broader consumer privacy law that will impact healthcare information?

Rita Bowen:
We are hearing that there will be an update released before the end of the year, supposedly the new language is with the OMB.

John Lynn:
Do you predict the HIPAA enforcement discretions that came out for COVID-19 are going to be rolled back?

Rita Bowen:
Some areas relaxed to accommodate a move to a virtual world may stay in tact… we are seeing more streamlined intake forms for request – in other words eliminating the need to download a request form fill out mail or deliver… but a true on-line request portal

John Lynn:
How has ROI been impacted by COVID?

Rita Bowen:
Other than front desks within organizations closing to eliminate physical contact… the workload for requests has remained steady and perhaps somewhat increased for patients

John Lynn:
How is the new legislation around information blocking that requires providers to immediately share data going to impact the ROI business?

Rita Bowen:
We welcome patient portals becoming more active and patient’s having more control of their health information and their health….

John Lynn:
Has COVID caused delays in releasing records or has it actually helped to streamline the process since I imagine most records requests are now coming in electronically.

Rita Bowen:
Yes we are seeing no impact to the ROI world – there might have been a dip in requests at the beginning for the pandemic but volumes are now back to normal. We have definitely seen an increase with patients requesting their records electronically through a portal as many organizations have closed walk in windows to serve patients.

John Lynn:
Do you think we’ll see an increase in ROI requests from payers as they want to audit telehealth visits?

Rita Bowen:
Absolutely, Telehealth began in a frenzy when COVID caused us to move to virtual visits. I have been tracking documentation requirements, and have had several conversations with organizations as to where the video and voice records will be maintained. How long they will be maintained.

John Lynn:
What do you think payers are going to find when they audit telehealth records? Do you think organizations should fear reimbursement clawbacks for incorrect telehealth visit documentation?

Rita Bowen:
I don’t think they need to fear clawbacks, but definitely should be prepared to defend their billing practice. When anyone asks me how to prepare, I say begin with the end in mind. If you want to get paid, work backwards to assure your documentation achieves that purpose.

John Lynn:
It would be a real shame if they were punitive when there were so many changing regulations and reimbursement policies. As such, there will likely be gaps if they want to find them.

Rita Bowen:
There have been posted measures to assure flexibility during the pandemic. It will be important that processes that began during this time allowing flexibility are brought back into standardization once the state of emergency ends

John Lynn:
Outside of the things we’ve talked about, what’s the most interesting thing happening with HIM professionals today?

Rita Bowen:
John that question depends on the role of the HIM Professional. In my case the most interesting thing is learning the ins and outs of the interoperability rule and how the exceptions can be applied.

John Lynn:
You’re right about the exceptions. Seems like there will be a lot of different interpretations of the various exceptions.

Rita Bowen:
Yes, I have been participating in the Sequoia Boot Camp and the last two sessions have been focused on exceptions and all they apply. The real issues is that all the factors of the exception must apply. Also if you elect to apply the infeasibility exception, you have to inform the patient within 10 days. Requires facilities to begin walking through various situations and documenting their reaction/response.

John Lynn
Reminds me of something I’ve been talking about for a while. Healthcare organizations need to have a channel of communication with the patients. If they don’t, they’ll be at a disadvantage.

Rita Bowen:
John, lets go get some popcorn 🙂 Miss you my friend. would love to be chatting with you.

John Lynn:
Thanks for the virtual chat and knowledge sharing. In person would definitely have been more fun.

About the author

John Lynn

John Lynn is the Founder of HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

2 Comments

  • Going to electronic medical records requests would be beneficial for requesters and requestees alike. So often ROI forms are incompletely filled out, not signed, not dated, not specific. If an electronic form had hard stops, patients would receive their records in a more timely and accurate way.

  • Sharon,
    I’m not sure in what world people would still want ROI requests on paper. For the reasons you mentioned and many more. I guess “the way we’ve always done it” is a powerful force.

Click here to post a comment
   

Categories