Patient access is an important component of interoperability, but in the world of covered entities and their business associates (BAs), it’s nerve-racking. We all know the value of protected health information (PHI) to hackers and nefarious individuals. Health information management professionals must prioritize patient access in order to help patients gain access to the information that supports their healthcare; however, get patient access wrong and you’re left with angry patients, investigation from the Department of Health and Human Services (HHS), and potential fines up to $1 million.
So, how can HIM departments manage the balancing act? Consider the following tips to get your organization on the right track to managing patient access efficiently and with confidence.
Ultimately the goal is to place the patient at the center of their healthcare experience, so ease of access is vital. Don’t lose sight of the reason you’re dealing with all of these patient access rules and regulations in the first place – your job as a health information management professional is to ensure patients have access to information about their own health, which is absolutely vital to quality medical care. All of HHS’s rules around patient access are intended to move the healthcare industry in the direction of interoperability, which is an initiative that deserves healthcare organizations’ attention regardless of the legal obligation to comply with regulations.
Organize and formalize your designated record sets (DRS), as they can help create essential guidelines for your staff. Designated record sets take time to define and organize, but doing so is a worthwhile investment that creates borders and protects your organization in the case of a patient complaint. A well-defined DRS also creates essential guidelines for your staff, equipping them to do their jobs effectively & efficiently and protecting your organization against potential claims of information blocking. Ultimately your goal should be to provide patients the information they ask for in the format requested – but don’t be afraid to ask questions and clarify how detailed they want and need to get.
While outlining your DRS, anything that does not include a written description may need to be considered. In defining your DRS, remember to consider and address types of information that are not standard written documents – such as fetal monitoring strips, diagnostic images, X-rays, etc. Fetal monitoring strips, for example, may not be included in the designated record set but still may be provided to a patient with the proper authorization. You can find more helpful information from AHIMA on categorizing record types that belong in the designated record set and/or the legal health record here.
Be aware of state laws as they can be more stringent than federal regulations. Understanding federal laws related to patient access and interoperability is the right place to start, but be sure to educate yourself and your health information management staff on applicable state laws as well. State laws are often more stringent than federal regulations, meaning that compliance with the federal law alone does not necessarily protect your organization.
Work with business associates that understand the healthcare industry and have a strong compliance team. As knowledge around information blocking regulations is becoming more widespread, it’s more important than ever to have an organizational policy in place to ensure compliance with state and federal legislation. Any complaints filed with HHS can create a mountain of work for your HIM department, resulting in an investigation that can go on for months and a potential fine up to $1 million. When working with business associates, make sure you choose a partner with deep knowledge and resources in the field of compliance that will relieve your stress, not cause you more.