By Rita Bowen, MA, RHIA, CHPS, CHPC, SSGB
Managing the disclosure of protected health information (PHI) has become more complex, particularly considering the growing number of disclosure points within healthcare organizations. Ensuring privacy has always been a core tenet of health information management (HIM). It is our responsibility to raise awareness of privacy concerns through education and ongoing communication with senior leaders in other departments including the business office, compliance, risk management, radiology, and other ancillary departments. This article focuses on the importance of privacy in PHI disclosure management, the need for an enterprise-wide approach, and the role of HIM professionals as advocates for privacy in their organizations.
With mounting demands for health information, each department represents a disclosure point in the facility. Though HIM departments are primarily responsible for handling PHI disclosures, other areas increasingly receive requests to release PHI. This trend creates risks that can lead to privacy breaches because release of information (ROI) is not a top priority or responsibility of non-HIM staff. Other departments lack extensive knowledge of rules and regulations that govern the compliant release of PHI. Advocating for privacy through proper PHI disclosure requires specialized training, expertise, and leadership that only HIM can provide.
An enterprise, multidisciplinary approach promotes privacy
Enterprise-wide disclosure management is more important than ever before—offering consistent policy enforcement, quality assurance, and risk mitigation. Ensuring privacy means more than maintaining gates around information. On an enterprise level, we must consider where information originates, where it flows, and how it is delivered and tracked—with quality controls in place and transparency across departments. That’s why centralization of disclosure management processes is important to privacy.
As more HIM professionals assume leadership roles, many organizations have appointed the HIM director as the privacy officer or chief of compliance. This is a vital and natural progression for our profession. HIM serves to safeguard PHI, educate all departments regarding the importance of privacy, and ensure policies are enforced according to established rules, regulations, and a strict code of ethics.
Conveying the importance of privacy requires interaction at all levels of the organization to gain understanding and endorsement within each department. Breaches of privacy during PHI disclosure place everyone involved at risk. Effective communication of risks—including the potential impact on patients, each department, and the entire organization—is essential. Listening before taking action is critical. In the words of Stephen R. Covey: “Seek first to understand, then to be understood. Most people do not listen with the intent to understand; they listen with the intent to reply.”
Following that principle, HIM professionals must spend time with various departments to understand how information is being requested and shared. Most often, the department head will ask the HIM director to observe operations and then speak with several individuals within the area. This type of interaction builds trust and paves the way for positive outcomes.
Engaging each department is a crucial step toward forming a cohesive multidisciplinary team including an executive sponsor and representatives from each area. At the first meeting, review the importance of privacy for each department and for the entire organization. Then explain the rationale for centralization of ROI as a means to ensure privacy and compliance for the enterprise. Finally, invite feedback. Listen and allow individuals to voice any concerns before moving forward.
Many organizations have found that centralization supports departmental specialization, which helps ensure privacy and compliance. Professionals within each discipline can devote their full attention to the task at hand versus many hands trying to manage PHI disclosure. The benefits of an enterprise-wide approach promote accountability based on uniform policies, procedures, and processes that are fundamental to privacy. And HIM leaders have the knowledge and experience to convey to other senior leaders the importance of privacy during PHI disclosure management.
Benefits of enterprise PHI disclosure management with HIM professionals as advocates for privacy across departments
Quality assurance, centralized tracking and reporting, consistent enforcement of disclosure policies
Compliance hold and review workflow, patient record restrictions
Streamlined record fulfillment, itemized statement request processing, portal delivery to insurers and auditors
Radiology, Other Ancillary Departments
Release and tracking of specialty disclosure, consistent enforcement of disclosure policies
Centralized logging and quality assurance, consistent enforcement of disclosure policies
The views and opinions expressed in this article are those of the author and do not necessarily reflect or represent the views, opinions, or policies of MRO Corporation.
Rita Bowen is vice president, privacy, compliance and HIM Policy at MRO.