By Julie Pursley Dooling, MSHI, RHIA, CHDA, FAHIMA, director of HIM practice excellence; AHIMA.
Release of patient information during COVID-19
What insiders have long known has become clear during the COVID-19 pandemic: health data is a vital element of health care, including efforts to curb the pandemic. Of course, that data is important to patients, providers, and healthcare staff. And even during COVID-19, if a patient wants to access their data, release of information services (ROI) teams must comply with a strict set of processes set forth by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). These regulations ensure that patients retain safe and secure control of their personal health information and record requests are timely, accurate, and complete.
So, what should providers and patients expect during this time? For years, patients have been able to walk into a provider’s office or a health records office and request a copy of their records. During a stay at home order, however, that’s not such a good idea.
The American Health Information Management Association (AHIMA) recommends that organizations temporarily suspend walk-in access for medical records inquiries during COVID-19. Organizations should work closely with their ROI vendor (if they have one) to ensure continuity, while also displaying signage on doors and windows to redirect patients and families to alternative resources. In addition, it would be prudent to post process changes to the organization’s website and through automated messaging systems, while alerting the patient access staff.
It’s important for organizations to provide patients and their families with alternate record request options during COVID-19. All requests via phone should be authorized by health information staff who witness and document it in the patient’s record. And voicemails should be directed to a patient portal so they can be returned.
And just how can a health professional be assured they’re talking to a patient or one of their relatives? They should ask the caller to verify their patient demographic data such as a date of birth, home address or the last four digits of a social security number (if applicable). Other examples of data may include cell phone numbers, nicknames or another reliable data source that is consistently collected.
Telehealth during COVID-19
With stay at home orders in effect in many states, it’s not surprising that providers and patients would both seek ways to meet virtually. On March 17, the U.S. Department of Health and Human Services published guidance that relaxes HIPAA rules related to telehealth during the pandemic. The guidance allows for providers and patients to meet over commonly used platforms like Apple’s FaceTime, Facebook Messenger, Google Hangouts and Skype. Two-way conversations are allowed on these channels – what isn’t allowed is speaking on more public-facing platforms like Facebook Live or TikTok. Health information management (HIM) professionals should educate providers and staff on the relaxed HIPAA rules including the difference between secure and nonsecure connections.
Whether a provider and patient are meeting in person or virtually, the importance of accurate clinical documentation remains. HIM professionals should work with medical staff to ensure the organization continues its high standards for documentation. In fact, as regulations remain fluid around telehealth, documentation will be more important than ever. Post-pandemic documentation will be vital for helping organizations ensure that accurate billing, coding, and public health reporting occur.
As mentioned above, HIM professionals, providers and staff need to remain cognizant of HIPAA. AHIMA recommends HIM professionals create a fact sheet for their organization’s staff that reminds them about the importance of confidentiality and access.
Finally, HIM professionals should remain vigilant against cyber scams. The Cybersecurity and Infrastructure Security Agency said cyber actors may send emails with malicious attachments or links to fraudulent websites in an effort to trick victims into revealing sensitive information. All staff should exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.