Information Un-Blocked: Increased Access Can Reveal Compliance Risks

The Information Blocking Rule (45 CFR part 171) is only a month into effect, and improved access to medical records, particularly concurrent delivery of lab results to the provider and patient and increased access to provider notes through patient portals, already has led to scrutiny of accurate encounter notes and complicated patient satisfaction issues for many organizations. With more information available via the patient portal, patients are identifying potential problems in their medical record entries and bringing complaints and concerns to providers’ attention. Below are a few common concerns that patients are raising, as well as some associated compliance risks. Providers should be ready to timely respond to patient concerns, and organizations should consider implementing controls and corrective actions to help improve the patient experience and mitigate the potential compliance risks.

“There is a mistake in my record.”

Providers and other workforce members are human, which means sometimes documentation mistakes happen. Whether it is a transcription error, demographic error or a provider inadvertently mistyping in a note, be prepared to respond when a patient finds such an error and brings it to the provider’s attention. In addition, as provider notes become increasingly accessible, patients are challenging the use of some medical terminology (e.g., obese) or taking issue with how the provider described them or the encounter. Some concerns may be easily addressed through patient education and a discussion with the provider. Other times, the provider may agree or the patient may persist that an amendment to the record documentation is warranted.

Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), patients have the right to request an amendment to the protected health information in their designated record set, which generally will include electronic health information subject to the Information Blocking Rule. Covered entities are required to respond to these requests within 60 days unless state law provides a shorter time frame. Where the amendment request is accepted, the covered entity must make the amendment, notify the patient, inform any other persons or entities who may have and rely on the information to the patient’s detriment and ensure that the amendment accompanies all future disclosures of the record.

But keep in mind, sometimes what a patient sees as a “mistake,” a provider will consider accurate. In this situation, the covered entity may deny the request for amendment but must give the patient an opportunity to submit a statement of disagreement. The provider may file a rebuttal to the patient’s statement. All documentation of the request, denial and additional documentation related to the amendment must accompany future disclosures of the record.

“I did not receive those services.”

With patients accessing information more frequently than ever before, they are more likely to identify instances where incorrect information may have been included in their medical records.

Patients may take issue with the type and scope of services provided. For example, a patient may disagree that the provider completed the entire physical exam, discussed certain risks and benefits with them or spent the number of minutes with them that the provider documented in the medical record. When patients bring these types of concerns forward, organizations should have a process in place to review the concern and respond back to the patient appropriately and timely. Organizations should develop policies and procedures to coordinate follow-up on these types of issues, including involving the Compliance Department. Organizations may also want to develop a tracking mechanism to identify those providers who are receiving more complaints, which may suggest more mistakes. These providers may pose potential compliance risk and any documentation deficiencies should be addressed quickly.

When a patient raises concerns that the medical record information in dispute relates to another patient and was included in the wrong record, further analysis should be undertaken. Depending on the extent to which the information identifies the other patient, a breach risk assessment may need to be performed to determine whether notification of the affected patient and Office of Civil Rights is required.

“What you billed me doesn’t match the services I received.”

With broader access to the information on which billing and coding determinations are made, patients are much more likely to raise concerns regarding what they are being billed when paying for services. For example, if providers are routinely using copy-and-paste or other functionalities in the electronic health record, patients may notice repetitive language in the record and question the validity of the encounter based on their personal recollection. These inconsistencies can lead to potential compliance concerns, and if not addressed swiftly, the organization may find itself the target of a government investigation. Providers may wish to review how and to what extent templates and/or copy and paste functions are used when documenting provider notes in the EHR.  Organizations should have a process in place to track these types of documentation and billing concerns and implement corrective actions swiftly to mitigate potential compliance risk.

Practical Takeaways

Here are a few steps that organizations can take to address expanded patient access and the risks that accompany it:

• Educate providers and patients on what to expect. Educate providers and patients on the type of information patients will have access to through portals. Engage providers in educating patients proactively on what to expect when viewing notes or receiving test results through the portal to encourage a dialogue between provider and patient and address potential concerns regarding how an encounter has been documented before a patient complaint occurs. Develop and implement policies and procedures so there is consistency throughout the organization on how providers should respond to patient complaints and concerns regarding the content of patient medical records. With expanded patient access, providers have the opportunity to engage with patients more directly and involve them as a key member of the health care team. Dialogue and transparency regarding medical record access can lead to a positive provider-patient relationship.
• Take steps to ensure accuracy of medical record documentation. Review medical record documentation requirements and practices to ensure accuracy of the medical record. If the organization identifies problematic documentation practices as a result of expanded patient access, use it as an opportunity to work with providers and improve documentation practices. Organizations should consider targeting their education initiatives to those providers who may be having more issues than other providers. Organizations should involve compliance professionals early in the process because patient complaints regarding medical record documentation, coding and billing continue to pose significant compliance risk regardless the type of health care organization.
• Review policies and procedures. Ensure that organizational policies and procedures related to patient requests for amendments and complaints are accurate, up-to-date, and known to key stakeholders in the organization. Policies and procedures should clearly outline responsible parties and time frames for responding. Consider outlining in the procedure how the Compliance Officer and other senior leadership will be kept up-to-date and informed of issues as they arise. Remember that patients may voice their concerns through a variety of formats (e.g. social media, direct to provider communications, calls to the billing department, reports to the compliance hotline, etc.), so policies and procedures should address identifying, appropriately responding to, and resolving patient concerns voiced across all mediums.
• Respond to issues as they are identified. Track patient complaints and concerns to identify trends and potential compliance risks. Revise the Compliance Work Plan to include Information Blocking as part of the annual risk assessment. Ensure that processes for handling complaints and addressing compliance issues are followed and documented. Finally, make sure that appropriate follow-up and auditing mechanisms are in place to monitor ongoing compliance.

If you have questions or require assistance addressing any of the topics discussed above, please contact:

• Stephane Fabus at (414) 721-0904 or sfabus@wp.hallrender.com;
• Katherine Kuchan at (414) 721-0479 or kkuchan@wp.hallrender.com;
• Mike Batt at (317) 977-1417 or mbatt@wp.hallrender.com;
• Jeff Short at (317) 977-1413 or jshort@wp.hallrender.com; or
• Your primary Hall Render contact.

Hall Render blog posts and articles are intended for informational purposes only. For ethical reasons, Hall Render attorneys cannot—outside of an attorney-client relationship—answer specific questions that would be legal advice.