Wickenhauser a Guest Feature on Compliance and Ethics Blog

Our compliance team, including Gary Powell and Kathryn Ayers Wickenhauser, were in attendance at this year’s HCCA Compliance Institute annual meeting at the National Harbor in Maryland. Wickenhauser, an author and speaker in the industry, penned her thoughts after one the sessions she attended. Her post, titled “Right to Access: Peters States Additional Guidance Forthcoming”, was recently featured on the Compliance and Ethics Blog. In this post, Kathryn shares insights from a question that was directed to Iliana Peters, the Senior Advisor for HIPAA Compliance and Enforcement at the Office of Civil Rights (OCR), during the live session.

Here’s an excerpt from Wickenhauser’s blog:

“The attendee asked Peters how to handle a situation when an attorney contacts the provider on behalf of the patient to produce records. The attendee states that attorneys have been “taking advantage” of the “Right to Access” guidance in an effort to receive the same cost-benefit a patient might for requesting a copy of their records, and the patient may not truly be aware of what is being delivered to a third-party. Peters indicated a suggested solution is to call the patient and see if they personally requested the records be delivered to their attorney, as well as what should be delivered, as nothing in the current “Right to Access” guidance prevents a provider from doing so. Additionally, she stated that more guidance was forthcoming to clarify the process and verification of a patient directing their health information to a third-party.”

To read more from Wickenhauser on this topic and the additional guidance that will be forthcoming, please continue on the Compliance and Ethics blog.





Moving the Needle of Interoperability; Can We Expect it to be Seamless, YET?

As we all get used to writing the digits “17” in our signature lines, at DataFile we’re reflecting back on 2016 and the many advancements that were made towards interoperability across all stakeholders in the healthcare continuum. One of our consultants started this past year at an educational event in the Midwest where a representative from a small private practice asked if “digital fax” was considered participation in interoperability. As we wrap up this year we know the amount of health information exchanged has hit unprecedented levels and will only continue to grow. Providers at all levels, from the hospital to private practice in rural America, are utilizing digital tools and relying on technology to communicate with their patients and with other providers in a variety of settings. HealthIT systems are working together to make the transmission of information easier between systems and achieve the goal of seamless data exchange.  But what do we do until then?

While we continue to advance interoperability, there is much more work to be done before we can consider the exchange of health information to be “seamless” or “automated”. Our CEO, Janine Akers, has coined the phrase, “Interoperability Does Not Equal Automation”. In February of 2016, the ONC published the “Nationwide Interoperability Road Map” and sets up a number of milestones to measure advancement and success along the way. With the ultimate goal of a “seamless data system”, actions related to key components such as security and consistency are highlighted in this guide. It states that for the years of 2015-2017, the measure of success is to “send, receive, find and use priority data elements to improve health and health care quality.”  A recent article published in the January 2017 Journal of AHIMA states that the ONC and HHS will continue to focus on three areas to advance interoperability in the upcoming year:

  1. Promoting common standards to facilitate the seamless, secure exchange of data.
  2. Building the business case for interoperability; particularly through delivery system reform efforts that change the way CMS pays for care to reward quality of quantity of services.
  3. Changing the culture around access to information.

Our Regulatory Compliance Advisor, and member of AHIMA, Kathryn Ayers Wickenhauser, believes the ONC is on the right track. Wickenhauser and Akers share the sentiment of the Journal of AHIMA article that much more work is to be done to achieve full, seamless (or automated!), interoperability. “While we continue to support and work as a unified stakeholder in the nationwide interoperability roadmap, DataFile realizes a continued need of providers across the country will be to help fill the gaps where automation does not happen quite yet.” Akers continues to share that, “the human element is still very important. In many current instances of data exchange, we need a well-trained eye to ensure that information flows correctly from the different healthIT systems and is in a usable format for that crucial moment of patient care.” As interoperability does become more automated, Akers acknowledges that leaders will need to determine how to ensure that automation is working and most importantly, compliant. “We are actively involved in better understanding what audit protocols will need to be implemented for our clients and the industry as a whole,” Janine states. “It’s the next step in further discussions of interoperability and we’ll hear more  about audit protocols in the coming year.”

Seamless. Automated. We’re getting there. And in 2017, the healthcare data experts at DataFile look forward to continuing to move the needle of interoperability, while delivering real-time, important data exchange support to providers and health systems alike.

Office of Civil Rights HIPAA Audits Advance

On Monday July 11th, the Office of Civil Rights (OCR) HIPAA Audits took a step forward in their anticipated program when over 150 Covered Entities were notified of their selection for participation in a “desk” or remote audit.  The selected entities are required to submit documentation by Friday July 22nd, just ten business days following notification.  Additional phases of these OCR Audits will occur in 2016.

Have questions about these Audits?  Want assistance preparing in case you are selected?  Check out our free webinar regarding OCR Audits: http://www.datafiletechnologies.com/webinar-recording-available-ocr-audits-coming/  or email Healthcare Consultant Kathryn Ayers Wickenhauser at Kathryn.Wickenhauser@DataFileTechnologies.com.


As your Healthcare Data Expert partner, DataFile will continue to alert you to any impactful industry news.

Webinar Recording Available: “The OCR Audits are Coming”

Did you miss today’s webinar? No fear, the recording is available for your reference as we look ahead to upcoming OCR Phase Two Audits!audit

Keep in mind, the Office of Civil Rights (OCR) Phase Two Audits don’t have to be scary! The OCR has been fairly transparent about what these 200+ audits over the next six months will look like. The awareness of these Phase Two Audits picked up steam on May 20th, 2016 as more than 12,000 healthcare entities were contacted to verify their primary contact information.

The OCR is using the email address OSOCRAudit@hhs.gov to reach out to healthcare entities to verify contact information.  If your organization has not received an email yet, continue to watch your spam filter to ensure you do not miss communication.

Have questions?  Looking for additional guidance?  We offer services to help prepare you if your organization is selected! Learn more or contact us at Education@DataFileTechnologies.com

Ready to hear more about these Phase Two Audits from Kathryn Ayers Wickenhauser? Please access the webinar by completing the form below:

Webinar: The OCR Audits are Coming

Recording from June 6th, 2016

The OCR Audits are Coming! Hear Details on Monday!

Encore! Encore! Join us on Monday, June 6th at 1pm Central. 

With the abundance of interest we’ve heard regarding upcoming Office of Civil Rights (OCR) Phase Two Audits, we are offering another LIVE opportunity for you and your organization to hear more details. Our compliance expert, Kathryn Ayers Wickenhauser, has the information you need. Join her on Monday, June 6th at 1pm Central to learn more.

This webinar will cover:

  • Why healthcare organizations should be prepared for the OCR Phase Two Audits
  • Types of healthcare entities included in the audit pool
  • What documentation the OCR is requesting from those organizations selected
  • How these audits will expand in the future
  • Expected timelines if your organization is selected
  • What information you can start gathering now to prepare

Want to know more in case your entity is selected for an OCR Audit? Register here  for the complimentary webinar.

(PS: Know someone who needs to hear this information? Please feel free to share!)

HHS Issues Clarification on $6.50 “Right to Access” Provision

On Monday May 23rd, 2016, Health and Human Services (HHS) issued a clarificationHealth and Money Balance to a FAQ published February 25th, 2016 regarding reasonable fees allowed to be charged pertaining to a patient’s “right to access” their health information under HIPAA. Through the clarification, there is no longer a $6.50 maximum charge for providing an electronic copy of health information to a patient.

Under the previous guidance, HHS gave three means to charge patients for a copy of their protected health information (PHI): charge an average cost, charge the actual cost or charge a flat fee. However, the previous FAQ indicated that if a patient requested an electronic copy of their health information being maintained electronically (such as within an EHR), the maximum allowable charge for any method was $6.50.

The $6.50 cap caused distress for many entities, as this figure contained all allowable labor and material costs (such as producing the information on a CD or USB drive). As Covered Entities and Business Associates argued, their actual cost for providing a proper copy of electronic health information electronically typically exceeds $6.50, causing the organizations to absorb the additional costs in an era where healthcare practices are already overburdened with increasing fees to keep up with healthcare reform. In a letter sent to OCR Director Jocelyn Samuels on April 20th, 2016, The American Health Information Management Association (AHIMA) echoed these concerns, stating “HIM departments may be unable to cover the costs associated with providing such information.

It seems HHS heard the outcry of AHIMA and other healthcare entities. Per the new FAQ clarification, Covered Entities and Business Associates are not limited to a $6.50 maximum charge for providing an electronic copy of health information. Healthcare organizations may charge the actual allowable cost of producing records or organizations may use a schedule of average allowable costs for producing records. But this $6.50 figure is not totally gone for good — if an organization would like to forego these two prior cost options, they may use a flat $6.50 maximum fee for an electronic copy of health information under “Right to Access.”

For additional information on “Right to Access,” please visit the HHS FAQ document here, or contact DataFile Technologies for one-on-one guidance at Education@DataFileTechnologies.com.

OCR Email Confirmation Notice: Did You Receive One, Too?

To our valued clients;

You may have received an email today from the Office of Civil Rights (OCR) Director Jocelyn Samuels asking a member of your organization to verify that they are the primary contact in case of “potential inclusion in the HIPAA Privacy, Security and Breach Notification Rules Audit Program.”

Don’t panic!Screen Shot 2016-05-22 at 7.56.44 PM

DataFile is actively monitoring chatter within the industry and it is apparent that many healthcare organizations are receiving this request for email confirmation.

The Office of Civil Rights (OCR) and Health and Human Services (HHS) have been very transparent regarding an audit program for Covered Entities and Business Associates that will kick off soon. This email verification is not a notification of audit. However, it is important to take this email seriously and verify the information is correct within the time frame specified, as it will be the email address used if your organization is selected for an audit in the future.

DataFile will continue to monitor and provide updates on the OCR Audits as they progress, including a complimentary webinar to be hosted by DataFile in the coming weeks. Additional information regarding these audits can be found via HHS here.

If you have questions, concerns or would like assistance from the Professional Services Team at DataFile Technologies, please reach out to us at Education@DataFileTechnologies.com.