Current Issue Previous Issues Subscribe for FREE
Protecting Health Care Organizations Against A Privacy Breach

by philly Biz-- Editorial Staff

A cross multiple industries, personal data is being compromised through hacks, leaks and breaches. Privacy and security breaches within the health care vertical, specifically, are becoming increasingly frequent. In fact, 90 percent of all health care organizations suffered at least one data breach in the past two years, with an average cost of $2.2 million per incident, according to the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, published by the Ponemon Institute in May 2016.

While large breaches affecting more than 500 patient records at a time as a result of cybercrimes and ransomware are making major news headlines across the nation, small breaches affecting fewer patients at a time also impact patient privacy and occur more frequently than large breaches. These types of breaches occur when health care employees fail to follow HIPAA guidelines when disclosing Protected Health Information (PHI) to third-party requesters. According to research conducted by news organization ProPublica last year, there have been over 1,400 large breaches since 2009 and more than 181,000 small breaches.

This is where local company MRO Corporation (MRO) steps in to safeguard health care organizations and their patients against a privacy breach. The company deploys technology and staff within health care organizations to ensure PHI is disclosed in a HIPAA-compliant fashion. Serving more than 4,000 health care facilities nationwide, MRO is the nation’s second largest provider of PHI disclosure management solutions, and has also been rated No. 1 for “Release of Information” services by a research firm called KLAS three years in a row.

Release of Information (ROI) is the sharing of health information between provider organizations and other entities, such as other providers, government agencies, payers, third- party requesters and patients. Working within a relatively new electronic environment for the health care industry, along with stricter compliance regulations from the U.S. Health and Human Services (HHS) Office of Civil Rights (OCR) around patient privacy and sharing health information, the Release of Information process is complex and challenging for a health care provider to facilitate in an efficient, compliant and secure manner without a knowledgeable service partner, such as MRO, in place.

In fact, a national trade organization named the Association of Health Information Out- sourcing Services (AHIOS) has identified a 45- step process for compliantly fulfilling the ROI process. Some of the steps include: logging, tracking and verifying the request for information; retrieving patient PHI; protecting sensitive information; releasing authorized information; and completing and invoicing the request.

The current president of the AHIOS organization is MRO’s chief executive officer, Stephen Hynes, who co-founded MRO in 2002, on the premise of designing a better ROI platform for health care providers. MRO’s chief technology officer, David Borden, another co- founder of the company, designed the company’s technology platform, called ROI Online.

By leveraging the sophisticated ROI Online technology to support its highly trained professionals, MRO offered a way for health care organizations to standardize and centralize ROI policies and procedures, ensuring the highest levels of Quality Assurance (QA) were applied to every step of the process, from data entry to HIPAA compliance. Today, MRO reports a near-perfect 99.99 percent accuracy rate for delivering the right PHI to the right requesters, thanks to their robust QA programs. Most of MRO’s quality checks are performed at its state-of-the-art National Service Center facility, located in Valley Forge.

MRO offers a variety of service models, including “staffed,” “shared” and “remote”— all of which are supported by National Service Center teams. With the staffed model, MRO places employees in a hospital’s Health Information Management (HIM) department—or within a physician practice office setting—to handle ROI processing onsite, at the facility. In a shared model, hospital or physician practice staff collaborate with service center teams to share processing responsibilities.

MRO’s newest option is the remote model, which allows MRO employees to virtually tap into a health care organization’s electronic medical record (EMR) system and handle the entire ROI process, end-to-end, from the National Service Center. The remote services division is MRO’s fastest-growing team, and has more than doubled in size during the first half of 2016.

You can learn more about MRO by visiting or calling (610) 994-7500. MRO is headquartered at 1000 Madison Ave., Suite 100 in Norristown, Pa., 19403.

Published (and copyrighted) in Philly Biz, Volume 1, Issue 9 (August, 2016).
For more info on Philly Biz magazine, click here.
To subscribe to Philly Biz magazine, click here.
To advertise in Philly Biz magazine, call 856-797-9901.