Tag Archive | "HITECH"
If a PHI Breach Fits One of These Exceptions, You May Be Home Free
Include this information as part of your risk analysis. Knowing what doesn’t count as a breach under new HIPAA notification rules can help you weigh whether to report a disclosure of unsecured protected health information. The rules include four exceptions, as follows: Exception No. 1. An unintended acquisition, access or use of PHI by a person with authority to handle PHI who is acting in good faith. Also, “there’s no further acquisition, access or use of the PHI,” says attorney Kathryn Solley, with Atlanta law firm Seyfarth Shaw LLP.
Continue reading...Follow These 3 Tips to Protect PHI
Tuesday, January 19, 2010
Hint: Paper files can be breached just as easily as electronic files. You may be sure that you’ve dotted all of your i’s and crossed all of your t’s, but if you miss even a small piece of the privacy puzzle, you can compromise your entire system. Take a look at these three reminders to ensure that you’re starting 2010 with your privacy program on the right foot: 1. Don’t Let Paper Get Lost in the Shuffle. You may think of patient privacy exclusively in terms of protecting electronic patient data, but paper files are just as likely to be compromised. “With the advent of the HITECH changes, breaches occurring with paper records will be treated the same way as electronic data,” says Gregory Michaels, manager of security and compliance solutions at BluePrint Healthcare IT in Cranbury, N.J.
Continue reading...Connecticut AG Sues Health Net for Security Breach
Tuesday, January 19, 2010
State prosecutors see HITECH as a big stick. If you practice medicine or run a plan in Connecticut, make sure all your practice or organization’s security breach notification policies are in order: The Attorney General is not messing around when it comes to HIPAA enforcement. Following its loss in May 2009 of a portable disk drive from a corporate office, Health Net of Connecticut, Inc. has become the first health plan to get popped by a state attorney general under the HITECH Act’s new enforcement provisions, which allow state AGs to enforce HIPAA’s penalty provisions for security violations.
Continue reading...HITECH: Physicians Must Meet 25 Criteria To Achieve ‘Meaningful Use’
Wednesday, January 13, 2010
While waiting for CMS guidelines, some practices have dragged heels on EHR adoption Practices that have been waiting for CMS to define the term “meaningful use” are finally in luck. But as is always the case when the feds are involved, don’t look for a quick one-sentence definition. The American Recovery and Reinvestment Bill of 2009 (ARRA) offers annual bonuses to practices that show “meaningful use” of electronic health records, and in 2015, practices that aren’t showing meaningful use will face penalties. However, the government was slow to issue a definition of the term “meaningful use,” causing some physicians to delay adoption of EHRs because they didn’t want to risk being a non-meaningful user. On Dec. 29, CMS and the Office of the National Coordinator for Health Information Technology announced that the definition was finally available for public comment. “CMS’s proposed regulation would define and specify how to demonstrate ‘meaningful…
Continue reading...Hospitals Find New HIT Issues in OIG’s 2010 Work Plan
Wednesday, January 13, 2010
Watch out. If your hospital breaches 1,000 records, you face a whopping $282,000 fine. Hospitals that read the HHS OIG’s 2010 Work Plan carefully will find an important clue about how to handle health information technology in the future. And it’s buried in a very real and present threat, so read on to find out how to not only avoid penalties from CMS in the present but also prepare for ARRA’s “meaningful use” requirement, which CMS announced on Dec. 30 will be tied to quality data. Reporting quality data and portable device compliance under HIPAA are two hot areas for hospitals in 2010, according to Jim Sheldon-Dean, director of compliance services at Lewis Creek Systems, who gave a recent audio presentation titled “OIG 2010 Work Plan for Hospitals.” And that makes sense, given CMS’s…
Continue reading...What You Need To Do To Get ARRA’s EHR Adoption Incentive Money
Wednesday, January 6, 2010
Having trouble plodding through the 555-page HITECH reg? Our experts spell out the basic requirements for collecting cash. If you help to run a hospital or a physician’s office that sees Medicare and Medicaid patients, you might think you know red tape. Well, if you plan on seeing any of the American Recovery and Reinvestment Act of 2009 incentive money for adopting electronic health records technology, get ready for a whole new world of red before you see any green. On Dec. 30, 2009, CMS issued a proposed rule that would implement the incentive payment provisions of ARRA. Payments will be offered to Medicare and Medicaid providers and facilities that adopt and “meaningfully use” electronic health record technology, and this proposed rule is the first indication of how CMS plans to define ARRA’s requirements. The most anticipated part of the reg…
Continue reading...It’s Here: CMS’s Proposed Rule Implementing the HITECH Act
Thursday, December 31, 2009
We’ve got the links to help you learn more about the rule. Well, it looks like CMS meant what it said and said what it meant, despite the skeptics out there. Like a particularly deft limbo dancer, the agency made its end-of-2009 deadline for a proposed rule implementing the HITECH Act. The 555-page document landed online with a ‘thud’ on December 30th. Those of you who want to save this heavy reading project until after your New Year’s revelries can go here for some fact sheets. You’ll learn nifty new HIT acronyms like ‘EP,’ which should make you the hit of any cocktail party. The public comment period for the rule is 60 days. Stay tuned to HIT News for in-depth analysis of the rule, as well as a roundup of what healthcare providers are saying about it.
Continue reading...HITECH Update: Yes, Virginia, There Will Be a Meaningful Use Rule
Wednesday, December 16, 2009
To all those skeptics out there who think federal regulators will fall behind their HITECH rulemaking schedule and that it’ll be a looooong time before we actually learn the meaning of ‘meaningful use,’ HHS says, ‘Bah, humbug.’ Believe it: The agency will release rules implementing the HITECH act this month, Health Data Management reports, which should keep Medicare incentives to adopt EHR on track for October 1, 2010 (hospitals) and January 1, 2011 (physicians). According to HDM, we can still expect to see one proposed rule and two interim final rules published in December 2009. * RIN: 0991-AB58, an Interim Final Rule with comment period to establish an initial set of data standards, implementation specifications and criteria for certification of electronic health records; * RIN: 0991-AB59, An Interim Final Rule with comment period establishing certification programs for health information technology; and * RIN:…
Continue reading...Your Link to the Interim Rule for HIPAA Civil Monetary Penalties
Monday, November 9, 2009
Looks like HITECH’s going to give HIPAA much sharper teeth. On October 30, HHS issued an interim final rule that outlines the fines providers will have to pay if they are found guilty of HIPAA violations. The public has until December 29, 2009 to comment on the rule. Tip: The Federal Register link to the rule is here. For a handy table that summarizes the new civil monetary penalties for HIPAA, scroll down to page 56127. CMPs vary depending on how much a person knows or doesn’t know about the violation. Note: There’s a cap that limits the CMP for violating one HIPAA provision to $1.5 million per year. That’s almost a 6,000% increase in the current maximum penalty an organization or provider can pay for a HIPAA violation. AUDIO TRAINING EVENT: HIPAA Breach Notification Rule: Compliance Action Required Today.
Continue reading...HHS OCR Is New HIPAA Security Regulator
Tuesday, August 4, 2009
You’ve got a new sheriff in town for HIPAA enforcement. The Department of Health and Human Services is handing over the administration and enforcement of the Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the HHS Office for Civil Rights. CMS formerly oversaw enforcement of the rule. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic-protected health information. OCR has enforced HIPAA’s Privacy Rule since 2003. CMS hopes the Security’s Rule’s move to OCR will trim some administrative inefficiency and improve regulation, given that privacy and security are so closely connected. “The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA), mandated improved enforcement of the Privacy Rule and the Security Rule,” points out
Continue reading...- tower200: What concerns me most about the Government plan is...
- Jeffrey Zelmanow: To add to the answer, when considering identifiers...
- Jake @ social work jobs: Switching to a better networked system is a huge r...
- Mia: Just wondering whether there will be an interface ...
- Chuck Everett: I don't agree that the iPad will "jump-start" EMR ...
- Industry Group Announces Top 5 HIT Companies for 2010
- OCR May Expand Accounting of Disclosures under HIPAA
- EMR Use Might Distract Clinicians from Patient Interaction
- HHS Online Data Breach List Thrives
- Most Hospital CIOs Cite EMR as Top Priority
- HIT: Just in Time to Cure the Recession?
- HHS Pumps More Money into HIT Adoption Efforts
- Consumers Called to Contribute to ‘Meaningful Use’ Definition
- DEA Clears One Hurdle to “Meaningful Use” of EHR
- Study Shows File-Sharing Can Kill Your PHI Security Softly
Wednesday, January 27, 2010
0 Comments