Health IT Law Blog : Health IT Law Blog : Post & Schell: Law Firm : HIT & Electronic Health Records

Free Webinar: Negotiating "Must-Have" Provisions in HIT Contracts

Posted on March 9, 2010 by Steve Fox and Vadim Schick

On Thursday, March 18, 2010 from 1:00PM to 2:00PM (EDT), Post & Schell will host the next webinar in a series examining the effects of meaningful use and other HITECH Act regulations on the healthcare industry.

This webinar will focus on identifying and negotiating the essential elements of HIT agreements, particularly in light of the HITECH Act and related HHS regulations regarding "meaningful use" of "certified EHR technology." Post & Schell's Steve Fox and Vadim Schick, along with Jim Oakes, Principal at Health Care Information Consultants, will discuss:

Warranty, limitation of liability and privacy and security provisions in HIT contracts
Structuring payments to correspond with certain achievement milestones
Acceptance testing procedures
Provisions specific to vendor-financing transactions
ASP / SaaS models of software licensing

You may view this presentation at your desk. There is no charge or limit to the number of people who may listen to the presentation on the same line. Click here to register. After registering, you will receive log-in information by e-mail.

This webinar is second in a series devoted to structuring vendor-provider agreements in the post-HITECH Act world. If you missed our first webinar, A Lawyer's Take on "Meaningful Use," you can still view the slides from that presentation here.

Tags: ARRA, Articles, HITECH, HITECH Act, Meaningful use, Privacy & Security, contract, law, license, meaningful use definition, meaningful use regulations, negotiation

Breaking: ONC releases NPRM on certification programs

Posted on March 2, 2010 by Steve Fox and Vadim Schick

ONC announced release of the much-anticipated Notice of Proposed Rulemaking (NPRM) on certification programs. Via ONC Press Release:

Certification of Health IT will provide assurance to purchasers and other users that an EHR system, or other relevant technology, offers the necessary technological capability, functionality, and security to help them meet the meaningful use criteria established for a given phase. Providers and patients must also be confident that the electronic health IT products and systems they use are secure, can maintain data confidentially, and can work with other systems to share information. Confidence in health IT systems is an important part of advancing health IT system adoption and allowing for the realization of the benefits of improved patient care.

Eligible professionals and eligible hospitals who seek to qualify for incentive payments under the Medicare and Medicaid EHR Incentive Programs are required by statute to use Certified EHR Technology. Once certified, Complete EHRs and EHR Modules would be able to be used by eligible professionals and eligible hospitals, or be combined, to meet the statutory requirement for Certified EHR Technology.

Tags: ARRA, Articles, Certified EHR, EHR, HITECH Act, Meaningful use, News, Privacy & Security, meaningful use definition, meaningful use regulations

HHS begins enforcement of breach notification requirements

Posted on February 25, 2010 by Steve Fox and Vadim Schick

As of February 22, 2010, HHS is expected to begin enforcing the new breach notification requirements created by the privacy and security provisions within the HITECH Act. Although such requirements went into effect last fall, HHS gave covered entities and business associates a few months to adapt to the new rules. That enforcement delay is now over, and, perhaps in a related move, on February 23, 2010, HHS's Office of Civil Rights, pursuant to the HITECH Act, posted a list of organizations which reported breaches of unsecured protected health information affecting 500 or more individuals on OCR's web site. This should serve as a good reminder to providers and HIT vendors alike to be keenly aware of the new regulations on breach notification.

The HITECH Act required a covered entity that “accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses, or discloses unsecured protected health information” to notify each individual “whose unsecured protected health information has been, or is reasonably believed by the covered entity to have been, accessed, acquired, or disclosed” due to the breach. Business associates who discover a breach must notify the covered entity.

By regulation published in the Federal Register on August 24, 2009, HHS added a rather controversial "harm threshold" to this requirement: covered entities and business associates are required to notify the affected individual, the HHS, and, in some cases, the media, if such breach poses a significant risk of harm to the individual. This "harm threshold" essentially requires the organization which discovers a breach to undergo a risk assessment test to determine whether a breach would cause "significant harm" to the affected person.

Free Webinar on Meaningful Use: Slides included below

Posted on February 24, 2010 by Vadim Schick

Here are the slides from our February 25, 2010 Webinar on Meaningful Use. This webinar was first in a series, and focused on the critical definition of "meaningful use" of "certified EHR technology," as described in proposed regulations released and published by CMS pursuant to the HITECH Act on January 13, 2009. Steve and I discussed:

Key policy goals and objectives behind meaningful use

Measures required to achieve meaningful use

Structure of incentive payments under Medicare and Medicaid

Eligibility requirements for professionals and hospitals

Our next webinar, to be held on Thursday March 18, 2010, from 1:00 to 2:00 PM, will focus on how to negotiate software and EHR licensing agreements and other transactional issues with respect to dealing with health IT vendors.

For more information, please contact me at vschick@postschell.com or 202-661-6945.

Tags: ARRA, Articles, EHR, EMR, Federal Register meaningful use, HITECH, HITECH Act, Incentives, Medicaid, Medicare, News, Privacy & Security, federal register, incentive payments, meaingful use

OCR may delay enforcement of business associate provisions in the HITECH Act

Posted on February 23, 2010 by Steve Fox and Vadim Schick

Pursuant to the HITECH Act, on February 17, 2010, business associates of covered entities became subject to the HIPAA Privacy and Security Rules, including provisions regarding implementation of various safeguards to secure protected health information. As Steve Fox pointed out in a recent report on the subject by the Pittsburgh Business Journal, it is highly unlikely that most companies are ready to comply with these dramatic changes.

However, according to Hunton & Williams's privacy blog, Adam Greene of the HHS Office of Civil Rights (OCR) stated at an ABA conference on February 18, 2010, that OCR will delay enforcement of this provision of the HITECH Act until the relevant regulations are finalized. OCR itself did not publish a press release on the subject, and we were unable to reach Mr. Greene for comment.

Regardless of OCR's intent to enforce compliance, the business associate provisions in the HITECH Act went into effect last week. We would strongly encourage all covered entities and business associates to take all necessary actions to comply with the new law.

"Privacy policies over electronic health records expand reach," Pittsburgh Business Journal (February 19, 2010).

"HHS Delays Enforcement of HITECH Act Business Associate Provisions," Privacy & Information Security Law Blog (February 19, 2010).

Tags: ARRA, Adam Greene, Articles, Business Associates, HHS, HIPAA, HIPAA Privacy Rule, HIPAA Security Rule, HITECH Act, News, OCR, Privacy & Security, business associates as covered entities, delay, delayed enforcement, enforcement

Thursday: Free Webinar on "Meaningful Use"

Posted on February 22, 2010 by Vadim Schick

On Thursday, February 25, 2010 from 1:00PM to 2:00PM (EST), Steve Fox and yours truly will host a free webinar, the first in a series, which will focus on the critical definition of "meaningful use" of "certified EHR technology," as described in proposed regulations released and published by CMS pursuant to the HITECH Act on January 13, 2009. We will discuss:

Key policy goals and objectives behind meaningful use

Measures required to achieve meaningful use

Structure of incentive payments under Medicare and Medicaid

Eligibility requirements for professionals and hospitals

You may view each of these presentations at your desk. There is no charge or limit to the number of people who may listen to each presentation on the same line. Click here to register. After registering, you will receive log-in information by e-mail.

For more information, please contact me at vschick@postschell.com or 202-661-6945.

Tags: ARRA, Articles, EHR, EMR, HITECH, HITECH Act, Meaningful use, Medicaid, Medicare, News, Privacy & Security, electronic health records, electronic medical records, free webinar, incentive payments, meaningful use definition, meaningful use regulations, webinar

Pritts named first ONC Chief Privacy Officer

Posted on February 18, 2010 by Steve Fox and Vadim Schick

Joy Pritts, a researcher and faculty member at Georgetown University's Health Policy Institute, was named as the first Chief Privacy Officer for the Office of National Coordinator for Health IT. This position was created pursuant to a provision in ARRA, last year's economic stimulus legislation.

In her new position, Ms. Pritts will advise Dr. Blumenthal on forming policies on privacy, security and data stewardship of electronic health information, as well as coordinate similar efforts on state, federal and international levels.

Ms. Pritts is a graduate of Oberlin College and Case Western Reserve University School of Law. She has testified before Congress on data privacy issues, and served as a member of Technical Advisory Panel for the multi-state Health Information Security and Privacy Collaborative (HISPC) and on the board of the National Governors Association’s State Alliance for e-Health.

Tags: ARRA, Articles, Blumenthal, HIPAA, HITECH, HITECH Act, News, ONC, Pritts, Privacy & Security, chief privacy officer, office of national coordinator, privacy

Massive cyber attack affects 75,000 computer systems across the world

Posted on February 18, 2010 by Vadim Schick

According to the Washington Post, more than 75,000 computer systems at over 2,500 companies across the world have been hacked in possibly the largest and extremely sophisticated cross-border cyber attack. The perpetrators appear to be non-state entities operating out of Eastern Europe.

They lured employees of targeted companies to open attachments containing malware or malicious software ("bots") which track down login and password information stored on those systems. Experts believe that such login credentials -- which include online banking user information -- are valuable to such hackers.

The attack mostly affected businesses in the United States, Egypt, Mexico, Turkey and Saudi Arabia. Wall Street Journal named Merck and Cardinal Health among the companies affected.

Tags: Articles, News, Privacy & Security, attack, bots, cyber, malware

Study finds big increases in physicans' online communications with patients

Posted on February 16, 2010 by Steve Fox and Vadim Schick

According to American Medical News (AMN), a new report by Manhattan Research states that online communications by physicians have increased by 14% since 2006. The survey of 1900 physicians found that 39% of physicians use online communication tools such as email, secure messaging, or instant messaging.

Dermatologists lead all other surveyed practices in the volume of online communications, which, according to Girish Munavalli, MD, assistant professor of dermatology at Johns Hopkins University School of Medicine, can be attributed to "a lot of triage calls and calls for clarification of instructions" which come from dermatologists' large patient volumes. "This is perfect for short e-mail communication and reminders," added Dr. Munavalli.

Dermatologists are followed by oncologists, neurologists, endocrinologists, infectious disease specialists, and primary care physicians.

Of course, certain obstacles remain. Some doctors abstain from using such technology because of liability worries, while many patients prefer in-person meetings because of concerns regarding privacy of their health information. Still, the report suggests that this increase may be due to the growing comfort level and acceptance of online communication between physicians and patients. And it may even indicate a larger trend of greater familiarity and use of other health-related technologies, such as EMRs and personal health records.

Tags: ARRA, Articles, EMR, HITECH Act, News, Physicians, Privacy & Security, health information, messaging, online communication tools, online communications, patient communications, privacy, secure

Obama administration announces $975M in HIT grants

Posted on February 16, 2010 by Steve Fox and Vadim Schick

HHS Secretary Kathleen Sebelius, appearing with Labor Secretary Hilda Solis, announced the Obama administration will release almost $1 billion set aside in the stimulus bill in order to aid implementation of health information technology.

Secretary Sebelius announced $386 million in grants to advance widespread adoption of EHRs at the state level, including for health information exchanges (HIEs). HHS also awarded $375 million to 32 nonprofits for Regional Extension Centers which assist providers in updating their medical record systems and train workers on such new technologies.

Secretary Solis announced around $225 million to support 55 job-training programs in 30 states which is expected to train around 15,000 people in the health records technology.

The Obama administration expects to help more than 100,000 health-care providers set up electronic medical records for their patients by 2014.

Tags: ARRA, Articles, EHR, EMR, HIE, HITECH, HITECH Act, News, Privacy & Security, Regional Extension center, Sebelius, grant, health information exchange, training

Health IT Law Blog

www.healthitlawblog.com

Post & Schell, P.C.

Allentown

1245 South Cedar Crest Boulevard
Suite 300

Allentown, PA 18103

(610) 433-0193

(610) 433-3972

(fax)

Harrisburg

17 North Second Street
12th Floor

Harrisburg, PA 17101-1601

(717) 731-1970

(717) 731-1985

(fax)

Lancaster

1857 William Penn Way
P.O. Box 10248

Lancaster, PA 17605-0248

(717) 291-4532

(717) 291-1609

(fax)

Philadelphia

Four Penn Center
1600 John F. Kennedy Boulevard

Philadelphia, PA 19103-2808

(215) 587-1000

(215) 587-1444

(fax)

Pittsburgh

One Oxford Centre
301 Grant Street
Suite 4300

Pittsburgh, PA 15219

(412) 577-2972

(412) 577-2973

(fax)

Princeton

Overlook Center
100 Overlook Drive

Princeton, NJ 08540

(609) 924-3333

(609) 924-4144

(fax)

Washington, D.C.

Suite 600
607 14th Street NW

Washington, D.C. 20005-2006

(202) 347-1000

(202) 661-6970

(fax)

Healthcare IT Lawyer & Attorney of Post & Schell Law Firm, offering services related to HIT, health care systems, medical software, HIPAA compliance, EHR software licenses and electronic medical records systems (EMR).