EHR vendor loses ONC certification for two of its records systems

This week health care organizations were startled and not a little concerned to learn of the ONC's unprecedented action with regards to a California health software company.  The agency is decertifying electronic health records systems which initially met ONC requirements for certification. 

Via Modern Healthcare:

For the first time, the Office of the National Coordinator for Health Information Technology at HHS has revoked certifications for two electronic health-record systems, raising troubling questions about how physicians and hospitals should react if the government nixes a system they're already using.

Federal officials require that doctors and hospitals use certified EHR systems in order to receive federal money to defray the cost of converting to EHRs. But on Thursday, the ONC said it decided to revoke certifications for two products on the market after anonymous complaints were lodged about the systems.

 

Continue Reading...

IT staffing shortage a chronic issue for health industry

The healthcare industry continues to face a greater deficit than ever in terms of qualified professionals to fill its ever-expanding information technology staffing needs.

Via Modern Healthcare:

Many U.S. healthcare companies – about 67% -- report that they’re struggling to attract experienced information technology workers, according to a survey.

That’s compared with 10% that said they have problems attracting all workers, according to the "Towers Watson 2013 Healthcare IT Survey" (PDF).  Meanwhile, 38% of healthcare companies reported problems with retaining experienced IT workers, compared with 8% reporting problems retaining all types of workers.

 

Continue Reading...

Health care digitization enriches software industry

The health IT industry's pitch to Congress, and to the public, was that health care would be transformed through digitization, and that the shift to electronic records would result in huge health care savings.  Four years after the passage of ARRA and the HITECH Act, which included $19 billion in EHR incentives, it remains to be seen whether the federal government and the American public will see such benefits as reduced costs and improved levels of health care. Meanwhile, the software industry appears to be the big winner.

For more, see the New York Times article by clicking here:  "A Digital Shift on Health Data Swells Profits in an Industry".

Health IT Law Blog Named to a List of Top Health Care Organizations

Our blog is proud to be featured in the Top 100 Health Care Organizations to Watch in 2013. The designation was published by MHAPrograms.org, a website that highlights the most prominent organizations and information resources across health care and health care administration. In addition to highlighting the blog’s authors, MHAPrograms.org specifically noted the diverse topics covered by the Health IT Law blog, including features on ARRA, HIPAA, HITECH Act and the related regulations, as well as privacy and security issues more broadly.

The complete article and list can be found here.

Mostashari urges HIT vendors to conduct themselves ethically

Farzad Mostashari, National Coordinator for Health Information Technology, believes most HIT vendors operate in good faith.  At a recent meeting, however, Mostashari stated that he will be testing organized peer pressure as a means of bringing more ethically problematic vendors into line, in order to avoid having to develop onerous additional regulations.  He warned that he will impose more regulations if necessary.

See Healthcare IT News article at "Mostashari calls on vendors to play fair".

Family doctor EHR use up although use varies by location

The Annals of Family Medicine reports that although use of electronic health records has not increased significantly in all regions, it has risen dramatically nationwide in the last few years.

Via Modern Healthcare:

The number of family physicians who have adopted electronic health records has more than doubled since 2005, though wide geographic variations exist, according to a report in the Annals of Family Medicine.

Using census survey data from the American Board of Family Medicine maintenance of certification exam and the National Ambulatory Medical Care Survey, researchers predicted that the adoption rate could pass 80% by the end of the year.

Continue Reading...

Breaking: HHS releases final rule on HITECH Act provisions

HHS has announced a long-awaited omnibus final rule that implements a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, commonly known as the "Stimulus Bill," to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

We will update the blog with more analysis of the final rule, but, in the meantime, you can find the press release here. You can see a copy of the rule via Federal Register here.

Via HHS Press Release:

The final rule also reduces burden by streamlining individuals’ ability to authorize the use of their health information for research purposes. The rule makes it easier for parents and others to give permission to share proof of a child’s immunization with a school and gives covered entities and business associates up to one year after the 180-day compliance date to modify contracts to comply with the rule.

The final omnibus rule is based on statutory changes under the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, and the Genetic Information Nondiscrimination Act of 2008 (GINA) which clarifies that genetic information is protected under the HIPAA Privacy Rule and prohibits most health plans from using or disclosing genetic information for underwriting purposes.

 

HIPAA Transaction Rules Compliance Enforcement Delayed Until April 2013

The Centers for Medicare & Medicaid Services will postpone the start of HIPAA Transaction Rules compliance enforcement for 90 days, according to a recent announcement.

See CMS press release here. Via CMS website:

Today, the Centers for Medicare & Medicaid Services’ Office of E-Health Standards and Services (OESS) announced that to reduce the potential of significant disruption to the health care industry, it will not initiate enforcement action until March 31, 2013, with respect to HIPAA covered entities (including health plans, health care providers, and clearinghouses, as applicable) that are not in compliance with the operating rules adopted for the following transactions as required by the Affordable Care Act: eligibility for a health plan and health care claim status. Notwithstanding OESS’ discretionary application of its enforcement authority, the compliance date for using the operating rules remains January 1, 2013.

Continue Reading...

Settlement of first small scale HIPAA breach announced by HHS

In a sign that HHS is serious about small data breaches, the Office of Civil Rights (OCR) and The Hospice of North Idaho reached a settlement agreement to resolve allegations of a 2010 breach involving 441 patient records. OCR Director Leon Rodriguez reminded the industry that every covered entity, regardless of size, must implement the privacy and security safeguards - including, e.g., encryption of protected health information on mobile devices - required under HIPAA, as amended pursuant to the HITECH Act.

This settlement comes at the same time as the OCR rolls out its new educational initiative aimed at securing protected data on mobile devices. You can learn more about this initiative here.

Via HHS Press Release:

The Hospice of North Idaho (HONI) has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  This is the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500 individuals.

The HHS Office for Civil Rights (OCR) began its investigation after HONI reported to HHS that an unencrypted laptop computer containing the electronic protected health information (ePHI) of 441 patients had been stolen in June 2010.  Laptops containing ePHI are regularly used by the organization as part of their field work.  Over the course of the investigation, OCR discovered that HONI had not conducted a risk analysis to safeguard ePHI.  Further, HONI did not have in place policies or procedures to address mobile device security as required by the HIPAA Security Rule.  Since the June 2010 theft, HONI has taken extensive additional steps to improve their HIPAA Privacy and Security compliance program.

Continue Reading...

HHS Inspector General: Medicare EHR incentive program lacks adequate safeguards against error and fraud

The HHS Inspector General this week reported the results of its recent investigation to “verify the accuracy of professionals' and hospitals' self-reported meaningful-use information, as well as eligibility and payment amounts.”   The investigation reviewed payments issued from May through December 2011, a period during which approximately $1.7 billion was distributed to almost  28,000 recipients.  The Inspector General’s office concluded that Medicare needs to improve its review process.

Link to report here.

Via Modern Healthcare:

The CMS and the Office of the National Coordinator for Health Information Technology at HHS need to tighten up their oversight of the Medicare EHR incentive payment program, according to HHS' inspector general's office.
 
The watchdog office, headed by Inspector General Daniel Levinson, offered a couple of recommendations for the agencies in its report, "Early Assessment Finds That CMS Faces Obstacles in Overseeing the Medicare EHR Incentive Program" (PDF). The report is based on audits of EHR incentive payment attestations, reviews of internal CMS and ONC documents about the program and interviews with CMS personnel. The inspector general's office did not focus this time on the Medicaid portions of the program, although a previous report, issued in July 2011, did, focusing on 13 state-run Medicaid EHR incentive programs. The inspector general's office also is conducting "a series of audits of Medicare and Medicaid EHR incentive payments" to "verify the accuracy of professionals' and hospitals' self-reported meaningful-use information, as well as eligibility and payment amounts. No time frame for those audits was included in the report.

Continue Reading...