Health IT Law Blog : Health IT Law Blog : Post & Schell: Law Firm : HIT & Electronic Health Records

Grassley follows up with letter to 31 hospitals regarding HIT vendor practices

Posted on February 8, 2010 by Steve Fox and Vadim Schick

Following up on his letter to health IT companies last fall, Senator Chuck Grassley (R-IA) sent a letter to 31 hospitals in the United States to inquire about each hospital's experience with purchasing and implementing health information technology. According to Healthcare IT News:

Grassley cites reports he’s heard about “difficulties and challenges associated with HIT implementation,” including “administrative complications,” “formatting and usability issues,” “computer errors stemming from the programs themselves,” and problems with “interoperability between programs.”

More specifically, he raises concerns that “when [providers] report such problems to their facilities and/or the product vendors, their concerns are sometimes ignored or dismissed.” Often, he writes, “this is attributed to alleged ‘gag orders’ or non-disclosure clauses in the HIT contract that prohibit health care providers and their facilities from sharing information outside of their facilities regarding product defects and other HIT product-related concerns."

You can find more about Sen. Grassley's letter to hospitals in his office's press release, which includes the full text of the letter.

Tags: ARRA, Articles, Grassley, HIT, HITECH Act, News, gag orders, health it vendors, vendor practices

Rising numbers and costs of data breaches

Posted on January 28, 2010 by Vadim Schick

There is little doubt that the healthcare industry must prepare for a growing number of - and expanding costs associated with - data breaches, particularly for breaches of protected health information. Here are just a few notable reports on this subject:

Infosecurity.com reported on a striking increase in attempts to hack into healthcare organizations, while the rate of hacking in other economic sectors remained flat: "the last quarter of [2009] saw an average of 13 400 attempts to hack healthcare organizations, compared to an average of 6,500 in the first nine months." According to researchers at SecureWorks, which produced the graph above, healthcare organizations are particularly vulnerable to such attacks because they "have to provide access to many external networks and web applications so as to stay connected with their patients, employees, insurers and business partners. This increases their risk to cyber attacks."

Cnet News reported on similar findings by the Ponemon Institute, whose survey concluded that "Data breaches at U.S. companies attributed to malicious attacks and botnets doubled from 2008 to 2009 and cost substantially more than breaches caused by human negligence or system glitches." The cost per compromised record involving a criminal act averaged $215, about 40% higher than breaches from negligence and 30% higher than those from glitches, the Ponemon survey found.

Tags: ARRA, Articles, BCBS, HITECH, HealthNet, News, Privacy & Security, Privacy and Security, breach, credit, data breach, hacking, health information, malware, monitoring, notification, privacy, security

Negotiating vendor-financed EMR transactions

Posted on January 15, 2010 by Vadim Schick

Ingenix, the technology unit of United Health Group, and Allscripts-Misys Healthcare Solutions joined Siemens, GE Healthcare and IBM in offering financing for purchasers of electronic medical record technology. This continues the trend of vendors offering interest-free financing until healthcare providers receive the "meaningful use" incentive payments or reimbursements under the HITECH Act.

While such offers may provide a solution to some of the credit and financing woes facing the healthcare industry, healthcare providers should be acutely aware of the many potential pitfalls and related issues inherent in vendor-financed deals, including: (1) additional pressure from vendors to accept their standard contractual terms and conditions, rather than engaging in full-blown contract negotiations, because vendors have much more leverage if they are also the creditor in the transaction; (2) failing to obtain necessary warranties and representations from vendors that their systems will comply with all relevant requirements under ARRA and the HITECH Act and will permit the provider to achieve meaningful use; (3) dealing with problems that may arise if either the vendor’s product fails to achieve applicable certification (e.g., CCHIT), is not “accepted” by the provider after completion of acceptance testing or the product does not enable the provider to achieve “meaningful use” in a timely manner, as well as a host of other issues.

Steve Fox and yours truly explore the issues around vendor financing of EHR system purchases in the latest issue of the Journal of Health Information Management, where we suggest recommended courses of action for healthcare providers considering acquiring HIT systems, including EMRs, by using vendor financing options. A complimentary PDF copy of the article is available here.

Tags: ARRA, Articles, EHR, EMR, GE, HITECH, HITECH Act, Ingenix, JHIM, News, Siemens, agreement, contract, finance, incentive payments, loan, negotiating, negotiation, vendor-financed, zero-interest

In the news: Privacy breaches and de-identification

Posted on January 11, 2010 by Steve Fox and Vadim Schick

According to LA Weekly, Huping Zhou, a former employee at the UCLA Healthcare System, pleaded guilty to federal charges of breaches of patient privacy. Zhou, 48, accessed the UCLA patient records system 323 times during the three-week period, mostly looking for the files of celebrities, after being let go by the hospital. Names of targeted celebrities have not been revealed. This case follows a similar breach at UCLA Medical Center, when Lawanda Jackson, a former nurse at the Center, plead guilty to wrongfully accessing information of Britney Spears and Farrah Fawcett.

Delaware Online reports about a new unfortunate trend in medical identity theft -- searching for copies of discarded prescriptions: "In the latest crime trend to hit Delaware, police are reporting that people looking for drugs such as Oxycontin and Vicodin are stalking customers who throw away prescription bags containing paperwork with details about their pills and themselves. They use the personal information to call in prescriptions and charge them to the victims' insurance. Then they turn around and sell the drugs." According to Bruce DiVincenzo, chief agent of Delaware's Office of Narcotics and Dangerous Drugs:

They're making their own scripts by ordering paper from the Internet," he said. "It's the patient's name that they want, because that person is actively listed as a customer of the pharmacy and will not raise suspicion."

Pharmacies like CVS and Happy Harry's (a subsidiary of Walgreens) take certain precautions to prevent such identity theft, including checking ID's before filling prescriptions and reminding customers to be careful with their receipts and copies of prescriptions.

Tags: ARRA, Articles, HIPAA, HIPAA Privacy Rule, HIPAA Security Rule, HITECH Act, News, Privacy & Security, breach, de-identification, deidentification, identity theft

Updated: Meaningful Use Definition Released in the Federal Register

Posted on December 30, 2009 by Steve Fox and Vadim Schick

CMS released a proposed rule pursuant to the HITECH Act which includes the much-anticipated definition of Meaningful Use of Certified EHR technology. You can find the full text here.*

HHS has also released an interim final rule with a request for comments to adopt an initial set of standards, implementation specifications, and certification criteria, as required by section 3004(b)(1) of the Public Health Service Act. This interim final rule represents the first step in an incremental approach to adopting standards, implementation specifications, and certification criteria to enhance the interoperability, functionality, utility, and security of health information technology and to support its meaningful use. The certification criteria adopted in this initial set establish the capabilities and related standards that certified electronic health record (EHR) technology will need to include in order to, at a minimum, support the achievement of the proposed meaningful use Stage 1 (beginning in 2011) by eligible professionals and eligible hospitals under the Medicare and Medicaid EHR Incentive Programs. You can find this interim rule here.*

Tags: ARRA, Articles, CMS meaningful use, Certified EHR, EHR, EMR, Federal Register meaningful use, HITECH Act, Meaningful use, News, Privacy & Security, federal register, incentive payments, meaningful use definition, meaningful use regulations

ALERT: CMS and ONC to Discuss Next Steps in EHR Programs Today

Posted on December 30, 2009 by Steve Fox and Vadim Schick

Today the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) will announce two regulations that lay a foundation for improving quality, efficiency, and safety through meaningful use of electronic health record (EHR) technology.

The regulations will help implement the EHR incentive programs enacted under the Health Information Technology for Clinical and Economic Health (HITECH) Act, which was part of the American Recovery and Reinvestment Act of 2009. Public comments on both regulations are encouraged.

Join today’s call; details are listed below:

WHO:
--David Blumenthal, MD, MPP, national coordinator for health information technology
--Jonathan Blum, director, Center for Medicare Management
--Cindy Mann, director, Center for Medicaid and State Operations

WHAT:
Briefing for HITECH Partners and Stakeholders – Providers, HIT Industry Organizations

WHEN:
Today, Wednesday, Dec. 30, 2009, 5:15 p.m. – 6:00 p.m. Eastern Time

WHERE:
Toll-Free Dial: (800) 837-1935
Conference ID: 49047605
Pass Code: HITECH

Stay tuned for more updates and information on the HIMSS Meaningful Use Web site at http://bit.ly/5IdkDe . HIMSS will be posting a statement tomorrow.

Tags: ARRA, Articles, Blumenthal, CMS, HITECH Act, Meaningful use, News, Privacy & Security

GE and Siemens provide new financing options for Health IT purchases

Posted on December 29, 2009 by Steve Fox and Vadim Schick

On the eve of HHS releasing the much-anticipated definition of "meaningful use," health IT divisions of GE and Siemens revealed new financing options for purchases of their EMR and other HIT products.

On December 16, 2009, Siemens followed IBM and GE in offering "a series of flexible financing solutions to help healthcare providers pursue meaningful use objectives and meet [HITECH Act] deadlines <...> Featuring zero-percent interest terms for qualified customers, the solutions enable organizations to defer up-front payments associated with their technology investment while meeting criteria for future government incentive monies."

According to Fierce Healthcare:

To provide the greatest possible range of choices for customers, Siemens offers solutions from Siemens Financial Services, Inc. as well as from selected partners, including IBM Global Financing and 3-D Financial Services. These options allow customers to choose a customized financing solution that matches their individual technology acquisition roadmaps, business strategies, financial profiles, and technology needs. <...>

By bridging the gap between the project implementation and the receipt of ARRA incentive, Siemens will be providing its customers an option which allows them to optimize their cash flow while maximizing return on investment.

Tags: 0%, ARRA, Articles, Centricity, EHR, EMR, GE, HITECH, HITECH Act, Meaningful use, News, Siemens, financing, incentive payments, meaningful use definition

CCHIT certifies EHR products for Preliminary ARRA 2011 program

Posted on December 21, 2009 by Steve Fox and Vadim Schick

Via Healthcare IT News:

The Certification Commission for Health Information Technology has certified 14 electronic health record products that pass muster for provider use under the American Recovery and Reinvestment Act of 2009 (ARRA).

"We believe it will be a challenge for providers who have not yet begun to evaluate products to purchase and implement EHR technology and achieve meaningful use in time for the 2011-2012 incentives," said Alisa Ray, the CCHIT's executive director. "We have received more than 30 applications for our 2011 certification programs – more than half of which are for the comprehensive program – and are announcing new certifications regularly so providers can begin to consider EHR technology that demonstrates compliance with the proposed federal standards."

According to Ray, the Preliminary ARRA 2011 program is a modular, limited certification and inspects technology only against the federal standards. It offers flexibility for health IT companies, developers and providers in meeting ARRA 2011-2012 certification requirements.

Tags: ARRA, Articles, CCHIT, Certified EHR, HITECH Act, News, meaingful use

ONC names 17 members of the privacy and security workgroup

Posted on December 11, 2009 by Steve Fox and Vadim Schick

The Office of National Coordinator for Health IT named 17 members of the newly formed privacy and security workgroup of the HIT Policy Committee. According to Government Health IT:

The work group will be co-chaired by Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology, and Rachel Block, executive director of the New York eHealth Collaborative and deputy commissioner for health IT transformation at the New York State Department of Health.

Their team will advise the Policy Committee on such matters as how safeguards for the exchange of health information should fit into the “meaningful use” test for health IT incentives that ONC has been working on.

The ONC has previously announced the establishment of a separate workgroup devoted to creation of a national health information network, which, of course, will have to deal with its own set of privacy and security concerns. There is also a privacy and security workgroup under the HIT Standards Committee.

Tags: ARRA, Articles, HIT Policy Committee, HIT Standards Committee, HITECH Act, Meaningful use, News, ONC, ONCHIT, Privacy & Security, Privacy and Security, meaningful use definition, office of national coordinator

PWC report projects booming market in personalized medicine

Posted on December 8, 2009 by Steve Fox and Vadim Schick

The new science of personalized medicine, a new report on the $232 billion personalized medicine industry by PriceWaterhouseCoopers, anticipates an annual 11% growth in this market. Health IT and telemedicine are among the key drivers for personalized medicine.

According to Healthcare IT News, the report's findings include:

The core diagnostic and therapeutic segment of the market – made up primarily of pharmaceutical, medical device and diagnostics companies – is estimated at $24 billion and expected to grow by 10 percent annually, reaching $42 billion by 2015.

The personalized medical care portion of the market – including telemedicine, health information technology and disease management services offered by traditional health and technology companies – is estimated at $4 billion to $12 billion and could grow to more than $100 billion by 2015 if telemedicine takes off.

The related nutrition and wellness market – including retail, complementary and alternative medicines offered by consumer products, food and beverage, leisure and retail companies – is estimated at $196 billion and projected to grow 7 percent annually to more than $290 billion by 2015.

You can find the full report here.

"IT helps drive $232B personalized medicine market," Healthcare IT News (December 8, 2009).

Tags: Articles, EHR, EMR, News, health IT, telemedicine

Health IT Law Blog

www.healthitlawblog.com

Post & Schell, P.C.

Allentown

1245 South Cedar Crest Boulevard
Suite 300

Allentown, PA 18103

(610) 433-0193

(610) 433-3972

(fax)

Harrisburg

17 North Second Street
12th Floor

Harrisburg, PA 17101-1601

(717) 731-1970

(717) 731-1985

(fax)

Lancaster

1857 William Penn Way
P.O. Box 10248

Lancaster, PA 17605-0248

(717) 291-4532

(717) 291-1609

(fax)

Philadelphia

Four Penn Center
1600 John F. Kennedy Boulevard

Philadelphia, PA 19103-2808

(215) 587-1000

(215) 587-1444

(fax)

Pittsburgh

One Oxford Centre
301 Grant Street
Suite 4300

Pittsburgh, PA 15219

(412) 577-2972

(412) 577-2973

(fax)

Princeton

Overlook Center
100 Overlook Drive

Princeton, NJ 08540

(609) 924-3333

(609) 924-4144

(fax)

Washington, D.C.

Suite 600
607 14th Street NW

Washington, D.C. 20005-2006

(202) 347-1000

(202) 661-6970

(fax)

Healthcare IT Lawyer & Attorney of Post & Schell Law Firm, offering services related to HIT, health care systems, medical software, HIPAA compliance, EHR software licenses and electronic medical records systems (EMR).