Breaking: HHS releases proposed rule on ACO's

Posted on March 31, 2011 by Steve Fox and Vadim Schick

Earlier today, HHS has released the highly anticipated proposed rule on Accountable Care Organizations (ACOs). The rules will guide healthcare providers in setting up exchanges of healthcare data to improve care and reduce costs, as mandated under the Patient Protection and Accountable Care Act of 2010.

HHS will host a call today, March 31, 2011 on the new regulations, expected to be released prior to the call. The call will take place a noon EDT today and can be accessed by calling 800-475-8413 Code: HHS.

You can find a copy of the proposed rule by clicking here.

Continue Reading...
Tags: , , , , , , ,

Medicare EHR incentives attestation to begin on April 18, 2011

Posted on March 29, 2011 by Steve Fox and Vadim Schick

CMS announced that the online Attestation System for the Medicare EHR Incentive Program will launch on April 18, 2011. Eligible professionals and eligible hospitals will be able to use this online portal to self-attest to meeting the Meaningful Use criteria.

CMS also released a preview of the Attestation System. This preview includes attestation screenshots and is intended to give examples of what the attestation process will look like. CMS promised to release additional information about the attestation process soon, including "User Guides" that will give step-by-step instructions for completing attestation, along with educational webinars that describe the attestation process in depth.

Finally, CMS noted that providers will follow a similar process using their state's Attestation System. Such providers may find their state's scheduled launch dates of their Medicaid EHR Incentive Program by clicking here.

You can download the preview by clicking here.

For more information, please visit CMS's EHR Incentive Program web site.
 

 

Tags: , , , , , , , , , , , , , ,

California agency to investigate HealthNet

Posted on March 16, 2011 by Steve Fox and Vadim Schick

As we predicted yesterday, HealthNet's breach of personal information of almost 2 million people, is already the subject of a state government agency's investigation.  Via Health Leaders Media:

After Health Net, Inc. in California announced Monday that several data servers containing sensitive health and personal information on its enrollees are unaccounted for, state officials said the security breach involves 'personal information for 1.9 million current and past enrollees nationwide.'

The California Department of Managed Health Care, the only stand-alone HMO watchdog agency in the nation, also provided further details beyond the plan's statement, saying that the missing records on nine servers are 'for more than 622,000 enrollees in Health Net products regulated by the DMHC, more than 223,000 enrolled in the California Department of Insurance products (another state agency that has oversight responsibility) and a number enrolled in Medicare.'

'The DMHC has opened an investigation into Health Net's security practices," said DMHC spokesperson Lynne Randolph. "Health Net has agreed to provide two years of free credit monitoring services to its California enrollees, in addition to identity theft insurance, fraud resolution and restoration of credit files, if needed.'

This may not be the last government investigation for the embattled insurer. For more information on the breach, please click here.

 

Tags: , , , , , , ,

HealthNet breach affects 1.9 million individuals

Posted on March 15, 2011 by Steve Fox and Vadim Schick

HealthNet, a California-based insurer, suffered another major data breach last month. Modern Healthcare reports that HealthNet lost data of almost two million employees, members and healthcare providers, including their medical information, Social Security numbers and other sensitive information. The loss was reportedly caused by a missing server drive from HealthNet's Rancho Cordova, CA data center.  According to the insurance company's press release, HealthNet's IT vendor, IBM, notified HealthNet that it could not locate the drives.

As we noted previously, HealthNet suffered another major data breach in 2009, when the company lost a portable hard drive containing sensitive and protected information on 1.5 million people.  As a result of that breach, HealthNet was sued by then-Connecticut Attorney General Richard Blumenthal, in a first such action under HIPAA, as modified by the HITECH Act.  HealthNet and Connecticut settled this suit in 2010 for $250,000 fine, a $500,000 contingency fund and a corrective action plan aimed at enhancing the security of the data in HealthNet's possession.

In light of HHS stepping up enforcement of HIPAA and HIPAA Privacy and Security Rules, HealthNet will become a likely target of both federal and state investigations; and if such investigations reveal negligence or failure to implement or comply with their own corrective action plan referenced above, the fines could be much more severe than the $250,000 number from the Connecticut settlement in 2010.

This should also serve as a reminder about the importance of requiring IT vendors to indemnify healthcare providers against such losses. If HealthNet's investigation concludes that IBM and/or its personnel were responsible for this loss, the parties will likely look to their existing contracts and BAA to determine whether IBM will reimburse HealthNet for its costs in relation to this breach.

Continue Reading...
Tags: , , , , , , , , , , , , , , ,