EHR vendor loses ONC certification for two of its records systems
This week health care organizations were startled and not a little concerned to learn of the ONC's unprecedented action with regards to a California health software company. The agency is decertifying electronic health records systems which initially met ONC requirements for certification.
Via Modern Healthcare:
For the first time, the Office of the National Coordinator for Health Information Technology at HHS has revoked certifications for two electronic health-record systems, raising troubling questions about how physicians and hospitals should react if the government nixes a system they're already using.
Federal officials require that doctors and hospitals use certified EHR systems in order to receive federal money to defray the cost of converting to EHRs. But on Thursday, the ONC said it decided to revoke certifications for two products on the market after anonymous complaints were lodged about the systems.
Continue Reading...
Our blog is proud to be featured in the Top 100 Health Care Organizations to Watch in 2013. The designation was published by MHAPrograms.org, a website that highlights the most prominent organizations and information resources across health care and health care administration. In addition to highlighting the blog’s authors, MHAPrograms.org specifically noted the diverse topics covered by the Health IT Law blog, including features on ARRA, HIPAA, HITECH Act and the related regulations, as well as privacy and security issues more broadly.
Health education materials provided to health care consumers until now have commonly assumed a fairly high level of “health literacy” – a level which, research has shown, makes the materials inaccessible to about 77 million people. HHS’ new program addressing this issue begins with the development of a system to rate health information as efforts are made to improve the quality of these materials.
National Coordinator for Health IT Farzad Mostashari has announced there is no cap on how much individual providers may receive in meaningful use incentive payouts, as long as they meet the requirements for the EHR incentive payments program. According to the ONC, almost seven billion of the approximately twenty billion dollars in incentives allocated under the HITECH Act has already been distributed.
In preparation for the launching of ONC's permanent EHR system testing and certification program, part of the EHR incentive payment initiative, ONC has authorized five groups as permanent EHR certifiers.
On February 24, 2012, Center for Medicare and Medicaid Services (CMS) and the Office of National Coordinator for Health IT (ONC) issued proposed rules regarding Stage 2 of Meaningful Use. The proposed rules include the criteria for demonstrating Stage 2 Meaningful Use, and address the penalties for failure to achieve Meaningful Use by 2015. HHS noted the progress made in the last few years, but also recognized the challenges facing the industry, and pushed back the attestation for Stage 2 to 2014. Via 
Via 
The HIT Policy Committee, which advises the Office of the National Coordinator for Health IT in the Department of Health and Human Services, voted 12-5 to approve a significant delay in requiring providers to meet Stage 2 Meaningful Use until 2014. If finalized by CMS, such delay would be a welcome relief to those providers who qualified for Stage 1 Meaningful Use in 2011 (and therefore would have only a few months to commence Stage 2 Meaningful Use under the current rule).
On May 31, 2011, HHS released the proposed rule on accounting for dislosures of protected health information (PHI), which modified the HIPAA Privacy Rule pursuant to the HITECH Act. This proposed rule would give individuals the right to get a report on who has electronically accessed their PHI. Via 
HHS's own Office of Inspector General (OIG) issued a scathing report regarding pervasive breaches in privacy and security of patient data. OIG specifically called out the Office of Civil Rights (OCR), charged with enforcement of HIPAA Privacy and Security Rules, for failing to investigate and punish the vast majority of violators.
CMS announced that the online Attestation System for the Medicare EHR Incentive Program will launch on April 18, 2011. Eligible professionals and eligible hospitals will be able to use this online portal to self-attest to meeting the Meaningful Use criteria.
Dr. David Blumenthal, the head of the Office of the National Coordinator for Health IT (ONC), announced yesterday in a letter to his staff that he's leaving the ONC and returning to his position at Harvard University. 
On December 8, 2010, 
The U.S. Government Accountability Office (GAO) released its report on integrated delivery systems (IDSs) in healthcare. The report found that electronic health record systems (EHRs) are able to improve patient care among such IDSs.
A new study by the Ponemon Institute concluded that data breaches cause enormous losses for U.S. hospitals: on average, over a two-year period, each hospital will incur about $2 million in losses due to data breaches, which results in $12 billion cumulative loss for all U.S. hospitals.
Government Health IT published a column by Steve Fox and yours truly on the critical role Regional Extension Centers (RECs) can and should play in distributing best practices regarding contracting for health IT systems, including EHRs. Via 
On Thursday, October 7, 2010, from 1:00PM to 2:00PM, Post & Schell, in collaboration with 
In addition, our guest presenter for this webinar, Alex Ricardo, CIPP of Kroll Fraud Solutions, who will discuss the practical implications of this new set of regulations on covered entities and business associates, including:.gif){kind=logo}
Via 
Our own Steve Fox was interviewed by 
On August 19, 2010, the "tiger team" advisory panel 
eWeek 
Via 
CMS launched a very useful 
On August 19, 2009, pursuant to the HITECH Act, the Department of Health and Human Services (HHS) published the interim final regulations regarding breach notification requirements for health care providers and other entities covered by HIPAA. The rule became effective on September 23, 2009. 
The Rite Aid Corporation, the third largest pharmacy chain in the United States, reached a 
As required in the Patient Protection and Affordable Care Act (PPACA), Center for Medicare and Medicaid Services (CMS) announced this week that it plans to integrate the quality reporting requirements for physicians' Medicare payments with reporting requirements for healthcare providers who achieve meaningful use under the HITECH Act. Via 
The number of reported health information breaches is 
On June 7, 2010, Maryland's Lt. Governor Anthony Brown 
Both companies are looking to capitalize on the projected exponential growth in adoption of health IT, in part due to the incentives created by ARRA. According to the Congressional Budget Office, adoption of electronic health records by physician practices is expected to increase from 12% in 2011 to 90% by 2019. 
Just days prior to the latest enforcement deadline of the Red Flags Rule ("RFR"), medical and osteopathic associations sued the Federal Trade Commission (FTC) over the applicability of RFR's identity theft prevention requirements to their member organizations. FTC is to begin enforcement of the Rule on June 1, 2010. Among other claims, medical associations are seeking the U.S. District Court for the District of Columbia to prevent the FTC from defining healthcare providers as "creditors" under FACTA. According to .gif){kind=logo}
According to 
Back in January, we .gif){kind=logo}
HHS's Office of Civil Rights (OCR) filed a notice in the Federal Register lifting a requirement preventing OCR from posting names of sole practitioners who suffer breaches of patient data without first obtaining consent from such practitioners. Pursuant to the HITECH Act, any covered entity reporting a breach affecting over 500 individuals must report such breach to HHS, and HHS will post a notice of such breach on its web site. At the same time, HHS did not post names of individual physician practices (e.g., sole practitioners) without such physicians' consent because they deemed the name of the physician to be protected under the Privacy Act of 1974. Instead, HHS listed such breaches under "private practice." However, OCR announced on April 16, 2010, that "it will begin posting on its breach notification web site the names of entities they consider "individuals" regardless of whether or not those entities give consent." According to 
On April 13, 2010, the Wall Street Journal published two fascinating articles on health information technology issues. In "
In a letter to Dr. David Blumenthal, the College of Healthcare Information Executives (CHIME), an organization which represents1,400 healthcare chief information officers, offered some criticism of ONC's recent notice of proposed rulemaking (NPRM) regarding the EHR certification program. While CHIME expressed general support for a two-stage approach for creating the certifying bodies, the CIO's are worried about any destabilizing effects such rule may have on the health IT market. Via .gif){kind=logo}
A group of 37 U.S. Senators sent a .gif){kind=logo}
The Office of National Coordinator for Health IT (ONC) _1269459243447.jpeg){kind=tracking}
Javelin Strategy & Research survey 
Last Thursday, March 18, 2010, from 1:00PM to 2:00PM (EDT), Post & Schell hosted the second webinar in a series examining the effects of meaningful use and other HITECH Act regulations on the healthcare industry. 
As if foreshadowing our upcoming .gif){kind=logo}
As of February 22, 2010, HHS is expected to begin enforcing the new breach notification requirements created by the privacy and security provisions within the HITECH Act. Although such requirements went into effect last fall, HHS gave covered entities and business associates a few months to adapt to the new rules. That enforcement delay is now over, and, perhaps in a related move, on February 23, 2010, HHS's Office of Civil Rights, pursuant to the HITECH Act, .gif){kind=logo}
Pursuant to the HITECH Act, on February 17, 2010, business associates of covered entities 
Joy Pritts, a researcher and faculty member at Georgetown University's Health Policy Institute, was named as the first Chief Privacy Officer for the Office of National Coordinator for Health IT. This position was created pursuant to a provision in ARRA, last year's economic stimulus legislation.
According to .gif){kind=logo}
HHS Secretary Kathleen Sebelius, appearing with Labor Secretary Hilda Solis, announced the Obama administration will release almost $1 billion set aside in the stimulus bill in order to aid implementation of health information technology.
Following up on his .jpg)
There is little doubt that the healthcare industry must prepare for a growing number of - and expanding costs associated with - data breaches, particularly for breaches of protected health information. Here are just a few notable reports on this subject:.gif){kind=logo}
CMS released a proposed rule pursuant to the HITECH Act which includes the much-anticipated definition of Meaningful Use of Certified EHR technology. You can find the full text .gif){kind=logo}
Coordinator for Health Information Technology (ONC) will announce two regulations that lay a foundation for improving quality, efficiency, and safety through meaningful use of electronic health record (EHR) technology.
On the eve of HHS releasing the much-anticipated definition of "meaningful use," health IT divisions of GE and Siemens revealed new financing options for purchases of their EMR and other HIT products.
ancing solutions to help healthcare providers pursue meaningful use objectives and meet [HITECH Act] deadlines <...> Featuring zero-percent interest terms for qualified customers, the solutions enable organizations to defer up-front payments associated with their technology investment while meeting criteria for future government incentive monies.".gif){kind=logo}
The Office of National Coordinator for Health IT named 17 members of the newly formed privacy and security workgroup of the HIT Policy Committee. According to .gif){kind=logo}
Pursuant to the HITECH Act, the Department of Health and Human Services (HHS) released interim final regulations updating enforcement rules for violations of HIPAA. As 
Dr. David Blumenthal, the National Coordinator for Health IT, gave an 
According to .gif){kind=logo}
The last few weeks saw a tremendous amount of activity in the health IT market. Dell and Xerox were among the companies trying to capitalize on opportunities created by the ARRA incentives and certain market trends, including high demand for HIT products due to the ongoing digitization of the industry and, more generally, the expanding healthcare needs of an aging population in the United States..gif){kind=logo}
On September 15, 2009, the HIT Standards Committee .gif){kind=logo}
On August 19, 2009, pursuant to the HITECH Act, the Department of Health and Human Services (HHS) published the interim final regulations regarding breach notification requirements for health care providers and other entities covered by HIPAA. .gif)
The Washington Post provides an interesting behind-the-scenes account of how the funds for electronic health records adoption were included into the American Recovery and Reinvestment Act of 2009, commonly known as the stimulus bill. Health Information and Management System Society (HIMSS) played a crucial role in this lobbying effort. According to the Post:
Steve Fox was interviewed in this month's Cover Story "