Blog Archives

HHS begins enforcement of breach notification requirements

As of February 22, 2010, HHS is expected to begin enforcing the new breach notification requirements created by the privacy and security provisions within the HITECH Act.  Although such requirements went into effect last fall, HHS gave covered entities and business

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , ,

Sebelius announces $28M in grants for EHR implementation

HHS Secretary Kathleen Sebelius announced almost $28 million in grants for more than twenty health centers to implement or improve their electronic health records technology.  This funding is allotted from the $2 billion set aside for Health Resources and Services Administration (HRSA)

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security

Breach at Pacific Northwest insurance company impacts 11 million customers

Seattle-based Premera Blue Cross announced that it recently discovered it had been hacked in May 2014. The Premera hack accessed a full range of customer information including medical data. The insurer, which is working with the FBI in the investigation,

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Sophisticated one-time hacking scam costs target $289K; useful lessons for health industry

The details of a recent hacking scam, while not in the healthcare industry, may contain useful pointers for healthcare nonetheless. A San Diego area attorney clicked a link in a legitimate-looking email which released a virus into his computer which

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

80 million patient records breached in Anthem hack

Health insurance giant Anthem reports that it has been the target of a cyberattack exposing tens of millions of customer records. Anthem, until very recently known as WellPoint, the largest of the Blue Cross Blue Shield for-profit managed health care

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

Meaningful use program Stage 3 inches nearer to approval

The draft regulatory language of Stage 3 of the meaningful use program, scheduled to start in 2017, has been submitted for review to the Office of Information and Regulatory Affairs in the Office of Management and Budget. The rules, submitted

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Connecticut Supreme Court: plaintiffs can sue for HIPAA violations

It has been a commonly held belief that a patient cannot sue under HIPAA for a breach of confidential health information as HIPAA provides no private cause of action. The patient’s only recourse has been to report the violation to

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

AHIMA issues health info management recommendations

The American Health Information Management Association (AHIMA) recently released a set of guidelines regarding data governance of what it calls “information assets.”  AHIMA asserts that the healthcare industry must manage the huge amounts of data it works with in an

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

California courts: Sutter Health not liable in $4.25 billion data breach case

In a development sure to draw attention, the California Supreme Court last week upheld a lower court’s dismissal of the $4.25 billion case against Sutter Health arising from an October 2011 data breach.  A password-protected computer full of unencrypted data,

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , ,

Human-computer interactions: what happened during September’s Texas Ebola misdiagnosis?

A new report on what went wrong in the processing of the late Thomas Eric Duncan upon his first visit to the emergency room proposes that a combination of human and computer errors was responsible. A team of medical informaticists

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , ,

Medical info now 10 times more valuable than financial data on the black market

Credit card numbers have dropped precipitously in value in recent years as PHI replaces it on the underground market. Why? Cyber criminals use the PHI to engage in medical fraud which, because of its complexity, may continue undetected for years.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , ,

Techies invade HIT market: is their unfamiliarity with healthcare industry obstacle or advantage?

Until recently, healthcare software has been developed by IT professionals grounded in the healthcare industry. The latest arrivals to HIT development come from a range of non-healthcare industries. The vendor of one new product currently on the HIT market last

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

Billions at risk as providers face Stage 2 hurdle

An impressive number of healthcare providers met Stage 1 requirements and qualified for EHR payments in 2011 and 2012 – some 170,000. Of these providers, who are therefore eligible to continue in the EHR incentive program, only about 4% appear

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , ,

ONC’s EHR security provisions inadequate says OIG

Healthcare providers cannot attest to meaningful use unless they use certified EHR software. Providers purchasing certified EHR software tend to assume that a certified EHR has been rigorously tested and can be counted on to ensure protection of patient data.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , ,

CMS issues final EHR meaningful-use rule – with some flexibility

The Centers for Medicare and Medicaid Services issued a final EHR meaningful-use rule last Friday, consistent with the proposal it published in May. The rule will grant healthcare providers more time and some flexibility in how they meet requirements for

Posted in ARRA, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

New hope for resolving thorny sensitive PHI issues in health data exchanges

Uncertainty and disagreement regarding how to handle behavioral and other sensitive healthcare data such as HIV and reproductive health records has been a stumbling block for healthcare in various ways. Potential patients don’t seek help because of fear their records

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , ,

Steve Fox moderates panel in Boston on best practices for working with vendors

Steve Fox, Information Technology Practice Chair and Data Protection/Breach Co-Chair at Post & Schell, will speak as well as moderate a panel discussion on “Dealing with Vendors: Best Practices for Contracting and 3rd Party Compliance” in early September 2014 at

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Risks of EHRs accessible only via internet: a cloud downside

The cloud, popular because businesses can pay a monthly fee for computer-related services instead of paying for costly in-house hardware and the staff to manage it, has its drawbacks. One of these became painfully evident for two days in mid-August.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Patent trolls: new developments at federal and state level

While the healthcare industry has become well-acquainted with patent trolls, they are not the only industry that has been hit. According to a Boston University study, American businesses paid $29 billion in 2011 alone to patent trolls in “licensing fees”

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

ICD-10 delay reopens door to broader discussion among providers: is ICD-10 even the right way to go?

The postponement of the deadline for healthcare providers to implement ICD-10 (International Statistical Classification of Diseases and Related Health Problems) would seem to help ensure that the transition to the new coding system will unfold successfully. However, it is also

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Senate committee concerned by EHR interoperability issues

Members of the Senate Appropriations Committee have become concerned that different brands of electronic health records software, paid for with tax dollars, are incompatible with one another thereby preventing healthcare organizations from sharing data. A recent Rand Corporation report highlighted

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Attorney Steve Fox speaks on “Hidden Risks of Cloud Computing” at American Hospital Association conference

Healthcare IT attorney Steve Fox spoke on risks of cloud computing at the AHA’s Leadership Summit held in San Diego this year. According to attorney Fox, the data which the health care industry handles is growing exponentially, a trend driven

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Congressional letter requests CMS waive EHR requirements for Medicare labs

Eighty-nine members of the U.S. House of Representatives signed a letter to the Centers for Medicare and Medicaid Services requesting that Medicare laboratories be exempt from EHR requirements. CMS had already postponed the deadline for laboratory pathologists to comply with

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

FDA lags behind in regulating torrent of new mobile health apps

So far the FDA has reviewed a total of approximately one hundred mobile health apps since these apps started becoming available – and yet hundreds of new health apps appear on the market every month. As reported in our previous

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

New report: EHRs not immune to technical, human error; rigorous monitoring essential

A report just published in the Journal of the American Medical Informatics Association asserts that even if EHRs were not still relatively new, they are not exempt from the glitches all software can be prone to.  Researchers evaluated data from

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , ,

PHI at risk in debt collection lawsuits involving medical services

Healthcare providers spend millions of dollars to comply with HIPAA in order to keep patients’ medical information private, and yet some of this same information is publicly available on the internet in court records of medical debt lawsuits. Maybe it’s

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

ONC plans more flexible approach for future EHR quality monitoring and improvement

Dr. Jacob Reider, deputy national coordinator and chief medical officer for the ONC, told attendees at the Physician-Computer Connection Symposium this week that the ONC is looking to change how it uses clinical quality measures as meaningful-use criteria.  While the

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Stage 2-ready software delays prompt CMS to postpone Stage 2 deadline

While vendors were able to supply the software needed for healthcare providers to comply with Stage 1 of the EHR incentive program, they are experiencing delays in developing the software needed for Stage 2 meaningful use compliance.  In response to

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , ,

Emailing PHI: considerations for developing best practices

PHI breaches that make the headlines often result from computer thefts or hacking.  Another, less well-publicized vulnerability for PHI records, however, is in the realm of electronic mail which is arguably not a particularly secure form of communication.  Over 100

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Rural providers cope with HIT staffing deficits

If compliance with ONC regulations is challenging for healthcare providers in urban areas, with high concentrations of IT professionals, it is especially challenging for rural providers where IT resources in the form of human capital are scarce.  The federal government’s

Posted in ARRA, Higher Ed, HITECH Act, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Software to ease ICD-10 transition: providers consider the options

Congress’ decision this spring to delay the ICD-10 deadline has given healthcare providers some extra breathing space to make the transition, but many are seeking additional help in the form of new “language-to-code” translation software. Via Modern Healthcare: Despite the

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

Steven J. Fox gives talks on cloud vendor contracts, receives favorable media coverage

Health IT blawger Steven J. Fox spoke to healthcare providers on contracting with cloud-based technology vendors at events sponsored by the Pennsylvania and American bar associations recently.  Initially covered by AuntMinnie.com, the presentation has garnered further industry media attention, sparking

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

PHI of 26-30 million Americans to be linked in single, vast network

By September 2015 database managers hope to have a network in place that will link databases containing the PHI records of millions of people.  The project is being implemented by PCORI, Patient-Centered Outcomes Research Institute, a non-profit organization formed at

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Washington state inadvertently released computers containing PHI and other sensitive data

All state governments dispose of large numbers of older computers each year, and while they all have procedures in place to scrub sensitive data from the hard drives before releasing them, there have been reports of slip-ups.  An audit conducted

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

FDA, ONC and FCC release FDASIA Health IT Report draft

Last week  the Food and Drug Administration (FDA), the Office of the National Coordinator for Health IT (ONC), and the Federal Communications Commission (FCC) announced the release of their draft FDASIA Health IT Report which incorporates the September 2013 recommendations

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

‘Fasten your contracts’ or risk a bumpy ride in the ‘Cloud’ blawger Steven J. Fox warns healthcare providers

Never accept the vendor’s standard form contract as the final word; remember that everything is negotiable,” cautions Steven J. Fox.  Fox shared the podium with Lee Kim, HIMSS’ Director of Privacy and Security, at the HIMSS conference in Orlando to

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

GAO report: EHR incentive program suffers high attrition rate

While 89% of qualified hospitals and 65% of qualified individual medical professionals have received incentive payments, a significant number of these have dropped out of the incentive program in its later stages according to a recent GAO study.  The report

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

42K records breached at Wisconsin health insurance group

Unity Health Plans Insurance Corporation, affiliated with the University of Wisconsin, discovered in December 2013 that an unencrypted external hard drive of medical records had disappeared.  The records contained patient names, dates of birth, dates of service, and names of

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Interoperability collaborators present at HIMSS conference

Although the majority of healthcare care settings are now digitalized, lack of interoperability among the wide range of software applications now in place continues to be a problem.  Several groups addressing this issue presented their innovations at this year’s HIMSS

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

ONC leaders mark agency’s 10th anniversary with review of government’s role in health industry IT

ONC past and current leaders met this week to share thoughts on government’s role in the development of health IT in commemoration of ONC’s ten year anniversary.  The agency, formed by then-President George Bush in 2004, was tasked with providing

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Opposition halts nationwide UK EHR database project

Alongside media reports in January of U.S.-U.K. plans to collaborate on healthcare data policy, National Health Service England announced its plans to combine the records of all its patients into asingle database to be available by April.  This week, the

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Brooklyn brothers develop new EHR-accessing service for patients

If managing often voluminous patient health records is a challenge for healthcare providers, it can be even more overwhelming for the patients themselves, especially if they develop multiple health conditions.  In the aftermath of a family medical emergency, four brothers

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Two EHRs picked to test interoperability

The Centers for Medicare & Medicaid Services and the Office of the National Coordinator for Health Information Technology have selected products developed by McKesson Corp. and Meditech to test interoperability of EHRs.  McKesson and Meditech have collaborated with ONC and

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Telemed regs currently discourage telemed, say stakeholders

A group made up of accountable care organizations, telehealth technology vendors, and professional associations has issued a statement to the Department of Health and Human Services decrying the lack of cohesion in the body of regulations governing telemedicine at the

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , ,

Montana hospital one of first to sue vendor in court over non-compliant EHR system

Healthcare providers face many challenges in trying to keep up with ever more rigorous requirements for EHR software compliance.  EHR software vendors seem to be struggling, too, in many cases causing their clients to fail the federal EHR certification requirements, thereby

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

Recently released 2013 WEDI report to guide health IT in coming decade

WEDI, Workgroup for Electronic Data Interchange Foundation, recently announced release of its 2013 report, generated in partnership with healthcare industry leaders.  The report identifies the following four critical focus areas: •Patient Engagement: consumer (patient) engagement through improved access to pertinent healthcare

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Most medical devices and EHR systems not on speaking terms … yet

As there has been no financial benefit up until now to EHR system and medical device companies for making their software interoperable, they have, by and large, not done so.  On the other hand, full interoperability could benefit the U.S.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Cybersecurity in the health care setting: issues and strategies

Health care providers have a long history of protecting sensitive patient information but the fact that more and more health care equipment is now connected to the internet opens up this data to a new range of exposure risks.  All

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

State inadvertently publishes PHI on web; apologizes

A website of the North Carolina Department of Health and Human Services (DHHS) that is intended to provide transparency regarding how government moneys are spent got a little too transparent recently when it displayed sensitive information belonging to more than

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , ,

“Healthcare Dive” interviews “Health IT Law” blog founder Steven J. Fox regarding pitfalls to avoid in electronic medical record (EMR) contracts

“No matter how well you investigate an EMR, it’s possible that the product won’t be as usable as it seemed when you first tested it. But that’s not the only EMR risk your hospital or medical practice needs to address.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Congress introduces bill to regulate mobile health apps — the SOFTWARE Act

Following up on our September 2013 blog entry, “How much pre-market regulation should the FDA impose on health IT?,” we note that Congress last week introduced a bill empowering the Food and Drug Administration to regulate mobile health applications.  Entitling

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

California court ruling: health care providers may be off the hook for data theft in some cases

In a judicial decision sure to garner attention, a California state appellate court decided last week that UCLA Health is not liable for patient data breaches due to a 2011 theft.  It is important to note, however, that regardless of

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with:

Intellectual property licenses in bankruptcy: review of current law

Bankruptcy law is designed to give a struggling company the respite it needs to reorganize itself and hopefully get a fresh start, even if this means severing existing business relationships.  But what happens when the bankrupt company is a licensor

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Mostashari in first public appearance since his ONC departure

Dr. Farzad Mostashari, former chief of the Office of the National Coordinator for Health Information Technology, shared thoughts and concerns in his first address since stepping down, at a conference of the College of Healthcare Information Management Executives.  Dr. Mostashari,

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

College of Healthcare Information Management Executives honors Virginia CIO Geoff Brown

During this year’s National Health IT Week in Washington, DC, CHIME presented its State Public Policy Award for CIO Leadership to Geoff Brown, senior VP and CIO of Virginia-based Inova Health System.  Brown, who is currently chair of the Virginia

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Litigants employ new tactic in facing off with “patent trolls”: RICO

RICO, the federal Racketeer Influenced Corrupt Organization statute passed in 1970 is known primarily from headlines regarding cases against organized crime figures.  The law is now being used on a new target — patent trolls. See Washington Post article at “Here’s

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

How much pre-market regulation should the FDA impose on health IT? Work group issues recommendations

The Food and Drug Administration Safety Innovation Act (FDASIA) work group, made up of experts from various branches of the healthcare industry, recommends that the FDA proceed with as light a touch as possible in reviewing new health information technology

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Advocate Health Care already facing first lawsuit for July 15 breach involving 4 million EHR patient records

Chicago area Advocate Health Care suffered the country’s biggest health care record breach to date on July 15 – when four unencrypted laptops containing over four million patient records were stolen.  Seven weeks later the legal repercussions to July’s event

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 23 start of Meaningful Use program’s Stage 2 now just weeks away

Up until now, initiatives under the Patient Protection and Affordable Care Act – also known as the ACA or Obamacare — have focused on facilitating healthcare’s shift from paper to electronic recordkeeping.  Stage 2 of the three-stage “Meaningful Use” program,

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Maryland HIPAA violations allegations result in $250K penalty for CVS

The state of Maryland’s Consumer Protection Division and CVS came to an agreement this week comprised of a $250,000 penalty as well as a corrective action plan that will include employee training and monthly audits of CVS stores in Maryland. 

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Video interview: discussing the Affinity Health Plan photocopier data leak with LXBN TV

Following up on my recent post on the matter, I had the opportunity to speak with Colin O’Keefe of LXBN regarding Affinity Health Plan’s photocopier PHI leak. In the interview, I explain how the leak happened and what companies can do

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Minnesota draws on Scandinavian heritage in battle with modern-day trolls; states begin to address patent troll issue

In May 2013 the state of Vermont filed a complaint against alleged “patent troll” MPHJ Technology accusing it of violating the state’s Consumer Protection Act.  This week the Minnesota attorney general’s office announced a settlement with the company which it

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Affinity to pay $1.2 million for photocopier breach

In 2010 CBS Evening News purchased a photocopier previously used by New York City area Affinity Health Plan and discovered patient-identifiable medical records on the device’s hard drive – which had never been erased.  The photocopier was one of approximately seven

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Northern California Sutter’s $1B EHR system down for a full day

The EHR system of Sacramento, California-based Sutter Health, which provides healthcare in over 100 towns and cities in the region, crashed on August 26, leaving physicians and other healthcare workers without access to patient records at numerous locations. See Healthcare

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Unprecedented OCR settlement with WellPoint requires payment of settlement amount only

HHS Office for Civil Rights settlements have up until now required healthcare providers to pay a settlement amount and to implement a corrective action plan. OCR’s recent settlement with WellPoint breaks from this pattern. See AIS Health article at “WellPoint

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

HHS announces new HIE acceleration strategy

Much of the focus of the healthcare industry’s advance into the electronic era so far has been on converting patient information to electronic health records.  Now that progress is being made on that front, some of the emphasis is now

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Senate committee: EHRs don’t improve healthcare as much as they could

The U.S. Senate Committee on Finance heard testimony this week from industry representatives on EHR conversion’s impact on healthcare quality.  One concern voiced more than once was that metrics for measuring progress are not standardized across the industry, making it

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

De-identified PHI records relatively easy to re-identify Harvard prof demonstrates

Harvard University professor Latanya Sweeney caused a stir in 1997 when she found the medical records of former Massachusetts Governor Weld in a redacted data set.  Her recent activities are really causing state governments to sit up and take notice. 

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Hackers post detailed ads online selling stolen health data

he lucrative stolen identity market is taking a new turn into health insurance data.  Those seeking a new identity can now obtain a full set of credentials including all the information and documentation needed to use someone else’s health insurance.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Mostashari: EHR adoption progressing but we’re not out of the woods yet

In an address at the National Press Club this week Farzad Mostashari, National Coordinator for Health Information Technology, reviewed the healthcare industry’s progress in digitizing health records.  As mentioned in previous posts on this blog, physician adoption of EHRs continues

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , ,

Physicians doubtful October 2014 transition from ICD-9 to ICD-10 realistic

In October 2014 all health care providers covered by HIPAA will be required to make the switch from ICD-9 (International Classification of Diseases-9) to ICD-10.  The ICD-9 is now 30 years old and the United States is the only industrialized

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Computer viruses in medical devices: who should bear the costs for combatting? FDA issues warning, takes action

Computer virus infections of medical devices continue to be a serious issue, keeping healthcare provider IT departments busy removing malware.  (See our October 2012 blog post “Computer viruses on hospital medical devices: a growing concern; possible solutions“).  The FDA has

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

EHR vendor loses ONC certification for two of its records systems

This week health care organizations were startled and not a little concerned to learn of the ONC’s unprecedented action with regards to a California health software company.  The agency is decertifying electronic health records systems which initially met ONC requirements for

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , ,

IT staffing shortage a chronic issue for health industry

The healthcare industry continues to face a greater deficit than ever in terms of qualified professionals to fill its ever-expanding information technology staffing needs. Via Modern Healthcare: Many U.S. healthcare companies – about 67% — report that they’re struggling to

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , ,

“Health IT Law” blogger Steven J. Fox featured in “Healthcare Informatics” article

Negotiating favorable contracts with IT vendors requires skill and determination on the part of healthcare providers, on a playing field that currently favors vendors.  Blawger Steven J. Fox and three healthcare IT leaders share their insights in this in-depth article. See

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

CMS inaugurates new HIT information clearinghouse website and associated listserv

Looking for a central source of information on all the federal government’s initiatives to digitize the health industry? Try the Centers for Medicare & Medicaid Services’ new eHealth(

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Health care digitization enriches software industry

The health IT industry’s pitch to Congress, and to the public, was that health care would be transformed through digitization, and that the shift to electronic records would result in huge health care savings.  Four years after the passage of ARRA

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Health IT Law Blog Named to a List of Top Health Care Organizations

Our blog is proud to be featured in the Top 100 Health Care Organizations to Watch in 2013. The designation was published by MHAPrograms.org, a website that highlights the most prominent organizations and information resources across health care and health

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , ,

Family doctor EHR use up although use varies by location

The Annals of Family Medicine reports that although use of electronic health records has not increased significantly in all regions, it has risen dramatically nationwide in the last few years. Via Modern Healthcare: The number of family physicians who have

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , ,

Mostashari urges HIT vendors to conduct themselves ethically

Farzad Mostashari, National Coordinator for Health Information Technology, believes most HIT vendors operate in good faith.  At a recent meeting, however, Mostashari stated that he will be testing organized peer pressure as a means of bringing more ethically problematic vendors into line,

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

HIPAA Transaction Rules Compliance Enforcement Delayed Until April 2013

HHS has announced a long-awaited omnibus final rule that implements a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, commonly known as the “Stimulus Bill,” to strengthen the privacy

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

Settlement of first small scale HIPAA breach announced by HHS

In a sign that HHS is serious about small data breaches, the Office of Civil Rights (OCR) and The Hospice of North Idaho reached a settlement agreement to resolve allegations of a 2010 breach involving 441 patient records. OCR Director Leon Rodriguez

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

3.8 million record breach in South Carolina: lessons learned

Hackers recently infiltrated South Carolina’s state tax records, absconding with the largest haul to date of Social Security numbers, credit and debit card numbers from a state agency. State officials describe how the theft was worked, and list enhanced security

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

Computer viruses on hospital medical devices: a growing concern; possible solutions

Medical device security experts report increasing issues with computer viruses on hospital medical devices. Problem sources include inconsistent and/or incompatible security measures, as well as outdated operating systems. The Government Accounting Office has sounded the alarm, requesting the FDA to

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Public-private group, eHealth Exchange, to oversee development of health info network

The HHS Office of the National Coordinator for Health Information Technology is passing management of the Nationwide Health Information Network to a coalition of public and private health care organizations. Via Modern Healthcare: Following last month’s announcement that “now is not

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

OCR to release final breach notification rule in March

Via Healthcare Info Security: The Department of Health and Human Services’ Office for Civil Rights has set a March target date for release of the long-delayed final version of Health Insurance Portability and Accountability Act modifications and the HIPAA breach

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,

HHS issues proposed rule on accounting of PHI disclosures

On May 31, 2011, HHS released the proposed rule on accounting for dislosures of protected health information (PHI), which modified the HIPAA Privacy Rule pursuant to the HITECH Act. This proposed rule would give individuals the right to get a

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,

Audit criticizes OCR and ONC over data privacy efforts

HHS’s own Office of Inspector General (OIG) issued a scathing report regarding pervasive breaches in privacy and security of patient data. OIG specifically called out the Office of Civil Rights (OCR), charged with enforcement of HIPAA Privacy and Security Rules,

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , ,

Updates to privacy and security regulations expected soon

According to Healthcareinfosecurity.com, the Office of Civil Rights (OCR) is still working on the final rule regarding the updates to HIPAA and the related HIPAA Privacy and Security Rules mandated by the HITECH Act. Susan McAndrew, deputy director for health information privacy

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

Medicare EHR incentives attestation to begin on April 18, 2011

CMS announced that the online Attestation System for the Medicare EHR Incentive Program will launch on April 18, 2011. Eligible professionals and eligible hospitals will be able to use this online portal to self-attest to meeting the Meaningful Use criteria.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , ,

GOP bill proposes repeal of HITECH Act

Via Healthcare IT News: The Spending Reduction Act of 2011 (H.R. 408), introduced on January 24 by Rep. Jim Jordan (R-Ohio), seeks to reduce federal spending by $2.5 trillion over the coming decade. As it does so, it singles out

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

Registration for CMS EHR Incentive program is now open

Center for Medicare and Medicaid Services (CMS) opened the registration process for eligible hospitals and professionals hoping to capitalize on the incentive payments provided under the HITECH Act.  Each such hospital or professional needs to register with CMS in order

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , ,

Blumenthal to leave ONC this spring

Dr. David Blumenthal, the head of the Office of the National Coordinator for Health IT (ONC), announced yesterday in a letter to his staff that he’s leaving the ONC and returning to his position at Harvard University. According to Dr.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , ,

New York State plans country’s largest health information network

 Via Democrat and Chronicle (Rochester): The New York state Department of Health and a public-private partnership called New York eHealth Collaborative, or NYeC (pronounced “nice”), recently announced plans to spend $129 million in state and federal money to create a

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , ,

White House Panel Issues Report on Health IT

On December 8, 2010, President’s Council of Advisors on Science and Technology (PCAST) issued its report on the importance of widespread adoption and use of health IT to improve healthcare delivery and reduce costs. The report concluded that: information technology

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

GAO report: EHRs can improve patient care

The U.S. Government Accountability Office (GAO) released its report on integrated delivery systems (IDSs) in healthcare. The report found that electronic health record systems (EHRs) are able to improve patient care among such IDSs. Via GAO: Some IDSs said that

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security

Study: Data Breaches Cost U.S. Hospitals Billions

A new study by the Ponemon Institute concluded that data breaches cause enormous losses for U.S. hospitals:  on average, over a two-year period, each hospital will incur about $2 million in losses due to data breaches, which results in $12

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

U.S. healthcare providers hesitant about “offshoring” EHRs to India

Will American healthcare providers, like major companies in other sectors of the economy, outsource their electronic medical records systems and maintenance offshore, especially to an established tech industry in India? According to the Wall Street Journal, Indian technology vendors face a

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,

Our column in Government Health IT on RECs and HIT contracts

Government Health IT published a column by Steve Fox and yours truly on the critical role Regional Extension Centers (RECs) can and should play in distributing best practices regarding contracting for health IT systems, including EHRs.  Via Government Health IT:

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , ,

WSJ: Major consolidation among HIT vendors likely

The HITECH Act added over $27 billion to an industry whose publicly trading companies’ market cap is below that, around $25 billion.  Such dramatic expansion of the industry will likely lead to significant consolidation among HIT vendors. We have already

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , ,