Blog Archives

Meaningful use program Stage 3 inches nearer to approval

The draft regulatory language of Stage 3 of the meaningful use program, scheduled to start in 2017, has been submitted for review to the Office of Information and Regulatory Affairs in the Office of Management and Budget. The rules, submitted

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Telemed regs currently discourage telemed, say stakeholders

A group made up of accountable care organizations, telehealth technology vendors, and professional associations has issued a statement to the Department of Health and Human Services decrying the lack of cohesion in the body of regulations governing telemedicine at the

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , ,

Advocate Health Care already facing first lawsuit for July 15 breach involving 4 million EHR patient records

Chicago area Advocate Health Care suffered the country’s biggest health care record breach to date on July 15 – when four unencrypted laptops containing over four million patient records were stolen.  Seven weeks later the legal repercussions to July’s event

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

EHR vendor loses ONC certification for two of its records systems

This week health care organizations were startled and not a little concerned to learn of the ONC’s unprecedented action with regards to a California health software company.  The agency is decertifying electronic health records systems which initially met ONC requirements for

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Breaking: HHS releases final rule on HITECH Act provisions

HHS has announced a long-awaited omnibus final rule that implements a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, commonly known as the “Stimulus Bill,” to strengthen the privacy

Posted in HIPAA Tagged with: , , , , , , , , , , , , , , ,

HIPAA Transaction Rules Compliance Enforcement Delayed Until April 2013

HHS has announced a long-awaited omnibus final rule that implements a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, commonly known as the “Stimulus Bill,” to strengthen the privacy

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

Settlement of first small scale HIPAA breach announced by HHS

In a sign that HHS is serious about small data breaches, the Office of Civil Rights (OCR) and The Hospice of North Idaho reached a settlement agreement to resolve allegations of a 2010 breach involving 441 patient records. OCR Director Leon Rodriguez

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

HHS Inspector General: Medicare EHR incentive program lacks adequate safeguards against error and fraud

The HHS Inspector General this week reported the results of its recent investigation to “verify the accuracy of professionals’ and hospitals’ self-reported meaningful-use information, as well as eligibility and payment amounts.”   The investigation reviewed payments issued from May through December

Posted in ARRA, Higher Ed, HITECH Act, News Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Public-private group, eHealth Exchange, to oversee development of health info network

The HHS Office of the National Coordinator for Health Information Technology is passing management of the Nationwide Health Information Network to a coalition of public and private health care organizations. Via Modern Healthcare: Following last month’s announcement that “now is not

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Health education information incomprehensible to many; HHS program to rate EHR-linked education materials for “understandability”

Health education materials provided to health care consumers until now have commonly assumed a fairly high level of “health literacy” – a level which, research has shown, makes the materials inaccessible to about 77 million people.  HHS’ new program addressing

Posted in ARRA Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

Laptop theft costs Massachusetts provider $1.5 million in HHS settlement

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates (MEEI) will be paying HHS $1.5 million in installments over three years for a 2010 incident.  It is worth noting that OCR also reached a $1.5 million settlement with

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Tagging technique keeps more sensitive portions of an EHR more private

State and federal privacy laws rigorously restrict sharing of mental health and other highly sensitive patient records.  A technique called “data tagging” may be key in facilitating health care providers’ compliance with these requirements. Via Modern Healthcare: Using off-the-shelf content

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

ONC: no caps on per-provider EHR incentive payments

National Coordinator for Health IT Farzad Mostashari has announced there is no cap on how much individual providers may receive in meaningful use incentive payouts, as long as they meet the requirements for the EHR incentive payments program.  According to

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

ONC announces five organizations to serve as EHR certifiers

In preparation for the launching of ONC’s permanent EHR system testing and certification program, part of the EHR incentive payment initiative, ONC has authorized five groups as permanent EHR certifiers. Via Modern Healthcare: Even though the new regime for testing

Posted in ARRA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

HHS settles HIPAA violation case for $100,000, Corrective Action Plan

On April 17, 2012, HHS announced that its Office for Civil Rights (OCR) settled a HIPAA violation case against a surgery practice in Arizona, for $100,000 and a Corrective Action Plan (CAP), which requires implementation of policies and procedures to

Posted in HIPAA Tagged with: , , , , , , , , , ,

HHS issues proposed rules on Stage 2 of Meaningful Use

On February 24, 2012, Center for Medicare and Medicaid Services (CMS) and the Office of National Coordinator for Health IT (ONC) issued proposed rules regarding Stage 2 of Meaningful Use. The proposed rules include the criteria for demonstrating Stage 2 Meaningful Use,

Posted in ARRA Tagged with: , , , , , , , , , , , , ,

HHS extends Stage 2 Meaningful Use deadline to 2014

HHS announced today that the government intends to make it easier for healthcare providers to adopt electronic health records (EHRs).  As part of this initiative, HHS decided to extend the deadline for meeting Stage 2 of Meaningful Use until 2014.

Posted in ARRA Tagged with: , , , , , , , , , , , ,

HHS awards over $650 million in EHR incentive payments

HHS released the first numbers regarding its Meaningful Use incentives program, established by the HITECH Act of 2009. Unsurprisingly, most eligible professionals and hospitals receiving funds this year qualified for incentive payments under Medicaid, rather than Medicare, because Medicare has

Posted in ARRA Tagged with: , , , , , , , , , , , ,

Study: Most data breaches are caused by insiders

A survey by Veriphyr, a provider of identity and access intelligence solutions, found that insiders were responsible for over 60% of data breaches of protected health information (PHI). Specifically, 35% of the PHI breaches were due to insiders’ snooping into

Posted in HIPAA Tagged with: , , , , , , , , , , , ,

HHS advisory panel recommends delaying Stage 2 Meaningful Use until 2014

The HIT Policy Committee, which advises the Office of the National Coordinator for Health IT in the Department of Health and Human Services, voted 12-5 to approve a significant delay in requiring providers to meet Stage 2 Meaningful Use until

Posted in ARRA Tagged with: , , , , , , , , , , , , ,

Audit criticizes OCR and ONC over data privacy efforts

HHS’s own Office of Inspector General (OIG) issued a scathing report regarding pervasive breaches in privacy and security of patient data. OIG specifically called out the Office of Civil Rights (OCR), charged with enforcement of HIPAA Privacy and Security Rules,

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , ,

Updates to privacy and security regulations expected soon

According to Healthcareinfosecurity.com, the Office of Civil Rights (OCR) is still working on the final rule regarding the updates to HIPAA and the related HIPAA Privacy and Security Rules mandated by the HITECH Act. Susan McAndrew, deputy director for health information privacy

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

Cignet Health fined $4.3 million for HIPAA Privacy Rule violation

Cignet Health, a Maryland health plan and a HIPAA covered entity, has been fined $4.3 million for failing to produce health records upon request to 41 patients, and for failing to cooperate with OCR with the agency’s investigation.  This is

Posted in HIPAA Tagged with: , , , , , , , , , , , ,

Rite Aid settles FTC and OCR privacy charges

The Rite Aid Corporation, the third largest pharmacy chain in the United States, reached a major settlement with both the Federal Trade Commission (FTC) and HHS’s Office of Civil Rights (OCR) regarding charges that Rite Aid violated federal privacy and security

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , ,

CMS issues final rules on Meaningful Use

On July 13, 2010, CMS issued the final rule defining “meaningful use” and establishing the parameters and requirements for eligible professionals, hospitals and other providers to receive incentive payments provided under the HITECH Act for widespread adoption of electronic health records.  According

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , ,

HHS issues NPRM on HIPAA Privacy, Security and Enforcement Rules

On July 7, 2010, HHS issued a notice of proposed rule making (NPRM) regarding the changes to the HIPAA Privacy, Security and Enforcement Rules, as provided in the HITECH Act, in order “to strengthen the privacy and security protections for health information and to

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

In the news: patient privacy edition

HHS’s Office of Civil Rights (OCR) filed a notice in theFederal Register lifting a requirement preventing OCR from posting names of sole practitioners who suffer breaches of patient data without first obtaining consent from such practitioners.  Pursuant to the HITECH Act, any covered

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,

In the news: Senators request easing of meaningful use requirements; HHS releases over $267M for RECs and more

A group of 37 U.S. Senators sent a letter to HHS Secretary Kathleen Sebelius expressing concern regarding the current definition of meaningful use.  The senators urged the Secretary to “allow providers to ‘temporarily defer a limited set of IT goals’ without

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

OCR delays enforcement of certain HITECH provisions

In a much-anticipated move, the Office of Civil Rights (OCR) within the Department of Health and Human Services has issued an update regarding delays of certain HITECH provisions, while confirming enforcement of others.  Via OCR press release:       OCR will

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , ,

OCR may delay enforcement of business associate provisions in the HITECH Act

Pursuant to the HITECH Act, on February 17, 2010, business associates of covered entitiesbecame subject to the HIPAA Privacy and Security Rules, including provisions regarding implementation of various safeguards to secure protected health information.  As Steve Fox pointed out in a recent report

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , ,

HHS releases interim final regulations on HIPAA enforcement changes

Pursuant to the HITECH Act, the Department of Health and Human Services (HHS) released interim final regulations updating enforcement rules for violations of HIPAA.  As reported in Healthcare IT News: Prior to the HITECH Act, the penalty could be no more than $100

Posted in ARRA, HIPAA Tagged with: , , , , , , , ,

Regional Extension Program: Important Updates and Links from HHS

Via HHS e-mail update: The Office of the National Coordinator for Health Information Technology (ONC) is pleased to announce the availability of materials that are of immediate interest and use to stakeholders and potential applicants for the Health Information Technology Extension

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , ,

HHS News: Interim Final Regulations on Breach Notification; Regional Office Privacy Advisors

On August 19, 2009, pursuant to the HITECH Act, the Department of Health and Human Services (HHS) published the interim final regulations regarding breach notification requirements for health care providers and other entities covered by HIPAA. According to the HHS press release:

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News Tagged with: , , , , , , , , , , , , , ,

Government Health IT: CCHIT to serve temporarily as sole EHR certifier

Via Government Health IT: The federal Health IT Policy Committee today endorsed recommendations that would leave the Certification Commission for Health IT in the short term as the sole organization authorized to certify health IT systems that qualified for funding

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,