Blog Archives

HHS begins enforcement of breach notification requirements

As of February 22, 2010, HHS is expected to begin enforcing the new breach notification requirements created by the privacy and security provisions within the HITECH Act.  Although such requirements went into effect last fall, HHS gave covered entities and business

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , ,

Breach at Pacific Northwest insurance company impacts 11 million customers

Seattle-based Premera Blue Cross announced that it recently discovered it had been hacked in May 2014. The Premera hack accessed a full range of customer information including medical data. The insurer, which is working with the FBI in the investigation,

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Sophisticated one-time hacking scam costs target $289K; useful lessons for health industry

The details of a recent hacking scam, while not in the healthcare industry, may contain useful pointers for healthcare nonetheless. A San Diego area attorney clicked a link in a legitimate-looking email which released a virus into his computer which

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

80 million patient records breached in Anthem hack

Health insurance giant Anthem reports that it has been the target of a cyberattack exposing tens of millions of customer records. Anthem, until very recently known as WellPoint, the largest of the Blue Cross Blue Shield for-profit managed health care

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

Meaningful use program Stage 3 inches nearer to approval

The draft regulatory language of Stage 3 of the meaningful use program, scheduled to start in 2017, has been submitted for review to the Office of Information and Regulatory Affairs in the Office of Management and Budget. The rules, submitted

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Connecticut Supreme Court: plaintiffs can sue for HIPAA violations

It has been a commonly held belief that a patient cannot sue under HIPAA for a breach of confidential health information as HIPAA provides no private cause of action. The patient’s only recourse has been to report the violation to

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

A plus in the operating room, EHRs can cause trouble for providers in the courtroom

Electronic health records have been touted as having – and have proven to have – many benefits for healthcare organizations in terms of cost savings and efficacy of medical treatment. They are not, however, unalloyedly beneficial in the courtroom. As

Posted in ARRA, HITECH Act Tagged with: , , , , , , , , , , , ,

AHIMA issues health info management recommendations

The American Health Information Management Association (AHIMA) recently released a set of guidelines regarding data governance of what it calls “information assets.”  AHIMA asserts that the healthcare industry must manage the huge amounts of data it works with in an

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

California courts: Sutter Health not liable in $4.25 billion data breach case

In a development sure to draw attention, the California Supreme Court last week upheld a lower court’s dismissal of the $4.25 billion case against Sutter Health arising from an October 2011 data breach.  A password-protected computer full of unencrypted data,

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , ,

Human-computer interactions: what happened during September’s Texas Ebola misdiagnosis?

A new report on what went wrong in the processing of the late Thomas Eric Duncan upon his first visit to the emergency room proposes that a combination of human and computer errors was responsible. A team of medical informaticists

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , ,

Medical info now 10 times more valuable than financial data on the black market

Credit card numbers have dropped precipitously in value in recent years as PHI replaces it on the underground market. Why? Cyber criminals use the PHI to engage in medical fraud which, because of its complexity, may continue undetected for years.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , ,

FDA issues final guidance to medical device makers on cybersecurity

In its final guidance issued last week, the Food and Drug Administration is requesting that device makers assess what information hackers might target in connection with their devices, how hackers might attempt to access the information, and how device makers

Posted in ARRA, HITECH Act Tagged with: , , , , , , , , , , , , , , , , , ,

Techies invade HIT market: is their unfamiliarity with healthcare industry obstacle or advantage?

Until recently, healthcare software has been developed by IT professionals grounded in the healthcare industry. The latest arrivals to HIT development come from a range of non-healthcare industries. The vendor of one new product currently on the HIT market last

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

Billions at risk as providers face Stage 2 hurdle

An impressive number of healthcare providers met Stage 1 requirements and qualified for EHR payments in 2011 and 2012 – some 170,000. Of these providers, who are therefore eligible to continue in the EHR incentive program, only about 4% appear

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , ,

ONC’s EHR security provisions inadequate says OIG

Healthcare providers cannot attest to meaningful use unless they use certified EHR software. Providers purchasing certified EHR software tend to assume that a certified EHR has been rigorously tested and can be counted on to ensure protection of patient data.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , ,

CMS issues final EHR meaningful-use rule – with some flexibility

The Centers for Medicare and Medicaid Services issued a final EHR meaningful-use rule last Friday, consistent with the proposal it published in May. The rule will grant healthcare providers more time and some flexibility in how they meet requirements for

Posted in ARRA, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

New hope for resolving thorny sensitive PHI issues in health data exchanges

Uncertainty and disagreement regarding how to handle behavioral and other sensitive healthcare data such as HIV and reproductive health records has been a stumbling block for healthcare in various ways. Potential patients don’t seek help because of fear their records

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , ,

Steve Fox moderates panel in Boston on best practices for working with vendors

Steve Fox, Information Technology Practice Chair and Data Protection/Breach Co-Chair at Post & Schell, will speak as well as moderate a panel discussion on “Dealing with Vendors: Best Practices for Contracting and 3rd Party Compliance” in early September 2014 at

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Risks of EHRs accessible only via internet: a cloud downside

The cloud, popular because businesses can pay a monthly fee for computer-related services instead of paying for costly in-house hardware and the staff to manage it, has its drawbacks. One of these became painfully evident for two days in mid-August.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Patent trolls: new developments at federal and state level

While the healthcare industry has become well-acquainted with patent trolls, they are not the only industry that has been hit. According to a Boston University study, American businesses paid $29 billion in 2011 alone to patent trolls in “licensing fees”

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

ICD-10 delay reopens door to broader discussion among providers: is ICD-10 even the right way to go?

The postponement of the deadline for healthcare providers to implement ICD-10 (International Statistical Classification of Diseases and Related Health Problems) would seem to help ensure that the transition to the new coding system will unfold successfully. However, it is also

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Senate committee concerned by EHR interoperability issues

Members of the Senate Appropriations Committee have become concerned that different brands of electronic health records software, paid for with tax dollars, are incompatible with one another thereby preventing healthcare organizations from sharing data. A recent Rand Corporation report highlighted

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Attorney Steve Fox speaks on “Hidden Risks of Cloud Computing” at American Hospital Association conference

Healthcare IT attorney Steve Fox spoke on risks of cloud computing at the AHA’s Leadership Summit held in San Diego this year. According to attorney Fox, the data which the health care industry handles is growing exponentially, a trend driven

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Congressional letter requests CMS waive EHR requirements for Medicare labs

Eighty-nine members of the U.S. House of Representatives signed a letter to the Centers for Medicare and Medicaid Services requesting that Medicare laboratories be exempt from EHR requirements. CMS had already postponed the deadline for laboratory pathologists to comply with

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

FDA lags behind in regulating torrent of new mobile health apps

So far the FDA has reviewed a total of approximately one hundred mobile health apps since these apps started becoming available – and yet hundreds of new health apps appear on the market every month. As reported in our previous

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

New report: EHRs not immune to technical, human error; rigorous monitoring essential

A report just published in the Journal of the American Medical Informatics Association asserts that even if EHRs were not still relatively new, they are not exempt from the glitches all software can be prone to.  Researchers evaluated data from

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , ,

PHI at risk in debt collection lawsuits involving medical services

Healthcare providers spend millions of dollars to comply with HIPAA in order to keep patients’ medical information private, and yet some of this same information is publicly available on the internet in court records of medical debt lawsuits. Maybe it’s

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

ONC plans more flexible approach for future EHR quality monitoring and improvement

Dr. Jacob Reider, deputy national coordinator and chief medical officer for the ONC, told attendees at the Physician-Computer Connection Symposium this week that the ONC is looking to change how it uses clinical quality measures as meaningful-use criteria.  While the

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Stage 2-ready software delays prompt CMS to postpone Stage 2 deadline

While vendors were able to supply the software needed for healthcare providers to comply with Stage 1 of the EHR incentive program, they are experiencing delays in developing the software needed for Stage 2 meaningful use compliance.  In response to

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , ,

Emailing PHI: considerations for developing best practices

PHI breaches that make the headlines often result from computer thefts or hacking.  Another, less well-publicized vulnerability for PHI records, however, is in the realm of electronic mail which is arguably not a particularly secure form of communication.  Over 100

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Rural providers cope with HIT staffing deficits

If compliance with ONC regulations is challenging for healthcare providers in urban areas, with high concentrations of IT professionals, it is especially challenging for rural providers where IT resources in the form of human capital are scarce.  The federal government’s

Posted in ARRA, Higher Ed, HITECH Act, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Software to ease ICD-10 transition: providers consider the options

Congress’ decision this spring to delay the ICD-10 deadline has given healthcare providers some extra breathing space to make the transition, but many are seeking additional help in the form of new “language-to-code” translation software. Via Modern Healthcare: Despite the

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , ,

Steven J. Fox gives talks on cloud vendor contracts, receives favorable media coverage

Health IT blawger Steven J. Fox spoke to healthcare providers on contracting with cloud-based technology vendors at events sponsored by the Pennsylvania and American bar associations recently.  Initially covered by AuntMinnie.com, the presentation has garnered further industry media attention, sparking

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

PHI of 26-30 million Americans to be linked in single, vast network

By September 2015 database managers hope to have a network in place that will link databases containing the PHI records of millions of people.  The project is being implemented by PCORI, Patient-Centered Outcomes Research Institute, a non-profit organization formed at

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Washington state inadvertently released computers containing PHI and other sensitive data

All state governments dispose of large numbers of older computers each year, and while they all have procedures in place to scrub sensitive data from the hard drives before releasing them, there have been reports of slip-ups.  An audit conducted

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

FDA, ONC and FCC release FDASIA Health IT Report draft

Last week  the Food and Drug Administration (FDA), the Office of the National Coordinator for Health IT (ONC), and the Federal Communications Commission (FCC) announced the release of their draft FDASIA Health IT Report which incorporates the September 2013 recommendations

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

‘Fasten your contracts’ or risk a bumpy ride in the ‘Cloud’ blawger Steven J. Fox warns healthcare providers

Never accept the vendor’s standard form contract as the final word; remember that everything is negotiable,” cautions Steven J. Fox.  Fox shared the podium with Lee Kim, HIMSS’ Director of Privacy and Security, at the HIMSS conference in Orlando to

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Over 220K PHI records affected in San Francisco area burglary

In a February incident at a Torrance, California medical billing company, burglars made off with several unencrypted computers.  According to an announcement by San Francisco’s Department of Public Health, the loss resulted in the theft of 56,000 San Francisco area

Posted in ARRA, Higher Ed, HITECH Act, News Tagged with: , , , , ,

GAO report: EHR incentive program suffers high attrition rate

While 89% of qualified hospitals and 65% of qualified individual medical professionals have received incentive payments, a significant number of these have dropped out of the incentive program in its later stages according to a recent GAO study.  The report

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

42K records breached at Wisconsin health insurance group

Unity Health Plans Insurance Corporation, affiliated with the University of Wisconsin, discovered in December 2013 that an unencrypted external hard drive of medical records had disappeared.  The records contained patient names, dates of birth, dates of service, and names of

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Interoperability collaborators present at HIMSS conference

Although the majority of healthcare care settings are now digitalized, lack of interoperability among the wide range of software applications now in place continues to be a problem.  Several groups addressing this issue presented their innovations at this year’s HIMSS

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

ONC leaders mark agency’s 10th anniversary with review of government’s role in health industry IT

ONC past and current leaders met this week to share thoughts on government’s role in the development of health IT in commemoration of ONC’s ten year anniversary.  The agency, formed by then-President George Bush in 2004, was tasked with providing

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Opposition halts nationwide UK EHR database project

Alongside media reports in January of U.S.-U.K. plans to collaborate on healthcare data policy, National Health Service England announced its plans to combine the records of all its patients into asingle database to be available by April.  This week, the

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Brooklyn brothers develop new EHR-accessing service for patients

If managing often voluminous patient health records is a challenge for healthcare providers, it can be even more overwhelming for the patients themselves, especially if they develop multiple health conditions.  In the aftermath of a family medical emergency, four brothers

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Two EHRs picked to test interoperability

The Centers for Medicare & Medicaid Services and the Office of the National Coordinator for Health Information Technology have selected products developed by McKesson Corp. and Meditech to test interoperability of EHRs.  McKesson and Meditech have collaborated with ONC and

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Telemed regs currently discourage telemed, say stakeholders

A group made up of accountable care organizations, telehealth technology vendors, and professional associations has issued a statement to the Department of Health and Human Services decrying the lack of cohesion in the body of regulations governing telemedicine at the

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , ,

Montana hospital one of first to sue vendor in court over non-compliant EHR system

Healthcare providers face many challenges in trying to keep up with ever more rigorous requirements for EHR software compliance.  EHR software vendors seem to be struggling, too, in many cases causing their clients to fail the federal EHR certification requirements, thereby

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , ,

Recently released 2013 WEDI report to guide health IT in coming decade

WEDI, Workgroup for Electronic Data Interchange Foundation, recently announced release of its 2013 report, generated in partnership with healthcare industry leaders.  The report identifies the following four critical focus areas: •Patient Engagement: consumer (patient) engagement through improved access to pertinent healthcare

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Most medical devices and EHR systems not on speaking terms … yet

As there has been no financial benefit up until now to EHR system and medical device companies for making their software interoperable, they have, by and large, not done so.  On the other hand, full interoperability could benefit the U.S.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Cybersecurity in the health care setting: issues and strategies

Health care providers have a long history of protecting sensitive patient information but the fact that more and more health care equipment is now connected to the internet opens up this data to a new range of exposure risks.  All

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

State inadvertently publishes PHI on web; apologizes

A website of the North Carolina Department of Health and Human Services (DHHS) that is intended to provide transparency regarding how government moneys are spent got a little too transparent recently when it displayed sensitive information belonging to more than

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , ,

“Healthcare Dive” interviews “Health IT Law” blog founder Steven J. Fox regarding pitfalls to avoid in electronic medical record (EMR) contracts

“No matter how well you investigate an EMR, it’s possible that the product won’t be as usable as it seemed when you first tested it. But that’s not the only EMR risk your hospital or medical practice needs to address.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Congress introduces bill to regulate mobile health apps — the SOFTWARE Act

Following up on our September 2013 blog entry, “How much pre-market regulation should the FDA impose on health IT?,” we note that Congress last week introduced a bill empowering the Food and Drug Administration to regulate mobile health applications.  Entitling

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Intellectual property licenses in bankruptcy: review of current law

Bankruptcy law is designed to give a struggling company the respite it needs to reorganize itself and hopefully get a fresh start, even if this means severing existing business relationships.  But what happens when the bankrupt company is a licensor

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Mostashari in first public appearance since his ONC departure

Dr. Farzad Mostashari, former chief of the Office of the National Coordinator for Health Information Technology, shared thoughts and concerns in his first address since stepping down, at a conference of the College of Healthcare Information Management Executives.  Dr. Mostashari,

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

College of Healthcare Information Management Executives honors Virginia CIO Geoff Brown

During this year’s National Health IT Week in Washington, DC, CHIME presented its State Public Policy Award for CIO Leadership to Geoff Brown, senior VP and CIO of Virginia-based Inova Health System.  Brown, who is currently chair of the Virginia

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Litigants employ new tactic in facing off with “patent trolls”: RICO

RICO, the federal Racketeer Influenced Corrupt Organization statute passed in 1970 is known primarily from headlines regarding cases against organized crime figures.  The law is now being used on a new target — patent trolls. See Washington Post article at “Here’s

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

How much pre-market regulation should the FDA impose on health IT? Work group issues recommendations

The Food and Drug Administration Safety Innovation Act (FDASIA) work group, made up of experts from various branches of the healthcare industry, recommends that the FDA proceed with as light a touch as possible in reviewing new health information technology

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Advocate Health Care already facing first lawsuit for July 15 breach involving 4 million EHR patient records

Chicago area Advocate Health Care suffered the country’s biggest health care record breach to date on July 15 – when four unencrypted laptops containing over four million patient records were stolen.  Seven weeks later the legal repercussions to July’s event

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 23 start of Meaningful Use program’s Stage 2 now just weeks away

Up until now, initiatives under the Patient Protection and Affordable Care Act – also known as the ACA or Obamacare — have focused on facilitating healthcare’s shift from paper to electronic recordkeeping.  Stage 2 of the three-stage “Meaningful Use” program,

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Maryland HIPAA violations allegations result in $250K penalty for CVS

The state of Maryland’s Consumer Protection Division and CVS came to an agreement this week comprised of a $250,000 penalty as well as a corrective action plan that will include employee training and monthly audits of CVS stores in Maryland. 

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Video interview: discussing the Affinity Health Plan photocopier data leak with LXBN TV

Following up on my recent post on the matter, I had the opportunity to speak with Colin O’Keefe of LXBN regarding Affinity Health Plan’s photocopier PHI leak. In the interview, I explain how the leak happened and what companies can do

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Minnesota draws on Scandinavian heritage in battle with modern-day trolls; states begin to address patent troll issue

In May 2013 the state of Vermont filed a complaint against alleged “patent troll” MPHJ Technology accusing it of violating the state’s Consumer Protection Act.  This week the Minnesota attorney general’s office announced a settlement with the company which it

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Affinity to pay $1.2 million for photocopier breach

In 2010 CBS Evening News purchased a photocopier previously used by New York City area Affinity Health Plan and discovered patient-identifiable medical records on the device’s hard drive – which had never been erased.  The photocopier was one of approximately seven

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Northern California Sutter’s $1B EHR system down for a full day

The EHR system of Sacramento, California-based Sutter Health, which provides healthcare in over 100 towns and cities in the region, crashed on August 26, leaving physicians and other healthcare workers without access to patient records at numerous locations. See Healthcare

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Unprecedented OCR settlement with WellPoint requires payment of settlement amount only

HHS Office for Civil Rights settlements have up until now required healthcare providers to pay a settlement amount and to implement a corrective action plan. OCR’s recent settlement with WellPoint breaks from this pattern. See AIS Health article at “WellPoint

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

HHS announces new HIE acceleration strategy

Much of the focus of the healthcare industry’s advance into the electronic era so far has been on converting patient information to electronic health records.  Now that progress is being made on that front, some of the emphasis is now

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Senate committee: EHRs don’t improve healthcare as much as they could

The U.S. Senate Committee on Finance heard testimony this week from industry representatives on EHR conversion’s impact on healthcare quality.  One concern voiced more than once was that metrics for measuring progress are not standardized across the industry, making it

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

De-identified PHI records relatively easy to re-identify Harvard prof demonstrates

Harvard University professor Latanya Sweeney caused a stir in 1997 when she found the medical records of former Massachusetts Governor Weld in a redacted data set.  Her recent activities are really causing state governments to sit up and take notice. 

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Hackers post detailed ads online selling stolen health data

he lucrative stolen identity market is taking a new turn into health insurance data.  Those seeking a new identity can now obtain a full set of credentials including all the information and documentation needed to use someone else’s health insurance.

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Mostashari: EHR adoption progressing but we’re not out of the woods yet

In an address at the National Press Club this week Farzad Mostashari, National Coordinator for Health Information Technology, reviewed the healthcare industry’s progress in digitizing health records.  As mentioned in previous posts on this blog, physician adoption of EHRs continues

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , ,

Physicians doubtful October 2014 transition from ICD-9 to ICD-10 realistic

In October 2014 all health care providers covered by HIPAA will be required to make the switch from ICD-9 (International Classification of Diseases-9) to ICD-10.  The ICD-9 is now 30 years old and the United States is the only industrialized

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Computer viruses in medical devices: who should bear the costs for combatting? FDA issues warning, takes action

Computer virus infections of medical devices continue to be a serious issue, keeping healthcare provider IT departments busy removing malware.  (See our October 2012 blog post “Computer viruses on hospital medical devices: a growing concern; possible solutions“).  The FDA has

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

EHR vendor loses ONC certification for two of its records systems

This week health care organizations were startled and not a little concerned to learn of the ONC’s unprecedented action with regards to a California health software company.  The agency is decertifying electronic health records systems which initially met ONC requirements for

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , ,

IT staffing shortage a chronic issue for health industry

The healthcare industry continues to face a greater deficit than ever in terms of qualified professionals to fill its ever-expanding information technology staffing needs. Via Modern Healthcare: Many U.S. healthcare companies – about 67% — report that they’re struggling to

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , ,

“Health IT Law” blogger Steven J. Fox featured in “Healthcare Informatics” article

Negotiating favorable contracts with IT vendors requires skill and determination on the part of healthcare providers, on a playing field that currently favors vendors.  Blawger Steven J. Fox and three healthcare IT leaders share their insights in this in-depth article. See

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

CMS inaugurates new HIT information clearinghouse website and associated listserv

Looking for a central source of information on all the federal government’s initiatives to digitize the health industry? Try the Centers for Medicare & Medicaid Services’ new eHealth(

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Health care digitization enriches software industry

The health IT industry’s pitch to Congress, and to the public, was that health care would be transformed through digitization, and that the shift to electronic records would result in huge health care savings.  Four years after the passage of ARRA

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Health IT Law Blog Named to a List of Top Health Care Organizations

Our blog is proud to be featured in the Top 100 Health Care Organizations to Watch in 2013. The designation was published by MHAPrograms.org, a website that highlights the most prominent organizations and information resources across health care and health

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , ,

Family doctor EHR use up although use varies by location

The Annals of Family Medicine reports that although use of electronic health records has not increased significantly in all regions, it has risen dramatically nationwide in the last few years. Via Modern Healthcare: The number of family physicians who have

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , ,

Mostashari urges HIT vendors to conduct themselves ethically

Farzad Mostashari, National Coordinator for Health Information Technology, believes most HIT vendors operate in good faith.  At a recent meeting, however, Mostashari stated that he will be testing organized peer pressure as a means of bringing more ethically problematic vendors into line,

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

Breaking: HHS releases final rule on HITECH Act provisions

HHS has announced a long-awaited omnibus final rule that implements a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, commonly known as the “Stimulus Bill,” to strengthen the privacy

Posted in HIPAA Tagged with: , , , , , , , , , , , , , , ,

HIPAA Transaction Rules Compliance Enforcement Delayed Until April 2013

HHS has announced a long-awaited omnibus final rule that implements a number of provisions of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, commonly known as the “Stimulus Bill,” to strengthen the privacy

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , ,

Settlement of first small scale HIPAA breach announced by HHS

In a sign that HHS is serious about small data breaches, the Office of Civil Rights (OCR) and The Hospice of North Idaho reached a settlement agreement to resolve allegations of a 2010 breach involving 441 patient records. OCR Director Leon Rodriguez

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

HHS Inspector General: Medicare EHR incentive program lacks adequate safeguards against error and fraud

The HHS Inspector General this week reported the results of its recent investigation to “verify the accuracy of professionals’ and hospitals’ self-reported meaningful-use information, as well as eligibility and payment amounts.”   The investigation reviewed payments issued from May through December

Posted in ARRA, Higher Ed, HITECH Act, News Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

3.8 million record breach in South Carolina: lessons learned

Hackers recently infiltrated South Carolina’s state tax records, absconding with the largest haul to date of Social Security numbers, credit and debit card numbers from a state agency. State officials describe how the theft was worked, and list enhanced security

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

EHR access lost during Hurricane Sandy

Hurricane Sandy this week tested East Coast health care systems’ electronic infrastructure.  Emergency preparedness plans were implemented fairly successfully for most health care facilities, allowing them to continue to operate adequately.  Others, however, were negatively impacted, including some which lost access

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Computer viruses on hospital medical devices: a growing concern; possible solutions

Medical device security experts report increasing issues with computer viruses on hospital medical devices. Problem sources include inconsistent and/or incompatible security measures, as well as outdated operating systems. The Government Accounting Office has sounded the alarm, requesting the FDA to

Posted in HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Computer viruses on hospital medical devices: a growing concern; possible solutions

Medical device security experts report increasing issues with computer viruses on hospital medical devices. Problem sources include inconsistent and/or incompatible security measures, as well as outdated operating systems. The Government Accounting Office has sounded the alarm, requesting the FDA to

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Public-private group, eHealth Exchange, to oversee development of health info network

The HHS Office of the National Coordinator for Health Information Technology is passing management of the Nationwide Health Information Network to a coalition of public and private health care organizations. Via Modern Healthcare: Following last month’s announcement that “now is not

Posted in ARRA, Higher Ed, HIPAA, HITECH Act, News, Privacy & Security Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Health education information incomprehensible to many; HHS program to rate EHR-linked education materials for “understandability”

Health education materials provided to health care consumers until now have commonly assumed a fairly high level of “health literacy” – a level which, research has shown, makes the materials inaccessible to about 77 million people.  HHS’ new program addressing

Posted in ARRA Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

Sharing EHR notes between providers and patients improves care, patient loyalty among other benefits

According to Annals of Internal Medicine, a new study found no disadvantages to health care providers sharing EHR notes with patients. Via Kaiser Health News: Doctors are required by federal law to provide patients with a copy of their medical

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Laptop theft costs Massachusetts provider $1.5 million in HHS settlement

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates (MEEI) will be paying HHS $1.5 million in installments over three years for a 2010 incident.  It is worth noting that OCR also reached a $1.5 million settlement with

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Tagging technique keeps more sensitive portions of an EHR more private

State and federal privacy laws rigorously restrict sharing of mental health and other highly sensitive patient records.  A technique called “data tagging” may be key in facilitating health care providers’ compliance with these requirements. Via Modern Healthcare: Using off-the-shelf content

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

ONC: no caps on per-provider EHR incentive payments

National Coordinator for Health IT Farzad Mostashari has announced there is no cap on how much individual providers may receive in meaningful use incentive payouts, as long as they meet the requirements for the EHR incentive payments program.  According to

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

ONC announces five organizations to serve as EHR certifiers

In preparation for the launching of ONC’s permanent EHR system testing and certification program, part of the EHR incentive payment initiative, ONC has authorized five groups as permanent EHR certifiers. Via Modern Healthcare: Even though the new regime for testing

Posted in ARRA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,

Cybersecurity risk management by boards and senior executives: 12 recommendations

According to Forbes, a recent Carnegie Mellon study has found that corporate boards “are not actively addressing cyber risk management.”  The researchers collected data from corporations worldwide and across all industrial sectors, and found that while boards actively attend to risk

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

EHR hackers turn to extortion

Hackers recently struck a small medical practice in suburban Chicago, encrypted the facility’s digital medical records, and then demanded a ransom payment in exchange for allowing the facility to regain access to its records. Medical industry observers note that this

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , ,

Breaking: CMS issues final rule on Stage 2 of Meaningful Use

Centers for Medicare and Medicaid Services (CMS) released the final requirements for Stage 2 of Meaningful Use, which health care providers must meet in order to qualify for incentives during this stage of the program, and criteria that electronic health records

Posted in ARRA Tagged with: , , , , , , , , , , , ,

OCR: Health records of over 7 percent of U.S. population breached in past 3 years

Health records of over seven percent of the U.S. population – almost 21 million individuals – have been breached in the past three years, according to OCR. Although it may be somewhat of an apples-to-oranges comparison, it is worth noting

Posted in ARRA, HIPAA Tagged with: , , , , , , , , , , , , , , , ,