Audit criticizes OCR and ONC over data privacy efforts

Posted on May 19, 2011 by Steve Fox and Vadim Schick

HHS's own Office of Inspector General (OIG) issued a scathing report regarding pervasive breaches in privacy and security of patient data. OIG specifically called out the Office of Civil Rights (OCR), charged with enforcement of HIPAA Privacy and Security Rules, for failing to investigate and punish the vast majority of violators.

The audit tested seven hospitals' compliance with HIPAA in seven different states, and found 151 vulnerabilities in the systems and controls intended to cover e-PHI, 124 of which were categorized as "high-impact" (i.e., ones which may result in costly losses, injury or death.)  Violations included unencrypted wireless connections, easy passwords, and even a taped-over door lock on a room used for data storage. Via Modern Healthcare:

The audits of the seven hospitals revealed weaknesses in hospital IT defenses of electronic protected health information, or ePHI, ranging from the fact that several hospitals still were using obsolete and vulnerable encryption protocols to the fact that all seven had vulnerable access controls in which “Outsiders or employees at some hospitals could have accessed, and in one hospital did access, systems and beneficiaries' personal data and performed unauthorized acts without the hospitals' knowledge.”

“These vulnerabilities placed the confidentiality, integrity and availability of ePHI at risk,” the auditors said. The individual hospital audit reports were not disclosed “because the reports contained restricted, sensitive information that may be exempt from release under the Freedom of Information Act,” according to the report.

 

OIG also criticized the Office of National Coordinator for Health IT (ONC) for their failure to develop standards ensuring privacy and security of patient data as part of ARRA's push for digitizing medical records:

As a yardstick for ONC performance as a security champion, the inspector general's auditors reviewed last year's ONC-developed interim final rule and final rule on standards, implementation specifications and certification criteria for the ARRA-funded electronic health record system incentive payment program. The auditors found both wanting.

The report's authors differentiated between two types of security measures. One they described as “application security controls” that “function inside systems or applications to ensure that they work correctly.” Such measures include security controls covered by the ONC final rule and used in testing and certification of electronic health-record systems as able to meet meaningful-use requirements for providers participating in the federal IT incentive payment programs. An example is a requirement that certified EHRs be able to encrypt data shared between providers.

The auditors called the other type of measures “general information technology security controls,” described as “structure, policies and procedures that apply to an entity's overall computer operation.”

An example would be a policy that requires providers to use encryption software on their systems and encrypt all data copied from an EHR and placed on a portable storage device, such as a laptop, CD or a portable thumb drive. The auditors found that the ONC had included application controls in writing its interoperability specifications for meaningful use, but that "there were no (health IT) standards that included general IT security controls.”

Other examples of general controls not addressed by the ONC but suggested for development by the report would be requirements that providers use two-factor authentication to gain access to an organization's health IT system and policies that mandate that organizations install “patches” or bug fixes in a routine and timely manner to computers that process and store EHRs.

"Audit reports hit HHS on digital security," Modern Healthcare (May 17, 2011).

 
Tags: , , , , , , , , , , , ,

Medicare EHR incentives attestation to begin on April 18, 2011

Posted on March 29, 2011 by Steve Fox and Vadim Schick

CMS announced that the online Attestation System for the Medicare EHR Incentive Program will launch on April 18, 2011. Eligible professionals and eligible hospitals will be able to use this online portal to self-attest to meeting the Meaningful Use criteria.

CMS also released a preview of the Attestation System. This preview includes attestation screenshots and is intended to give examples of what the attestation process will look like. CMS promised to release additional information about the attestation process soon, including "User Guides" that will give step-by-step instructions for completing attestation, along with educational webinars that describe the attestation process in depth.

Finally, CMS noted that providers will follow a similar process using their state's Attestation System. Such providers may find their state's scheduled launch dates of their Medicaid EHR Incentive Program by clicking here.

You can download the preview by clicking here.

For more information, please visit CMS's EHR Incentive Program web site.
 

 

Tags: , , , , , , , , , , , , , ,

Blumenthal to leave ONC this spring

Posted on February 4, 2011 by Steve Fox and Vadim Schick

Dr. David Blumenthal, the head of the Office of the National Coordinator for Health IT (ONC), announced yesterday in a letter to his staff that he's leaving the ONC and returning to his position at Harvard University.  

According to Dr. Blumenthal, the move was "planned" and is expected to take place this spring. Here is a copy of his letter, via Healthcare IT News:

ONC Staff:

As you know, I have told Secretary Sebelius that I will be returning to my academic home this spring, as was planned when I accepted the position of National Coordinator for Health Information Technology. While we still have important work to do together, including the assurance of a productive transition for ONC, now is the time for me to express my deep gratitude to all of my ONC colleagues, and my admiration for all you have accomplished.

We have been privileged to be at the center of a great new enterprise at an historic moment in our health care system. For years America’s health policy leaders have understood that information technology offered the opportunity for transformational improvement of the Nation’s health care system and the health of individual Americans. Yet the obstacles are formidable: our fractured health care system, our dysfunctional payment methods, the lack of an infrastructure for exchanging health information, and more.

 

 The enactment of the Health Information Technology Economic and Clinical Health Act of 2009 handed us a rare opportunity to transcend these obstacles and to create a foundation, a strategy, and a self-sustaining movement toward a future of HIT-assisted health care. I believe we have effectively seized that opportunity, and you deserve the credit for this achievement.

Much attention has gone to the unprecedented resource commitment made by Congress and the President in HITECH – the allocation of as much as $27 billion in incentive payments to help support adoption of EHRs. The money is indeed crucial, and the Center for Medicare and Medicaid Services is doing a great job of putting it to use.

But I believe the key factor for success has been, and will continue to be, the concept of “meaningful use.” The HITECH Act recognized that EHR adoption alone would not bring about the transformative improvements that are possible with health information technology. EHRs must be used to support a new kind of information-rich health care. Meaningful use provides, for the first time ever, a consensus goal on how information should be used to enhance care. To realize its promise also requires changes in the processes of care delivery. HITECH gave ONC a major role in assisting health professionals and institutions to make these critical changes in the way care is delivered and we have begun this work in earnest.

We have successfully put in place the $2 billion support system created by HITECH, including:

  • Sixty-two Regional Extension Centers (REC), providing assistance to providers nationwide, with special attention to smaller primary care practices and rural hospitals.
  • Eight-four community college programs to provide HIT training and build a vitally-needed HIT workforce, including training for nurses, physician assistants and other in-place health care workers.
  • Seventeen Beacon communities, demonstrating how HIT can help bring community resources together to tackle specific local health needs.
  • State grants to support local solutions for health information exchange, consonant with broader national standards.
  • A program of research and development to help us continually improve EHRs and move quickly to the next level in HIT.

It is the efforts of the ONC staff, working cooperatively with the health care professions, the states, and so many others that have brought these programs quickly into being. They are now up and running. And we are already seeing results that indicate that the national shift to EHRs and HIT-assisted care is finally underway:

  • Adoption itself has turned up: from 2008 to 2010, the proportion of primary care physicians who had adopted a basic EHR increase by half, from 19.6 percent to 29.6 percent.
  • A significant proportion of providers were already indicating in the latter part of 2010 that they plan to achieve meaningful use objectives and qualify for incentive payments: 81 percent of hospitals, and 41 percent of office-based physicians.
  • A total of 291 EHR products have already been certified to support meaningful use objectives and qualify for use under the incentive payments program.
  • Some 38,000 providers have enrolled in REC assistance programs.
  • Community college programs will “graduate” an initial class of 3,400 HIT-trained students this spring, working toward a total capacity of 10,500 in each six-month session.

We have achieved these accomplishments together, as a hard-working team with a unique opportunity to make a difference.


On a personal note, I have profoundly enjoyed getting to know you and work with you. It has been one of the highlights of my professional life. And I am confident that the progress will continue and even accelerate after I have settled back into academic life in Boston.

Best wishes to you all.

David

 
Tags: , , , , , ,

CCHIT certifies 19 complete EHRs and 14 EHR modules

Posted on October 4, 2010 by Steve Fox and Vadim Schick

On October 1, 2010, CCHIT announced certifications of 19 "complete" EHR products, including, for example, Epic products for both hospitals and eligible professionals, and Allscripts and GE Centricity products for eligible professionals.  

CCHIT also certified 14 "module" EHR products, from vendors which applied for certification of their products as complete EHRs "but testing could not be completed on a small number of criteria (such as electronic prescribing) because planned updates to the test procedures by NIST were not available at the time of testing." Such "EHR Module" certified products may seek certification as a complete EHRs in the near future.  Via Healthcare IT News:

The Certification Commission for Health Information Technology announced Oct. 1 that it has tested and certified 33 Electronic Health Record products under the ONC-ATCB program.

CCHIT is one of three Approved Testing and Certification Bodies, designated by the Office of the National Coordinator (ONC). The other two are the Drummond Group and InfoGard Laboratories, Inc.

The ATCBs certify that the EHRs are capable of meeting the 2011/2012 criteria supporting Stage 1 meaningful use. Certification is required to qualify eligible providers and hospitals for funding under the American Recovery and Reinvestment Act (ARRA).

The CCHIT certifications include 19 Complete EHRs, which meet all of the 2011/2012 criteria for either eligible provider or hospital technology, and 14 EHR Modules, which meet one or more – but not all – of the criteria.

"CCHIT announces 33 certifications," Healthcare IT News (October 1, 2010).

 

Tags: , , , , , , , , , ,

CCHIT to launch certification process on September 20, 2010

Posted on August 31, 2010 by Steve Fox and Vadim Schick

According to Karen Bell, MD, chair of the Certification Commission on Health Information Technology (CCHIT), her organization will begin accepting applications for HHS certification as early as September 20, 2010.  Via Healthcare IT News:

CCHIT is authorized to offer HHS certification for complete EHRs that meet all of the Stage 1, 2011/2012 HHS/ONC criteria, as well as certification for modular EHR products that meet one or more - but not all - of the criteria, Bell said.

According to Bell, CCHIT plans to launch its authorized HHS certification program on Sept. 20 at 1 p.m. Eastern time with a Town Call Webcast describing its application and testing process. CCHIT will take new health IT developer applications immediately after the Webcast and the first group of HHS certified complete EHRs and EHR modules will be announced within weeks of that launch.

In addition to HHS certification, CCHIT will continue to offer its CCHIT Certified program for ambulatory and inpatient EHR products that exceed the HHS/ONC criteria and are designed for hospitals and physician practices that are looking for assurance of more robust, integrated EHR products to support the unique needs of its clinicians and patients. Many of these products will also be HHS certified, Bell said.

You can read more about CCHIT's plans here.

 

.
Tags: , , , , , , , , , , , , , , ,

CCHIT and Drummond picked as ONC-ATCBs

Posted on August 31, 2010 by Steve Fox and Vadim Schick

Via HHS Press Release:

The Certification Commission for Health Information Technology (CCHIT), Chicago, Ill. and the Drummond Group Inc. (DGI), Austin, Texas, were named today by the Office of the National Coordinator for Health Information Technology (ONC) as the first technology review bodies that have been authorized to test and certify electronic health record (EHR) systems for compliance with the standards and certification criteria that were issued by the U.S. Department of Health and Human Services earlier this year.

Announcement of these ONC-Authorized Testing and Certification Bodies (ONC-ATCBs) means that EHR vendors can now begin to have their products certified as meeting criteria to support meaningful use, a key step in the national initiative to encourage adoption and effective use of EHRs by America’s health care providers.

“Less than two months following the issuance of final meaningful use rules, we have approved our initial ONC-ATCB certifiers. EHR vendors can begin immediately to get their products certified.” said David Blumenthal, M.D., national coordinator for Health Information Technology. This is a crucial step because it ensures that certified EHR products will be available to support the achievement of the required meaningful use objectives, that these products will be aligned with one another on key standards, and that doctors and hospitals can invest with confidence in these certified systems.”

 

Applications for additional ONC-ATCBs are also under review.

Certification of EHRs is part of a broad initiative undertaken by Congress and President Obama under the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was part of the American Recovery and Reinvestment Act (ARRA) of 2009. HITECH created new incentive payment programs to help health providers as they transition from paper-based medical records to EHRs. Incentive payments totaling as much as $27 billion may be made under the program. Individual physicians and other eligible professionals can receive up to $44,000 through Medicare and almost $64,000 through Medicaid. Hospitals can receive millions.

To qualify for the incentive payments, providers must not only adopt, but also demonstrate meaningful use of, certified EHR systems. The law envisions that defined meaningful use requirements will help ensure that the patient and provider benefits of EHRs are realized. Initial meaningful use criteria were defined in a final rule issued by the Centers for Medicare & Medicaid Services (CMS) on July 28.

In addition to the CMS rule, ONC also issued standards and certification criteria for EHRs on July 28, aimed at ensuring that EHR systems will support the specific tasks required under meaningful use. Also, through regulations issued on June 24, ONC created a system by which technology review organizations could also qualify as ONC- ATCBs that will certify EHR products as meeting the requirements necessary for meaningful use.

With the initial two ONC-ATCBs now named, EHR vendors can apply to them for certification of their products. By purchasing certified products, providers will have assurance that the products will support achievement of the meaningful use objectives.

“Multiple steps are underway to carry out the intent of Congress in supporting rapid and effective adoption of EHRs throughout our health care system,” Dr. Blumenthal said. “The naming of initial ONC-ATCBs is one important step. Actual certification of multiple vendors’ systems by the ONC-ATCBs is an important next step. CMS is also working to create an online system for providers to register and attest for the EHR incentive programs. The first incentive payments are targeted to be made in May 2011. Meanwhile, ONC is also carrying out new programs of technical assistance and training, especially for smaller hospitals and physician practices.”

Dr. Blumenthal said the Health IT initiative “is on an aggressive schedule to meet the urgent targets set by Congress and the President toward realizing the quality and safety improvements that we can achieve through health information technology.”

To learn more about the ONC-ATCBs named today visit www.cchit.org and www.drummondgroup.com.

For more information about the ONC certification programs visit http://healthit.hhs.gov/certification.

For more information about other HHS Recovery Act Health Information Technology funding and programs, visit http://www.hhs.gov/recovery/programs/index.html#Health.

 
Tags: , , , , , , , , , , , , ,

Advisory panel submits recommendations to HIT Policy Committee regarding health data exchanges

Posted on August 20, 2010 by Steve Fox and Vadim Schick

On August 19, 2010, the "tiger team" advisory panel submitted a letter to the HIT Policy Committee, established pursuant to the HITECH Act, proposing new safeguards for personally identifiable information on health information exchanges.  Via Bloomberg Business Week:

The recommendations were developed in response to a specific set of privacy-related questions raised by the Office of the National Coordinator for Health Information Technology. They touch upon and clarify topics such as patient consent and the use of third-party service providers in the exchange of personally identifiable health information.

<...> One of the bigger recommendations relates to patient consent. The direct exchange of electronic patient data between health providers for treatment purposes does not require any additional patient consent, the panel noted. The same rules that apply to paper or faxed exchanges of health information should apply in the electronic realm as well.

HIT Policy Committee will have to review and approve the proposed safeguards.  You can read more about the proposed standards after the jump, and can read the letter in full by clicking here.

 

Bloomberg Business Week described some of the proposed safeguards:

However, any data exchange that involves a third-party does require specific and "meaningful" patient consent, the letter noted. Any such consent also needs to be transparently and easily revocable by the patient at any time, the panel said.

The letter also recommended further exploration of technologies that allow individuals to exercise more granular control over the data for instance permitting the exchange of certain kinds of health data, but not all.

Third-party service organizations should also not be allowed to collect, use or share personal health data for any purposes other what's specified in their service agreements, the panel recommended.

Third parties should also be required to retain personal health data only for as long as it is reasonably needed and should then be required to destroy the data, the panel said.

All third parties having access to patient health information also need to comply with the privacy and security requirements of HIPAA.

"Panel drafts privacy recommendations for health data exchanges," Bloomberg Business Week (August 19, 2010).
Tags: , , , , , , , , , , , ,

CMS issues final rules on Meaningful Use

Posted on July 13, 2010 by Steve Fox and Vadim Schick

On July 13, 2010, CMS issued the final rule defining "meaningful use" and establishing the parameters and requirements for eligible professionals, hospitals and other providers to receive incentive payments provided under the HITECH Act for widespread adoption of electronic health records.  According to CMS, the key changes included in the final rule (from the meaningful use NPRM published in the Federal Register on January 13, 2010) include:

  • Greater flexibility with respect to eligible professionals and hospitals in meeting and reporting certain objectives for demonstrating meaningful use. The final rule divides the objectives into a “core” group of required objectives and a “menu set” of procedures from which providers may choose any five to defer in 2011-2012. This gives providers latitude to pick their own path toward full EHR implementation and meaningful use.
  • An objective of providing condition-specific patient education resources for both EPs and eligible hospitals and the objective of recording advance directives for eligible hospitals, in line with recommendations from the Health Information Technology Policy Committee.
  • A definition of a hospital-based EP as one who performs substantially all of his or her services in an inpatient hospital setting or emergency room only, which conforms to the Continuing Extension Act of 2010
  • CAHs within the definition of acute care hospital for the purpose of incentive program eligibility under Medicaid.

You can view the PDF of the final rule on Meaningful Use by clicking here.

You can learn more about it from the HHS press release by clicking here.  Also, the New England Journal of Medicine published an excellent summary by Dr. Blumenthal of the changes included in the final rule; you can find this article by clicking here.

At the same time, ONC issued another final rule, finalizing the "standards and certification criteria for the certification of EHR technology, so eligible professionals and hospitals may be assured that the systems they adopt are capable of performing the required functions."  You can find a copy of this final rule by clicking here.

Stay tuned for much more analysis of the final rules published today, as well as the changes to HIPAA Privacy and Security Rules issued by OCR last week.
Tags: , , , , , , , , , , , , , , , , , , ,

HHS issues NPRM on HIPAA Privacy, Security and Enforcement Rules

Posted on July 8, 2010 by Steve Fox and Vadim Schick

On July 7, 2010, HHS issued a notice of proposed rule making (NPRM) regarding the changes to the HIPAA Privacy, Security and Enforcement Rules, as provided in the HITECH Act, in order "to strengthen the privacy and security protections for health information and to improve the workability and effectiveness of the HIPAA Rules."  Via HHS Press Release:

The proposed modifications to the HIPAA Rules include provisions extending the applicability of certain of the Privacy and Security Rules’ requirements to the business associates of covered entities, establishing new limitations on the use and disclosure of protected health information for marketing and fundraising purposes, prohibiting the sale of protected health information, and expanding individuals’ rights to access their information and to obtain restrictions on certain disclosures of protected health information to health plans. In addition, the proposed rule adopts provisions designed to strengthen and expand HIPAA’s enforcement provisions.

You can view the NPRM by clicking here.

"Notice of Proposed Rulemaking to Implement HITECH Act Modifications," HHS Press Release (July 7, 2010).

Tags: , , , , , , , , , , , , , , , , ,

Breaking: ONC releases final rule on temporary EHR certification

Posted on June 18, 2010 by Steve Fox and Vadim Schick

On June 18, 2010, the Office of National Coordinator for Health IT issued a final rule, 45 CFR Part 170, establishing a temporary EHR certification program for the purposes of testing and certifying health information technology.

The National Coordinator will utilize the temporary certification program to authorize organizations to test and certify Complete Electronic Health Records (EHRs) and/or EHR Modules, thereby making Certified EHR
Technology available prior to the date on which health care providers seeking incentive payments available under the Medicare and Medicaid EHR Incentive Programs may begin demonstrating meaningful use of Certified EHR Technology.

You can find the new final rule here.

You can find ONC's "Fact Sheet" and Q&A regarding certification here.

Tags: , , , , , , , , , , , ,

ONC approves Maryland's HIT plan

Posted on June 14, 2010 by Steve Fox and Vadim Schick

On June 7, 2010, Maryland's Lt. Governor Anthony Brown announced that the Office of National Coordinator for Health IT approved Maryland's State Health IT plan, allowing the state to move forward to implement a functional health information exchange (HIE).  According to the Washington Business Journal, ONC will release $25 million in ARRA funds to Maryland, to be used in connection with the state's HIE:

Proponents of the exchange say it will cut costs and improve health care quality by streamlining the transfer of electronic health data between hospitals, physicians and patients.

The Chesapeake Regional Information System for our Patients, the nonprofit tasked with implementing the exchange, has already begun work with $10 million in state money. The federal approval leaves the plan's funding "fully unrestricted," said CRISP Program Director Scott Afzal, allowing them to broaden the goals of the exchange and engage more hospitals. Much of their work lies in finding health care providers to sign on to the exchange when there is no state or federal legal requirement to do so, according to Afzal.

'We have to show a value proposition to connect,' he said.

The project is estimated to cost roughly $20 million, although it will be scoped to available funding.

 

On April 29, 2010, CRISP selected Axolotl Corp. as the vendor for its core HIE platform.  CRISP aims to connect 47 acute care hospitals, 7,900 physicians and ancillary provider sites  after completion.

"Lt. Governor Brown Speaks at Health Information Technology Forum, Touts Federal Recognition of Maryland's Health IT Plan," Press Release from Lt. Governor Brown (June 7, 2010).

"Maryland HIE Picks Platform Vendor," Health Data Management (April 29, 2010).
Tags: , , , , , , , , ,

CHIME comments on EHR certification NPRM

Posted on April 15, 2010 by Steve Fox and Vadim Schick

In a letter to Dr. David Blumenthal, the College of Healthcare Information Executives (CHIME), an organization which represents1,400 healthcare chief information officers, offered some criticism of ONC's recent notice of proposed rulemaking (NPRM) regarding the EHR certification program.  While CHIME expressed general support for a two-stage approach for creating the certifying bodies, the CIO's are worried about any destabilizing effects such rule may have on the health IT market.  Via Healthcare IT News:

We are very concerned that the introduction of a two-stage approach for certification will prolong the current instability in the health IT marketplace, which exists because of the un-finalized status of meaningful use and certification regulations," CHIME wrote. "The introduction of two separate certification schemes – one temporary and one permanent – carries a risk of continuing the uncertainty and promoting needless product replacement in the marketplace.

CHIME issued a few recommendations to combat such uncertainty, which you can find after the jump.

CHIME called for:

  • Temporary process to be a provisional or interim one that builds on current certification strategies and is "harmonized" with the eventual permanent certification process. According to CHIME, certification process should be the responsibility of the vendor, and that the purpose of certification should be to provide healthcare providers and professionals with assurance that the product they are purchasing can help them achieve meaningful use.
  • More specificity in language to define what constitutes a self-developed EHR. Current wording in the regulation suggests that any complete EHR or EHR module that's modified by a healthcare provider or a contractor could require certification.
  • Changes in certification requirements be made only when they are necessary to meet meaningful use evolution or advance interoperability, not just because a certain amount of time has passed.
  • If CMS maintains the "adoption year" approach originally advanced in proposed regulations, providers should not be required to have products certified for capabilities not required in their current adoption year.
  • Individual EHR modules be certified to ensure that they can communicate according to adopted standards, and that the interoperability of those modules as used by providers be deemed as certified.
  • HIT vendors fully disclose functions for which their products are certified and fully disclose known compatibility issues.
  • In the event of a certification body losing its authority to certify products, vendors should have six months to recertify products, and providers should not be penalized for a change in a product's certified status if they are still able to demonstrate the meaningful use of the technology.

"CHIME raises concerns about EHR certification," Healthcare IT News (April 9, 2010).
Tags: , , , , , , , , , , , , , , , ,

In the news: Senators request easing of meaningful use requirements; HHS releases over $267M for RECs; and more

Posted on April 12, 2010 by Steve Fox and Vadim Schick
  • A group of 37 U.S. Senators sent a letter to HHS Secretary Kathleen Sebelius expressing concern regarding the current definition of meaningful use.  The senators urged the Secretary to "allow providers to 'temporarily defer a limited set of IT goals' without otherwise changing the ultimate timeline or requirements of the program."  The senators also sought to change the eligibility determination based on Medicare provider numbers, considering many healthcare providers have multiple medical campuses under one such Medicare number.  According to Sen. Max Baucus (D-MT), such changes would "improve the guidelines HHS has set in way that will encourage widespread use of basic, functional IT tools and improve patient care.”
  • HHS released over $267 million from the stimulus funds to help 28 non-profit Regional Extension Centers (RECs).  This latest award brought the total of stimulus-funded RECs to 60, and is expected to support 100,000 primary care and hospitals within 2 years.  According to Secretary Sebelius, these 28 awards "represent [HHS's] ongoing commitment to make sure that health providers have the necessary support within their communities to maximize the use of health IT to improve the care they provide to their patients."  
  • Thomson Reuters released its annual study identifying the 100 top U.S. hospitals based on their overall organizational performance. The 10 areas measured are: mortality, medical complications, patient safety, average length of stay, expenses, profitability, patient satisfaction, adherence to clinical standards of care, and post-discharge mortality and readmission rates for acute myocardial infarction, heart failure, and pneumonia. The study has been conducted annually since 1993. Is your hospital one of the 100 Top Performing Hospitals? Find out here.
  • According to the Baltimore Business Journal, a proposed Maryland law could change how primary care providers do business, by creating a patient-centric primary care delivery system whereby insurance companies would financially reward primary care providers for better outcomes.  However, the new law would also ease patient privacy rules by allowing greater sharing of patient information among medical practices and insurance companies. The law will likely pass with little or no opposition.
     

 
Tags: , , , , , , , , , , ,

ONC publishes white paper on consent options

Posted on April 1, 2010 by Vadim Schick

The Office of National Coordinator for Health IT (ONC) published on its web site a white paper analyzing the policies behind obtaining consent for the purposes of electronic health information exchange.  The paper examined the concept of patient control of their health information, focusing on "the issues, nuanced considerations, and possible tradeoffs associated with the various consent options to help facilitate informed decision making."  While the paper was written by researchers at the George Washington University, under contract with ONC, ONC clearly stated in the preamble that this white paper does not actually represent the views of the ONC or HHS.

You can find the full paper (and the attachments) by clicking here.  You can view the executive summary by clicking here.

Tags: , , , , , , , , , , ,

Pritts named first ONC Chief Privacy Officer

Posted on February 18, 2010 by Steve Fox and Vadim Schick

Joy Pritts, a researcher and faculty member at Georgetown University's Health Policy Institute, was named as the first Chief Privacy Officer for the Office of National Coordinator for Health IT.  This position was created pursuant to a provision in ARRA, last year's economic stimulus legislation.

In her new position, Ms. Pritts will advise Dr. Blumenthal on forming policies on privacy, security and data stewardship of electronic health information, as well as coordinate similar efforts on state, federal and international levels.

Ms. Pritts is a graduate of Oberlin College and Case Western Reserve University School of Law.  She has testified before Congress on data privacy issues, and served as a member of Technical Advisory Panel for the multi-state Health Information Security and Privacy Collaborative (HISPC) and on the board of the National Governors Association’s State Alliance for e-Health.

According to Government Health IT:

Blumenthal said Pritts, who started her job Feb. 16, has extensive experience on all the issues that ONC grapples with. For instance, she was heavily consulted by members of Congress in legislating the HITECH health IT incentive law.

'So she has an understanding of the legislative process and a policy understanding, in addition to having worked for the government previously,' Blumenthal said in answer to a reporter’s question after a meeting of HHS’s Health IT Policy Committee.

'She has a combination of an understanding of government, understanding of the issues, and her legal background is very important – her research and policy qualifications,' he added.

"HHS appoints Joy Pritts chief privacy officer," Government Health IT (February 17, 2010).

 
Tags: , , , , , , , , , , , ,

ONC names 17 members of the privacy and security workgroup

Posted on December 11, 2009 by Steve Fox and Vadim Schick

The Office of National Coordinator for Health IT named 17 members of the newly formed privacy and security workgroup of the HIT Policy Committee.  According to Government Health IT:

The work group will be co-chaired by Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology, and Rachel Block, executive director of the New York eHealth Collaborative and deputy commissioner for health IT transformation at the New York State Department of Health.

Their team will advise the Policy Committee on such matters as how safeguards for the exchange of health information should fit into the “meaningful use” test for health IT incentives that ONC has been working on.

The ONC has previously announced the establishment of a separate workgroup devoted to creation of a national health information network, which, of course, will have to deal with its own set of privacy and security concerns.  There is also a privacy and security workgroup under the HIT Standards Committee.

Government Health IT provides a list of the other members of the workgroup:

Some of the privacy and security work group members named today already sit on its parent Policy Committee. They are: are Dixie Baker, SAIC; Paul Egerman, consultant; Judy Faulkner, Epic Inc.; Gayle Harrell, a consumer representative with the state of Florida; Dr. Mike Klag, Johns Hopkins University School of Public Health; Latanya Sweeney, Carnegie Mellon University; and Paul Tang, Palo Alto Medical Foundation and Policy Committee vice chairman.

New members who are not current members of the Policy Committee are: Dr. Peter Basch; a healthcare practitioner, Dr. A. John Blair, a practitioner; Marianna Bledsoe, the National Institutes for Health; Joyce DuBow, AARP; Justine Handelman, Blue Cross Blue Shield; John Houston, University of Pittsburgh Medical Center; Terri Shaw, Children’s Partnership; and Paul Uhrig, SureScripts. Jodi Daniel and Sarah Wattenberg will represent the Office of the National Coordinator for Health IT on the workgroup.

"ONC names privacy, security workgroup members," Government Health IT (December 8, 2009).
Tags: , , , , , , , , , , , ,

Regional Extension Program: Important Updates and Links from HHS

Posted on September 3, 2009 by Steve Fox and Vadim Schick

Via HHS e-mail update:

The Office of the National Coordinator for Health Information Technology (ONC) is pleased to announce the availability of materials that are of immediate interest and use to stakeholders and potential applicants for the Health Information Technology Extension Program: Regional Centers Cooperative Agreement Program, and that are new or updated since the August 27, 2009 technical assistance telephone and web conference.

REVISED – Preliminary Application Template (Attachment I to the Funding Opportunity Announcement):  As discussed on the August 27th technical assistance public conference, the suggested template for applicants’ use in compiling and presenting the information required for the Preliminary Application has been updated to include the complete requirements established in the funding opportunity announcement and is now available from www.grants.gov and the Extension Program section of ONC’s website at http://healthit.hhs.gov/extensionprogram.

NEW – A complete transcript of the August 27th technical assistance conference is available for download from the Extension Program section of ONC’s website.  Please visit http://healthit.hhs.gov/extensionprogram to access detailed information about the conference, including the transcript and the presentation slides used during the call.

NEW/REVISED – Program-specific Frequently Asked Questions (FAQs) are now available on the Extension Program section of ONC’s website.  New FAQs are posted frequently, so potential applicants and other interested parties are encouraged to visit often.  Please visit http://healthit.hhs.gov/extensionprogram then scroll down and click on “Frequently Asked Questions”.

On the HIT Extension Program site, you can find the Funding Opportunity Announcement / Application Instructions document,  as well as a large FAQ section and the "Facts-At-A-Glance" summary. 

You can find the August 27th, 2009 presentation (PPT) here, and the transcript of that same presentation here.

"Health Information Technology Extension Program: Regional Centers Cooperative Agreement Program Update," HHS e-mail update (September 3, 2009).

Tags: , , , , , , , , , , , , , , , , , ,

HIT Policy Committee Reveals "Meaningful Use" Proposal

Posted on July 16, 2009 by Steve Fox and Vadim Schick

Via Healthcare-Informatics:

By 2011, at least 10 percent of all orders processed in a hospital must be entered through CPOE to qualify that institution for CMS incentives under the HITECH Act, according to a proposed matrix of meaningful use released today by ONC’s HIT Policy Committee.

Other 2011 hospital requirement are:

  • implementation of drug-drug, drug-allergy, and drug-formulary checks
  • maintenance of up-to-date problem lists of current and active diagnoses based on ICD-9 or SNOMED
  • incorporation of lab-test results into EHR as structured data
  • reporting of hospital quality measures to CMS
  • implementation of one clinical decision rule related to a high-priority hospital condition
  • providing of patients with an e-copy of their health information
  • capability to exchange key clinical information (eg. discharge summary, procedures, problem lists, medication lists, allergies, test results) among providers of care

In another major development, the committee recommended that incentives be paid according to an ‘adoption year’ timeframe rather than a calendar year timeframe. “Under this scenario, qualifying for the first-year incentive payment would be assessed using the 2011 Measures. The payment rate and phaseout of payments would follow the calendar dates in the statute, but qualifying for incentives would use the ‘adoption-year’ approach,” the committee stated.

Here is the link to the matrix.

Stay tuned for more on meaningful use definition.

Tags: , , , , , , , , ,

HIT Policy Committee workgroup presents preliminary definition for Meaningful Use

Posted on June 16, 2009 by Steve Fox and Vadim Schick

On June 16, 2009, the Workgroup on Meaningful Use presented its findings to the HIT Policy Committee.  The findings include two parts:  the preamble and the matrix.   The matrix consists of goals to be achieved by 2011, 2013, and 2015, and the metrics for such goals to evaluate hospital and clinician progress in meeting them.

We will have much more analysis on this preliminary definition later, so stay tuned for our updates.  Meanwhile, our favorite "geek doctor" John Halamka stated the following on his blog:

Now that the initial definition of meaningful use is available, the HIT Standards Committee workgroups and HITSP will work through the month of July to ensure the matrix is populated with the most up to date standards and implementation guide detail.

Hospitals and Clinician offices now know what is expected for 2011, so the time is now to begin your software implementations.


"Meaningful Use has Arrived", Life as a Healthcare CIO (June 16, 2009).

 

Tags: , , , , , , , , , ,

David Blumenthal Named National Coordinator for HIT

Posted on March 20, 2009 by Steve Fox and Vadim Schick

Dr. David Blumenthal was named as National Coordinator for Health Information Technology at the Department of Health and Human Services (HHS).  Dr. Blumenthal will "lead the effort for implementation of a nationwide interoperable, privacy-protected health information technology infrastructure" authorized by ARRA and the HITECH Act. 

According to the HHS Press Secretary,

As a practicing physician and a leading scholar on health information technology, Dr. Blumenthal is uniquely qualified to help America’s doctors, nurses, hospitals, and patients reap the benefits of a modernized health system. Dr. Blumenthal shares President Obama’s commitment to investing in a health IT infrastructure that will protect patient privacy, and improve both quality and efficiency in our nation’s health care system.

An adviser to Mr. Obama during his presidential campaign, Dr. Blumenthal is unquestionably qualified for this job.  Among numerous other accomplishments, he was a physician and director of the Institute for Health Policy at Mass General in Boston; Professor of Medicine and Professor of Health Care Policy at Harvard Medical School; and served as director of the Harvard University Interfaculty Program for Health Systems Improvement.

Dr. Blumenthal's appointment has been well-received by commentators.  According to Healthcare IT News, John Halamka, CIO of Beth Israel Deaconess and Harvard Medical School, called it a "great choice" and Joseph C. Kvedar, MD, chief of the Center for Connected Health, stated that "Dr. Blumenthal brings a wealth of relevant experience to the post. The health of our nation will improve due to his involvement."

We extend our congratulations and best wishes to Dr. Blumenthal as he takes on this important role.

David Blumenthal named new National Coordinator for Health IT (Healthcare IT News, March 20, 2009).

HHS Names David Blumenthal As National Coordinator for Health Information Technology (HHS Press release, March 20, 2009).

 
Tags: , , , , ,