What to Know About Red Flags, Notification Laws and the Hi Tech Act

Data breaches have hit an all time high and with that have been a dramatic increase in new data security and privacy laws and regulations. Both state and federal regulations have been in place for several years with regards to security and privacy of Personal Identifiable Information (PII) and Protected Health Information (PHI). However, new regulations have popped up at a rapid pace. Just a few years ago there were only a handful of states that had data breach notification laws. Today, 44 states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted data breach privacy laws and federal legislation is well on its way.

Read more here.

Enforcement of New HIPAA Privacy, Security Rules Remains Unclear

The federal economic stimulus package calls for HHS to conduct audits to ensure that covered entities are complying with the strengthened HIPAA privacy and security rules. However, officials have yet to issue guidance on how they plan to conduct such audits.

Read more here.

Meaningful use criteria coming in 2011

The federal government will phase in meaningful use criteria for EHRs in three major periods, starting with a basic level in 2011, said David Hunt, MD, chief medical officer for the Office of the National Coordinator for Health Information Technology. Hunt spoke during Health Data Management’s Health IT Stimulus Summit in Boston on September 17.

Read more here.

AHA urges changes to proposed "meaningful use" standards

The American Hospital Association on Sept. 15 expressed concern that recommendations proposed by the Health Information Technology Standards Committee would change the Health Insurance Portability and Accountability Act’s privacy and security rules “in inappropriate and unworkable ways.” For example, HIPAA-covered entities and business associates may assess whether certain HIPAA security specifications, called “addressable specifications,” are reasonable and appropriate for their specific circumstances.

The committee’s recommendations seem to convert those specifications into a uniform set of requirements that establish what it means to be in compliance, Lawrence Hughes, AHA assistant general counsel, told the committee at its meeting on Sept. 15. Among other concerns, Beth Feldpush, AHA senior associate director for policy, told the committee that “meaningful use” should primarily be defined by the ability of the IT system to help hospitals and doctors improve patient care, yet many of the proposed quality metrics do not meet this criterion.

The panel is one of two federal committees advising the Department of Health and Human Services on how to define “meaningful use” of electronic health records, which will determine which hospitals and physicians are eligible for more than $17 billion in health IT funding under the American Recovery and Reinvestment Act.

The American Recovery and Reinvestment Act of 2009: What's in it for Nursing?

A small but significant portion of the $789 billion being made available to jumpstart the falling economy will be directed toward measures that will benefit nursing. Learn more here.

MHA hosting seminar on Stimulus Bill

The Mississippi Hospital Association will host a seminar on the American Recovery & Reinvestment Act of 2009 (ARRA) from 10 a.m. until 2 p.m. on Oct. 22 at the MHA Conference Center in Madison.

Discussion topics will include:

► E H R Incentives for Physicians and Hospitals
► Medicare/Medicaid Reimbursement Reform
► Security and Privacy
► And More!

Speakers for the event are Gregory D. Anderson, CPA/ABV, CVA; Tony Brooks, CISA; David Butler, CPA; and Jeffrey S. Moore. The cost is $65 for MHA members and $125 for non-members. For more information, visit www.mhafoundation.org or contact Judith Forshee, VP Education & Support Services, at (601) 368 3216 or jforshee@mhanet.org.

A brochure/registration form is attached below. You may also register online at www.mhafoundation.org.

Download Economic_Stimulus_10_22_09

CCHIT Releases Details on New EHR Certification Programs

The Certification Commission for Health IT said it has updated its comprehensive electronic health record certification program for 2011. The group also plans to offer preliminary certification to help EHR systems meet forthcoming regulations on "meaningful use." CCHIT said it will provide incremental inspections to help EHRs meet final federal requirements.

Read more here.

AHA Advisory on HHS’ Breach Notification Obligations

The Department of Health and Human Services (HHS) published in the August 24 Federal Register its interim final rule implementing the Information Technology for Economic and Clinical Health (HITECH) Act’s breach notification requirements. Under the rule, hospitals and other HIPAA-covered entities and their business associates must notify individuals when the privacy of their "unsecured" personal health information (PHI) is breached. It also updates HHS’ guidance specifying technologies and methodologies for securing PHI that, while voluntary, would provide a "safe harbor" from HITECH’s federal notice obligations for HIPAA-covered entities and business associates that adopt them.

AHA has posted a Regulatory Advisory that  looks at the rule’s major provisions and the significant changes to HHS’ guidance document. If your hospital is an MHA member and you would like a copy of the advisory emailed to you, please email Shawn Lea at slea@mhanet.org.

Program to certify EHR products under ARRA

The Certification Commission for Health Information Technology plans to launch in October a preliminary certification program for electronic health record products, based on emerging recommendations of two committees advising the Department of Health and Human Services on how to define meaningful EHR use. The Centers for Medicare & Medicaid Services expects by year-end to issue a proposed rule defining "meaningful use,” which will determine which hospitals and physicians are eligible for more than $17 billion in health IT funding under the American Recovery and Reinvestment Act’s HITECH provisions.

If the federal rulemaking process results in new requirements, the commission said it will offer vendors with preliminary certifications an incremental inspection at no additional fee to bring their certifications into alignment with the final rules.

Four HIPAA Compliance Tips for Business Associates

The HITECH Act was a long time coming, especially because it holds business associates of covered entities accountable for compliance with the HIPAA Security Rule and the use of disclosure provisions of the privacy rule. This is crucial, according to Daniel Nutkis, CEO of The Health Information Trust Alliance. HealthLeaders Media recently caught up with Nutkis for a Q&A about HIPAA privacy and security. Here are some more highlights.

MHA hosting conference on ARRA

The Mississippi Hospital Association will host a seminar on the American Recovery & Reinvestment Act of 2009 (ARRA) from 10 a.m. until 2 p.m. on Oct. 22 at the MHA Conference Center in Madison.

Discussion topics will include:

► E H R Incentives for Physicians and Hospitals
► Medicare/Medicaid Reimbursement Reform
► Security and Privacy
► And More!

The cost is $65 for MHA members and $125 for non-members. A brochure, agenda and speaker bios will be available soon. For more information, visit www.mhafoundation.org or contact Judith Forshee, VP Education & Support Services, at (601) 368 3216 or jforshee@mhanet.org.

Pharmacists ask HHS to change HITECH provisions

The National Community Pharmacists Association is asking HHS to consider its suggested changes to requirements under the health information technology provisions of the American Recovery and Reinvestment Act of 2009.

Under the segment of the law, known as the Health Information Technology for Economic and Clinical Health Act, or HITECH, “bureaucratic hurdles” might affect patients' access to prescription drug services, according a letter from the association. The letter was sent to Susan McAndrew, deputy director of health information privacy for HHS' Civil Rights Office as a follow-up to a meeting between the association and the office to discuss health IT implementation in pharmacies.

Various disclosure requirements as they are currently written under HITECH are time-consuming and do not benefit patients, according to the NCPA. “Pharmacies could become entangled in a morass of new requirements that will do little to serve patients but will add costs and burdens to small businesses,” the association wrote.

[ via Jean DerGurahian, Modern Healthcare's Daily Dose ] 

HHS posts revised application for health IT grant program

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology has revised the preliminary application form for Health Information Technology Extension Program grants. Made available Aug. 20, the $598 million in American Recovery and Reinvestment Act grants will help non-profit organizations establish an estimated 70 regional centers to help primary care providers achieve meaningful use of electronic health records.

The revised application, answers to frequently asked questions and other information on the grant program can be found at http://healthit.hhs.gov/extensionprogram.

[ via AHA News Now ]

The Importance of ARRA and HITECH

What is the HITECH provision of the American Recovery and Reinvestment Act of 2009 and how will its funding provisions for the acquisition of HIT systems affect healthcare provider organizations? Essential to these plans—and to the transformation and modernization of the U.S. healthcare system—is the adoption and use of an enterprise-wide EHR. But what do care providers think?

Download the white paper here.

White House announces $1.2 billion available in EHR grants

Hospitals and other healthcare providers can tap into $1.2 billion in grants to assist in becoming meaningful users of EHRs thanks to the American Recovery and Reinvestment Act (ARRA) of 2009. Vice President Joe Biden announced the news in an August 20 White House press release.

Click here to read more.

CMS to conduct national assessment of existing health IT infrastructures

On August 20, CMS published a published a request for information (RFI) regarding the National Gap Analysis and Readiness Assessment for the Health Information Technology Infrastructure. This request comes in the wake of ARRA, and the HHS wish to conduct a national scan of the electronic infrastructure involved in reporting quality measures and other information that will support meaningful EHR use. Entities to be included in the scan are CMS, Health Resources and Services Administration, the Centers for Disease Control and Prevention, State Medicaid agencies, other State agencies (e.g., public health departments), Health Information Exchanges/Health Information Networks, and healthcare providers.

Click here to read more.

[ via HIM Connection ]