The HHS Office for Civil Rights, which is finalizing a HIPAA Audit program to assess compliance with privacy and security rules, expects in the near future to send “pre-audit” surveys to up to 1,200 randomly selected organizations. Read more here.
The HIPAA omnibus rule, which extends the reach of liability to include business associates and subcontractors, should be out by the end of summer, according to Farzad Mostashari, the national coordinator for health information technology.
On July 8, 2011, the Office of the Secretary of Health and Human Services (HHS) published an interim final rule (IFR) regarding the adoption of operating rules for two transaction standards under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Section 1104(b)(2) of the Affordable Care Act calls for the adoption of operating rules to improve interoperability for each of the HIPAA transaction standards, and this rule is HHS’s first step in implementing the requirement.
The operating rules established in the rule are compliant with the new 5010 version of the HIPAA transaction standards that are scheduled for adoption on January 1, 2012, although a delay in enforcement until April 1, 2012 has been announced. However, the compliance date for the eligibility and claim status operating rules is January 1, 2013 – one year later. Health plans and providers can adopt the operating rules earlier if they choose to do so.
These operating rules will enable hospitals to more quickly obtain important eligibility and claim status information and should provide more accurate information to providers and patients. As hospitals prepare for the transition to the new 5010 version of the HIPAA transaction standards, they should consider CORE’s operating rules for eligibility and claim status and make the necessary system changes to take advantage of the enhanced information and response time that will become an integral part of the associated HIPAA transaction standards. Eventually, there will be certification requirements for health plans to meet the operating rules. However, these certification rules for health plans have not yet been issued.
The Department of Health and Human Services’ (HHS) Office for Civil Rights issued in the May 31 Federal Register a proposed rule to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule’s provisions related to accounting of disclosures. HHS’ proposal would create two separate rights for individuals: a revised right to an accounting of disclosure of the individual’s protected health information (PHI) and a new right to a report identifying who has electronically accessed the individual’s PHI.
In part, these proposed modifications would implement the Health Information Technology for Economic and Clinical Health Act’s (HITECH) specific mandate for accounting of disclosures of PHI to carry out treatment, payment and health care operations made through an electronic health record. However, HHS also is using its more general authority under HIPAA to propose modifications to ensure that individuals receive the information about disclosures that is of most interest to them.
The American Hospital Association has published an advisory examining the specific changes included in HHS’ proposed rule. Comments on the proposed rule are due by August 1. If you are an MHA member and would like a copy, please email Shawn Rossi at firstname.lastname@example.org.
Now that the Department of Health & Human Services has released its proposed rule governing privacy disclosures related to electronic health records, covered entities and business associates can begin to parse what the rule would mean in terms of reporting and compliance. Learn more here and here.
HHS' Office for Civil Rights has posted proposed changes to rules regarding the disclosure of patients' health information that could give patients more insight into how their information is shared.
The 95-page proposed rule (PDF), to be published in the May 31 issue of the Federal Register, proposes changes to the privacy regulations under the 1996 Health Insurance Portability and Accountability Act.
The Civil Rights Office has enforcement authority for the HIPAA privacy rule and said the proposed rule reflects changes mandated by the Health Information Technology for Economic and Clinical Health Act, or HITECH, which are part of the American Recovery and Reinvestment Act of 2009. However, the Civil Rights Office noted that it also is looking to exercise the "more general authority" granted to it through HHS under HIPAA itself.
The Centers for Medicare & Medicaid Services has developed a limited view of the HIPAA Eligibility Transaction System to allow Disproportionate Share Hospitals to verify whether inpatients eligible for Medicaid are entitled to Medicare Part A benefits or enrolled in Medicare. For information on accessing the HETS 270/271 system, visit www.cms.hhs.gov/hetshelp.
As the deadline for HIPAA 5010 compliance approaches—requiring migration from ICD-9 to ICD-10—the big question on everyone's tongue is: what's the greatest path to compliance and efficiency? For payer organizations, this will result in increased enrollments, claims processing, customer service requirements, and operational challenges.