Know your 5010 from your ICD-10
|
On Friday afternoon, June 18, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) released the final rule: Establishment of the Temporary Certification Program for Health Information Technology. The final rule can be viewed in portable document format (pdf) online at: www.federalreigster.gov/OFRUpload/OFRData/2010-14999_PI.pdf. The final rule will be published in the Federal Register, most likely next week, and will be effective upon date of publication. This temporary certification program will cover testing and certification of EHR technology that will be eligible for the Medicare and Medicaid financial incentive programs relating to meaningful use of such technology that was authorized under the HITECH Act.
|
|
The Office of Management and Budget (OMB) completed its review of the Proposed Establishment of Certification Programs for Health Information Technology final rule on June 14, 2010, so publication in the Federal Register is imminent. This final rule explains the proposed establishment of certification programs for voluntary certification of health information technology, as specified in section 3001(c)(5) of the HITECH Act, which is available on the hipaa.com site. This final rule is a follow-on to the proposed rule of the same title that was published in the Federal Register on March 10, 2010 (75 Federal Register 11327-11373).
|
|
As of Friday, June 4, 2010, 93 breaches affecting 500 or more individuals have been reported on the Office for Civil Rights (OCR) Web site. The total number affected has gone beyond 2-1/2 million individuals today, and stands at 2,565,352 individuals. Of the 87 breaches involving breach of hard copy or electronic protected health information, 26% involve hard copy or paper records and 74% records on electronic media or devices. Overall, 71% of the 93 breaches involve theft or loss of records, many of which might have been avoided by appropriate securing of hard copy records and electronic media and devices. Below we remind readers of the Department of Health and Human Services (HHS) enforcement efforts for violations of the HIPAA Privacy and Security rules, and the increased penalty structure for violations of those rules and the HITECH Act Breach Notification Rule.
|
|
The original FTC Red Flags Rule compliance date deadline was extended three times from the original date of November 1, 2008, with an expected compliance date of November 1, 2009. Just prior to that date, the FTC extended for the fourth time the deadline for compliance to June 1, 2010. On May 28, 2010, the June 1, 2010, compliance date was extended a fifth time to December 31, 2010.
|
|
Health Data Management (HDM) reported today, May 12, that the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) is going to strengthen HIPAA Security Rule enforcement, based on statements made on Tuesday, May 11 by the OCR Deputy Director for Privacy. These reported statements comes several days after OCR's release on May 7 of its Draft Security Rule Guidance on Risk Analysis, the first in a series of guidances on security, that hipaa.com posted earlier today, and precedes the likely release later this month of the Notice of Proposed Rulemaking (NPRM): Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act.
|
|
The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) issued on May 7, 2010, Security Rule Draft Guidance on Risk Analysis. This is the first in a “series of guidance documents [that] will assist organizations in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information. The materials will be updated annually, as appropriate.”
|
|
HDM Daily reported on April 29, 2010, a four month federal prison sentence for a HIPAA privacy violation. On the same day, OCR at HHS reported on its Web site 67 entities that have reported breaches affecting 500 or more individuals since the breach notification rule became effective. HIPAA.com believes that these two reports illustrate the need for more privacy and security training, and invite readers to sign up on the hipaa.com Web site for more information in May about training from HIPAA School.
|
|
On Wednesday, March 10, 2010, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register the Proposed Rule (NPRM) for Proposed Establishment of Certification Programs for Health Information Technology. [75 Federal Register 11327-11373] We present the summary of the NPRM.
|
Syndicate this site
Sign up for email updates
Follow HIPAA.com on Twitter
