EHR Incentive and Certification Criteria Final Rules Published in Federal Register

The EHR Incentive and Certification final rules were published in the Federal Register this morning, July 28, 2010.  HIPAA.com provides the title, summary, effective date, and URL for each below. Department of Health and Human Services, Centers for Medicare & Medicaid Services, “42 CFR Parts 412, 413, 422, and 495;  Medicare and Medicaid Programs; Electronic Health Record Incentive Program; Final Rule, Federal Register, 75(144), Wednesday, July 28, 2010, pp. 44313-44588. Summary:  This final rule implements the provisions of the American Recovery and Reinvestment Act of 2009 (ARRA)(Public Law 111-5) that provide incentive payments to eligible professionals (EPs), eligible hospitals and critical access hospitals (CAHs) participating in Medicare and Medicaid programs…

READ MORE

HHS Publishes Proposed Rule for Electronic Health Record Incentive Program

HHS published today in the Federal Register:  “Medicare and Medicaid Programs–Electronic Health Record Incentive Program; Proposed Rule.”  75 FR 1844-2011.  Comments on this Notice of Proposed Rulemaking (NPRM) may be submitted to HHS no later than March 15, 2010.  Here is the Summary from the NPRM: “This proposed rule would implement the provisions of the American Recovery and Reinvestment Act of 2009 (ARRA)(Public Law 111-5) that provide incentive payments to eligible professionals (EPs) and eligible hospitals participating in Medicare and Medicaid programs that adopt and meaningfully use certified electronic health record (EHR) technology.  The proposed rule would specify the initial criteria an EP and eligible hospital must meet in order…

READ MORE

ONC’s Dr. Blumenthal Announces SHARP Program Funding Availability

Please read the following announcement released on December 18, 2009: A Message from Dr. David Blumenthal, National Coordinator for Health Information Technology Today the Obama administration announced the availability of $60 million in Recovery Act funds to support the development of the Strategic Health IT Advanced Research Projects (SHARP) program. SHARP awards will fund research focused on identifying technology solutions to address well-documented problems impeding broad adoption of health information technology (health IT). By helping to overcome key challenges, the research will also accelerate progress towards achieving nationwide meaningful use of health IT. 

As we continue this unprecedented effort towards meaningful use and seamless, secure information exchange, we also must acknowledge…

READ MORE

CMS Issues New and Updated HIPAA and HITECH Act FAQs: EHR Incentive Payment Start Dates

The Centers for Medicare and Medicaid Services (CMS) periodically issues new and updated Frequently Asked Questions (FAQs).  HIPAA.com will periodically reproduce new and updated Questions and Answers pertaining to HIPAA Administrative Simplification standards and implementation specifications and to HITECH Act provisions that will be of interest to its readers.  This FAQ [ID#9807] was created on June 22, 2009, and updated by CMS on August 18, 2009. Question:  When will CMS begin to pay incentives to eligible professionals and hospitals for using certified Electronic Health Records (EHRs)? Answer:  By statute [American Recovery and Reinvestment Act of 2009], the earliest dates that CMS will be able to pay an incentive under Medicare…

READ MORE

CMS Issues New and Updated HIPAA and HITECH Act FAQs: EHR Incentives

The Centers for Medicare and Medicaid Services (CMS) periodically issues new and updated Frequently Asked Questions (FAQs).  HIPAA.com will periodically reproduce new and updated Questions and Answers pertaining to HIPAA Administrative Simplification standards and implementation specifications and to HITECH Act provisions that will be of interest to its readers.  The FAQ [ID#9844] that follows is new, published by CMS on August 13, 2009. Question:  Are physicians who practice in hospital-based ambulatory clinics eligible to receive the Recovery Act’s Medicare or Medicaid electronic health record (EHR) incentive payments. Answer:  Hospital-based eligible professionals are ineligible for the EHR incentive payments under both Medicare and Medicaid.  Our [Department of Health and Human Services] forthcoming NPRM…

READ MORE

HHS Issues Interim Final Rule for HITECH ‘Breach Notification’

U.S. Department of Health and Human Services Secretary, Kathleen Sebelius, has issued the Interim Final Rule for Breach Notification for Unsecured Protected Health Information.  The Interim Final Rule was signed by Secretary Sebelius on August 6, 2009, filed at the Federal Register on Wednesday, August 19, 2009, and will be published on Monday, August 24, 2009, in the Federal Register.  The effective date of the Interim Final Rule will be 30 days after publication, and will cover both covered entities and business associates of covered entities.  Here is the Summary of the Interim Final Rule: “The Department of Health and Human Services (HHS) is issuing this interim final rule with…

READ MORE

HHS Secretary Delegates to ONC Head New HITECH Act Authority

Effective August 7, 2009, and published in the Federal Register on Tuesday, August 18, 2009, Secretary Kathleen Sebelius of the U.S. Department of Health and Human Services (HHS) has delegated authority to the National Coordinator for Health Information Technology, David Blumenthal, M.D., to administer “Subtitle B, ‘Incentives for the Use of health Information Technology,’ sections 3011 through 3017, with the exception of 3012(c)(5), the Financial Support subsection.”  These sections and titles, which appear on pages 132-144 of the American Recovery and Reinvestment Act of 2009 (ARRA), signed by President Obama on February 17, 2009, available on the hipaa.com site, include: 3011 Immediate Funding to Strengthen the Health Information Technology Infrastructure,…

READ MORE

HHS Secretary Sebelius Delegates Oversight and Enforcement of HIPAA Security Rule to OCR

U.S. Health and Human Services (HHS) Secretary Kathleen Sebelius has delegated oversight and enforcement of the HIPAA Administrative Simplification Security Rule Standards for Protection of Electronic Protected Health Information to HHS’s Office of Civil Rights (OCR), effective July 27, 2009.  Since October 7, 2003, the Security Rule had been the responsibility of HHS’s Center for Medicare & Medicaid Services (CMS). OCR also has responsibility for the HIPAA Administrative Simplification Privacy Rule.  This delegation brings responsibility for administrative, technical, and physical standards for safeguarding of protected health information in each rule under one authority, and likely will facilitate enforcement of the HITECH Act breach, notification, and business associate security rule compliance…

READ MORE

Transmission Security Encryption: What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the second of two implementation specifications for the Technical Safeguard Standard, Transmission Security.  This implementation specification is addressable. Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard.  As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to…

READ MORE

Transmission Security Integrity Controls: What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the first implementation specification for the Technical Safeguard Standard, Transmission Security.  This implementation specification is addressable. Addressable does not mean “optional.”  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard.  As we noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010.  This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act (ARRA), signed by President Obama on February 17, 2009. What to Do Implement…

READ MORE