Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information

Office of the National Coordinator for Health Information Technology U.S. Department of Health and Human Services Numerous forces are driving the health care industry towards the use of health information technology, such as the potential for reducing medical errors and health care costs, and increasing individuals’ involvement in their own health and health care. To facilitate this advancement and reap its benefits while reducing the risks, it is important to consider individual privacy interests together with the potential benefits to population health. Download (Requires Acrobat Reader)

HHS appoints members to HIT Policy and Standards Committee

On Friday, May 8, 2009, the U.S. Department of Health and Human Services (HHS) announced appointments to the Health Information Technology (HIT) Policy Committee and HIT Standards Committee. These federal advisory committees were established by provisions in the American Recovery and Reinvestment Act (ARRA) that President Obama signed on February 17, 2009. Today, is the first meeting of the HIT Policy Committee, and Friday, May 15, 2009, is the first scheduled meeting of the HIT Standards Committee, both in Washington, DC. According to the press release issued by HHS, “[t]he HIT Policy Committee will make recommendations to the National Coordinator for Health Information Technology [Dr. David Blumenthal] on a policy…


ARRA’s HITECH Privacy Provisions Apply HIPAA Security Rule to Business Associates

President Obama signed into law the American Recovery and Reinvestment Act of 2009 (ARRA) on Tuesday, February 17, 2009. The Health Information Technology for Economic and Clinical Health Act (HITECH) provisions of ARRA in Title XIII include important changes in Privacy (Subtitle D). Our focus in this posting is the change related to business associates under HIPAA Administrative Simplification that is specified in Section 13401: Application of Security Provisions and Penalties to Business Associates of Covered Entities. In this section, administrative, physical, and technical safeguards, and policy, procedure, and documentation requirements of the HIPAA Administrative Simplification Security Rule “shall apply to a business associate of a covered entity in the…


American Recovery and Reinvestment Act of 2009

ONE HUNDRED ELEVENTH CONGRESS of the UNITED STATES of AMERICA American Recovery and Reinvestment Act of 2009 Making supplemental appropriations for job preservation and creation, infrastructure investment, energy efficiency and science, assistance to the unemployed, and State and local fiscal stabilization, for the fiscal year ending September 30, 2009, and for other purposes. AGENCY: 111th US Congress. ACTION: Act. Download (Requires Acrobat Reader)

President Obama to Sign ARRA’s HITECH provisions Tuesday, February 17, 2009, in Denver, CO

The Senate joined the House on Friday evening, February 13, 2009, in passing the American Recovery and Reinvestment Act, which includes provisions relating to Health Information Technology. Title XIII of Division A and Title IV of Division B together are known as the “Health Information Technology for Economic and Clinical Health Act” or the “HITECH Act.”  We will be highlighting attributes of the HITECH Act through the end of February. Contrary to the political blather, this legislation is a significant step forward in providing funding and incentives to accelerate adoption of standardized and interoperable electronic business and clinical technologies in healthcare and in strengthening privacy safeguards for patients’ protected health…


Time to Review Your Security Risk Assessment

With the March 17, 2009 effective dates for the new 5010 Version of HIPAA Administrative Simplification Transaction Standards and the move to the ICD-10 Code Set Standard rules, and the expected enactment of the HITECH provisions of the American Recovery and Reinvestment Act as early as next week, it is a good time now to begin reviewing your HIPAA Administrative Simplification Security safeguards. As mentioned earlier this week, creating and periodically reviewing your risk assessment or analysis is the foundation of achieving compliance with the HIPAA Administrative Simplification Security Rule and a key factor in having a successful business. Over the next week, will review the Security Rule administrative,…


Are You Subject to HIPAA Privacy Rules when Publishing Confidential Health Information on a Social Network?

It’s unlikely the social networking sites are health care providers, so HIPAA’s privacy rule doesn’t apply; but other privacy business practices are likely to affect you. First, tackle the HIPAA Privacy question by responding to the following questions. » Are you a healthcare provider that conducts transactions electronically? » Are you a healthcare clearinghouse? (Do you process healthcare claims?) » Are you a health plan? (insurance payer) If you answered no to these questions, you are not a covered entity under HIPAA’s Privacy Rule. That said, you probably are more concerned about users sharing health information online that if stolen, could be used in identity theft. Consumers (patients) often use…


Senate Passes American Recovery and Reinvestment Act of 2009 (ARRA)

Tuesday afternoon the Senate passed the American Recovery and Reinvestment Act, the so-called Economic Stimulus bill. Previously, the House of Representatives passed its version, H.R. 1. Now, the joint House-Senate conference committee will resolve funding and language differences in the House and Senate versions of ARRA. As we have noted earlier, each of these versions contains incentives for adoption of health information technologies, which are described in the so-called HITECH provisions of the House and Senate versions. President Obama is expected to sign a reconciled bill in the near future, assuming that the Democrats in the Senate can achieve at least 60 votes in a procedural motion to move the…


What Does the HITECH Act Mean to You?

Even though the US Senate is likely to pass the stimulus package in the next day or two, the House and Senate still have to come to an agreement on their funding differences. The HITECH Act is still holding its own with some possible additions to the $20 billion agreed upon by the House. Key words used by both House and Senate are “meaningful use” and “shovel ready”. In other words, everything is set in place ready to go, but just needs money to get it off the ground.  You’ve made a decision on your health IT system, you’ve completed your readiness assessments, and you’ve built a strategy to move…


What Should I Know About Interfaces?

A key quality of care benefit of an EHR is its ability to create, send out and track the provider’s orders and then electronically review and route the results of those orders into the patient’s record. Due to many national efforts, HL7 standard language is used to create these interfaces. When the interfaces communicate back and forth with your EMR, results can be provided to the clinician for review prior to posting into the patient record. Some specialties receive as much as 70 percent of health care information from outside sources, including information from hospitals, labs, diagnostic imaging centers, payers, referring physicians, patients and pharmacies. The most common interfaces to…