Kathie McDonald-McClure is a member of the Firm's Health Care Service Team. Her longtime passion for and attention to technology-related matters has given her a leg-up in assisting clients with regard to data privacy and cyber ...
On April 21, 2020, the American Hospital Association alerted its members that the Federal Bureau of Investigations (FBI) had issued an FBI Flash to update healthcare providers on additional cyber activity* that continues to exploit fears related to the COVID-19 pandemic. The FBI stated that it had been notified of targeted email phishing ...
On March 17, 2020, the Office for Civil Rights ("OCR"), the agency within the Department of the United States Health & Human Services ("HHS") responsible for enforcement of HIPAA, issued the following guidance: "Notification of Enforcement Discretion for telehealth remote communications during the COVID-19 nationwide public health ...
The Federal Trade Commission (FTC) Bureau of Consumer Protection released a study this month (March 2017) indicating that business entities could be doing more to stop malicious emails from hitting the inboxes of employees. The goal behind many malicious emails is to trick individuals into turning over either their own confidential ...
We recently posted an article about Tennessee's amendment to its data breach notification law. This amendment has drawn much attention among cyber security professionals and corporate general counsel across the country. As Jennifer Williams-Alvarez reported in her article for Corporate Counsel magazine
By Kathie McDonald-McClure and Matt San Roman
On March 24, 2016, Tennessee Governor Bill Haslam signed into law SB2005 as amended by SA0618, revising the Tennessee Identity Theft Deterrence Act of 1999, currently codified at T. C. A. § 47-18-2101, et seq. Under the revised law, organizations subject to the law that experience a data breach will ...
As the April 15th tax filing deadline draws near, cybercrime related to filing fraudulent tax returns to obtain tax refunds has picked up. On March 1, 2016, the United States Internal Revenue Service (IRS) issued an Alert for Payroll & HR Professionals on scam emails that attempt to trick company personnel into turning over employee W-2s ...
On Friday, February 26, 2016, the Office of the National Coordinator (ONC) for Health Information Technology (HIT) announced via a blog post, that ONC will be updating the Model Privacy Notice (MPN) that, in 2011, ONC developed in concert with the Federal Trade Commission (FTC) for "personal health records" (PHRs), which was the emerging ...
One of the goals of our HITECH Law blog is to start dialogue and share information and insights in the ever changing world of cyber security. In our previous post, “Ten Easy Cyber Security Measures…”, we relayed some information from the FBI about thieves breaking into gas pumps and inserting card readers. One of our readers sent us some ...
Data privacy and security issues are bursting at the seams in ALL industry sectors due to the ability to connect to the internet through networks, apps and a multitude of devices that enable individuals and organizations to collect, transmit, store and use information in a multitude of ways. Connecting to the internet poses privacy and security ...
Wyatt will be sponsoring the Kentucky Chamber of Commerce's Cyber Security and Data Protection Seminar on December 17, 2015 in Lexington, Kentucky. Kathie McDonald-McClure, Dayo Seton, Lisa Underwood and Martha Ziskind will be presenting on the following topics:
- Kathie McDonald-McClure - "Is Your Cybersecurity Policy Up to Snuff? Do ...
On January 22, 2015, the Centers for Medicare and Medicaid Services (CMS) updated previously posted FAQ No. 11666 to help guide providers who are striving to meet Stage 2 Meaningful Use criteria under the Medicare and Medicaid EHR Incentive Programs implemented by the Health Information Technology for Economic and Clinical Health (HITECH) Act ...
Updated May 1, 2014 at 5:30 pm
The old weather proverb about March, in like a lion and out like a lamb, hit April in the reverse in the world of cyber security. While the first six days of April seemed relatively calm in the cyber world, on Monday, April 7, 2014, the Heartbleed flaw in encryption security was announced (see our previous post here). ...
Under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), eligible hospitals and critical access hospitals must make a "meaningful use" of "certified electronic health technology" or face reductions in Medicare reimbursement during Medicare's 2015 fiscal year (which begins October 1, 2014). One of ...
Saturday, March 1, 2014, is the deadline for entities covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to report to the U.S. Department of Health & Human Services Office for Civil Rights (OCR) all "small breaches" of unsecured protected health information that occurred during 2013. Entities subject to this ...
On Friday, February 7, 2014, the Centers for Medicare and Medicaid Services (CMS) announced an extension until 11:59 pm on March 31, 2014 for Eligible Professionals to submit their 2013 EHR Meaningful Use (MU) attestation. In addition, Eligible Hospitals that had trouble submitting their 2013 MU attestation may be able to retroactively ...
By Ann Triebsch and Kathie McDonald-McClure
Following our blog post on December 11, 2013 about Part One of a report from the Office of the Inspector General for the United States Department of Health and Human Services (OIG) about fraud safeguards in electronic health records (EHRs), the OIG recently issued Part Two of its report. Dated January ...
On Friday, February 7, 2014, the Centers for Medicare and Medicaid Services (CMS) announced an extension until 11:59 pm on March 31, 2014 for Eligible Professionals to submit their 2013 EHR Meaningful Use (MU) attestation. In addition, Eligible Hospitals that had trouble submitting their 2013 MU attestation may be able to retroactively ...
by Kathie McDonald-McClure and Elizabeth O'Keeffe
As we have previously reported on the Wyatt HITECH Law blog on September 14, 2013 and September 23, 2011, the Department of Health and Human Services (HHS) has had in the works, for over two years now, revisions to the Clinical Laboratory Improvement Act of 1988 (CLIA) regulations concerning whether ...
The Electronic Health Records (EHR) Incentive Program was implemented by the Centers for Medicare and Medicaid Services (CMS) pursuant to the Health Information Technology for Clinical and Economic Health Act of 2009 (HITECH). This Program provides incentive payments to Eligible Hospitals, Critical Access Hospitals and Eligible ...
On December 10, 2013, the Office of Inspector General for the United States Department of Health & Human Services (OIG) issued a report finding that hospital implementation of fraud safeguards in electronic health records (EHRs) falls short of the recommended standards. The report carries out one of the OIG's 2013 Work Plan objectives ...
On Friday, November 6, 2013, the Centers for Medicare & Medicaid Services (CMS) and the Office of National Coordinator of Health Information Technology (ONC) announced its proposal to extend the timeline by which eligible healthcare providers must demonstrate a "meaningful use" (MU) of a certified electronic health record (EHR) in ...
The U.S. Department for Health & Human Services (HHS) announced it is releasing technical corrections to the HIPAA Omnibus Rule tomorrow. These technical corrections are "to address public comment received on the interim final Breach Notification Rule, and to make certain other modifications to the HIPAA Rules to improve their workability ...
On Friday, May 3, 2013, the Centers for Medicare and Medicaid Services (CMS) and the Office of National Coordinator of Health Information Technology (ONC) jointly hosted a listen and learn webcast about the impact of EHRs on coding and billing. Look for HITECHMcClure on Twitter for comments from the panelists. Materials used during the session ...
Kentucky Health Information Exchange (KHIE) sends out alert on Thursday, April 18, 2013, indicating that it will accept applications from 13 providers who are seeking financial assistance to qualify for the HITECH Act's Meaningful Use incentive payments.
Here's the content of the KHIE alert:
Application for CeRT Early Adopter License
On Thursday, October 4, 2012, in a letter to Secretary Sebelius of the United States Department of Health & Human Services (HHS), the United States House GOP called on HHS to suspend incentive payments for the adoption and implementation of electronic health records (EHRs) otherwise authorized under the Health Information Technology for ...
On June 22, 2012, the Office of Management and Budget (OMB) announced that it was delaying release of the HIPAA Omnibus Final Rule (HIPAA Rule) under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) from a projected early July date, to a future unspecified date.
The much-anticipated HIPAA Rule contains ...
On Thursday, February 23, 2012, the Centers for Medicare and Medicaid Services (CMS), pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act, released a 455-page Proposed Rule specifying the Stage 2 criteria that eligible professionals (EPs), eligible hospitals and critical access hospitals ...
In an article titled, "Use of electronic communications with patients," posted to this blog on December 18, 2009, I discussed the stated goal under the Health Information Technology for Economic and Clinical Health (HITECH) Act to “[p]rovide patients and families with timely access to data, knowledge, and tools to make informed decisions and ...
On September 12, 2011, the Office of National Coordinator (ONC) for the United States Department of Health & Human Services (HHS) announced a Proposed Rule that will enable direct access to laboratory test results by patients. Under the Clinical Laboratory Improvement Amendments of 1988 (CLIA), laboratories must hold a CLIA certificate ...
On September 6 and 7, 2011, the Kentucky Governor's Office of Electronic Health Information hosted the 4th annual Kentucky eHealth Summit at the METS Center, 3861 Olympic Boulevard, Erlanger, KY 41018 in northern Kentucky.
Farzad Mostashari, MD, ScM, the National Coordinator for Health Information Technology for the United States ...
UPDATE: On July 6, 2011, Farzad Mostashari, M.D., ONC Chief, backed the ONC Policy Committee's recommendation to delay implementing Stage 2 meaningful use criteria.
*********************************************************************
On June 16, 2011, Paul Tang, M.D. , as Vice Chair of the Health IT Policy Committee for the Office ...
What do the Physician Quality Reporting Incentives Program (PQRI) and Hospital Inpatient Value Based Purchasing (VBP) Program have in common with the recently released proposed regulation for establishing an Accountable Care Organization (ACO)? Answer: The meaningful use measures established by the Centers for Medicare and Medicare ...
On January 13, 2011, the Centers for Medicare and Medicaid Services (CMS) released its Proposed Rule on the Medicare Hospital Inpatient Value-Based Purchasing (VBP) Program. The VPB Program is being established per the directive of the Patient Protection and Affordable Access to Care Act of 2010 (PPACA). CMS is to begin making incentive ...
The U.S. Department of Health & Human Services Centers for Medicare & Medicaid Services (CMS) has updated its HITECH electronic health records webpage to include information about registration for the Medicare and Medicaid EHR Incentive Programs. Per CMS, registration opens on January 3, 2011 and a link will be available on the CMS HITECH ...
Update: In a voice vote today, December 7, 2010, the House passed the Red Flag Program Clarification Act of 2010. The Act now goes to President Obama for signing.
On November 30, 2010, the U.S. Senate passed legislation that could exempt health care providers from the FTC's Red Flag Rule. The Red Flag Program Clarification Act of 2010 amends the ...
The Kentucky Chamber is sponsoring a webinar on eletronic data usage, privacy and security on November 18, 2010, from 3:00 to 4:00 pm (EST). Erin McMahon, Esq., a partner with Wyatt, Tarrant & Combs, LLP, and a member of its Health Care Service Team, will talk about employer's maintainance of privacy and security of electronic data and using ...
On October 15, 2010, the Centers for Medicare and Medicaid Services (CMS) issued Transmittal 2066 to address the submission of informational only claims by Critical Access Hospitals (CAHs) as well as Maryland Waiver Hospitals in order to track Part C patient days for purposes of calculating the Electronic Health Record (EHR) incentives ...
Just to recap where we are today, the U.S. Health & Human Services Department (HHS) Office of National Coordinator for Health Information Technology (ONC) has authorized three organizations to perform complete EHR and/or EHR module testing and certification under the Temporary Certification Program Rules. Certification means that the EHR or ...
On September 27, 2010, CMS updated its answers and posted a few new ones to frequently asked questions (FAQs) about the electronic health record (EHR) incentives available under the HITECH Act's Meaningful Use ("MU") Final Rule. Here is a sampling of answers addressed in the FAQs:
- Registration for Medicare MU incentives is to be available ...
On August 17, 2010, the Centers for Medicare and Medicaid Services (CMS) issued a 4-page letter plus attachments to State Medicaid Directors giving guidance on the implementation of Medicaid EHR incentive programs under the Health Information Technology for Economic and Clinical Health Act (HITECH) and the recently published CMS Final Rule ...
Update: On August 9, 2010, Humana, Inc. and athenahealth, Inc. announced their collaboration to provide physicians access to a practice management/EHR software system combined with a rewards program related to quality measures. For more information, click here.
On August 5, 2010, four major commercial health insurance payors participated ...
Update: The text of HR 6072 is now available on the Library of Congress webpage here.
On Friday, July 30, 2010, Rep. Zack Space (D-OH) and several other representatives, introduced HR 6072, the Electronic Health Record Incentives for Multi-Campus Hospitals Act of 2010 (Multi-campus Hospital Act). If passed, this Act would reduce the disparity ...
The following statement was recently posted on the U.S. Department of Health & Human Services' Office of Civil Rights website:
"The Interim Final Rule for Breach Notification for Unsecured Protected Health Information, issued pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act, was published in ...
On Thursday, July 22, 2010, the Centers for Medicare and Medicaid Services (CMS) held a publicly available teleconference to give an overview of the 800+ page Final Rule on Meaningful Use (MU) under the HITECH Act, as well as an overview of the Final and Proposed Rules on Temporary & Permanent Certification Program and the Final Rule on ...
Update: On December 29, 2010, HHS published in the Federal Register a "Correcting Amendment" to its Final Rule on Meaningful Use, which can be viewed here.
HHS Secretary Kathleen Sebelius wasted no time in putting the brand new CMS Director to work on July 13, 2010, in announcing the release of two rules under the Health Information Technology ...
UPDATE: Watch the LIVE webcast here.
According to HealthcareIT News, federal officials have announced that, on Tuesday morning, July 13, 2010, at 10:00 am EST, the Centers for Medicare and Medicaid (CMS) and the Office of National Coordinator (ONC) will release the final rule on making a "meaningful use" of electronic health records under the ...
On Thursday, July 29, 2010, physicians, physician practice managers, and others interested in learning more about the regulations governing incentives under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) are invited to a free education session (by Kathie McDonald-McClure) and networking event ...
From the Office of National Coordinator of Health Information Technology (ONC HIT):
"On June 18, the Office of the National Coordinator for Health Information Technology issued its temporary certification program final rule, which establishes a way for organizations to become authorized by the National Coordinator to test and certify ...
On May 13, 2010, the United States District Court for the Southern District of New York rejected the privacy challenge to the Health Information Technology for Economic and Clinical Health Act (HITECH Act) asserted by Beatrice M. Heghmann, a registered nurse, and Robert A. Heghmann, her husband and attorney, against Kathleen Sebelius ...
Update 9/24/2020: In the 10 years since we wrote this article, the DEA received questions and requests for clarification on various issues concerning the implementation and technical requirements for e-prescribing controlled substances. To provide further clarification, this year, the DEA reopened the EPCS Interim Final Rule for ...
On March 24, 2010, the U.S. Department of Health & Human Services (HHS) posted a 30-day notice to solicit comments under the Paperwork Reduction Act of 1995 regarding its estimate of the burden to conduct a survey about public attitudes towards an electronic health information exchange and the associated privacy and security aspects. The Office ...
On March 2, 2010, the Office of National Coordinator (ONC) issued its proposed rulemaking respecting the certification standards that an eligible health care provider's electronic health record must satisfy in order to qualify for incentives under the Health Information Technology for Clinical and Economic Health Act (HITECH Act), which ...
For more up-to-date information about ARRA grants related to EHRs, see the page titled "Grants" which can be found at the top of this blog's home page.
A complete listing of the Health Information Exchange (HIEs), Regional Extention Centers (RECs) and job training recipients of HIT grants under the Health Information Technology for Economic ...
IMPORTANT NOTICE: This article was originally written in June 2009, before HHS released the Proposed Rule on "meaningful use" on December 30, 2009 and before President Obama signed the Continuing Extension Act of 2010. Under the Proposed Rule, the determining factor of whether a physician is "hospital-based" under the Medicare incentive ...
Editor's Note: Due to the continued popularity of this post, this article was reviewed and updated on September 30, 2013. For the later version, click here.
Update: On August 8, 2010, Medicare issued MLN Matters Article SE1022 on Medical Record Retention and Media Formats for Medical Records, which states that the Centers for Medicare ...
On Thursday, January 21, 2010, CMS announced that Alaska, Kentucky, South Carolina and Wisconsin, would receive federal matching funds for EHR implementation under the American Recovery and Reinvestment Act of 2009 (ARRA). Kentucky's grant is $2.6 million. CMS indicated that the grant will be used to study EHR implementation ...
On January 19, 2010, the Greater Louisville Health Enterprises Network together with Healthcare Information and Management Systems Society, Bluegrass Chapter, will present a panel presentation with discussions surrounding the next steps under the Health Information Technology for Clinical and Economic Health Act (HITECH), part of the ...
By 2014, hospitals and physicians whom Medicare reimburses for services and items will need to have adopted an electronic health record (EHR) according to rules promulgated under the Health Information Technology for Economic and Clinical Health Act (HITECH) or risk reductions in their Medicare reimbursement. On December 30, 2009, the ...
The Office of National Coordinator for Health Information Technology (ONC) and its HIT Policy Committee worked hard throughout the summer to develop a framework for the "meaningful use" standards required to qualify for electronic health record (EHR) adoption stimulus funds available under the Health Information Technology for ...
The Department of Health and Human Services (HHS) published a Notice in the Federal Register, December 1, 2009, Volume 229, No. 74, that it has reorganized the HHS Office of National Coordinator for Health Information Technology (ONC). The stated purpose of the reorganization was "to more effectively meet the mission outlined by The Health ...
On Monday, November 23, 2009, Dr. David Blumenthal, the National Coordinator for Health Information Technology under the Department of Health & Human Services, announced the launch of the Health IT Buzz blog. The blog is envisioned as a way to reach out to the healthcare IT community and public at large in order to create an open dialogue about ...
As first reported by the American Bar Association's Focus on E-Health and Privacy section, CMS announced on November 23, 2009, that Iowa's Medicaid program is the first state to receive federal matching funds for planning activities necessary to implement the electronic health records (EHR) incentive program established by the Health ...
I will be giving a presentation on "HITECH for Physicians" on Wednesday, October 14, 2009, from 7:30 am to 9:00 am. The presentation will take place at MedX12 offices, Ormsby III, 10200 Forest Green Blvd. (just off of North Hurstbourne Lane) in Louisville, Kentucky. The presentation will focus on those aspects of the HITECH Act that provide ...
On Friday, September 18, 2009, from 8:30 am to 3:00 pm, the HHS HIT Policy Committee discussed the standards under development for the 2013 and 2015 "meaningful use" criteria related to privacy and security. The Committee's webpage gave the following overview of the purpose of the meeting:
Protecting health data through comprehensive privacy ...
On Tuesday, September, 15, 2009, the HHS HIT Standards Committee gave an update on the quality measures that providers seeking to establish "meaningful use" of "certified EHR" must meet in order to qualify for stimulus funds available under ARRA's Health Information Technology for Economic and Clinical Health (HITECH) Act. The meeting ran ...
In a letter to State Survey Agency Directors dated August 14, 2009, the Centers for Medicare and Medicaid Services (CMS) gave state surveyors guidance regarding surveys of facilities that use electronic health records (EHRs). CMS first stated its support and commitment to the goal that, by 2014, most Americans "will have access to health ...
On September 1, 2009, CMS issued a letter to State Medicaid Directors to provide initial guidance on state administration of the incentive payments for eligible Medicaid providers who adopt and become meaningful users of electronic health records. These incentives were authorized by the American Recovery and Reinvestment Act (ARRA ...