By: Courtney Samford, contributing author Blake Sims, Wyatt Summer Associate
Employers commonly supply computer and work devices to employees and state that the electronics may only be used for business related purposes, and employers have always had the ability to discipline employees who violate computer use policies through improper ...
The Department of Health and Human Services's Office for Civil Rights (OCR) announced last week that it has launched Phase 2 of its HIPAA Audit Program. Under this Audit Program, OCR will review whether entities subject to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Data Breach Notification ...
The Centers for Medicare & Medicaid Services (“CMS”) proposed Meaningful Use criteria to implement Stage 3 and allow eligible professionals, eligible hospitals and critical access hospitals (“CAHs”) to qualify for incentive payments (or avoid downward payment adjustments) under the Medicare and Medicaid Electronic Health ...
On January 29, 2015, Centers for Medicare & Medicaid Services (CMS) announced its intent to make changes to the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs beginning in 2015, which aim to “help to reduce the reporting burden on providers.”
Providers have expressed concerns about the EHR Incentive Programs ...
On January 22, 2015, the Centers for Medicare and Medicaid Services (CMS) updated previously posted FAQ No. 11666 to help guide providers who are striving to meet Stage 2 Meaningful Use criteria under the Medicare and Medicaid EHR Incentive Programs implemented by the Health Information Technology for Economic and Clinical Health (HITECH) Act ...
Under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), eligible hospitals and critical access hospitals and eligible professionals must make a “meaningful use” of “certified electronic health technology” or face reductions in Medicare reimbursement. Conducting or reviewing a security ...
On November 24, 2014, CMS announced a one-month extension of the deadline for eligible hospitals and Critical Access Hospitals (CAHs) to attest to meaningful use for the Medicare Electronic Health Record (EHR) Incentive Program 2014 reporting year. Medicare eligible hospitals must attest to meeting meaningful use requirements each year ...
The final HIPAA Omnibus Rule (Omnibus Rule), published in the Federal Register on January 25, 2013, substantially increased the privacy and security responsibilities of a "business associate" of a "covered entity", as those terms are defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)(see discussion later ...
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued two reports to Congress required by Section 13402(i) of the Health Information Technology for Economic and Clinical Health (HITECH) Act:
--“Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 ...
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) has issued two reports to Congress required by Section 13402(i) of the Health Information Technology for Economic and Clinical Health (HITECH) Act:
• “Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 and ...
In its most recent legislative session, the Kentucky General Assembly enacted two new data breach laws, HB 5 and HB 232, which go into effect July 15, 2014. Kentucky governmental agencies, those doing business with governmental agencies, and persons simply doing business in Kentucky should be aware of these added data security and breach ...
Under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), eligible hospitals and critical access hospitals must make a "meaningful use" of "certified electronic health technology" or face reductions in Medicare reimbursement during Medicare's 2015 fiscal year (which begins October 1, 2014). One of ...
Saturday, March 1, 2014, is the deadline for entities covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to report to the U.S. Department of Health & Human Services Office for Civil Rights (OCR) all "small breaches" of unsecured protected health information that occurred during 2013. Entities subject to this ...
Update: On April 1, 2014, President Obama signed into law the "Doc Fix" bill, Public Law 113-93, which extends the deadline for ICD-10 for an additional year. Section 212 of this law prohibits the Secretary of Health and Human Services from adopting ICD-10 code sets prior to October 1, 2015.
Everyone is a-twitter (pun intended) about the ...
On Friday, February 7, 2014, the Centers for Medicare and Medicaid Services (CMS) announced an extension until 11:59 pm on March 31, 2014 for Eligible Professionals to submit their 2013 EHR Meaningful Use (MU) attestation. In addition, Eligible Hospitals that had trouble submitting their 2013 MU attestation may be able to retroactively ...
On Friday, February 7, 2014, the Centers for Medicare and Medicaid Services (CMS) announced an extension until 11:59 pm on March 31, 2014 for Eligible Professionals to submit their 2013 EHR Meaningful Use (MU) attestation. In addition, Eligible Hospitals that had trouble submitting their 2013 MU attestation may be able to retroactively ...
by Kathie McDonald-McClure and Elizabeth O'Keeffe
As we have previously reported on the Wyatt HITECH Law blog on September 14, 2013 and September 23, 2011, the Department of Health and Human Services (HHS) has had in the works, for over two years now, revisions to the Clinical Laboratory Improvement Act of 1988 (CLIA) regulations concerning whether ...
by Margaret Young Levi and Roz Cordini
Amidst concerns that physicians and other providers are slow to adopt electronic health record (EHR) systems and be "meaningful users" of health information technology, just before the New Year, the federal government extended two programs that permit hospitals and other health care providers as well ...
by Dan Soldato
Data breaches, particularly of consumer information and other private information, are becoming an increasing public concern and a headline in the daily news. We regularly hear about incidents in which electronically stored customer information is lost by or stolen from businesses, including health care companies ...
The Electronic Health Records (EHR) Incentive Program was implemented by the Centers for Medicare and Medicaid Services (CMS) pursuant to the Health Information Technology for Clinical and Economic Health Act of 2009 (HITECH). This Program provides incentive payments to Eligible Hospitals, Critical Access Hospitals and Eligible ...
Welcome to our newest contributing author, Elizabeth O'Keeffe, who prepared the following post
E-health, e-patients, social media, telehealth, telemedicine, mobile health care – what does it all mean to you as a patient? As an employee? As a CEO? “Telehealth” is booming and could substantially disrupt the old-fashioned health care ...
Those who dwell in the world of health care privacy and security know well that the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) is the federal agency that issues the regulations, provides guidance and ultimately enforces the complex requirements of the Health Insurance Portability and Accountability Act ...
UPDATE: 2/10/2014. On Friday 2/7/2014, CMS announced an extension until March 31, 2014 for Eligible Professionals to submit their 2013 EHR Meaningful Use (MU) attestation. In addition, Eligible Hospitals that had trouble submitting their 2013 MU attestation may be able to retroactively submit their MU attestation to avoid the 2015 ...
On December 10, 2013, the Office of Inspector General for the United States Department of Health & Human Services (OIG) issued a report finding that hospital implementation of fraud safeguards in electronic health records (EHRs) falls short of the recommended standards. The report carries out one of the OIG's 2013 Work Plan objectives ...
On Friday, November 6, 2013, the Centers for Medicare & Medicaid Services (CMS) and the Office of National Coordinator of Health Information Technology (ONC) announced its proposal to extend the timeline by which eligible healthcare providers must demonstrate a "meaningful use" (MU) of a certified electronic health record (EHR) in ...
By Margaret Levi and Kathie McDonald-McClure
As we previously reported in a blog post on September 24, 2013, an eligible professional, eligible hospital, or critical access hospital receiving an incentive payment for the meaningful use (MU) of electronic health records (EHRs) will likely be subject to a stringent audit from either Medicare ...
by Margaret Young Levi and Kathie McDonald-McClure
The U.S. Department of Health & Human Services Office for Civil Rights (“OCR”) has a new acronym, “LoProCo,” relating to assessing data breaches under HIPAA, as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the HIPAA Omnibus ...
Saturday, November 30, 2013, is the last day for hospitals and critical access hospitals (CAHs) to register and attest to receive an incentive payment for FY2013 under the Medicare Electronic Health Record (EHR) Incentive Program. In the flurry of Thanksgiving activities, holiday travel and Black Friday shopping, don't forget to take advantage ...
NOTE: On February 18, 2010, we posted an article about what to do with paper medical records when converting to an electronic health record (EHR). To date, this has been the most popular article on the HITECH Law Blog. We decided to re-review the topic, update it, and repost it. Actually, not much has changed in the way of the law applicable to this ...
by Ann F. Triebsch
As we indicated in a posting last October and in a more recent August post , audits are now underway to verify that providers who received incentive monies from the Centers for Medicare and Medicaid Services (CMS) under the Health Information Technology for Economic and Clinical Health (HITECH) Act for implementation of a ...
More and more, health care providers are employing laptops, tablets, smartphones and other portable electronic devices in their work. And more and more, laptops and other portable electronic devices are involved in breaches of patient data. According to the Office of Civil Rights (OCR) website, 265 (or 39%) of the 674 total data breaches ...
Late last week the Office for Civil Rights (OCR) of the United States Department of Health & Human Services (HHS) announced a delay in its enforcement of the requirement that certain laboratories revise their notices of privacy practices (NPPs).
As we have previously posted on the HITECH Law Blog, HHS has in the works revisions to the Clinical ...
by Ann F. Triebsch
We’ve all heard about HIPAA privacy breaches until we think there couldn’t be anything else to worry about. Think again—the Federal Trade Commission (FTC) is prosecuting privacy breaches in the health care industry as a violation of Section 5 of the FTC Act. The Department of Health and Human Services (HHS) Office of ...
It has been widely reported that WellPoint Inc. recently agreed to pay a $1.7 million fine to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules. The U.S. Department for Health & Human Services’ (“HHS”) press release asserts that WellPoint failed to ...
The U.S. Department for Health & Human Services (HHS) announced it is releasing technical corrections to the HIPAA Omnibus Rule tomorrow. These technical corrections are "to address public comment received on the interim final Breach Notification Rule, and to make certain other modifications to the HIPAA Rules to improve their workability ...
On Friday, May 3, 2013, the Centers for Medicare and Medicaid Services (CMS) and the Office of National Coordinator of Health Information Technology (ONC) jointly hosted a listen and learn webcast about the impact of EHRs on coding and billing. Look for HITECHMcClure on Twitter for comments from the panelists. Materials used during the session ...
Kentucky Health Information Exchange (KHIE) sends out alert on Thursday, April 18, 2013, indicating that it will accept applications from 13 providers who are seeking financial assistance to qualify for the HITECH Act's Meaningful Use incentive payments.
Here's the content of the KHIE alert:
Application for CeRT Early Adopter License
by Ann F. Triebsch
The anti-kickback “safe harbor” allowing hospitals to donate electronic health record ("EHR") equipment to physicians who may refer patients to their facility is set to expire on December 31, 2013, but efforts have begun to have the safe harbor extended. The safe harbor, created in 2006, allows hospitals to donate EHR and ...
A new bill entitled the "Electronic Health Records Improvement Act" has been introduced in the U.S. House of Representatives. Its stated purpose is to “amend certain requirements and penalties implemented under the Medicare and Medicaid programs by the HITECH Act of 2009, which would otherwise impede eligible professionals from adopting ...
The deadline is fast approaching for eligible professionals (“EPs”) to file attestations to receive electronic health record (“EHR") incentives available under Medicare’s Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”).
To receive an EHR incentive payment, EPs, such as physicians ...
by Ann F. Triebsch
(Updated January 27, 2013)
On January 17, 2013, the Department of Health & Human Services (HHS), Office for Civil Rights (OCR), released the final HIPAA Omnibus Rule (Omnibus Rule) implementing the HITECH Act of 2009 and the Genetic Information Nondiscrimination Act of 2008 (GINA). The Omnibus Rule greatly enhances a ...
“Rumor has it” that the long-awaited HIPAA-HITECH Omnibus Rule under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) will be released the week of January 21st or 28th. While similar rumors have abounded for many months, this one may have some merit.
It is reasonable to expect the Office of Management ...
On December 7, 2012, the Office of the National Coordinator for Health Information Technology (ONC) and Centers for Medicare & Medicaid Services (CMS) published an interim final rule with comment period to make revisions to the 2014 Edition Electronic Health Record (EHR) and revisions to the EHR Incentive Program. Specifically, this rule will:
by Ann Triebsch
The 2013 Work Plan released October 2, 2012, by the HHS Office of the Inspector General (OIG), demonstrates that even the health care industry’s brand-new electronic health records (EHR) initiative is already under scrutiny for potentially abusive and erroneous practices by some providers. The Work Plan lists three ...
Stage 2 of Meaningful Use under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) requires providers who want the HITECH Act's EHR incentive payments to ensure that at least some patients are engaged and are actually using their electronic health records (EHRs). The Final Rule for the Stage 2 ...
On Thursday, October 4, 2012, in a letter to Secretary Sebelius of the United States Department of Health & Human Services (HHS), the United States House GOP called on HHS to suspend incentive payments for the adoption and implementation of electronic health records (EHRs) otherwise authorized under the Health Information Technology for ...
The promised audits have begun for providers receiving electronic health records (EHR) incentives available under the Health Information Technology for Economic and Clinical Health (HITECH) Act.
In order to receive Medicare EHR incentive payments, providers must attest to CMS that they meet Meaningful Use (MU) criteria using certified ...
On June 22, 2012, the Office of Management and Budget (OMB) announced that it was delaying release of the HIPAA Omnibus Final Rule (HIPAA Rule) under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) from a projected early July date, to a future unspecified date.
The much-anticipated HIPAA Rule contains ...
In our November 2011 blog post, we told you about the launch of HIPAA privacy and security audits mandated by Section 13411 of the Health Information Technology for Economic and Clinical Health Act (HITECH Act). KMPG, Inc. was awarded the contract to develop the audit protocol and conduct these audits last fall and, on March 1, 2012, completed its ...
The Office of the National Coordinator for Health Information Technology (ONCHIT) recently released a 47-page Guide to Privacy and Security of Health Information. The Guide provides direction to providers on protecting patient privacy and securing their health information in an electronic health record (EHR) for purposes of complying with ...
On Thursday, February 23, 2012, the Centers for Medicare and Medicaid Services (CMS), pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act, released a 455-page Proposed Rule specifying the Stage 2 criteria that eligible professionals (EPs), eligible hospitals and critical access hospitals ...
The deadline is quickly approaching for mandatory data breach reporting to the United States Department of Health & Human Services (HHS) under the Health Information Technology for Economic and Clinical Health Act (HITECH Act). Covered entities must report data breaches involving less than 500 individuals to HHS within 60 days following ...
On November 30, 2011, U.S. Department of Health and Human Services (HHS) Secretary Kathleen Sebelius issued a press release announcing proposed steps to encourage physicians and hospitals to adopt electronic health records (EHRs) this year and receive incentive payments made available under the Health Information Technology for Economic ...
Section 13411 of the the Health Information Technology for Economic and Clinical Health Act (HITECH Act) requires United States Department of Health & Human Services (HHS) to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification ...
The Centers for Medicare and Medicaid Services (CMS) announced today, October 20, 2011, that the use of certified electronic health records (EHRs) will be the highest-weighted quality measure for an Accountable Care Organization (ACO) under the new Medicare Shared Savings Program.
ACOs are designed to encourage primary care doctors ...
In an article titled, "Use of electronic communications with patients," posted to this blog on December 18, 2009, I discussed the stated goal under the Health Information Technology for Economic and Clinical Health (HITECH) Act to “[p]rovide patients and families with timely access to data, knowledge, and tools to make informed decisions and ...
After the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, the interest in storing and accessing health information online increased, prompting increased concerns about the privacy and security of such information. In September 2011, the Office of the National Coordinator for Health ...
On September 12, 2011, the Office of National Coordinator (ONC) for the United States Department of Health & Human Services (HHS) announced a Proposed Rule that will enable direct access to laboratory test results by patients. Under the Clinical Laboratory Improvement Amendments of 1988 (CLIA), laboratories must hold a CLIA certificate ...
On September 6 and 7, 2011, the Kentucky Governor's Office of Electronic Health Information hosted the 4th annual Kentucky eHealth Summit at the METS Center, 3861 Olympic Boulevard, Erlanger, KY 41018 in northern Kentucky.
Farzad Mostashari, MD, ScM, the National Coordinator for Health Information Technology for the United States ...
SUMMARY: In June 2011, the United States Department of Health & Human Services (HHS) Office of Civil Rights (OCR)contracted for new periodic audits of covered entities and business associates to ensure compliance with the Privacy and Security Standards found in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as ...
UPDATE: On July 6, 2011, Farzad Mostashari, M.D., ONC Chief, backed the ONC Policy Committee's recommendation to delay implementing Stage 2 meaningful use criteria.
*********************************************************************
On June 16, 2011, Paul Tang, M.D. , as Vice Chair of the Health IT Policy Committee for the Office ...
What do the Physician Quality Reporting Incentives Program (PQRI) and Hospital Inpatient Value Based Purchasing (VBP) Program have in common with the recently released proposed regulation for establishing an Accountable Care Organization (ACO)? Answer: The meaningful use measures established by the Centers for Medicare and Medicare ...
On January 13, 2011, the Centers for Medicare and Medicaid Services (CMS) released its Proposed Rule on the Medicare Hospital Inpatient Value-Based Purchasing (VBP) Program. The VPB Program is being established per the directive of the Patient Protection and Affordable Access to Care Act of 2010 (PPACA). CMS is to begin making incentive ...
The U.S. Department of Health & Human Services Centers for Medicare & Medicaid Services (CMS) has updated its HITECH electronic health records webpage to include information about registration for the Medicare and Medicaid EHR Incentive Programs. Per CMS, registration opens on January 3, 2011 and a link will be available on the CMS HITECH ...
On October 15, 2010, the Centers for Medicare and Medicaid Services (CMS) issued Transmittal 2066 to address the submission of informational only claims by Critical Access Hospitals (CAHs) as well as Maryland Waiver Hospitals in order to track Part C patient days for purposes of calculating the Electronic Health Record (EHR) incentives ...
Just to recap where we are today, the U.S. Health & Human Services Department (HHS) Office of National Coordinator for Health Information Technology (ONC) has authorized three organizations to perform complete EHR and/or EHR module testing and certification under the Temporary Certification Program Rules. Certification means that the EHR or ...
On September 27, 2010, CMS updated its answers and posted a few new ones to frequently asked questions (FAQs) about the electronic health record (EHR) incentives available under the HITECH Act's Meaningful Use ("MU") Final Rule. Here is a sampling of answers addressed in the FAQs:
- Registration for Medicare MU incentives is to be available ...
On August 17, 2010, the Centers for Medicare and Medicaid Services (CMS) issued a 4-page letter plus attachments to State Medicaid Directors giving guidance on the implementation of Medicaid EHR incentive programs under the Health Information Technology for Economic and Clinical Health Act (HITECH) and the recently published CMS Final Rule ...
Update: On August 9, 2010, Humana, Inc. and athenahealth, Inc. announced their collaboration to provide physicians access to a practice management/EHR software system combined with a rewards program related to quality measures. For more information, click here.
On August 5, 2010, four major commercial health insurance payors participated ...
Update: The text of HR 6072 is now available on the Library of Congress webpage here.
On Friday, July 30, 2010, Rep. Zack Space (D-OH) and several other representatives, introduced HR 6072, the Electronic Health Record Incentives for Multi-Campus Hospitals Act of 2010 (Multi-campus Hospital Act). If passed, this Act would reduce the disparity ...
The following statement was recently posted on the U.S. Department of Health & Human Services' Office of Civil Rights website:
"The Interim Final Rule for Breach Notification for Unsecured Protected Health Information, issued pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act, was published in ...
On Thursday, July 22, 2010, the Centers for Medicare and Medicaid Services (CMS) held a publicly available teleconference to give an overview of the 800+ page Final Rule on Meaningful Use (MU) under the HITECH Act, as well as an overview of the Final and Proposed Rules on Temporary & Permanent Certification Program and the Final Rule on ...
Update: On December 29, 2010, HHS published in the Federal Register a "Correcting Amendment" to its Final Rule on Meaningful Use, which can be viewed here.
HHS Secretary Kathleen Sebelius wasted no time in putting the brand new CMS Director to work on July 13, 2010, in announcing the release of two rules under the Health Information Technology ...
UPDATE: Watch the LIVE webcast here.
According to HealthcareIT News, federal officials have announced that, on Tuesday morning, July 13, 2010, at 10:00 am EST, the Centers for Medicare and Medicaid (CMS) and the Office of National Coordinator (ONC) will release the final rule on making a "meaningful use" of electronic health records under the ...
On Thursday, July 29, 2010, physicians, physician practice managers, and others interested in learning more about the regulations governing incentives under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) are invited to a free education session (by Kathie McDonald-McClure) and networking event ...
From the Office of National Coordinator of Health Information Technology (ONC HIT):
"On June 18, the Office of the National Coordinator for Health Information Technology issued its temporary certification program final rule, which establishes a way for organizations to become authorized by the National Coordinator to test and certify ...
On May 13, 2010, the United States District Court for the Southern District of New York rejected the privacy challenge to the Health Information Technology for Economic and Clinical Health Act (HITECH Act) asserted by Beatrice M. Heghmann, a registered nurse, and Robert A. Heghmann, her husband and attorney, against Kathleen Sebelius ...
Update 9/24/2020: In the 10 years since we wrote this article, the DEA received questions and requests for clarification on various issues concerning the implementation and technical requirements for e-prescribing controlled substances. To provide further clarification, this year, the DEA reopened the EPCS Interim Final Rule for ...
On March 2, 2010, the Office of National Coordinator (ONC) issued its proposed rulemaking respecting the certification standards that an eligible health care provider's electronic health record must satisfy in order to qualify for incentives under the Health Information Technology for Clinical and Economic Health Act (HITECH Act), which ...
IMPORTANT NOTICE: This article was originally written in June 2009, before HHS released the Proposed Rule on "meaningful use" on December 30, 2009 and before President Obama signed the Continuing Extension Act of 2010. Under the Proposed Rule, the determining factor of whether a physician is "hospital-based" under the Medicare incentive ...
Editor's Note: Due to the continued popularity of this post, this article was reviewed and updated on September 30, 2013. For the later version, click here.
Update: On August 8, 2010, Medicare issued MLN Matters Article SE1022 on Medical Record Retention and Media Formats for Medical Records, which states that the Centers for Medicare ...
On Thursday, January 21, 2010, CMS announced that Alaska, Kentucky, South Carolina and Wisconsin, would receive federal matching funds for EHR implementation under the American Recovery and Reinvestment Act of 2009 (ARRA). Kentucky's grant is $2.6 million. CMS indicated that the grant will be used to study EHR implementation ...