ONC Issues Meaningful Use Guide for Privacy & Security Attestation Compliance

May 9, 2012.  The Office of the National Coordinator for Health Information Technology (ONC) has issued a Guide to Privacy and Security of Health Information (Version 1.1 022312).  This Guide is targeted to medical practitioners who participate in the Medicare and Medicaid Program for Adoption and Meaningful Use of Certified Electronic Health Record Technology. Chapters are: 1. What Is Privacy & Security and Why Does It Matter? 2. Privacy & Security and Meaningful Use. 3.  Privacy & Security Step Plan for Meaningful Use. 4.  Integrating Privacy and Security into Your Practice. 5.  Privacy and Security Resources. The Guide highlights two of the Stage 1 Meaningful Use Objectives and Corresponding Measures…

READ MORE

OCR Penalizes Physician Practice for HIPAA Privacy and Security Rule Violations

April 18, 2012.  Late last week, the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) executed a Resolution Agreement and included Corrective Action Plan (Appendix A) as a settlement for violations of HIPAA Privacy and Security Rules by a physician practice, Phoenix Cardiac Surgery, P.C., of Phoenix and Prescott, AZ. In its April 17, 2012, News Release, HHS stated: “The incident giving rise to OCR’s investigation was a report that the physician practice was posting clinical and surgical appointments for its patients on an Internet-based calendar that was publicly accessible. On further investigation, OCR found that Phoenix Cardiac Surgery had implemented few policies and…

READ MORE

HHS Publishes NPRM for HIPAA Health Plan Identifier and Delay for ICD-10 Compliance Date

April 17, 2012.  The Office of the Secretary of the Department of Health and Human Services (HHS) published today in the Federal Register its Notice of Proposed Rule Making (NPRM):  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for ICD-10-CM and (CD-10-PCS Medical Data Code Sets. From the NPRM is the Summary of the Major Provisions: “a. HPID.  This rule proposes the adoption of the HPID [national unique health plan identifier] as the standard for the unique identifier for health plans and definitions for ‘Controlling Health Plan’ and ‘Subhealth Plan.’ The proposed…

READ MORE

HHS Issues HIPAA NPRM for Unique Health Plan Identifier and One Year Delay for ICD-10 Code Set Compliance

April 10, 2012.  Yesterday, the Office of the Secretary of the Department of Health and Human Services (HHS) promulgated a notice of proposed rule making (NPRM) entitled:  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for ICD-10-CM and ICD-10-PCS Medical Data Code Sets. The NPRM will be published in the Federal Register on April 17, 2012. Here is the NPRM summary:  “This proposed rule would implement section 1104 of the Patient Protection and Affordable Care Act (hereinafter referred to as the Affordable Care Act) by establishing new requirements for administrative transactions that…

READ MORE

Finally, HIPAA/HITECH Act Privacy, Security, Breach Notification, Enforcement Final Rules at OMB

March 24, 2012.   Today, the Office of Information and Regulatory Affairs at the Office of Management and Budget (OMB) in the Executive Office of the President showed that it had received the much-delayed Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Final Rules entitled:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (RIN:  0945-AA03). Following review by OMB, the rules will be published in the Federal Register, most likely in April if OMB’s review is timely. The Abstract of the Rules reads:  “The Department of Health and Human Services Office for Civil Rights will issue final rules to modify the HIPAA Privacy, Security,…

READ MORE

BCBST Pays $1.5 Million to HHS to Settle Potential HIPAA Privacy and Security Violations

On March 13, 2012, Blue Cross Blue Shield of Tennessee (BCBST) agreed to a payment of $1.5 million to the Department of Health and Human Services (HHS) and to a corrective action plan as part of a Resolution Agreement with HHS for potential violation of Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule violations.  According to a HHS Press Release of the same date, “the enforcement action [by HHS’ Office for Civil Rights (OCR)] is the first resulting from a breach report required by the Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule.” According to the HHS Press Release: “The investigation followed…

READ MORE

ONC Publishes Stage 2 EHR Technology Certification Criteria NPRM

On March 7, 2012, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register its notice of proposed rule making (NPRM) entitled Health Information Technology:  Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record [EHR] Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology [pp. 13832-13885].  Comments to HHS may be made until 5 PM on May 7, 2012. The summary of the NPRM is included here: “Under section 3004 of the Public Health Service Act, the Secretary of Health and Human Services is proposing to revise the initial set…

READ MORE

CMS Publishes Stage 2 Meaningful Use Incentive Program NPRM

On March 7, 2012, the Centers for Medicare & Medicaid Services (CMS) published in the Federal Register its 132-page notice of proposed rule making (NPRM):  Medicare and Medicaid Programs; Electronic Health Record Incentive Program–Stage 2.  Comments to the Department of Health and Human Services (HHS) may be made until 5 PM on May 7, 2012. The summary of the NPRM is included here: “This proposed rule would specify the Stage 2 criteria that eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) must meet in order to qualify for Medicare and/or Medicaid electronic health record (EHR) incentive payments.  In addition, it would specify payment adjustments under Medicare for covered…

READ MORE

IFR for HIPAA EFT Standard to be Published in Federal Register January 10, 2012

HIPAA.com discussed in its preceding posting this Interim Final Rule (IFR) for “adoption of standards and operating rules for Electronic Funds Transfers (EFT) and operating rules for remittance advice…”, as required by the Patient Protection and Affordable Care Act of 2010 (Public Law 111-148).  [124 STAT. 153] The Office of Management and Budget (OMB) completed its regulatory review on January 3, 2012, and the IFR is available for pre-publication review prior to January 10, 2012, when it will be published in the Federal Register.  The title of the IFR is: Administrative Simplification:  Adoption of Standards for Health Care Electronic Funds Transfers (EFTs) and Remittance Advice. The Summary in the pre-publication…

READ MORE

IFR for EFT at OMB

The Centers for Medicare & Medicaid Services (CMS) of the Department of Health and Human Services (HHS) has sent to the Office of Management and Budget (OMB) its Interim Final Rule (IFR) for “adoption of standards and operating rules for Electronic Funds Transfers (EFT) and operating rules for remittance advice….” Following the December 15 receipt and subsequent review of the IFR by OMB, the IFR is expected to be published in the Federal Register before January 1, 2012, as required by the Affordable Care Act of 2010 (Public Law 111-148). [124 STAT. 153] The legal authority for the IFR is Section 1104 (Administrative Simplification) of the Affordable Care Act.  Section 1104…

READ MORE