Five HIPAA Compliance Activities Your Organization Must Undertake

HIPAA Administrative Simplification was enacted on August 21, 1996 as Subtitle F of Title II of Public Law 104-191. The so-called HITECH Act “Omnibus” regulation that modifies HIPAA privacy and security provisions will be published in the Federal Register by the end of this summer, according to the head of HHS’ National Coordinator for Health Information Technology, Farzad Mostashari, M.D. Based on the timeline in the Notice of Proposed Rule Making, compliance by all covered entities and their business associates would be required 240 days after publication, most likely sometime in May 2013, assuming the end-of-summer deadline is met.  All covered entities and their business associates will be required to comply with provisions of…

READ MORE

ONC’s Dr. Blumenthal Announces SHARP Program Funding Availability

Please read the following announcement released on December 18, 2009: A Message from Dr. David Blumenthal, National Coordinator for Health Information Technology Today the Obama administration announced the availability of $60 million in Recovery Act funds to support the development of the Strategic Health IT Advanced Research Projects (SHARP) program. SHARP awards will fund research focused on identifying technology solutions to address well-documented problems impeding broad adoption of health information technology (health IT). By helping to overcome key challenges, the research will also accelerate progress towards achieving nationwide meaningful use of health IT. 

As we continue this unprecedented effort towards meaningful use and seamless, secure information exchange, we also must acknowledge…

READ MORE

HHS Secretary Delegates to ONC Head New HITECH Act Authority

Effective August 7, 2009, and published in the Federal Register on Tuesday, August 18, 2009, Secretary Kathleen Sebelius of the U.S. Department of Health and Human Services (HHS) has delegated authority to the National Coordinator for Health Information Technology, David Blumenthal, M.D., to administer “Subtitle B, ‘Incentives for the Use of health Information Technology,’ sections 3011 through 3017, with the exception of 3012(c)(5), the Financial Support subsection.”  These sections and titles, which appear on pages 132-144 of the American Recovery and Reinvestment Act of 2009 (ARRA), signed by President Obama on February 17, 2009, available on the hipaa.com site, include: 3011 Immediate Funding to Strengthen the Health Information Technology Infrastructure,…

READ MORE

HHS appoints members to HIT Policy and Standards Committee

On Friday, May 8, 2009, the U.S. Department of Health and Human Services (HHS) announced appointments to the Health Information Technology (HIT) Policy Committee and HIT Standards Committee. These federal advisory committees were established by provisions in the American Recovery and Reinvestment Act (ARRA) that President Obama signed on February 17, 2009. Today, is the first meeting of the HIT Policy Committee, and Friday, May 15, 2009, is the first scheduled meeting of the HIT Standards Committee, both in Washington, DC. According to the press release issued by HHS, “[t]he HIT Policy Committee will make recommendations to the National Coordinator for Health Information Technology [Dr. David Blumenthal] on a policy…

READ MORE

ARRA’s HITECH Privacy Provisions Apply HIPAA Security Rule to Business Associates

President Obama signed into law the American Recovery and Reinvestment Act of 2009 (ARRA) on Tuesday, February 17, 2009. The Health Information Technology for Economic and Clinical Health Act (HITECH) provisions of ARRA in Title XIII include important changes in Privacy (Subtitle D). Our focus in this posting is the change related to business associates under HIPAA Administrative Simplification that is specified in Section 13401: Application of Security Provisions and Penalties to Business Associates of Covered Entities. In this section, administrative, physical, and technical safeguards, and policy, procedure, and documentation requirements of the HIPAA Administrative Simplification Security Rule “shall apply to a business associate of a covered entity in the…

READ MORE

Time to Review Your Security Risk Assessment

With the March 17, 2009 effective dates for the new 5010 Version of HIPAA Administrative Simplification Transaction Standards and the move to the ICD-10 Code Set Standard rules, and the expected enactment of the HITECH provisions of the American Recovery and Reinvestment Act as early as next week, it is a good time now to begin reviewing your HIPAA Administrative Simplification Security safeguards. As mentioned earlier this week, creating and periodically reviewing your risk assessment or analysis is the foundation of achieving compliance with the HIPAA Administrative Simplification Security Rule and a key factor in having a successful business. Over the next week, HIPAA.com will review the Security Rule administrative,…

READ MORE

Are You Subject to HIPAA Privacy Rules when Publishing Confidential Health Information on a Social Network?

It’s unlikely the social networking sites are health care providers, so HIPAA’s privacy rule doesn’t apply; but other privacy business practices are likely to affect you. First, tackle the HIPAA Privacy question by responding to the following questions. » Are you a healthcare provider that conducts transactions electronically? » Are you a healthcare clearinghouse? (Do you process healthcare claims?) » Are you a health plan? (insurance payer) If you answered no to these questions, you are not a covered entity under HIPAA’s Privacy Rule. That said, you probably are more concerned about users sharing health information online that if stolen, could be used in identity theft. Consumers (patients) often use…

READ MORE

House and Senate Agree on ARRA Provisions

On Wednesday, February 11, 2009, House and Senate conferees reconciled the House and Senate versions of the American Recovery and Reinvestment (ARRA) plan, or so-called Stimulus bill. The House and Senate are expected to approve the final version this week and send it to President Obama for his signature. The total of the stimulus is just over $789 billion. The Wall Street Journal reported this morning that “$19 billion is set aside for health information technology. Physicians would get bonuses of between $44,000 and $64,000—and hospitals would get as much as $11 million—if they show they have computerized their medical-records systems. On the stick side of the equation, the measure…

READ MORE

Senate Passes American Recovery and Reinvestment Act of 2009 (ARRA)

Tuesday afternoon the Senate passed the American Recovery and Reinvestment Act, the so-called Economic Stimulus bill. Previously, the House of Representatives passed its version, H.R. 1. Now, the joint House-Senate conference committee will resolve funding and language differences in the House and Senate versions of ARRA. As we have noted earlier, each of these versions contains incentives for adoption of health information technologies, which are described in the so-called HITECH provisions of the House and Senate versions. President Obama is expected to sign a reconciled bill in the near future, assuming that the Democrats in the Senate can achieve at least 60 votes in a procedural motion to move the…

READ MORE

What Does the HITECH Act Mean to You?

Even though the US Senate is likely to pass the stimulus package in the next day or two, the House and Senate still have to come to an agreement on their funding differences. The HITECH Act is still holding its own with some possible additions to the $20 billion agreed upon by the House. Key words used by both House and Senate are “meaningful use” and “shovel ready”. In other words, everything is set in place ready to go, but just needs money to get it off the ground.  You’ve made a decision on your health IT system, you’ve completed your readiness assessments, and you’ve built a strategy to move…

READ MORE