Five HIPAA Compliance Activities Your Organization Must Undertake

HIPAA Administrative Simplification was enacted on August 21, 1996 as Subtitle F of Title II of Public Law 104-191. The so-called HITECH Act “Omnibus” regulation that modifies HIPAA privacy and security provisions will be published in the Federal Register by the end of this summer, according to the head of HHS’ National Coordinator for Health Information Technology, Farzad Mostashari, M.D. Based on the timeline in the Notice of Proposed Rule Making, compliance by all covered entities and their business associates would be required 240 days after publication, most likely sometime in May 2013, assuming the end-of-summer deadline is met.  All covered entities and their business associates will be required to comply with provisions of…

READ MORE

ONC Issues Meaningful Use Guide for Privacy & Security Attestation Compliance

May 9, 2012.  The Office of the National Coordinator for Health Information Technology (ONC) has issued a Guide to Privacy and Security of Health Information (Version 1.1 022312).  This Guide is targeted to medical practitioners who participate in the Medicare and Medicaid Program for Adoption and Meaningful Use of Certified Electronic Health Record Technology. Chapters are: 1. What Is Privacy & Security and Why Does It Matter? 2. Privacy & Security and Meaningful Use. 3.  Privacy & Security Step Plan for Meaningful Use. 4.  Integrating Privacy and Security into Your Practice. 5.  Privacy and Security Resources. The Guide highlights two of the Stage 1 Meaningful Use Objectives and Corresponding Measures…

READ MORE

ONC Publishes Stage 2 EHR Technology Certification Criteria NPRM

On March 7, 2012, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register its notice of proposed rule making (NPRM) entitled Health Information Technology:  Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record [EHR] Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology [pp. 13832-13885].  Comments to HHS may be made until 5 PM on May 7, 2012. The summary of the NPRM is included here: “Under section 3004 of the Public Health Service Act, the Secretary of Health and Human Services is proposing to revise the initial set…

READ MORE

Permanent HIT Certification Final Rule Published by ONC in Federal Register

January 7, 2011.  The Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) published today in the Federal Register the final rule for Establishment of the Permanent Certification Program for Health Information Technology (HIT), available online.  This regulation is effective on February 7, 2011.  According to the January 3, 2011, HHS News Release, “[t]he temporary  certification program, established through a final rule published on June 24, 2010, will continue in effect until it sunsets on December 31, 2011, or at a later date when the processes necessary for the permanent certification program to operate are completed. ONC expects to stand-up the programmatic…

READ MORE

EHR Incentive and Certification Criteria Final Rules Published in Federal Register

The EHR Incentive and Certification final rules were published in the Federal Register this morning, July 28, 2010.  HIPAA.com provides the title, summary, effective date, and URL for each below. Department of Health and Human Services, Centers for Medicare & Medicaid Services, “42 CFR Parts 412, 413, 422, and 495;  Medicare and Medicaid Programs; Electronic Health Record Incentive Program; Final Rule, Federal Register, 75(144), Wednesday, July 28, 2010, pp. 44313-44588. Summary:  This final rule implements the provisions of the American Recovery and Reinvestment Act of 2009 (ARRA)(Public Law 111-5) that provide incentive payments to eligible professionals (EPs), eligible hospitals and critical access hospitals (CAHs) participating in Medicare and Medicaid programs…

READ MORE

Final Rule on EHR Certification Programs Imminent

The Office of Management and Budget (OMB) completed its review of the Proposed Establishment of Certification Programs for Health Information Technology final rule on June 14, 2010, so publication in the Federal Register is imminent.  This final rule explains the proposed establishment of certification programs for voluntary certification of health information technology, as specified in section 3001(c)(5) of the HITECH Act, which is available on the hipaa.com site.  This final rule is a follow-on to the proposed rule of the same title that was published in the Federal Register on March 10, 2010 (75 Federal Register 11327-11373), the summary of which appears below. “Under the authority granted to the National…

READ MORE

HHS’ ONC Releases Proposed Rule for Temporary and Permanent HIT Certification Programs

On Wednesday, March 10, 2010, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register the Proposed Rule (NPRM) for Proposed Establishment of Certification Programs for Health Information Technology.  [75 Federal Register 11327-11373]  We present the summary of the NPRM. “SUMMARY.  Under the authority granted to the National Coordinator for Health Information Technology (the National Coordinator) by section 3001(c)(5) of the Public Health Service Act (PHSA) as added by the Health Information Technology for Economic and Clinical Health (HITECH ) Act, this rule proposes the establishment of two certification programs for purposes of testing and certifying…

READ MORE

HHS Publishes Proposed Rule for Electronic Health Record Incentive Program

HHS published today in the Federal Register:  “Medicare and Medicaid Programs–Electronic Health Record Incentive Program; Proposed Rule.”  75 FR 1844-2011.  Comments on this Notice of Proposed Rulemaking (NPRM) may be submitted to HHS no later than March 15, 2010.  Here is the Summary from the NPRM: “This proposed rule would implement the provisions of the American Recovery and Reinvestment Act of 2009 (ARRA)(Public Law 111-5) that provide incentive payments to eligible professionals (EPs) and eligible hospitals participating in Medicare and Medicaid programs that adopt and meaningfully use certified electronic health record (EHR) technology.  The proposed rule would specify the initial criteria an EP and eligible hospital must meet in order…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 7

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

American Recovery and Reinvestment Act of 2009

ONE HUNDRED ELEVENTH CONGRESS of the UNITED STATES of AMERICA American Recovery and Reinvestment Act of 2009 Making supplemental appropriations for job preservation and creation, infrastructure investment, energy efficiency and science, assistance to the unemployed, and State and local fiscal stabilization, for the fiscal year ending September 30, 2009, and for other purposes. AGENCY: 111th US Congress. ACTION: Act. Download (Requires Acrobat Reader)