HIPAA Final Rule: Modified Privacy Rule Definition–Marketing

March 1, 2013.  Today, we continue to examine definitions pertaining to the HIPAA Privacy Rule, for which we shall begin to examine modifications next week. Today’s definition is marketing, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here are excerpts from the…

READ MORE

Definition: Health Care Operations

Today, we continue to examine definitions pertaining to the HIPAA Privacy Rule, for which we shall begin to examine modifications of provisions next week. Today’s definition is health care operations, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the discussion…

READ MORE

HIPAA Final Rule: Modified Privacy Rule Definition–Payment

February 27, 2013.  Today, we start to examine definitions pertaining to the HIPAA Privacy Rule, and begin with payment, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the discussion in the Final Rule related to the proposed modification to the…

READ MORE

HIPAA Final Rule: Enforcement by State Attorneys General

February 26, 2013.  Today, we examine the HIPAA Rules enforcement role established by the HITECH Act for State attorneys general as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. As of February 18, 2009, Section 13410(e) of the HITECH Act granted State attorneys…

READ MORE

HHS Publishes NPRM for HIPAA Health Plan Identifier and Delay for ICD-10 Compliance Date

April 17, 2012.  The Office of the Secretary of the Department of Health and Human Services (HHS) published today in the Federal Register its Notice of Proposed Rule Making (NPRM):  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for ICD-10-CM and (CD-10-PCS Medical Data Code Sets. From the NPRM is the Summary of the Major Provisions: “a. HPID.  This rule proposes the adoption of the HPID [national unique health plan identifier] as the standard for the unique identifier for health plans and definitions for ‘Controlling Health Plan’ and ‘Subhealth Plan.’ The proposed…

READ MORE

HHS Issues HIPAA NPRM for Unique Health Plan Identifier and One Year Delay for ICD-10 Code Set Compliance

April 10, 2012.  Yesterday, the Office of the Secretary of the Department of Health and Human Services (HHS) promulgated a notice of proposed rule making (NPRM) entitled:  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for ICD-10-CM and ICD-10-PCS Medical Data Code Sets. The NPRM will be published in the Federal Register on April 17, 2012. Here is the NPRM summary:  “This proposed rule would implement section 1104 of the Patient Protection and Affordable Care Act (hereinafter referred to as the Affordable Care Act) by establishing new requirements for administrative transactions that…

READ MORE

ONC Publishes Stage 2 EHR Technology Certification Criteria NPRM

On March 7, 2012, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register its notice of proposed rule making (NPRM) entitled Health Information Technology:  Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record [EHR] Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology [pp. 13832-13885].  Comments to HHS may be made until 5 PM on May 7, 2012. The summary of the NPRM is included here: “Under section 3004 of the Public Health Service Act, the Secretary of Health and Human Services is proposing to revise the initial set…

READ MORE

CMS Publishes Stage 2 Meaningful Use Incentive Program NPRM

On March 7, 2012, the Centers for Medicare & Medicaid Services (CMS) published in the Federal Register its 132-page notice of proposed rule making (NPRM):  Medicare and Medicaid Programs; Electronic Health Record Incentive Program–Stage 2.  Comments to the Department of Health and Human Services (HHS) may be made until 5 PM on May 7, 2012. The summary of the NPRM is included here: “This proposed rule would specify the Stage 2 criteria that eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) must meet in order to qualify for Medicare and/or Medicaid electronic health record (EHR) incentive payments.  In addition, it would specify payment adjustments under Medicare for covered…

READ MORE

OMB Clears HITECH Act Accounting of Disclosures NPRM

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR), responsible for enforcement of the HIPAA Privacy, Security, and Breach Notification Rules, will issue a Notice of Proposed Rule Making (NPRM) to modify the HIPAA Privacy Rule as necessary to implement the accounting of disclosures provisions of Section 13405(c) of the Health Information Technology for Economic and Clinical Health Act (HITECH Act) (Title XIII of the American Recovery and Reinvestment Act of 2009–Public Law 111-5).  Section 13405(c) is entitled: Accounting of Certain Protected Health Information Disclosures Required if Covered Entity Uses Electronic Health Record. The NPRM was submitted on February 9, 2011, by HHS to the Office…

READ MORE