Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information

Office of the National Coordinator for Health Information Technology U.S. Department of Health and Human Services Numerous forces are driving the health care industry towards the use of health information technology, such as the potential for reducing medical errors and health care costs, and increasing individuals’ involvement in their own health and health care. To facilitate this advancement and reap its benefits while reducing the risks, it is important to consider individual privacy interests together with the potential benefits to population health. Download (Requires Acrobat Reader)

HHS appoints members to HIT Policy and Standards Committee

On Friday, May 8, 2009, the U.S. Department of Health and Human Services (HHS) announced appointments to the Health Information Technology (HIT) Policy Committee and HIT Standards Committee. These federal advisory committees were established by provisions in the American Recovery and Reinvestment Act (ARRA) that President Obama signed on February 17, 2009. Today, is the first meeting of the HIT Policy Committee, and Friday, May 15, 2009, is the first scheduled meeting of the HIT Standards Committee, both in Washington, DC. According to the press release issued by HHS, “[t]he HIT Policy Committee will make recommendations to the National Coordinator for Health Information Technology [Dr. David Blumenthal] on a policy…

READ MORE

Is Your Covered Entity Preparing for 5010/D.0 Testing? Part 2: Level 2 Testing

On March 17, 2009, the Final Rules for Modifications to the Health Insurance Portability and Accountability Act (HIPAA) become effective. HIPAA.com has available for download the final rules for 5010/D.0 as published in the Federal Register on January 16, 2009 (pp.3295-3328). The effective date is “the date that the policies set forth in this final rule take effect, and new policies are considered to be officially adopted.” [p.3302]. All covered entities are to be in compliance with 5010/D.0 on January 1, 2012. Testing can occur “from the date of the final rule until the compliance date for Versions 5010 and D.0.” [p. 3306] The Final Rules outline two levels of…

READ MORE

Is Your Covered Entity Preparing for 5010/D.0 Testing? Part 1: Level 1 Testing

On March 17, 2009, the Final Rules for Modifications to the Health Insurance Portability and Accountability Act (HIPAA) become effective. HIPAA.com has available for download the final rules for 5010/D.0 as published in the Federal Register on January 16, 2009 (pp.3295-3328). The effective date is “the date that the policies set forth in this final rule take effect, and new policies are considered to be officially adopted.” [p.3302]. All covered entities are to be in compliance with 5010/D.0 on January 1, 2012. Testing can occur “from the date of the final rule until the compliance date for Versions 5010 and D.0.” [p. 3306] The Final Rules outline two levels of…

READ MORE

Information Access Management: Isolating Healthcare Clearinghouse Functions-What to Do and How to Do It

In our series on the HIPAA Administrative Simplification Security Rule, this is the first implementation specification for the Administrative Safeguard Standard (Information Access Management). This implementation specification is required. What to Do If a healthcare clearinghouse is part of a larger organization, the clearinghouse must implement policies and procedures that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization. Remember, a clearinghouse is defined as a covered entity, but also can serve in the role of a business associate to other covered entities, namely a health plan or healthcare provider. How to Do It This implementation specification is required, but is not likely…

READ MORE