The April 2009 issue of Baseline magazine has an article by Corinne Bernstein entitled: “The Cost of Data Breaches,” which is available online at www.baselinemag.com. We recommended that covered entities and business associates review this article, based on a Ponemon Institute study of incidents and costs incurred at 43 organizations in 17 industry sectors. Here are several highlights: » “Lost business accounted for nearly 70 percent of a data breach in 2008. » “[S]ectors suffering the highest customer losses were health care…and financial services. » “The biggest cause of breaches…is insider negligence…88% of all cases in 2008. » “The number of breaches involving third-party organizations continues to climb.” The article…
Category: Health IT and HITECH
Word of the Day: EHR
Electronic health record (EHR): A secure, real-time, interoperable point-of-care, patient-centric information resource for clinicians. The EHR aids clinicians in decision making by providing access to patient health record information where and when they need it and by incorporating evidence-based decision support. The EHR automates and streamlines the clinicians’ workflow, closing loops in communication and response that result in delays or gaps in care. The EHR also supports the collection of data for uses other than direct clinical care, such as billing, quality management, outcomes reporting, resource planning, and public health disease surveillance and reporting.
Kudos to DOQ-IT
Praise goes out to the Doctors Office Quality – Information Technology (DOQ-IT) centers that worked tirelessly to assist physicians select and implement electronic health records. Effective April 16, 2009, DOQ-IT will end. Access to all DOQ-IT-related programming and resources on QualityNet (e.g., online registration, data submission, reports) will end April 16, 2009, at 5 p.m. Central Time. We have had the pleasure of working with most of the DOQ-IT program leaders, building substantial friendships. We hope that their work will be a strong impetus to build on as physicians continue to select, implement and thrive in a health IT environment.
New Director of Office of Recovery Act Coordination
Dennis Williams has been selected to be HHS’ Deputy Assistant Secretary for Recovery Act Coordination. Mr. Williams most recently served as Health Resources and Services Administration’s (HRSA) Deputy Administrator, a post he held from 2002-2009. Prior to joining HRSA, Williams served as acting Assistant Secretary in HHS’ Office of the Assistant Secretary for Management and Budget (OASMB, currently ASRT) from 2001 to 2002. From 1985-2001 he served as Deputy Assistant Secretary for Budget in OASMB. The Office of Recovery Act Coordination, which reports to the Assistant Secretary for Resources and Technology (ASRT), will ensure that the Act’s requirements and OMB’s guidance are followed, including: » Making sure that reporting due…
Medicare Incentives for Physicians
Amounts shown are per physician. To participate in the incentives, you must be a meaningful user. Incentive Year Adopted 2011 2012 2013 2014 2015+ 2011 $18,000 — — — — 2012 $12,000 $18,000 — — — 2013 $8,000 $12,000 $15,000 — — 2014 $4,000 $8,000 $12,000 $12,000 __ 2015 $2,000 $4,000 $8,000 $8,000 0 2016 0 $2,000 $4,000 $4,000 0 2017 0 0 0 0 0 Total $44,000 $44,000 $39,000 $24,000 0 Health Shortage Area + 10%$48,400 + 10%$48,400 +10%$42,900 +10%$26,400 As defined by the HITECH Act, a physician meaningful user is one using software that supports computerized provider order entry, uses ePrescribing, submits information to HHS on clinical quality…
President Obama to Sign ARRA’s HITECH provisions Tuesday, February 17, 2009, in Denver, CO
The Senate joined the House on Friday evening, February 13, 2009, in passing the American Recovery and Reinvestment Act, which includes provisions relating to Health Information Technology. Title XIII of Division A and Title IV of Division B together are known as the “Health Information Technology for Economic and Clinical Health Act” or the “HITECH Act.” We will be highlighting attributes of the HITECH Act through the end of February. Contrary to the political blather, this legislation is a significant step forward in providing funding and incentives to accelerate adoption of standardized and interoperable electronic business and clinical technologies in healthcare and in strengthening privacy safeguards for patients’ protected health…
Security Management Process: Risk Analysis-What to Do and How to Do It
Security Management Process is the first administrative standard of the Security Rule, and Risk Analysis is the implementation specification. Each covered entity is required to conduct a risk analysis or assessment to determine vulnerabilities and threats and to identify and put in place risk mitigation measures for safeguarding electronic protected health information. Electronic protected health information is the content of the HIPAA Administrative Simplification Standard Transactions and of the expected growing adoption of clinically-based electronic health record systems. What to do: Conduct an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity. How to…
Time to Review Your Security Risk Assessment
With the March 17, 2009 effective dates for the new 5010 Version of HIPAA Administrative Simplification Transaction Standards and the move to the ICD-10 Code Set Standard rules, and the expected enactment of the HITECH provisions of the American Recovery and Reinvestment Act as early as next week, it is a good time now to begin reviewing your HIPAA Administrative Simplification Security safeguards. As mentioned earlier this week, creating and periodically reviewing your risk assessment or analysis is the foundation of achieving compliance with the HIPAA Administrative Simplification Security Rule and a key factor in having a successful business. Over the next week, HIPAA.com will review the Security Rule administrative,…
Are You Subject to HIPAA Privacy Rules when Publishing Confidential Health Information on a Social Network?
It’s unlikely the social networking sites are health care providers, so HIPAA’s privacy rule doesn’t apply; but other privacy business practices are likely to affect you. First, tackle the HIPAA Privacy question by responding to the following questions. » Are you a healthcare provider that conducts transactions electronically? » Are you a healthcare clearinghouse? (Do you process healthcare claims?) » Are you a health plan? (insurance payer) If you answered no to these questions, you are not a covered entity under HIPAA’s Privacy Rule. That said, you probably are more concerned about users sharing health information online that if stolen, could be used in identity theft. Consumers (patients) often use…
House and Senate Agree on ARRA Provisions
On Wednesday, February 11, 2009, House and Senate conferees reconciled the House and Senate versions of the American Recovery and Reinvestment (ARRA) plan, or so-called Stimulus bill. The House and Senate are expected to approve the final version this week and send it to President Obama for his signature. The total of the stimulus is just over $789 billion. The Wall Street Journal reported this morning that “$19 billion is set aside for health information technology. Physicians would get bonuses of between $44,000 and $64,000—and hospitals would get as much as $11 million—if they show they have computerized their medical-records systems. On the stick side of the equation, the measure…