The first part of the HITECH Act is called “Improved Privacy Provisions and Security Provisions”. Section 13402 is the section that starts the discussion of privacy and security and is titled “Notification in case of breach”. This section accomplishes the following: Identifies who this section applies to: Covered Entities and Business Associates. Defines the time frame as to when breaches should be reported to individuals, and depending on severity, mass media, and the Department of Health and Human Services (HHS). The type of information that must appear in the notification letters. Definition of Unsecured Protected Health Information. Note that the HITECH Act delegated the final definition to the HHS vis…
Category: Health IT and HITECH
Exploring HIPAA and HITECH Act Definitions: Part 10
From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. In this posting we highlight the last two definitions from the following HITECH Act section: Exploring HIPAA and HITECH Act Definitions: Parts 6-10, include definitions from:…
Exploring HIPAA and HITECH Act Definitions: Part 9
From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…
Exploring HIPAA and HITECH Act Definitions: Part 8
From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and HITECH…
Exploring HIPAA and HITECH Act Definitions: Part 7
From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…
HITECH and HIPAA Training: Time to Double Down
As the healthcare industry continues to digest profound HITECH changes to HIPAA Privacy and Security rules, two observations already are apparent and indisputable for covered entities and their business associates. First, time and resources spent on a workforce that is well-trained on the Privacy and Security rules will be an investment of exponential value. Second, enforcement of those same rules will make negligent and uncorrected errors very costly. A well-trained workforce makes fewer mistakes, and identifies and fixes those that it makes. A workforce that violates the rules because it does not know them or does not care to know them makes an inviting target for HITECH’s new enforcement initiatives….
Exploring HIPAA and HITECH Act Definitions: Part 6
From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will required compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…
How Data Validation Will Make Your Life Easier
As a clinician, you want to know if data being entered into the system is accurate, clean, correct and useful. Data validation often called “validation rules” or “check routines” are built into systems such as EHR systems. These rules check for correctness, meaningfulness, and security of data. For example, the system would automatically disallow or question a user trying to enter eligibility results into the patient’s address field. Validation rules may be automated because the software company uses a data dictionary, or data may be checked by an explicit application program validation logic. To participate in quality reporting, such as meaningful use, PQRI or ePrescribing reimbursement incentive programs, you want…
Vendors and Physicians Partners in Meaningful Use?
The secure exchange of health information is dependent on both the practice and EHR vendors facilitating the secure electronic transactions and extracting data for reporting quality measures. Even early adopters of EHR systems must ask vendors if they will be ready for meaningful use reporting. The vendor’s response will impact cost, implementation timeline, workflow processes, reporting, and patient safety. A sampling of questions to ask include: Of my current health information exchange partners (labs, hospitals, pharmacies, imaging centers) where have you already built bi-direction interfaces with your EHR system? Does your system send e-prescribing alerts based on the content in the patient’s medication history? Does your system identify whether the…
Word of the Day: Pay-for-Performance
Pay-for-Performance: The use of incentives to encourage and reinforce the delivery of evidence-based practices in the health care system transformation that promote better outcomes as efficiently as possible.