They’re coming: the Ides of March (the 14th); NCAA Basketball Tournament Announcement (the 15th); St. Patrick’s Day (the 17th); and 5010/D.0 Final Rule Effective Date (the 17th). If you are a covered entity, Level 1 testing begins Tuesday, March 17, 2009. Here are five things you need to do to start. Conduct a Gap Analysis. What do I need to do to become compliant on January 1, 2012? That date sounds far off, but it will be here before you know it. Unlike previous transaction contingency periods for covered entities and their trading partners, HHS has indicated that there will be no tolerance for those not ready. Read the final…
Categories 5010Leave a comment
Medicare Incentives for Physicians
Amounts shown are per physician. To participate in the incentives, you must be a meaningful user. Incentive Year Adopted 2011 2012 2013 2014 2015+ 2011 $18,000 — — — — 2012 $12,000 $18,000 — — — 2013 $8,000 $12,000 $15,000 — — 2014 $4,000 $8,000 $12,000 $12,000 __ 2015 $2,000 $4,000 $8,000 $8,000 0 2016 0 $2,000 $4,000 $4,000 0 2017 0 0 0 0 0 Total $44,000 $44,000 $39,000 $24,000 0 Health Shortage Area + 10%$48,400 + 10%$48,400 +10%$42,900 +10%$26,400 As defined by the HITECH Act, a physician meaningful user is one using software that supports computerized provider order entry, uses ePrescribing, submits information to HHS on clinical quality…
Categories Health IT and HITECHLeave a commentCMS Confirms 5010 and ICD-10 Rules’ Effective Dates
In notification to the U.S. House and Senate on Thursday, March 5, 2009, Don Johnson, Acting Director, Office of Legislation of the Centers for Medicare & Medicaid Services (CMS), notified the Congress that “[i]n accordance with the White House Chief of Staff’s memorandum of January 20, 2009 entitled ‘Regulatory Review,’ a determination has been made that the effective date will not be extended and the comment period will not be reopened for either of these rules.” The effective date for each of the rules is March 17, 2009. The memorandum CMS sent to Congress follows. Beginning next Monday, March 9, HIPAA.com will have a posting daily through March 17, 2009,…
Categories 5010, Transactions & Code SetsLeave a commentSecurity Incident Procedures Response and Reporting: What to Do and How to Do It
This is the sixth Administrative Safeguard Standard of the HIPAA Administrative Simplification Security Rule. This is its one implementation specification, Response and Reporting, which is required for compliance. As we have noted in earlier postings, with enactment of the American Recovery and Reinvestment Act of 2009 (“ARRA”) on February 17, 2009, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010. What to Do This standard requires that the covered entity implement response and reporting policies to address security incidents. A security incident is defined as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system…
Categories HIPAA Law1 CommentWhat should you expect from your HIPAA Security Official?
HIPAA’s Security Rule requires covered entities to designate one person to be responsible for the development and implementation of policies and procedures that safeguard electronic protected health information. Nearly all organizations implemented measures to manage privacy in oral, written, and electronic media. However, as healthcare organizations and their business associates, inspired by the HITECH Act (stimulus package) respond to forthcoming financial incentives to adopt electronic health record (EHR) software, the need to beef up your security measures. So what should you look for in your Security Official? For starters, you need someone who understands clinical and billing workflows, recognizes that in the past some clinicians have communicated with patients via…
Categories SecurityLeave a commentIs Your Covered Entity Preparing for 5010/D.0 Testing? Part 2: Level 2 Testing
On March 17, 2009, the Final Rules for Modifications to the Health Insurance Portability and Accountability Act (HIPAA) become effective. HIPAA.com has available for download the final rules for 5010/D.0 as published in the Federal Register on January 16, 2009 (pp.3295-3328). The effective date is “the date that the policies set forth in this final rule take effect, and new policies are considered to be officially adopted.” [p.3302]. All covered entities are to be in compliance with 5010/D.0 on January 1, 2012. Testing can occur “from the date of the final rule until the compliance date for Versions 5010 and D.0.” [p. 3306] The Final Rules outline two levels of…
Categories 5010Leave a commentSecurity Incident Procedures: What This HIPAA Security Rule Administrative Safeguard Standard Means
This is the sixth Administrative Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has one implementation specification: Response and Reporting, which is required for compliance. As we have noted in earlier postings, with enactment of the American Recovery and Reinvestment Act of 2009 (“ARRA”) on February 17, 2009, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010. This safeguard standard and its implementation specification require covered entities to establish policies and procedures to respond to security incidents and to report them. A security incident is defined as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information…
Categories HIPAA LawLeave a commentIs Your Covered Entity Preparing for 5010/D.0 Testing? Part 1: Level 1 Testing
On March 17, 2009, the Final Rules for Modifications to the Health Insurance Portability and Accountability Act (HIPAA) become effective. HIPAA.com has available for download the final rules for 5010/D.0 as published in the Federal Register on January 16, 2009 (pp.3295-3328). The effective date is “the date that the policies set forth in this final rule take effect, and new policies are considered to be officially adopted.” [p.3302]. All covered entities are to be in compliance with 5010/D.0 on January 1, 2012. Testing can occur “from the date of the final rule until the compliance date for Versions 5010 and D.0.” [p. 3306] The Final Rules outline two levels of…
Categories 5010Leave a commentInformation Access Management: Access Establishment and Modification-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the third implementation specification for the Administrative Safeguard Standard (Information Access Management). This implementation specification is addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. Further, as we have noted in a posting last week, with enactment of the American Recovery and Reinvestment Act of 2009 on February 17, 2009, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010. What to Do Implement policies and procedures that, based upon the covered entity’s…
Categories HIPAA LawLeave a commentEffective Dates for Modified HIPAA Administrative Simplification Transaction and Code Set Rules Coming in March
In less than three weeks, HIPAA Version 5010/D.0 transaction and ICD-10 code set rules become effective, and the clock starts running on testing in preparation for compliance several years hence. Next Monday, March 2, 2009, HIPAA.com will outline Level 1 testing requirements and opportunities for the 5010/D.0 transaction rule, and on Tuesday, March 3, 2009, outline testing requirements for ICD-10. Sign up for HIPAA.com email reminders for these and other HIPAA Administrative Simplification standards postings, as well as postings relating to the new Health Information Technology for Economic and Clinical Health Act and Medicare and Medicaid Health Information Technology (“HITECH Act”) provisions of the American Recovery and Reinvestment Act (“ARRA”)…
Categories HIPAA LawLeave a comment