September 4, 2012. The Department of Health and Human Services (HHS) entities: Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC), published their Final Rules for Meaningful Use Stage 2 in today’s Federal Register. This posting focuses on the preamble relating to the following Stage 2 security objective in the CMS Final Rule entitled Medicare and Medicaid Programs; Electronic Health Record Incentive Program: “Protect electronic health information created or maintained by the Certified EHR Technology [CEHRT] through the implementation of appropriate technical capabilities.” Reference numbers in brackets refer to the page number(s) in the September 4, 2012, Federal Register. Associated with this objective…
Tag: Federal Register
CMS Issues Final Administrative Simplification Final Rules Regarding Identifiers and ICD-10 Code Set Compliance Delay
August 24, 2012. Today, the Office of Management and Budget (OMB) completed review and sent to the Federal Register for publication on September 5, 2012, the Centers for Medicare & Medicaid Services (CMS) Final Rule: Administrative Simplification: Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM and ICD-10-PCS) Medical Data Code Sets. The effective date of the Rule is November 5, 2012. Prior to publication, the Final Rule may be examined at or downloaded from the Office of the Federal Register’s Electronic Public Inspection Desk. Here…
Five HIPAA Compliance Activities Your Organization Must Undertake
HIPAA Administrative Simplification was enacted on August 21, 1996 as Subtitle F of Title II of Public Law 104-191. The so-called HITECH Act “Omnibus” regulation that modifies HIPAA privacy and security provisions will be published in the Federal Register by the end of this summer, according to the head of HHS’ National Coordinator for Health Information Technology, Farzad Mostashari, M.D. Based on the timeline in the Notice of Proposed Rule Making, compliance by all covered entities and their business associates would be required 240 days after publication, most likely sometime in May 2013, assuming the end-of-summer deadline is met. All covered entities and their business associates will be required to comply with provisions of…
EFT and RA Transaction Operating Rules IFC Published in Federal Register August 10
August 10, 2012. Today, the Interim Final Rule with comment period (IFC): Administrative Simplification: Adoption of Operating Rules for Electronic Funds Transfers (EFT) and Remittance Advice Transactions, was published in the Federal Register. The effective date of the IFC is the date of publication, August 10, 2012. Comments on the IFC may be submitted to the Department of Health and Human Services (HHS) on or before October 9, 2012, with submission instructions included on page 48008 of the IFC. The Executive Summary (without footnotes) from the IFC follows: “A. Purpose of the Regulatory Action. Health care spending in the United States constitutes nearly 18 percent of the US…
OCR’s Publicly Disclosed Large Breaches Now Top 20 Million Impacted Individuals
May 16, 2012. The Department of Health and Human Services’ (HHS) HIPAA/HITECH Act privacy and security enforcement arm, Office for Civil Rights (OCR), is responsible under the HITECH Act to publicly disclose privacy and security breaches that affect 500 or more individuals on its Breach Notification Web site. With the now reported Utah Department of Health hacking/IT incident breach occurring in the period March 10-April 2, 2012 and affecting a reported 780,000 individuals, the total number in 435 breaches reported since September 22, 2009, now totals 20,079,189 impacted individuals. Of the total number of breaches where location of breached information is known (e.g., electronic or hard copy source), 72% of…
HHS Publishes NPRM for HIPAA Health Plan Identifier and Delay for ICD-10 Compliance Date
April 17, 2012. The Office of the Secretary of the Department of Health and Human Services (HHS) published today in the Federal Register its Notice of Proposed Rule Making (NPRM): Administrative Simplification: Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for ICD-10-CM and (CD-10-PCS Medical Data Code Sets. From the NPRM is the Summary of the Major Provisions: “a. HPID. This rule proposes the adoption of the HPID [national unique health plan identifier] as the standard for the unique identifier for health plans and definitions for ‘Controlling Health Plan’ and ‘Subhealth Plan.’ The proposed…
HHS Issues HIPAA NPRM for Unique Health Plan Identifier and One Year Delay for ICD-10 Code Set Compliance
April 10, 2012. Yesterday, the Office of the Secretary of the Department of Health and Human Services (HHS) promulgated a notice of proposed rule making (NPRM) entitled: Administrative Simplification: Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for ICD-10-CM and ICD-10-PCS Medical Data Code Sets. The NPRM will be published in the Federal Register on April 17, 2012. Here is the NPRM summary: “This proposed rule would implement section 1104 of the Patient Protection and Affordable Care Act (hereinafter referred to as the Affordable Care Act) by establishing new requirements for administrative transactions that…
Finally, HIPAA/HITECH Act Privacy, Security, Breach Notification, Enforcement Final Rules at OMB
March 24, 2012. Today, the Office of Information and Regulatory Affairs at the Office of Management and Budget (OMB) in the Executive Office of the President showed that it had received the much-delayed Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Final Rules entitled: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (RIN: 0945-AA03). Following review by OMB, the rules will be published in the Federal Register, most likely in April if OMB’s review is timely. The Abstract of the Rules reads: “The Department of Health and Human Services Office for Civil Rights will issue final rules to modify the HIPAA Privacy, Security,…
ONC Publishes Stage 2 EHR Technology Certification Criteria NPRM
On March 7, 2012, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register its notice of proposed rule making (NPRM) entitled Health Information Technology: Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record [EHR] Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology [pp. 13832-13885]. Comments to HHS may be made until 5 PM on May 7, 2012. The summary of the NPRM is included here: “Under section 3004 of the Public Health Service Act, the Secretary of Health and Human Services is proposing to revise the initial set…
CMS Publishes Stage 2 Meaningful Use Incentive Program NPRM
On March 7, 2012, the Centers for Medicare & Medicaid Services (CMS) published in the Federal Register its 132-page notice of proposed rule making (NPRM): Medicare and Medicaid Programs; Electronic Health Record Incentive Program–Stage 2. Comments to the Department of Health and Human Services (HHS) may be made until 5 PM on May 7, 2012. The summary of the NPRM is included here: “This proposed rule would specify the Stage 2 criteria that eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) must meet in order to qualify for Medicare and/or Medicaid electronic health record (EHR) incentive payments. In addition, it would specify payment adjustments under Medicare for covered…