The Centers for Medicare and Medicaid Services (CMS) periodically issues new and updated Frequently Asked Questions (FAQs). HIPAA.com will periodically reproduce new and updated Questions and Answers pertaining to HIPAA Administrative Simplification standards and implementation specifications and to HITECH Act provisions that will be of interest to its readers. This FAQ [ID#9807] was created on June 22, 2009, and updated by CMS on August 18, 2009. Question: When will CMS begin to pay incentives to eligible professionals and hospitals for using certified Electronic Health Records (EHRs)? Answer: By statute [American Recovery and Reinvestment Act of 2009], the earliest dates that CMS will be able to pay an incentive under Medicare…
Tag: Standards
CMS Issues New and Updated HIPAA and HITECH Act FAQs: EHR Incentives
The Centers for Medicare and Medicaid Services (CMS) periodically issues new and updated Frequently Asked Questions (FAQs). HIPAA.com will periodically reproduce new and updated Questions and Answers pertaining to HIPAA Administrative Simplification standards and implementation specifications and to HITECH Act provisions that will be of interest to its readers. The FAQ [ID#9844] that follows is new, published by CMS on August 13, 2009. Question: Are physicians who practice in hospital-based ambulatory clinics eligible to receive the Recovery Act’s Medicare or Medicaid electronic health record (EHR) incentive payments. Answer: Hospital-based eligible professionals are ineligible for the EHR incentive payments under both Medicare and Medicaid. Our [Department of Health and Human Services] forthcoming NPRM…
HHS Secretary Sebelius Delegates Oversight and Enforcement of HIPAA Security Rule to OCR
U.S. Health and Human Services (HHS) Secretary Kathleen Sebelius has delegated oversight and enforcement of the HIPAA Administrative Simplification Security Rule Standards for Protection of Electronic Protected Health Information to HHS’s Office of Civil Rights (OCR), effective July 27, 2009. Since October 7, 2003, the Security Rule had been the responsibility of HHS’s Center for Medicare & Medicaid Services (CMS). OCR also has responsibility for the HIPAA Administrative Simplification Privacy Rule. This delegation brings responsibility for administrative, technical, and physical standards for safeguarding of protected health information in each rule under one authority, and likely will facilitate enforcement of the HITECH Act breach, notification, and business associate security rule compliance…
HHS appoints members to HIT Policy and Standards Committee
On Friday, May 8, 2009, the U.S. Department of Health and Human Services (HHS) announced appointments to the Health Information Technology (HIT) Policy Committee and HIT Standards Committee. These federal advisory committees were established by provisions in the American Recovery and Reinvestment Act (ARRA) that President Obama signed on February 17, 2009. Today, is the first meeting of the HIT Policy Committee, and Friday, May 15, 2009, is the first scheduled meeting of the HIT Standards Committee, both in Washington, DC. According to the press release issued by HHS, “[t]he HIT Policy Committee will make recommendations to the National Coordinator for Health Information Technology [Dr. David Blumenthal] on a policy…
Contingency Plan: Data Backup-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the first implementation specification for the Administrative Safeguard Standard (Contingency Plan). This implementation specification is required. As HIPAA.com has noted in earlier postings, with enactment of the American Recovery and Reinvestment Act of 2009 (ARRA) on February 17, 2009, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010. What to Do Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. How to Do It Covered entities must backup electronic protected health information on a regular basis. When a computer system fails, it may…
American Recovery and Reinvestment Act of 2009
ONE HUNDRED ELEVENTH CONGRESS of the UNITED STATES of AMERICA American Recovery and Reinvestment Act of 2009 Making supplemental appropriations for job preservation and creation, infrastructure investment, energy efficiency and science, assistance to the unemployed, and State and local fiscal stabilization, for the fiscal year ending September 30, 2009, and for other purposes. AGENCY: 111th US Congress. ACTION: Act. Download (Requires Acrobat Reader)
President Obama to Sign ARRA’s HITECH provisions Tuesday, February 17, 2009, in Denver, CO
The Senate joined the House on Friday evening, February 13, 2009, in passing the American Recovery and Reinvestment Act, which includes provisions relating to Health Information Technology. Title XIII of Division A and Title IV of Division B together are known as the “Health Information Technology for Economic and Clinical Health Act” or the “HITECH Act.” We will be highlighting attributes of the HITECH Act through the end of February. Contrary to the political blather, this legislation is a significant step forward in providing funding and incentives to accelerate adoption of standardized and interoperable electronic business and clinical technologies in healthcare and in strengthening privacy safeguards for patients’ protected health…
Time to Review Your Security Risk Assessment
With the March 17, 2009 effective dates for the new 5010 Version of HIPAA Administrative Simplification Transaction Standards and the move to the ICD-10 Code Set Standard rules, and the expected enactment of the HITECH provisions of the American Recovery and Reinvestment Act as early as next week, it is a good time now to begin reviewing your HIPAA Administrative Simplification Security safeguards. As mentioned earlier this week, creating and periodically reviewing your risk assessment or analysis is the foundation of achieving compliance with the HIPAA Administrative Simplification Security Rule and a key factor in having a successful business. Over the next week, HIPAA.com will review the Security Rule administrative,…
Final HIPAA Enforcement Rule
DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the Secretary 45 CFR Parts 160 and 164 | RIN 0991–AB29 HIPAA Administrative Simplification: Enforcement AGENCY: Office of the Secretary, HHS. ACTION: Final rule. Download (Requires Acrobat Reader)
Proposed Rule for Electronic Claims Attachments
DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the Secretary 45 CFR Part 162 | [CMS–0050–P] | RIN 0938–AK62 HIPAA Administrative Simplification: Standards for Electronic Health Care Claims Attachments AGENCY: Office of the Secretary, HHS. ACTION: Proposed rule. Download (Requires Acrobat Reader)