Category: News Events

Data Breach, Education, Meaningful Use, News Events, Tip of the Week

Meaningful Use Stage 2 Criteria Announced

Rose

News Release

The United States Department of Health and Human Services (HHS) announced on August 23, 2012, the next steps to promote the use of electronic health records and expand health information exchange.  According to Kathleen Sebelius, the change will lead to enhanced patient care via the elimination of duplicate screening and tests, as well as the reduction of medical errors.

Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, physicians, health care professionals and hospitals can qualify for Medicare and Medicaid incentive payments when they adopt and meaningfully use certified electronic health record (EHR) technology.

More than 120,000 eligible health care professionals and more than 3,300 hospitals have qualified to participate in the program and receive an incentive payment since it began in January 2011. That exceeds the goal set earlier this year of 100,000.

That includes more than half of all eligible hospitals and critical access hospitals and one out of every five eligible health care professionals.  The program is divided into three stages:

  • Stage 1 sets the basic functionalities electronic health records must include such as capturing data electronically and providing patients with electronic copies of health information.
  • Stage 2 (which will begin as early as 2014) increases health information exchange between providers and promotes patient engagement by giving patients secure online access to their health information.
  • Stage 3 will continue to expand meaningful use objectives to improve health care outcomes.

These are the Stage 2 requirements announced on August 23, 2012:

  • Make clear that stage two of the program will begin as early as 2014. No providers will be required to follow the Stage 2 requirements outlined today before 2014.
  • Outline the certification criteria for the certification of EHR technology, so eligible professionals and hospitals may be assured that the systems they use will work, help them meaningfully use health information technology, and qualify for incentive payments.
  • Modify the certification program to cut red tape and make the certification process more efficient.
  • Allow current “2011 Edition Certified EHR Technology” to be used until 2014.

The CMS final rule also provides a flexible reporting period for 2014 to give providers sufficient time to adopt or upgrade to the latest EHR technology certified for 2014.

 

For detailed information please contact RISC Management and Consulting at: Sales@RISCsecurity.com

 

For assistance with HIPAA Security and Compliance projects, or help handling an OCR Audit or Investigation request, please contact RISC Management and Consulting at: Sales@RISCsecurity.com, 800.648.4358

 

This posting is sponsored by RISC Management & Consulting, www.RISCsecurity.com

Data Breach, HIPAA / HITECH Enforcement, News Events, Tip of the Week

State of Minnesota, by its Attorney General Lori Swanson, Plaintiff, v. Accretive Health, Inc., Defendant

Rose

A common Business Associate (BA) of many, if not almost all, Covered Entities (CEs) is a debt collection agency that revenue cycle often uses to sell bad debt or collection-worthy accounts to. A significant amount of ePHI is usually transmitted along with the account information to these organizations. Debt collection companies utilize ePHI to establish a record of delivery of healthcare services to an individual, thus validating the debt.

These BA must be careful with ePHI and must adhere to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. Just like CEs and other BAs collection agencies need to perform a Risk Analysis to determine if HIPAA and HITECH controls are in place and effective.

Here is one example of a collection agency that had confidential personal, medical and financial records of tens of thousands of Minnesota patients on unencrypted laptop computer. The employee left the laptop inside a parked rental car. The laptop was stolen on July 25, 2011, along with about 23,531 Fairview and North Memorial patients. “Accretive violated privacy laws by failing to keep private patient data secure” according to the United States District Court District of Minnesota.

For assistance with your HIPAA, HITECH, or State level privacy and security program, or for audit or breach help, please visit www.RISCsecurity.com or 630.270.9336.