Research recently published in the Journal of Health Affairs concludes that giving physicians electronic access to patient's health information does not deter them from ordering tests, and in fact, may encourage doctors to order even more tests.
The study, Giving Office-Based Physicians Electronic Access To Patients’ Prior Imaging And Lab Results Did Not Deter Ordering Of Tests, was led by Harvard Medical School Assistant Professor of Medicine Danny McCormick, MD.
“Our research raises real concerns about whether health information technology is going to be the answer to reducing costs,” Dr. McCormick told the New York Times.
Source: New York Times article
Thursday, March 15, 2012
Policies Give States Flexibility to Establish Affordable Insurance Exchanges
Health and Human Services Secretary Kathleen Sebelius announced policies to assist states in building Affordable Insurance Exchanges. Starting in 2014, these one-stop marketplaces will allow consumers and small businesses to choose a private health insurance plan and offer the public the same kinds of insurance choices as members of Congress.
The policies released will help states in designing their Exchanges to best meet the needs of their consumers. They offer states substantial flexibility as they design a marketplace that works for their residents.
“These policies give states the flexibility they need to design an Exchange that works for them,” said HHS Secretary Kathleen Sebelius. “These new marketplaces will offer Americans one-stop shopping for health insurance, where insurers will compete for your business. More competition will drive down costs and Exchanges will give individuals and small businesses the same purchasing power big businesses have today.”
The policies provide states with the guidance and certainty they need as they continue to work to build these marketplaces for their residents for operation in 2014. The policies offer guidance about the options on how to structure Exchanges in two key areas:
- Setting standards for establishing Exchanges, setting up a Small Business Health Options Program (SHOP), performing the basic functions of an Exchange, and certifying health plans for participation in the Exchange;
- Establishing a streamlined, web-based system for consumers to apply for and enroll in qualified health plans and insurance affordability programs.
The final rule builds on the flexibility and resources provided by HHS already to build state-based Exchanges. A majority of states have taken significant steps in building Exchanges. Previously, HHS awarded 49 states and the District of Columbia $50 million to begin planning their Exchanges, and as announced recently, 33 states and the District of Columbia have received over $667 million in Establishment Grants to begin building their Exchanges.
The announcement builds on over two years’ worth of work with states, small businesses, consumers, and health insurance plans. The administration examined models of Exchanges; convened numerous meetings and regional listening sessions across the country with stakeholders; and consulted closely with state leaders, consumer advocates, employers and insurers. To finalize the rules announced today, HHS accepted public comment over 75 days to learn from states, consumers, and other stakeholders on how the rules could be improved, and HHS modified the proposals based on feedback from the American people.
For more information, visit:
http://www.healthcare.gov/news/factsheets/2011/07/exchanges07112011a.html
For more information on Exchanges, including fact sheets, visit http://www.healthcare.gov/exchanges.
Source: HHS News Release
The policies released will help states in designing their Exchanges to best meet the needs of their consumers. They offer states substantial flexibility as they design a marketplace that works for their residents.
“These policies give states the flexibility they need to design an Exchange that works for them,” said HHS Secretary Kathleen Sebelius. “These new marketplaces will offer Americans one-stop shopping for health insurance, where insurers will compete for your business. More competition will drive down costs and Exchanges will give individuals and small businesses the same purchasing power big businesses have today.”
The policies provide states with the guidance and certainty they need as they continue to work to build these marketplaces for their residents for operation in 2014. The policies offer guidance about the options on how to structure Exchanges in two key areas:
- Setting standards for establishing Exchanges, setting up a Small Business Health Options Program (SHOP), performing the basic functions of an Exchange, and certifying health plans for participation in the Exchange;
- Establishing a streamlined, web-based system for consumers to apply for and enroll in qualified health plans and insurance affordability programs.
The final rule builds on the flexibility and resources provided by HHS already to build state-based Exchanges. A majority of states have taken significant steps in building Exchanges. Previously, HHS awarded 49 states and the District of Columbia $50 million to begin planning their Exchanges, and as announced recently, 33 states and the District of Columbia have received over $667 million in Establishment Grants to begin building their Exchanges.
The announcement builds on over two years’ worth of work with states, small businesses, consumers, and health insurance plans. The administration examined models of Exchanges; convened numerous meetings and regional listening sessions across the country with stakeholders; and consulted closely with state leaders, consumer advocates, employers and insurers. To finalize the rules announced today, HHS accepted public comment over 75 days to learn from states, consumers, and other stakeholders on how the rules could be improved, and HHS modified the proposals based on feedback from the American people.
For more information, visit:
http://www.healthcare.gov/news/factsheets/2011/07/exchanges07112011a.html
For more information on Exchanges, including fact sheets, visit http://www.healthcare.gov/exchanges.
Source: HHS News Release
More Than 70 Percent of Attested EHRs are Dually Certified by CCHIT
More than two-thirds (71 percent) of the complete electronic health records (EHRs) of providers and hospitals that have successfully attested to federal meaningful use criteria and qualified for incentives through the American Recovery and Reinvestment Act (ARRA) are dually certified under both the ONC-ATCB and the CCHIT Certified® programs of the Certification Commission for Health Information Technology, says a news release from CCHIT. According to the latest figures from the Centers for Medicare & Medicaid Services (CMS), approximately 22,000 eligible providers and hospitals with complete EHRs have successfully attested.
“These early adopters have the advantage of complete EHRs that not only meet the meaningful use requirements established by the Office of the National Coordinator for HIT (ONC), but also have been tested against the more rigorous clinical scenarios for functionality, interoperability and safety required by the independent CCHIT Certified program,” said Karen M. Bell, MD, chair, CCHIT. “It’s no surprise that the vast majority of physicians and other providers are choosing tried and true CCHIT Certified products that have been proven over the years to support their unique business and patient care needs.”
CCHIT continues to certify EHR products in both programs. Some health IT companies previously certified by CCHIT in the ONC-ATCB program are now returning to become CCHIT Certified. The CCHIT Certified program includes both “core” and “optional” certifications. Currently, optional, add-on certifications for specialty care or special patient populations include behavioral health, cardiovascular medicine, child health, dermatology, clinical research, oncology and women’s health.
“Moving forward, CCHIT will continue to review and upgrade its independently developed, comprehensive programs to ensure that EHR certification keeps pace with advances in the field, and meets the various information technology needs of health care providers in the future,” Bell said.
A letter from Dr. Bell with a deeper analysis of these results as they pertain to office-based providers is available at CCHIT’s blog EHR Decisions.
Source: CCHIT News Release
“These early adopters have the advantage of complete EHRs that not only meet the meaningful use requirements established by the Office of the National Coordinator for HIT (ONC), but also have been tested against the more rigorous clinical scenarios for functionality, interoperability and safety required by the independent CCHIT Certified program,” said Karen M. Bell, MD, chair, CCHIT. “It’s no surprise that the vast majority of physicians and other providers are choosing tried and true CCHIT Certified products that have been proven over the years to support their unique business and patient care needs.”
CCHIT continues to certify EHR products in both programs. Some health IT companies previously certified by CCHIT in the ONC-ATCB program are now returning to become CCHIT Certified. The CCHIT Certified program includes both “core” and “optional” certifications. Currently, optional, add-on certifications for specialty care or special patient populations include behavioral health, cardiovascular medicine, child health, dermatology, clinical research, oncology and women’s health.
“Moving forward, CCHIT will continue to review and upgrade its independently developed, comprehensive programs to ensure that EHR certification keeps pace with advances in the field, and meets the various information technology needs of health care providers in the future,” Bell said.
A letter from Dr. Bell with a deeper analysis of these results as they pertain to office-based providers is available at CCHIT’s blog EHR Decisions.
Source: CCHIT News Release
NeHC CEO Discusses National HIE Evolution
National eHealth Collaborative (NeHC) CEO Kate Berry was recently interviewed by FierceEMR about her views on the changing national HIE landscape. The article, written by contributing editor Marla Durben Hirsch, provided a summary of the recent NeHC University roundtable Implications of a Shifting National HIE Architecture and shared Berry's views the topic.
Click here to read the article.
Source: NeHC News Release
Click here to read the article.
Source: NeHC News Release
Tuesday, March 13, 2012
HHS settles HIPAA case with BCBST for $1.5 million
Blue Cross Blue Shield of Tennessee (BCBST) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1,500,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, Leon Rodriguez, Director of the HHS Office for Civil Rights (OCR), announced today. BCBST has also agreed to a corrective action plan to address gaps in its HIPAA compliance program. The enforcement action is the first resulting from a breach report required by the Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule.
The investigation followed a notice submitted by BCBST to HHS reporting that 57 unencrypted computer hard drives were stolen from a leased facility in Tennessee. The drives contained the protected health information (PHI) of over 1 million individuals, including member names, social security numbers, diagnosis codes, dates of birth, and health plan identification numbers. OCR’s investigation indicated BCBST failed to implement appropriate administrative safeguards to adequately protect information remaining at the leased facility by not performing the required security evaluation in response to operational changes. In addition, the investigation showed a failure to implement appropriate physical safeguards by not having adequate facility access controls; both of these safeguards are required by the HIPAA Security Rule.
“This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program,” said OCR Director Leon Rodriguez. “The HITECH Breach Notification Rule is an important enforcement tool and OCR will continue to vigorously protect patients’ right to private and secure health information.”
In addition to the $1,500,000 settlement, the agreement requires BCBST to review, revise, and maintain its Privacy and Security policies and procedures, to conduct regular and robust trainings for all BCBST employees covering employee responsibilities under HIPAA, and to perform monitor reviews to ensure BCBST compliance with the corrective action plan.
HHS Office for Civil Rights enforces the HIPAA Privacy and Security Rules. The HIPAA Privacy Rule gives individuals rights over their protected health information and sets rules and limits on who can look at and receive that health information. The HIPAA Security Rule protects health information in electronic form by requiring entities covered by HIPAA to use physical, technical, and administrative safeguards to ensure that electronic protected health information remains private and secure.
The HITECH Breach Notification Rule requires covered entities to report an impermissible use or disclosure of protected health information, or a “breach,” of 500 individuals or more to HHS and the media. Smaller breaches affecting less than 500 individuals must be reported to the secretary on an annual basis.
Individuals who believe that a covered entity has violated their (or someone else’s) health information privacy rights or committed another violation of the HIPAA Privacy or Security
Rule may file a complaint with OCR at: http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.
The HHS Resolution Agreement can be found at http://www.hhs.gov/ocr/civilrights/activities/agreements/index.html
Additional information about OCR’s enforcement activities can be found at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/index.html.
Source: HHS News Release
The investigation followed a notice submitted by BCBST to HHS reporting that 57 unencrypted computer hard drives were stolen from a leased facility in Tennessee. The drives contained the protected health information (PHI) of over 1 million individuals, including member names, social security numbers, diagnosis codes, dates of birth, and health plan identification numbers. OCR’s investigation indicated BCBST failed to implement appropriate administrative safeguards to adequately protect information remaining at the leased facility by not performing the required security evaluation in response to operational changes. In addition, the investigation showed a failure to implement appropriate physical safeguards by not having adequate facility access controls; both of these safeguards are required by the HIPAA Security Rule.
“This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program,” said OCR Director Leon Rodriguez. “The HITECH Breach Notification Rule is an important enforcement tool and OCR will continue to vigorously protect patients’ right to private and secure health information.”
In addition to the $1,500,000 settlement, the agreement requires BCBST to review, revise, and maintain its Privacy and Security policies and procedures, to conduct regular and robust trainings for all BCBST employees covering employee responsibilities under HIPAA, and to perform monitor reviews to ensure BCBST compliance with the corrective action plan.
HHS Office for Civil Rights enforces the HIPAA Privacy and Security Rules. The HIPAA Privacy Rule gives individuals rights over their protected health information and sets rules and limits on who can look at and receive that health information. The HIPAA Security Rule protects health information in electronic form by requiring entities covered by HIPAA to use physical, technical, and administrative safeguards to ensure that electronic protected health information remains private and secure.
The HITECH Breach Notification Rule requires covered entities to report an impermissible use or disclosure of protected health information, or a “breach,” of 500 individuals or more to HHS and the media. Smaller breaches affecting less than 500 individuals must be reported to the secretary on an annual basis.
Individuals who believe that a covered entity has violated their (or someone else’s) health information privacy rights or committed another violation of the HIPAA Privacy or Security
Rule may file a complaint with OCR at: http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.
The HHS Resolution Agreement can be found at http://www.hhs.gov/ocr/civilrights/activities/agreements/index.html
Additional information about OCR’s enforcement activities can be found at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/index.html.
Source: HHS News Release
New Report Calls for Enhanced Security to Safeguard Protected Health Information
A new report, The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, provides health care organizations with a new method to evaluate the “at risk” value of protected health information (PHI) that will enable them to make a business case for appropriate investments to better protect PHI.
This report was created through the “PHI Project” – a collaboration of the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA) – that involved a cross-section of more than 100 health care industry leaders from over 70 organizations.
Representatives from Utica College and the Center for Identity Management and Information Protection (CIMIP) traveled to Washington to take part in a congressional briefing to unveil the Protected Health Information (PHI) Project report.
The survey responses revealed that the majority of participants want to comply and secure PHI, but they believe that budgetary constraints and the lack of executive commitment, leadership, and accountability, as well as the evolving nature of threats and the technologies available to protect PHI, combine to make real protection of health information extremely challenging.
Seventy-five percent believed their organization possesses effective policies to protect PHI and takes effective steps to protect PHI. But almost 40% did not believe that their organizational management views privacy and security as a priority, and 54% did not feel that their organization possesses sufficient resources to ensure protection requirements are currently being effectively protected. When asked about the complexity of the laws and the ease of compliance, only 12% felt the laws were “easy to understand” and only 14% thought the laws were “not difficult at all” to comply with. When asked to identify the most significant impediments their organization faces to achieving a strong privacy and data security posture with respect to how PHI is collected, used, and retained the most common impediment was seen as “lack of funding”(59%) and followed by insufficient time, lack of senior executive support,” and lack of accountability and leadership.”
Responses showed that more than 85.3 % of participants stated that the accidental or inadvertent exposure from an insider was the “most likely” or “very likely” threat to protected data. More than 50 % believed that some type of security threat was likely adversely affecting their organizations now.
The report is available for free download at webstore.ansi.org/phi.
Source: ANSI News Release
This report was created through the “PHI Project” – a collaboration of the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with The Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA) – that involved a cross-section of more than 100 health care industry leaders from over 70 organizations.
Representatives from Utica College and the Center for Identity Management and Information Protection (CIMIP) traveled to Washington to take part in a congressional briefing to unveil the Protected Health Information (PHI) Project report.
The survey responses revealed that the majority of participants want to comply and secure PHI, but they believe that budgetary constraints and the lack of executive commitment, leadership, and accountability, as well as the evolving nature of threats and the technologies available to protect PHI, combine to make real protection of health information extremely challenging.
Seventy-five percent believed their organization possesses effective policies to protect PHI and takes effective steps to protect PHI. But almost 40% did not believe that their organizational management views privacy and security as a priority, and 54% did not feel that their organization possesses sufficient resources to ensure protection requirements are currently being effectively protected. When asked about the complexity of the laws and the ease of compliance, only 12% felt the laws were “easy to understand” and only 14% thought the laws were “not difficult at all” to comply with. When asked to identify the most significant impediments their organization faces to achieving a strong privacy and data security posture with respect to how PHI is collected, used, and retained the most common impediment was seen as “lack of funding”(59%) and followed by insufficient time, lack of senior executive support,” and lack of accountability and leadership.”
Responses showed that more than 85.3 % of participants stated that the accidental or inadvertent exposure from an insider was the “most likely” or “very likely” threat to protected data. More than 50 % believed that some type of security threat was likely adversely affecting their organizations now.
The report is available for free download at webstore.ansi.org/phi.
Source: ANSI News Release
Walgreens Uses e-Delivery of Patient Info to Physicians
Walgreens announced that it will use Surescripts’ Clinical Interoperability services to electronically deliver patient data directly to primary care providers to improve the coordination of care. In the coming months, all of the 7,800 Walgreens and Duane Reade pharmacies and 350 Take Care Clinics nationwide will use the Surescripts network to deliver immunization records to the patient’s primary care provider. Later this year, Walgreens will also use the Surescripts network to provide immunization reporting to state and local public health agencies, and Take Care Clinic patient summaries to the patient’s primary care provider.
A recent survey of 400 physicians by Surescripts illustrated the challenge of compiling more complete medical records: 39 percent responded that they are frequently missing immunization records during patient visits; 35 percent are often missing patient summaries.
Source: Walgreens News Release
A recent survey of 400 physicians by Surescripts illustrated the challenge of compiling more complete medical records: 39 percent responded that they are frequently missing immunization records during patient visits; 35 percent are often missing patient summaries.
Source: Walgreens News Release
Subscribe to:
Posts (Atom)
