Health Law
HIPAA Health Law & Technology 
Legal developments, issues, and other pertinent information relating the creation, use, and exchange of health information. Topics include EHRs and PHRs; HIEs, RHIOs, and EHR networks; privacy and security; breaches; and recent legislation.
Post Frequency: 1.4/day Last Entry: November 07, 2009 at 00:43:29 Recent Entries: 170
By Helen Oscislawski
Go to HIPAA Health Law & Technology, find other Health Law blogs, or browse all law blogs.
Search
Posts
Certifying EHRs for "Meaningful Use"
Posted on November 07, 2009On November 2, 2009, the Texas-based Drummond Group Inc. announced in a Press Release that it will submit to become a certifying body upon the release of the Office of the National Coordinator for Health Information Technology (ONC) requirements for certifying bodies for Electronic Health Records (EHR)...
HITECH Workshop for Camden-area Hospitals
Posted on November 06, 2009Friday, November 20, 2009 Virtua Center for Learning Classroom A 1200 Howard Blvd. Mt. Laurel, NJ Covered entities will be required to make notifications of certain HITECH security breaches to the affected individuals, newspaper and media outlets in the state as well as the U...
HHS Issues Interim Final Rule to Implement the HITECH Act's Strengthened Civil Money Penalty Scheme
Posted on November 05, 2009On October 30, 2009, the Secretary of the HHS adopted an Interim Final Rule amending HIPAA's enforcement regulations relating to the imposition of civil monetary penalties ('CMP'). Most significantly, the Interim Final Rule distinguishes between violations occurring before February 18, 2009 and violations occurring on or after that date with regard to the penalty amount and available affirmative defenses...
Does Oklahoma's New Abortion Law Violate HIPAA?
Posted on November 02, 2009Yesterday, November 1, 2009, the "Statistical Reporting of Abortion Law" went into effect in Oklahoma. The Statistical Reporting of Abortion Law is just one aspect of a broad and controversial abortion law, which also bans abortions on the basis of "sex of the unborn child...
Oh Where, Oh Where Will the Red Flag End Up (or Down)?
Posted on October 31, 2009I had an inkling this was going to happen – and, as suspected, the FTC has (yet again) delayed the enforcement deadline date for the health care industry, with the latest deadline date being pushed all the way to June 1, 2010. Without a doubt, recent developments over the last several weeks have helped spur this latest bump...
Covered Entity Liability for Business Associate Ignorance of Breach under HITECH -- Really?
Posted on October 23, 2009For covered entities (CEs) who have tight privacy and security measures in place, the breach notification requirements under HITECH (amending HIPAA) might not seem especially onerous. But what about breaches the CE doesn't know about? What if the CE's business associate (BA) fails to report a breach of unsecured health information? What if the BA doesn't even know about the breach? The Interim Final Rule published by the Office of Civil Rights (OCR), Department of Health and Human Services (HHS) on August 24, 2009 confirms what others doubted when I raised the paranoid-sounding possibility: "yes, a CE must meet the breach notification requirements and timeline, even when the CE is not responsible for, and does not even know about, a breach...
Governance Considerations from HIT for the Board and Other Hospital Stakeholders - The Need for an IT Champion to Serve as a Link between IT Personnel and Other Stakeholders - Installment 7
Posted on October 22, 2009This is the seventh installment in a series of blog posts that relate to the governance concerns surrounding developments in HIPAA, HITECH and HIT. For a number of months this series has been emphasizing the importance of establishing a credible and knowledgeable liaison at the governing body and/or senior administrative level to articulate and educate the diverse stakeholders about the new challenges and initiatives in HIPAA and HIT...
Let the Breach Notifications Begin! . . . (in 30 days, or so)
Posted on August 19, 2009The U.S. Department of Health and Human Services (HHS) announced today in a News Release that it has issued new regulations requiring health care providers, health plans, and other entities (e.g., now also Business Associates) covered by the Health Insurance Portability and Accountability Act (HIPAA), to notify individuals, and in some instances the media and HHS, in the event of a "security breach" of "unsecured" protected health information (PHI)...
Distressed Hospital Survival Throught HIT?
Posted on August 10, 2009[Installment 6 - Governance Considerations from HIT for the Board and Other Hospital Stakeholders] On August 4, 2009 the Associated Press reported at http://www.usatoday.com/news/health/2009-08-04-electronic-medical-records_N.htm that Sac-Osage Hospital, a 47-bed hospital in rural western Missouri, 'is borrowing nearly $1 million to pitch its paper medical charts and purchase a state-of-the-art electronic health records [EHR] system...
Distressed Hospital Survival Through HIT?
Posted on August 10, 2009[Installment 6 - Governance Considerations from HIT for the Board and Other Hospital Stakeholders] On August 4, 2009 the Associated Press reported at http://www.usatoday.com/news/health/2009-08-04-electronic-medical-records_N.htm that Sac-Osage Hospital, a 47-bed hospital in rural western Missouri, 'is borrowing nearly $1 million to pitch its paper medical charts and purchase a state-of-the-art electronic health records [EHR] system...
"In The Event That I Can No Longer Make Decisions For Myself, I Wish ..." - Storing Advanced Directives on GoogleHealth
Posted on August 05, 2009Google Health and National Hospice and Palliative Care Organization's Caring Connections have partnered to allow patients to store and access their advance directives on line. Advance directives are essentially "directions" that a person gives to their medical professionals about what interventions they wish to have provided or withheld under specific circumstances -- especially in emergencies and at "end-of-life" moments -- when such person can not express those wishes himself or herself...
HITECH Help Is On the Way! August 19, 2009
Posted on July 31, 2009Do you need help understanding what to do in light of HITECH's privacy and security changes to HIPAA? Are you concerned about HITECH's increased penalties for HIPAA violations? Are you struggling to understand what needs to be done under the New Jersey Security Breach Notification Act, and how these state requirements reconcile with the HITECH breach notification requirements? Join me on Wednesday, August 19, 2009 at 12:00 p...
Should Health Care Providers Bother with Red Flags?
Posted on July 30, 2009Yesterday, the Federal Trade Commission (FTC) announced in a News Release that it will further delay enforcement (yet again!) of the "Red Flags" Rule until November 1, 2009. The News Release states that the purpose of the delay is to give the FTC additional time to redouble its efforts to educate and assist small businesses and other entities about compliance with the Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply...
HIPAA Paranoia Strikes Deep Among Healthcare Providers
Posted on July 29, 2009Hospitals, physician practices and other healthcare providers continue to misunderstand patients' rights to their own records years after HIPAA's privacy rule took effect. The Los Angeles Times reported on July 27 that the California Medical Board receives many complaints from patients about trouble accessing medical records from doctors: Candis Cohen, a spokeswoman for the board, says physicians and their office staffs frequently confuse details of the HIPAA privacy law and, even with the best intentions of protecting patients' privacy rights and complying with the law, deny consumers access to their medical records...
Relationship of "Meaningful Use" of Electronic Health Records, and the Department of Veterans Affairs
Posted on July 26, 2009[Installment 5 - Governance Considerations from HIT for the Board and Other Hospital Stakeholders] This is the fifth in a series of blog posts that relate to the governance concerns surrounding developments in HIPAA, HITECH and HIT. The other week, two separate and apparently unrelated events occurred on consecutive days with respect to electronic health records ('EHRs') that dramatically underscore the focus of this series...
Relationship of "Meaningful Use" of EHR, and the Department of Veterans Affairs
Posted on July 26, 2009[Installment 5 - Governance Considerations from HIT for the Board and Other Hospital Stakeholders] This is the fifth in a series of blog posts that relate to the governance concerns surrounding developments in HIPAA, HITECH and HIT. The other week, two separate and apparently unrelated events occurred on consecutive days with respect to electronic health records ('EHRs') that dramatically underscore the focus of this series...
Dare to Take-a-Peek? Think Again.
Posted on July 23, 2009I have said it before, and I will say it again -- employees must come to understand and truly appreciate the huge risks involved and penalties at stake with "taking a peek" at a patient's medical record for no legitimate purpose...
Securing Protected Health Information (PHI)
Posted on July 16, 2009[Installment 4 - Governance Considerations from HIT for the Board and Other Hospital Stakeholders]. This is the fourth in a series of blog posts that relate to the governance concerns surrounding developments in HIPAA, HITECH and HIT. Over the next several months, my blog entries will continue to discuss some of the threshold issues that face the manifold stakeholders in the hospital industry as they struggle to cope with the new and somewhat uneven landscape of health information technology ('HIT') and protected health information ('PHI')...
Sharing of Electronic Health Records Among Hospitals
Posted on June 25, 2009[Installment 3 - Governance Considerations from HIT for the Board and Other Hospital Stakeholders] This is the third in a series of blog posts that relate to the governance concerns surrounding developments in HIPAA, HITECH and HIT. Jim Landers of the Washington Bureau of the Dallas News wrote an article that was published on June 24, 2009, entitled "Administration: Hospitals unwilling to share electronic records will miss out on billions in stimulus funds...
Will Too Much "Meaning" = Not Enough "Use"?
Posted on June 23, 2009When I first reviewed the Matrix and other documents released by the HIT Policy Committee's 'Meaningful Use' Workgroup, my initial reaction was 'When did defining ‘Meaningful Use' of EHR morph into attempting to use EHRs to ‘meaningfully' reform the entire healthcare delivery system...
Will Too Much "Meaning" = Not Enough Use?
Posted on June 23, 2009When I first reviewed the Matrix and other documents released by the HIT Policy Committee's 'Meaningful Use' Workgroup, my initial reaction was 'When did defining ‘Meaningful Use' of EHR morph into attempting to use EHRs to ‘meaningfully' reform the entire healthcare delivery system...
"Meaningful Use" Comments Due June 26th
Posted on June 18, 2009The Office of the National Coordinator for Health Information Technology (ONC) is seeking comments on the preliminary definition of 'Meaningful Use,' as presented to the HIT Policy Committee on June 16, 2009. Comments on the draft description of Meaningful Use are due by 5:00 pm EST June 26, 2009...
"Meaningful Use" Definition Recommendation Due out June 16th
Posted on June 11, 2009The HIT Policy Committee is suppose to unveil its recommendations on the definition of "Meaningful Use" of electronic health records (EHRs) on June 16th, reports Health Data Management. Any approved definition of "Meaningful Use" would then be forwarded to the Office of National Coordinator for further consideration...
Governance Considerations from HIT for the Board and Other Hospital Stakeholders - Twitter and Patient Privacy Rights
Posted on May 26, 2009This is the second in a series of blog posts that relate to the governance concerns surrounding HIPAA, HITECH and HIT. It is, however, not the second posting that I had originally planned. A front-page article on May 25, 2009 in the New York Times by Pam Bullock, entitled 'Hospitals Using Internet to Interact with Public,' prompted me to write on this topic as part of the series...
Twitter and Patient Privacy Rights
Posted on May 26, 2009[Installment 2 - Governance Considerations from HIT for the Board and Other Hospital Stakeholders] This is the second in a series of blog posts that relate to the governance concerns surrounding HIPAA, HITECH and HIT. It is, however, not the second posting that I had originally planned...
Governance Considerations from HIT for the Board and Other Hospital Stakeholders [Installment 1]
Posted on May 18, 2009The pressure on healthcare providers to convert to electronic medical records (EMR) as part of the overall HIT movement has increased dramatically in recent months. Promulgations from HHS and FTC, the federal stimulus package and HITECH, which recently heavily-amended HIPAA, create new challenges for healthcare providers...
Putting ARRA Money in the HIPAA/HITECH Enforcement Mouth
Posted on May 18, 2009In accordance with the 90-day deadline established for an operating plan to be submitted to Congress on expenditures related to the $2 Billion Dollars appropriated under the American Recovery and Reinvestment Act ("ARRA") relating to health information technology ("HIT"), the Office of the National Coordinator ("ONC") has submitted its proposed ARRA Implementation Plan to Congress...
Governance Considerations from HIT for the Board and Other Hospital Stakeholders
Posted on May 18, 2009[Installment 1] The pressure on healthcare providers to convert to electronic medical records (EMR) as part of the overall HIT movement has increased dramatically in recent months. Promulgations from HHS and FTC, the federal stimulus package and HITECH, which recently heavily-amended HIPAA, create new challenges for healthcare providers...
Fox Rothschild to Participate at NIST/CMS Security Rule Conference
Posted on May 11, 2009As HITECH refocuses the health care industry's attention on security, the role of National Institute of Standards and Technology ('NIST') in developing standards for health information security will become more center stage. On May 18, 2009, Fox Rothschild LLP will present at the NIST and CMS Security Rule Conference in Gaithersburg, Maryland called: 'Safeguarding Health Information: Building Assurance Through HIPAA Security'...
Fox Rothschild to Participate at NIST and CMS Security Rule Conference
Posted on May 11, 2009As HITECH refocuses the health care industry's attention on security, the role of National Institute of Standards and Technology ('NIST') in developing standards for health information security will become more center stage. On May 18, 2009, Fox Rothschild LLP will present at the NIST and CMS Security Rule Conference in Gaithersburg, Maryland called: 'Safeguarding Health Information: Building Assurance Through HIPAA Security'...
A Little Intellectual Property 101 for HIT
Posted on May 08, 2009Introduction to Intellectual Property As my initial entry to this blog, I would like to provide a high-level overview of U.S. Intellectual Property ("IP') law. This overview will provide background information on the various areas of IP. Future entries will consider how the various aspects of IP effect and are effected by HIPPA/HITECH and the electronic patient record initiatives...
Red Flag Enforcement Delayed to August 1, 2009
Posted on May 01, 2009This morning, the Federal Trade Commission (FTC) announced it will delay (again) enforcement of the new 'Red Flags Rule,' now until August 1, 2009 to give affected entities more time to comply. In the press release, FTC Chairman Jon Leibowitz said: 'Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further...
Review Health Information Before You Click "Upload to Google Health"
Posted on April 21, 2009Using Google Health, a free personal health record tool, requires patients to be proactive both in terms of creating their electronic health record (EHR) and in checking the accuracy of the information loaded into the EHR, particularly when it comes from insurance claims data...
HHS Issues Guidance on Security Breach Notification
Posted on April 20, 2009On April 17, 2009, the federal Department of Health and Human Services (HHS) issued guidance specifying the technologies and methodologies that render PHI unusable, unreadable, or indecipherable to unauthorized individuals, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA)...
FTC Issues Proposed Rules for Security Breach Notification under HITECH
Posted on April 17, 2009The Federal Trade Commission (FTC) posted its proposed rule today implementing new breach notification requirements for health records, which were required to be promulgated by the Health Information Technology for Economic and Clinical Health ("HITECH") Act...
HIPAA Reminder Notice Due April 14th for Large Health Plans
Posted on April 12, 2009The recent changes to HIPAA brought about by the American Recovery and Reinvestment Act (ARRA) and its Health Information Technology for Economic and Clinical Health (HITECH) Act have received a lot of attention, as of late...
Massachusetts Hospital Rescues "Orphan" Medical Records
Posted on April 08, 2009The abandoned records of an Acton, Massachusetts physician who abruptly closed his office have been saved from the shredder by the last-minute intervention of a local hospital, highlighting a potential gap in state law that may leave patients unprotected in similar situations...
NYT, NEJM Report Doctors Not "Sold" on EHRs
Posted on March 27, 2009Posted by William H. Maruca, Esq. The Health Information Technology for Economic and Clinical Health (HITECH) Act has been called the most significant legislation to ever address health information technology, but it is no cure-all, say many physicians...
CDT Releases HITECH - HIPAA Guidance
Posted on March 27, 2009The Center for Democracy and Technology ("CDT") has released a great guidance document that compares the requirements under the newly-enacted HITECH Act against HIPAA, and highlights specific changes resulting from this new legislation...
HITECH, Red Flags, HIPAA and Updating Privacy & Security Programs
Posted on March 25, 2009Since HIPAA and its related Privacy and Security Rules went into effect for health care providers, there have been a number of new laws and regulations passed that impact the policy, procedures and overall privacy and security approach for many health care organizations...
CVS Reaches $2.25 Million Settlement Agreement
Posted on February 18, 2009The U.S. Department of Health and Human Services and the Federal Trade Commission announced today that CVS will pay the U.S. government a $2.25 million settlement and take corrective action in connection with the government finding that CVS had violated the HIPAA Privacy Rule by failing to safeguard identifying information during disposal...
HITECH Act Signed Into Law - High Hope Follows
Posted on February 17, 2009Today, President Obama signed the Health Information Technology for Economic and Clinical Health Act (known as the "HITECH Act") into law. The final version of HITECH Act is posted on the Library of Congress' THOMAS website. The HITECH Act addresses various aspects relating to the use of health information technology ("H...
HITECH Act Signed Into Law - High Hopes Follow
Posted on February 17, 2009Today, President Obama signed the Health Information Technology for Economic and Clinical Health Act (known as the "HITECH Act") into law. The final version of HITECH Act is posted on the Library of Congress' THOMAS website. The HITECH Act addresses various aspects relating to the use of health information technology ("H...
OCR Revamps Privacy Website
Posted on February 12, 2009The Department of Health and Human Services, Office for Civil Rights has posted its new Web site, and reports that the health information privacy pages have been "extensively revised to improve organization and ease of use for consumers, covered entities and others seeking reliable advice on the HIPAA Privacy Rule and the Patient Safety Rule...
Secure Those Social Security Numbers!
Posted on February 04, 2009On December 15, 2008, the Division of Consumer Affairs ("DCA") published its Notice of Pre-Proposed Rule for "Identity Theft, Written Security Programs and Violations." Comments to the Pre-Proposed Rule are due February 13, 2009...
Will Federal Privacy Requirements Be Getting More Stringent?
Posted on January 26, 2009The Center for Democracy and Technology ("CDT") released a major policy paper today that is intended to move the health privacy debate to consider more effective privacy protection of patient information. The CDT is advocating for the inclusion of privacy protections in the President's economic stimulus bill, which contains at least $20 billion for a national health information technology network...
Moving Info through NHIN is "In" for 2009
Posted on December 19, 2008pThe National Health Information Network (NHIN) may get information moving as early as the first quarter of 2009.nbsp; Innbsp;itsnbsp;December 16th a href="http://ssa.gov/pressoffice/pr/nhin-pr.htm"Press Release/a,nbsp;the Social Security Administration (SSA) indicates that it will begin receiving medical records for some disability applicants via the quot;MedVirginiaquot; health information exchange (HIE) based in Richmond...
Feds Post New Guidance Document
Posted on December 16, 2008The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has published a new HIPAA Privacy Rule guidance as part of its "Privacy and Security Toolkit" (the "Toolkit") developed in connection with "The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information" (the "HIE Framework")...
Joint Commission Throws "HIT's" Weight In the Ring
Posted on November 20, 2008The Joint Commission released a Report today titled "Health Care at the Crossroads: Guiding Principles for the Development of the Hospital of the Future" that, among other things, emphasizes that health information technology ("HIT") will be key to hospitals' viability in the future...
HIT Bills, Bills, and More Bills [*sic*]
Posted on November 15, 2008Health information technology (HIT) bills continue to abound in Congress. Recently, House bill (HR 6898) was introduced by House Ways and Means Health Subcommittee Chair Pete Stark, which includes proposed penalties for providers who do not adopt HIT by a certain date...
IDENTITY THEFT RED FLAG COMPLIANCE DEADLINE DELAYED TO May 1st.
Posted on October 22, 2008The Federal Trade Commission issued an announcement today that the deadline to implement the Red Flag requirements pertaining to identity theft has been delayed for six months, making the new compliance deadline May 1, 2009. In its Enforcement Policy Statement, the FTC states: During the course of the [FTC]’s education and outreach efforts following publication of the rule, the [FTC] has learned that some industries and entities within the FTC’s jurisdiction have expressed confusion and uncertainty about their coverage under the rule...
Conference - Current State of Health IT
Posted on October 22, 2008The e-Health Initiative will host its fifth annual conference and awards dinner December 3–5 at the Ronald Reagan Building and International Trade Center in Washington, DC. According the organization's website, policymakers, decision-makers, and national, state and local leaders from every sector of healthcare will meet to assess the current state of health information technology (IT) progress...
Red Flags to Help Combat Medical Identity Theft
Posted on October 21, 2008The FTC published the Red Flag rule on November 9, 2007. However, over the last year there was considerable confusion and uncertainty about whether the rule, which is primarily geared toward financial institutions and other lenders, also applied (or should apply) to healthcare providers...
Legislation Introduced to Establish a NJ Fund for Health IT
Posted on October 16, 2008Assemblyman Herb Conaway introduced legislation (A 3368) today that would establish an electronic Health Information Technology ("e-HIT") Fund to be used to implement the objectives of the Statewide health information technology plan. The Bill proposes that beginning April 1, 2009, and on a quarterly basis thereafter, each health care payer will pay a "technology reinvestment fee" into the e-HIT fund in an amount equal to 0...
EHR Demo Applications Due November 26, 2008
Posted on October 10, 2008Phase I of CMS's EHR Demonstration project began September 1, 2008. Physicians selected by CMS to participate in this EHR demo project will be eligible to receive incentives totaling up to $58,000 per physician over five years or $290,000 per practice over five years...
National Emergencies and HIPAA
Posted on October 06, 2008Today, OCR posted a new response to the FAQ "Is the HIPAA Privacy Rule suspended during a national or public health emergency?" The federal government's answer? . . . NO! The FAQ response states that the Secretary of HHS may, however, waive certain provisions of the Privacy Rule under the Project Bioshield Act of 2004 (PL 108-276) and section 1135(b)(7) of the Social Security Act...
Obama and McCain Support Health IT Adoption
Posted on September 30, 2008As Election Day rapidly approaches, I thought that it would be interesting to note the presidential candidates' views on health information technology. In short, both Barack Obama and John McCain appear to support and include health care IT adoption as a major part of their health care reform plans...
Help Me Understand HIPAA!
Posted on September 21, 2008It's been years since HIPAA became a household term. Yet, there continues to be a significant amount of confusion about when it applies, what types of uses and disclosures of PHI are permitted, and if individuals can sue someone for a HIPAA violation...
Help Me Understand HIPAA!
Posted on September 16, 2008It's been years since HIPAA became a household term. Yet, there continues to be a significant amount of confusion about when it applies, what types of uses and disclosures of PHI are permitted, and if individuals can sue someone for a HIPAA violation...
Congressman Pete Stark's un-"Health-e Technology Act"
Posted on September 16, 2008Yesterday, U.S. Rep. Pete Stark introduced H.R. 6898 entitled the "Health-e Information Technology Act." Among other things, the Bill proposes the following action, which may not all be that particularly "healthy" for HIT adoption: Make the Office of the National Coordinator for Health Information Technology (ONC) a permanent position that would manage the development, routine updating and dissemination of an open source health information technology system; Impose a "nominal" fee for adoption of the open source system by providers; Authorize ONC to develop a program for the voluntary certification and periodic recertification of health information systems (currently CCHIT already does this); Require a reexamination of "health care operations" to determine which activities should required patient authorization; and Increase civil penalties for violations of the HIPAA privacy rule...
CCHIT to Certify PHRs in 2009
Posted on August 24, 2008The Certification Commission for Healthcare Information Technology (CCHIT) plans to certify personal health records (PHR) beginning in mid-2009. Certification of PHR products would aim to ensure that records meet standards for patient privacy and security, as well as interoperability between providers...
"Opps," BC/BS Did it Again
Posted on July 30, 2008First in New Jersey . . . now in Georgia.The Atlanta Journal-Constitution reported yesterday that last week BC/BS of Georgia sent over 202,000 EOB letters to the wrong addresses. Apparently the letters were mistakenly directed to the addresses of other policyholders, and included patients' names and insurance identification numbers, their doctors names, and in some cases Social Security numbers...
Think Tank Thinks ONC's Plan will Tank
Posted on July 29, 2008Heartland Institute, a Chicago-based think tank published a "scathing critique of the government's efforts to promote healthcare information technology," reports Healthcare IT News. In its August 2008 edition of Health Care News, Heartland's analysts call the ONC- Coordinated Federal Health Information Technology Strategic Plan 2008-2012 "poorly conceived" and argue that "any plan for changing the healthcare system is better coming from the private sector rather than government ...
Wikipedia for Health Care? It's Coming . . .
Posted on July 23, 2008The Los Angeles Times reported today about MEDPEDIA.com, the website currently being developed by Internet entrepreneurs, together with doctors, researchers, and other medical professionals in order to create what is hoped (by them) will be largest body of health information on the Internet...
Providence's HIPAA Corrective Action Plan
Posted on July 19, 2008As promised, here is a link to a copy of the Corrective Action Plan between Providence Hospital and the federal government.
BREAKING NEWS - Feds Impose Penalties For HIPAA Violations
Posted on July 17, 2008Well, years have literally come and gone since covered entities first scrambled to comply with HIPAA's Privacy Rule and Security Rule requirements, yet there continued to be no formal penalties assessed by the government for HIPAA violations...
$$$ Carrots (and Sticks) are Coming for Physicians to Adopt HIT
Posted on July 10, 2008In one of my earlier blog posts, I mentioned that carrots and sticks could be coming in connection with the adoption of health information technology. Well, yesterday afternoon the Senate passed the Medicare Improvements for Patients and Providers Act of 2008 (H...
Horizon BC/BS Grants a Limited EHR Subsidy to New Jersey Health Care Providers
Posted on July 09, 2008Health Data Management reported yesterday that Horizon Blue Cross Blue Shield of New Jersey will commit up to $500,000 to help select hospitals in its New Jersey network adopt electronic medication history technology. This would give physicians real-time medication histories when patients check into a hospital or emergency department...
Best Practices for HealthVault and Google Health
Posted on June 30, 2008At the end of June, Investor's Business Daily reported that Google, Microsoft, Aetna, Blue Cross/ and 27 other private organizations "agreed on" ground rules for protecting the privacy of the sensitive information" contained in personal health records (PHRs)...
LIVE Audio Conference - Keys to Compliance with EHRs
Posted on June 19, 2008On Thursday, July 17, 2008, National Constitution Center Conferences is offering a 60-minute Live Audio Conference called “Electronic Health Records: Keys To Compliance” during which I will discuss many of the legal issues, challenges and practical solutions to utilizing electronic health records...
"But, I Never Had My Kidney Removed . . . ."
Posted on June 13, 2008ONC's Coordinator, Dr. Robert Kolodner, has noted that medical identity theft stories are being documented at an increasing rate, bringing to light serious financial, fraud, and patient care issues, and that it is imperative to obtain a more comprehensive understanding of this issue from a variety of perspectives...
Microsoft Is Connecting the Government Too
Posted on June 12, 2008On June 12, 2008 at the Government Health IT Conference & Exhibition in Washington D.C., Microsoft released version 2 of its Connected Health and Human Services Framework, which it touted as providing a "flexible, individual and family-centered approach for addressing the challenges that face HHS agencies, departments and programs as they respond to complex social needs and problems and deliver services to individuals and families in need...
And The EHR Demo Project Winners Are.....
Posted on June 11, 2008In a June 10 HHS News Release, Secretary Mike Leavitt named the 12 communities that will participate in a 5-year national Medicare demonstration project that provides incentive payments to physicians for using certified electronic health records (EHR) to improve the quality of patient care (the "EHR Demo Project")...
ONC releases its Comprehensive HIT Plan
Posted on June 03, 2008Today, the Office of the National Coordinator for Health Information Technology (ONC) released a comprehensive Strategic Plan for advancing health information technology (HIT). The Strategic Plan is intended to serve as a guide to coordinate the federal government’s health IT efforts to achieve nationwide implementation of an interoperable health IT infrastructure throughout both the public and private sector...
CMS Gives Qualified "OK" To Hospital Covering Cost Of Customized EHR Software For Physicians' Use
Posted on May 31, 2008In its May 28th Advisory Opinion, the Centers for Medicare & Medicaid Services (CMS) found that a hospital system's proposal to pay for customized software to facilitate communication between its electronic health record (EHR) system and EHR software used by physicians affiliated with the hospital would not constitute a prohibited compensation arrangement under the Stark Law...
HIPAA NPI May 23rd Deadline May Spike Denial of Claims
Posted on May 23, 2008May 23 is the compliance date for the National Provider Identifier (NPI) to be used exclusively for electronic health care claims under HIPAA. Providers who do not use their assigned NPI after this date may find health insurers starting to reject and return electronic claims...
GINA (the new federal law, not a girl) May Spur Lawsuits
Posted on May 22, 2008Yesterday, the White House Office of the Press Secretary announced that President Bush signed the Genetic Information Nondiscrimination Act of 2008 ("GINA"). The intent of GINA is to protect individuals from employers and insurance companies denying employment, promotions or health coverage to people when genetic tests show they have a predisposition to cancer, heart disease, or other ailments...
Defining Health IT Alphabet Soup
Posted on May 20, 2008The National Alliance for Health Information Technology released its final Report to the Office of the National Coordinator for Health Information Technology (aka "ONC") today which, among other things, provides consensus definitions for the following six key health information technology terms: Electronic Medical Record (EMR) Electronic Health Record (EHR) Personal Health Record (PHR) Health Information Exchange (HIE) Health Information Organization (HIO) Regional Health Information Organization (RHIO) The project which resulted in the Report was called "Defining Key Health Information Technology Terms" and was funded by ONC with the goal of addressing the need to clarify terminology used in health IT policy, regulation, contracts and other initiatives...
NJ Governor Corzine Appoints Oscislawski to HIT Commission
Posted on May 13, 2008On May 13th, the Office of the Governor announced several direct appointments to the New Jersey Health Information Technology (NJ-HIT) Commission, and I am extremely pleased to pass along that I have been appointed to the attorney seat on the Commission...
New Enforcement Data Added to HHSs Web Site on HIPAA Privacy Compliance and Enforcement
Posted on May 12, 2008Last week, the Office for Civil Rights (OCR) added a new data section on its Compliance and Enforcement Web Site. The new section can be viewed at www.hhs.gov/ocr/privacy/enforcement/data.html. The public can now access enhanced information about several aspects of OCR's enforcement program, including: Charts showing state-specific case investigation results; Calendar-year enforcement-results graphs and charts; Calendar-year graph showing complaint receipts; and Yearly variation in the issues in cases resolved through corrective action...
New Enforcement Data Added to HHS' Web Site on HIPAA Privacy Compliance and Enforcement
Posted on May 12, 2008Last week, the Office for Civil Rights (OCR) added a new data section on its Compliance and Enforcement Web Site. The new section can be viewed at www.hhs.gov/ocr/privacy/enforcement/data.html. The public can now access enhanced information about several aspects of OCR's enforcement program, including: Charts showing state-specific case investigation results; Calendar-year enforcement-results graphs and charts; Calendar-year graph showing complaint receipts; and Yearly variation in the issues in cases resolved through corrective action...
You CAN Go To Jail for HIPAA Violations
Posted on May 08, 2008On May 8th, 2008, John C. Richter, United States Attorney for the Western District of Oklahoma, announced in a press release that a 30-year old Oklahoma City woman who pled guilty to violating HIPAA may face up 10 years in prison and a fine of up to $250,000! As part of her plea, the woman admitted that in the summer of 2007, while she was employed by a counseling center in Oklahoma City, she knowingly allowed two individuals to take patient files from her place of employment which contained individually identifiable health information with the intent to obtain personal gain...
CMS Launches PHR Test Pilot
Posted on May 07, 2008The Centers for Medicare & Medicaid Services (CMS) announced in a Press Release dated May 7, 2008 its new pilot test project in South Carolina that will use an on-line tool called a Personal Health Record (PHR) to give Medicare beneficiaries the ability to collect and then access information about their health or health care services, and collect information about their health...
Federal Law Passed to Protect Use and Disclosure of Genetic Information
Posted on April 25, 2008ScienceDaily reports today that the U.S. Senate approved the Genetic Information Nondiscrimination Act of 2008 (GINA) yesterday, April 24, 2008, by unanimous consent of an amended version of H.R. 493, which passed the House last April 25, 2007 by a vote of 420-3...
RHIO Tech Talk - NY RHIO Selects IT Vendor
Posted on April 23, 2008Axolotl Corp. of San Jose, California, has been chosen to implement the Interboro Regional Health Information Exchange in order to facilitate data exchange among providers in the Queens area of New York City. The RHIO will use Axolotl's Elysium Community Virtual Health Record and EMR-Lite applications to enable participating physicians to access patient lab reports, radiology reports, medication history, allergies and other clinical data via a secure Web application...
Educating the Educators on Privacy Laws
Posted on April 15, 2008Last October, the United States Department of Education released a policy guidance document to to help educators and parents interpret federal privacy laws in an initiative prompted by the mass shooting at Virginia Tech. The document was created in response to schools' requests "for guidance on what information can be shared among government agencies and parents under the 1974 Family Educational Rights and Privacy Act” (FERPA)...
Sanctions May be Imposed Due to Stark-Struck Snoopers
Posted on April 10, 2008On April 8, 2008, the New York Times & The Los Angeles Times reported that, Dr. Mark Horton, head of the California Department of Public Health, said that "the agency planned to sanction the University of California, Los Angeles, Medical Center after hospital workers improperly viewed the records of more than 60 patients, including the actress Farrah Fawcett and the state's first lady, Maria Shriver...
HIPAA Update Seminar
Posted on March 28, 2008On April 3, 2008, I will be discussing some of the most common HIPAA misinterpretations and burning questions still out there at a Compliance Seminar organized and offered through the NJ Medical Society of New Jersey. Among the specific questions I will cover are: When can information be released to a patient's relatives and friends? Can medical records be released pursuant to a subpoena? Is a HIPAA Business Associate Agreement required for all vendors? Should medical records be taken home? How long should I keep medical records? billing records? administrative records? Do I have to notify patients of accidental disclosures? What about security breaches? What should I do if a HIPAA complaint is filed against my practice? What are the benefits and risks with participating in a electronic health information exchange with a hospital or other provider?For further information about the Compliance Seminar, visit: http://www...
One Man's Scrap Paper .... (part 2)
Posted on March 28, 2008On my previous post, I left open the question of whether UPS is on the hook under HIPAA for the box of medical records that ended up in a paper scrap resale warehouse. The brief response is not under HIPAA. The federal government has expressly stated that mail carriers are not considered business associates under the HIPAA Privacy Rule when they handle protected health information on behalf of a covered entity provider...
One Man's Scrap Paper Is Another Man's Treasure (part 1)
Posted on March 13, 2008Business Week reported earlier this week that the medical records of 28 Central Florida Regional Hospital patients were included in a box purchased for $20 from a surplus store by a teacher for use as "scrap paper" in her fourth grade classroom...
Is All "Marketing" Prohibited by HIPAA?
Posted on February 11, 2008In general, HIPAA requires a written authorization from an individual before a health care provider can make a communication about a product or service that encourages recipients of the communication to purchase or use the product or service. However, certain mailings and communications with individuals are permissible without having to obtain prior written authorization because they are not considered "marketing" as defined by the HIPAA Privacy Rule...
CMS to Audit 10-20 Hospitals In Next 9 Months
Posted on January 24, 2008GovernmentHealthIT reports that on January 16, 2008 at a workshop on HIPAA security, CMS announced that it will begin its audits by reviewing 10 to 20 hospitals in the next nine months for compliance with the HIPAA Security Rule. As posted earlier on this Blog, CMS has contracted with PriceWaterhouseCoopers (PWC), an accounting and consulting firm, to help with the reviews...
New Year, New Laws . . . Some Items to Watch In 2008
Posted on January 04, 2008What the HIPSA?!! After HIPAA, the last thing most of us want to hear is another acronym that starts with the letter "H" and makes our heads spin trying to figure out whether the answer to the question is "to disclose, or not to disclose...
Ho-Ho-Ho...Contractor Hired to Audit the Naughty
Posted on December 11, 2007HcPro reports that the Center for Medicare and Medicaid Services (CMS) has contracted with Pricewaterhouse Coopers to conduct security audits of covered entities, according to Karen Trudel, deputy director of CMS' Office of E-Health Standards and Services...
Is There Proof in the EHR Pudding?
Posted on November 02, 2007On October 30, 2007, Secretary Mike Leavitt of the Centers for Medicare and Medicaid Services announced on HHS.gov a five-year demonstration project that will encourage small to medium-sized physician practices to adopt electronic health records (EHRs)...
Employees suspended for snooping about George Clooney
Posted on October 15, 2007Last week, WCBS-TV in New York reported that as many as two dozen employees, including doctors and nurses, have been suspended for allegedly improperly accessing actor George Clooney's medical records. As the story goes, employees not involved with the actor's care logged into the hospital's computer system to view his records as doctors tended to his injuries, and that a security guard released a Clooney family member's telephone number...
Microsoft launches website for managing personal health information
Posted on October 05, 2007Yesterday, the New York Times reported that Microsoft Corp. launched "HealthVault," a website designed to allow patients to store and manage their medical and health information, and which is described by Microsoft as "part filing cabinet, part library, and part fax machine for an individual's or a family's medical records and notes...
Is the HIPAA Enforcement Tide Turning?
Posted on August 15, 2007Final regulations setting forth how the Office of Civil Rights (OCR) should enforce HIPAA became effective back in March of 2006. As of the end of August 2007, there have been 29,994 complaints filed with the government alleging violations of privacy...
Reports Find Security & Privacy Variations in State Health Data Exchanges
Posted on August 10, 2007The Agency for Healthcare Research and Quality has released a series of reports funded by AHRQ and the Office of the National Coordinator for Health IT which examine the variations in data privacy and security among 34 regional health information organizations...
New York Unveils Plan for Statewide Health IT Program
Posted on August 09, 2007Yet another state has jumped on the RHIO/HIE bandwagon . . . Government Technology reports that New York Health Commissioner Richard Daines announced today the launch of a statewide health IT program, which will include an initial $106 million investment to help health care facilities adopt IT tools in 2007 and 2008...
EMR Adoption Concerns
Posted on August 08, 2007Concerns continue to mount regarding the recent IRS memorandum declaring that nonprofit hospitals can share their e-health record software and support with physicians without losing their tax-exempt status. A recent report from Leerink Swann & Company contends that a heightened competitive environment in urban areas will be the result of the memorandum declaration, as hospitals vie to attract surgery and other hospital-based procedures...
Study Shows EMR System Can Pay For Itself Within 2 Years
Posted on August 07, 2007According to a study published in the Journal of the American College of Surgeons (JACS), electronic health record (EHR) systems can potentially imbue enough cost reduction to pay for the cost of the system in under two years' time! Despite growing enthusiasm and awareness of the benefits to patients, physicians have been slow to adopt EHRs often citing cost as an major obstacle to implementing an EHR...
Rhode Island To Build First-Ever Statewide HIE
Posted on August 01, 2007The California Health Care Foundation reported in its iHealthBeat publication today that Rhode Island's Department of Health has awarded a three-year, $1.7 million contract to EDS to design, implement and manage the country's first statewide electronic health record network...
August 6, 2007 - New Jersey RHIO Planning Discussion Forum
Posted on July 30, 2007***Interested parties must register with TESC in order to attend ****When: Monday August 6, 2007 from 9:00-12:00. Where: Thomas Edison State College, Prudence Hall, 101 West State Street, Trenton, NJ Topic: NJ RHIO Discussion Forum to share findings, conclusions and recommendations based upon information collected regarding the level of interest in a statewide health information exchange and the degree of economic commitment needed for sustainability...
California County Working on EHR Exchange
Posted on July 30, 2007A three-year, $1.5 million federal grant is helping Kern County, California to begin building the infrastructure necessary for an electronic health record system, reports the Antelope Valley Press. The Tehachapi Valley Health Care District, which operates rural health clinics in Mojave, California City and Tehachapi, in addition to Tehachapi Hospital, has created and designated the "East Kern County Integrated Technology Association" to be the hub for the EHR database...
Security Breach Affects Private Information of Over 800,000 Individuals
Posted on July 27, 2007Information technology and processing vendor SAIC recently announced on its website www.saic.com that a data security beach placed protected information of about 867,000 individuals at risk for compromise. SAIC (Science Applications International Corporation) is a Fortune 500® company and the contractor for the TRICARE military health program...
Legislators Introduce New Privacy Law
Posted on July 24, 2007As more and more providers and other stakeholders in the health care sector move towards using the electronic medium as their preferred method to store and exchange patients' health information, there is growing concern that HIPAA does not adequately assure that patients' privacy will be maintained...
Health Experts Say Privacy Rules Needed for e-Health Records
Posted on July 19, 2007Do we really need more rules to protect health information? Certain health experts seem to think so. Dr. Deborah Peel, a psychiatrist and founder of Patient Privacy Rights Foundation, believes that "thousands" of electronic databases that contain patients' health records exist, and that those patients don't have any way to keep their personal information from being shared with third parties...
State Laws Require Notification of Data Breaches
Posted on July 11, 2007The media loves to report horror stories about privacy breaches that result in voluminous amounts of private health information being disclosed. There were numerous reports of privacy breaches in 2006 and there will certainly be more in 2007...
Courts Begin Allowing Plaintiffs To Use HIPAA as Standard in Privacy Suits
Posted on July 07, 2007The National Law Journal reported in its June 2007 issue that The Health Insurance Portability and Accountability Act (HIPAA) is raising new legal fears for health care providers concerning privacy suits. Labor and employment attorneys are concerned that courts have begun to let plaintiffs use HIPAA standards to prove liability in privacy suits, even though the law doesn't currently provide a private right of action...
Insurance Companies Finalize Plans to Post Electronic Health Records On The Internet
Posted on July 06, 2007Hartford Business Journal recently reported that privacy groups are sounding alarms as the nation’s largest insurance companies finalize plans to allow millions more customers to post their health records on the Internet. Insurers like Hartford-based Aetna Inc...
Related Law Articles
COBRA Continuation of Healthcare Coverage after Layoff
Pensions and Health Care Coverage for Dislocated Workers
Medicare
Guide to government health insurance for the elderly
Military Veterans Benefits
How to obtain full range of benefits for veterans and dependnets
Related Law Questions
How to learn content of deceased parent's will?
go to the court house where your father died or the county he lived in. It is pu...
Can my wages still be garnished if I am making payments?
Garnishment of wages vary from state to state. In other words, some states permi...
My children's school is falsely charging me with truancy. The local district justice works for the school in the most blatently open way. And his wife works for the district, too! They have violated private health record
I am no lawer by any means, so I would love for someone to verify what I have to...
My husband went to maryland to visit his son he stayed for 11/2 mths became very ill.I came doen from NYC tro bring him home and was told by the hospital that his son his power of attorney to make all decisions health an
Get in touch with a lawyer ASAP. What he's done is illegal, and if you'...
Can I get sent to jail or lose everything I own?
No they have no business showing up at your house and furthermore, you can tell ...
#1 Online Legal Resource
On 08-28 at 21:13PM
Ten months later, Fed must reveal names of emergency lending recipients #FOIA
On 08-25 at 19:02PM
Squeaky Fromme, would-be Ford assassin and Manson devotee, released from prison
On 08-14 at 15:19PM
Likely unintended consequence of cash-for-clunkers stimulus is dampening of 2010 spending
On 08-14 at 14:34PM
Palm seeks to halt Palm Pre Android theme on copyright and trademark ground
On 08-12 at 17:30PM
Congressional investigation demonstrates Karl Rove lied about his active role in US attorney's firing
On 08-12 at 16:20PM
Family of New York City swine flu victim to sue city for failure to secure school #nyc #swineflu
On 08-12 at 12:59PM
Real Network's DVD copying software deemed to break DMCA's anti-circumvention provisions
On 08-12 at 12:57PM
Prepaid funeral operators indicted for $100 Million fraud
On 08-12 at 12:53PM
NY Jets join Cincinnati, Dallas, Green Bay, Houston & Seattle #NFL teams offering branded state lottery games
On 08-12 at 12:43PM
Are you the author of this blog? Adding USLaw.com to your Blogroll increases relevance. You qualify to display a USLaw Network badge.
Suggest changes to this blog's description or nominate another for inclusion. Register for updates.
How to learn content of deceased parent's will?
go to the court house where your father died or the county he lived in. It is pu...
Can my wages still be garnished if I am making payments?
Garnishment of wages vary from state to state. In other words, some states permi...
My children's school is falsely charging me with truancy. The local district justice works for the school in the most blatently open way. And his wife works for the district, too! They have violated private health record
I am no lawer by any means, so I would love for someone to verify what I have to...
My husband went to maryland to visit his son he stayed for 11/2 mths became very ill.I came doen from NYC tro bring him home and was told by the hospital that his son his power of attorney to make all decisions health an
Get in touch with a lawyer ASAP. What he's done is illegal, and if you'...
Can I get sent to jail or lose everything I own?
No they have no business showing up at your house and furthermore, you can tell ...
 |
|
Contact Us | About Us | Celebrity Law Blog |
Our Partners | Disclaimer
| Law Blog Directory
| Law Jobs
| Law Tweets
| GoDaddy Hosting
All original material © 1999-2009 by USLaw.com. |