Year: 2013

Conducting HIPAA Breach Risk Assessments Using the “LoProCo” Analysis

Margaret Young Levi Federal Law Resources, Health Information Technology, HITECH Law, Privacy & Security , , , , , , , ,

by Margaret Young Levi and Kathie McDonald-McClure

clip_image009The U.S. Department of Health & Human Services Office for Civil Rights (“OCR”) has a new acronym, “LoProCo,” relating to assessing data breaches under HIPAA, as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and the HIPAA Omnibus Rule that became effective March 26, 2013.

It is OCR’s position that a breach is Continue reading

November 30th Meaningful Use Deadline for Hospitals

Margaret Young Levi Electronic Health Records, Health Information Technology, HITECH Law, Hospital EHR Incentives, Meaningful Use , , , , , , ,

clip_image002Saturday, November 30, 2013, is the last day for hospitals and critical access hospitals (CAHs) to register and attest to receive an incentive payment for FY2013 under the Medicare Electronic Health Record (EHR) Incentive Program.  In the flurry of Thanksgiving activities, holiday travel and Black Friday shopping, don’t forget to take advantage of this deal.  The Centers for Medicare and Medicaid Services (CMS) has posted a reminder of these deadlines on its Medicare & Medicaid EHR Incentive Program Registration & Attestation System webpage.
Continue reading

Retention of Paper Medical Records After Converting to Electronic Health Records

Margaret Young Levi Electronic Health Records, Federal Law Resources, HITECH Law, Meaningful Use, Privacy & Security , , , , , ,
191563_blog_medical%20Records

NOTE: On February 18, 2010, we posted an article about what to do with paper medical records when converting to an electronic health record (EHR). To date, this has been the most popular article on the HITECH Law Blog. We decided to re-review the topic, update it, and repost it. Actually, not much has changed in the way of the law applicable to this topic. So, the article below reiterates most of the tips from our original article with a few refinements, including additional information about retention periods. This article also is relevant to deciding on the retention period for legacy EHR records when converting to another EHR.

Many hospitals have electronic health records (EHRs) that are hybrid digital records. While the hospital may be using electronic data entry in the emergency department, inpatient nursing care, pharmacy, lab, and pre-op anesthesia, oftentimes, these EHRs are not integrated and, thus, are not merged into a single EHR. The short-term solution may have been to scan printed records from some department, like lab or pharmacy, into the patient’s on-line digital record. As a result, the hospital’s “electronic health record” contains information that is not captured in a “coded format.” For one, this will not meet the “meaningful use” criteria under the HITECH Act.

But let’s assume that the hospital can overcome this hurdle by working with vendors to integrate these records in a way that will meet HITECH EHR certification standards. If the hospital has been maintaining certain portions of patient records in a paper format, what does it do with those paper records after converting to an EHR? If the hospital scans all the paper patient records into its EHR, how long should the hospital retain the paper record after it is scanned into their EHR?

Continue reading

Mobile Device Management

Margaret Young Levi Federal Law Resources, Health Information Technology, HITECH Law , ,

ElectronicData-EcastHeader

More and more, health care providers are employing laptops, tablets, smartphones and other portable electronic devices in their work. And more and more, laptops and other portable electronic devices are involved in breaches of patient data. According to the Office of Civil Rights (OCR) website, 265 (or 39%) of the 674 total data breaches affecting 500 or more individuals reported to date involve either laptops or other portable electronic devices.

In order to better protect the patient information on these devices, the U.S. Department of Health and Human Services (HHS) conducted a Mobile Device Roundtable last year and solicited public comments to gather tips and information HHS considers “would be most useful to health care providers and professionals using mobile devices in their work.” These HHS tips, information and videos may help you protect and secure health information patients entrust to you when using mobile devices. Review these tips and make sure you fully analyze these devices and their movement as part of your risk analysis and risk management plans.

EHR Meaningful Use Audits – Coming Soon to an Office Near You!

Ann Feldkamp Triebsch Electronic Health Records, Health Information Technology, HITECH Law, Meaningful Use , , , , , ,

by Ann F. Triebsch

businessman looking over his glasses with clipboard on hand - frAs we indicated in a posting last October and in a more recent August post , audits are now underway to verify that providers who received incentive monies from the Centers for Medicare and Medicaid Services (CMS) under the Health Information Technology for Economic and Clinical Health (HITECH) Act for implementation of a certified electronic health record (EHR) have indeed met the “meaningful use” (MU) criteria. The Office of the National Coordinator for Health Information Technology (ONC) has contracted with Garden City, NY-based Fagliozzi and Company to conduct these audits.  The audits are designed to verify that providers receiving incentive payments are using certified EHR technology in a meaningful way. These audits can be a hassle, and there are risks if you cannot promptly provide what is requested—even if you are complying with the MU criteria.

Continue reading