Early Meaningful Users Promised Stage 2 Extension

December 13, 2011December 13, 2011 Margaret Young Levi Electronic Health Records, Health Information Technology, HITECH Law, Hospital EHR Stimulus, Meaningful Use, Physician EMR Stimulus ARRA, EHR, Electronic Health Records, eligible professional incentives for electronic medical records, Health Information Technology, HITECH implementation, Meaningful Use, meaningful use of certified EHR

On November 30, 2011, U.S. Department of Health and Human Services (HHS) Secretary Kathleen Sebelius issued a press release announcing proposed steps to encourage physicians and hospitals to adopt electronic health records (EHRs) this year and receive incentive payments made available under the Health Information Technology for Economic and Clinical Health (HITECH) Act), which was part of the American Recovery and Reinvestment Act of 2009 (ARRA).

Under the HITECH Act, physicians and hospitals have the opportunity to earn financial incentives from Medicare and Medicaid if they demonstrate the adoption and meaningful use of certified EHRs in a series of three stages. Under the current rules, physicians and hospitals that adopt EHRs in 2011 and attest to meeting Stage 1 meaningful use standards by February 28, 2012 must meet Stage 2 standards in 2013. If they wait until 2012 to attest to Stage 1, providers could delay Stage 2 compliance until 2014. To encourage more providers to adopt EHRs in 2011, instead of waiting until 2012, HHS proposes to allow providers who qualify for Stage 1 meaningful use in 2011 an extension until 2014 to meet Stage 2 standards. HHS clarified that providers first attesting to meaningful use in 2011 qualify for both 2011 and 2012 incentive payments.

These proposed steps are consistent with June 2011 recommendations from the Health IT Policy Committee (HITPC). As we reported this summer, HITPC advocated that providers who begin to attest to meaningful use in 2011 be provided an extra year “to phase in the stage 2 expectations (i.e., Stage 2 for those who attest in 2011 would begin in 2014).” HHS listened!

HHS intends to publish this extension in the Stage 2 meaningful use Notice of Proposed Rulemaking (NPRM) in February 2012.

At the same time, HHS also released new data from the Centers for Disease Control and Prevention (CDC) showing increased adoption of EHRs by physicians. The CDC report documented that physicians’ adoption of health information technology (IT) doubled in two years, and 52% of physicians intend to apply for meaningful use incentives, up from 41% in 2010. Click here to access additional information about achieving meaningful use, including the CDC report.

Office of Civil Rights Launches Privacy and Security Audits

November 9, 2011August 14, 2012 Margaret Young Levi Federal Law Resources, Health Information Technology, HITECH Law, Privacy & Security audits, covered entity, Federal Law Resources, HITECH Act, linkedin, privacy, security

Section 13411 of the the Health Information Technology for Economic and Clinical Health Act (HITECH Act) requires United States Department of Health & Human Services (HHS) to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. The HHS Office of Civil Rights (OCR) announced yesterday, November 8, 2011, the launch of long-expected privacy and security audits.

In our blog on July 13, 2011, we posted information concerning OCR’s hiring of contractors to conduct new periodic audits of covered entities and business associates to ensure compliance with the Privacy and Security Standards found in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended by the HITECH Act. Yesterday, OCR announced a pilot program to perform up to 150 audits to assess privacy and security compliance. Audits conducted during the pilot phase will begin in November 2011 and conclude by December 2012.

The initial 150 audits will focus on covered entities, and the audits will begin this month and end by December 2012. Business Associates may have a brief respite but should expect to be the target of future audits.

OCR’s stated goals of the audits are to “examine mechanisms for compliance, identify best practices and discover risks and vulnerabilities that may not have come to light through OCR’s ongoing complaint investigations and compliance reviews.” OCR will “share best practices gleaned through the audit process and guidance targeted to observed compliance challenges.”

Covered entities will be notified in writing if selected for an audit and should be on the lookout for these notices because selected entities have only a short period of time, 10 business days, in which to respond and provide any requested information. After the initial request for information, auditors may conduct onsite audits at an organization. Covered entities will receive 30 to 90 days advance notice of an onsite visit, and auditors expect to spend three to ten days onsite reviewing records, policies and practices. Prior to an auditor’s submission of a final report to OCR, the covered entity will have an opportunity to provide written comments on the auditor’s findings.

Click here to link to OCR’s website with additional details concerning the OCR HIPAA Audit Program.

Final Rule on ACOs encourages EHR adoption but eliminates “meaningful use” requirement

October 20, 2011October 21, 2011 Margaret Young Levi EHR Certification Standards, Electronic Health Records, Health care reform, Health Information Technology, HITECH Law, Meaningful Use ACO, Electronic Health Records, Health Information Technology, health reform, HIT, HITECH Act, linkedin, meaningful use of certified EHR, State Medicaid EHR Incentives

The Centers for Medicare and Medicaid Services (CMS) announced today, October 20, 2011, that the use of certified electronic health records (EHRs) will be the highest-weighted quality measure for an Accountable Care Organization (ACO) under the new Medicare Shared Savings Program.

ACOs are designed to encourage primary care doctors, specialists, hospitals, and other health care providers to coordinate their care. The CMS Final Rule on ACOs bases the amount of shared savings that an ACO may receive for its performance on four domains of quality: 1) quality standards on patient experience; 2) care coordination and patient safety; 3) preventive health; and 4) at-risk populations. To earn shared savings the first performance year, providers must report across all four domains of quality, which include a total of 33 quality measures. Providers will begin to share in savings based on how well they perform on 23 of the 33 quality measures in the second performance year and on 32 of the 33 measures in the third performance year.

Measure 20 of the 33 quality measures requires ACOs to report the percentage of primary care providers (PCPs) who successfully qualify for an EHR Incentive Program payment. CMS expanded the scope of PCPs who can be counted in this measure by eliminating the requirement that the PCP be a “meaningful EHR user” as defined in 42 C.F.R. § 495.4 of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. CMS stated that it “decided to . . . expand [measure 20] to include any PCP who successfully qualifies for an EHR Incentive Program incentive rather than only including those deemed meaningful users.”

Continue reading →

ONC Releases Model Privacy Notice for Personal Health Records

September 16, 2011September 18, 2011 Margaret Young Levi Electronic Health Records, Federal Law Resources, Health Information Technology, HITECH Law, Privacy & Security ARRA, Health Information Technology, hitech, HITECH Act, linkedin, model privacy notice, personal health record, privacy and security of personal health information

After the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, the interest in storing and accessing health information online increased, prompting increased concerns about the privacy and security of such information. In September 2011, the Office of the National Coordinator for Health Information Technology (ONC) released a Personal Health Record (PHR) Model Privacy Notice for public use. This Model Notice meets ONC’s initial goal in a multi-phased, consumer project to increase consumer awareness of PHR companies’ data practices. The next phase seeks to empower consumers by providing them with an easy way to compare the data practices of two or more PHR companies. Continue reading →

Office of Civil Rights Steps Up HIPAA Audits

July 13, 2011August 14, 2012 Margaret Young Levi Electronic Health Records, Federal Law Resources, Health Information Technology, HITECH Law, Privacy & Security Electronic Health Records, Federal Law Resources, Health Information Technology, HIT, linkedin, meaningful use of certified EHR, privacy and security of protected health information

SUMMARY: In June 2011, the United States Department of Health & Human Services (HHS) Office of Civil Rights (OCR)contracted for new periodic audits of covered entities and business associates to ensure compliance with the Privacy and Security Standards found in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH Act). Announcement of these new audits followed closely on the heels of a May 2011 report from the HHS Office of Inspector General (OIG) criticizing oversight and enforcement of the HIPAA Security Rule requirements and recommending that the OCR conduct random audits.