Health Information Technology

Can’t Complete the Stage 2 MU Summary of Care Measure 3 Test with a CMS Designated Test EHR? CMS Issues New FAQ on Alternative

Kathie McDonald-McClure Electronic Health Records, Eligible Professional Incentives, Health Information Technology, HITECH Law, Hospital EHR Incentives, Meaningful Use , , ,

HCP with stethoscope using phone while on laptopOn January 22, 2015, the Centers for Medicare and Medicaid Services (CMS) updated previously posted FAQ No. 11666 to help guide providers who are striving to meet Stage 2 Meaningful Use criteria under the Medicare and Medicaid EHR Incentive Programs implemented by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. The updated FAQ addresses the problem providers are having in meeting Measure 3 under the Stage 2 Summary of Care objective. The question posed is:

“When reporting on the Summary of Care objective in the EHR Incentive Programs, how can eligible professionals, eligible hospitals, and critical access hospitals (CAHs) meet measure 3 if they are unable to complete a test with the CMS Designated Test EHR (NIST EHR-Randomizer Application)?”

The CMS answer is as follows: Continue reading

THE HIPAA SECURITY RISK ANALYSIS

Margaret Young Levi Electronic Health Records, Eligible Professional Incentives, Federal Law Resources, Health Information Technology, HITECH Law, Hospital EHR Incentives, Meaningful Use, Physician EMR Stimulus , ,

businessman looking over his glasses with clipboard on hand - frUnder the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), eligible hospitals and critical access hospitals and eligible professionals must make a “meaningful use” of “certified electronic health technology” or face reductions in Medicare reimbursement. Conducting or reviewing a security risk analysis is a core objective in the meaningful use requirements of the Medicare and Medicaid electronic health record (“EHR”) incentive programs. These security risk analyses have been Continue reading

CMS Extends 2014 Meaningful Use Attestation and Quality Deadlines

Margaret Young Levi Health Information Technology, HITECH Law, Hospital EHR Incentives, Hospital EHR Stimulus, Meaningful Use ,

strike before midnightOn November 24, 2014, CMS announced a one-month extension of the deadline for eligible hospitals and Critical Access Hospitals (CAHs) to attest to meaningful use for the Medicare Electronic Health Record (EHR) Incentive Program 2014 reporting year. Medicare eligible hospitals must attest to meeting meaningful use requirements each year to receive an incentive and to avoid a payment adjustment. The deadline is being extended from 11:59 pm EST on November 30, 2014 to 11:59 pm EST on December 31, 2014, and CMS states this will “allow more time for hospitals to submit their meaningful use data and receive an incentive payment for the 2014 program year, as well as avoid the 2016 Medicare payment adjustment.”

CMS also extended the deadline for eligible hospitals and CAHs to electronically submit clinical quality measures (CQMs) until December 31, 2014.

Please note that these extensions are only for the Medicare EHR Incentive Program and will not affect the deadlines for the Medicaid EHR Incentive Program.

Upcoming Deadlines:

  • December 31, 2014 at 11:59 pm ET: Attestation deadline for Medicare eligible hospitals and CAHs for the 2014 program year
  • December 31, 2014: Deadline for hospitals and CAHs to submit eCQMs.
  • December 31, 2014: End of 2014 calendar year and end of the 2014 reporting period for eligible professionals
  • February 28, 2015: Attestation deadline for Medicare eligible professionals.

For additional information, check out the EHR Incentives Programs website.

FDA Issues Cybersecurity Guidance to Medical Device Manufacturers

Margaret Young Levi Health Information Technology, Privacy & Security , ,

Data transmissionThe U.S. Food & Drug Administration (FDA) has issued guidance setting forth its current thinking on issues related to cybersecurity of medical devices.

Because medical devices increasingly store or transmit sensitive patient health information, there are increased security risks of unauthorized access, modification, misuse or denial of use, or the unauthorized use of this information. Medical devices that connect to other devices or to the Internet or which have USB or other data ports are especially vulnerable. The FDA notes that “[f]ailure to maintain cybersecurity can result in compromised device functionality, loss of data (medical or personal) availability or integrity, or exposure of other connected devices or networks to security threats. This in turn may have the potential to result in patient illness, injury, or death.” Continue reading

September 22, 2014 Deadline for Business Associate Agreements

Margaret Young Levi Health Information Technology, HITECH Law, Privacy & Security, Uncategorized , , , , , , , ,
September 22nd Deadline Fast Approaching
September 22nd Deadline Fast Approaching

The final HIPAA Omnibus Rule (Omnibus Rule), published in the Federal Register on January 25, 2013, substantially increased the privacy and security responsibilities of a “business associate” of a “covered entity”, as those terms are defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)(see discussion later in this post regarding the expansion of the “business associate” definition).  Among other changes, the Omnibus Rule requires a covered entity and business associate to revise their business associate agreement (BAA) to reflect the business associate’s new obligations.  All BAAs signed after January 24, 2013 should already include new language necessary to comply with the Omnibus Rule.  BAAs that were signed on or before January 24, 2013 were deemed compliant until September 22, 2014; however, if renewed or modified before that date then they must be brought into actual compliance at that time.  Covered entities and business associates must ensure that all BAAs are compliant with the Omnibus Rule before the September 22, 2014 deadline. Continue reading