New HIPAA Auditing Process Begins – Are You Ready?

audit checklistThe Department of Health and Human Services’s Office for Civil Rights (OCR) announced last week that it has launched Phase 2 of its HIPAA Audit Program. Under this Audit Program, OCR will review whether entities subject to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Data Breach Notification regulations are complying with those regulations.  OCR has already begun to send initial emails to “covered entities” and “business associates” (defined in the HIPAA regulations) regarding the audits that seek to verify contact information.

Tip:  These emails may be incorrectly classified as spam by corporate or email filters.  OCR expects covered entities and business associates to check spam and junk email folders for emails from OCR.

WarningSophisticated cybercriminals could use the OCR audits as an opportunity to send fake OCR emails (“phishing emails”) in an attempt to trick employees into turning over individual health information or to click on links that download harmful malware into the organization’s computer network.  Do not click on links or supply any documentation until Continue reading

Stages 1, 2, And Now 3, Meaningful Use Criteria

The Centers for Medicare & Medicaid Services (“CMS”) proposed Meaningful Use criteria to implement Stage 3 and allow eligible professionals, eligible hospitals and critical access hospitals (“CAHs”) to qualify for incentive payments (or avoid downward payment adjustments) under the Medicare and Medicaid Electronic Health Record (EHR) Incentive Program implemented by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009. stethoscope, keyboardThen CMS made changes to Stage 1 and Stage 2 Meaningful Use criteria to better align with the proposed Stage 3 criteria just two weeks later.

On March 30, 2015, CMS published a long-awaited proposed rule which, if finalized, would implement Stage 3, making changes to the objectives and measures of meaningful use for providers effective in Continue reading

April 1 Deadline for Hospitals to Earn EHR Incentives

The Centers for Medicare & Medicaid Services (CMS) reminds hospitals that 2015 is the last year for eligible hospitals to begin participating in the Medicare Electronic Health Record (EHR) Incentive Program and earn incentive payments.

In order to earn a 2015 incentive payment, be eligible for a 2016 incentive payment, and avoid a 2016 payment reduction (called an “adjustment”), first-time hospital participants should:

  • Begin their 90-day reporting period no later than April 1, 2015 and
  • Attest by July 1, 2015.

Eligible hospitals that do not start their 90-day reporting period on April 1, 2015 have one last chance to earn a 2015 incentive payment if they begin their reporting period by July 1, 2015 and attest by Continue reading

Providers Talk, CMS Listens: CMS Announces Plan to Modify Meaningful Use Requirements

On January 29, 2015, Centers for Medicare & Medicaid Services (CMS) electronic health recordannounced its intent to make changes to the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs beginning in 2015, which aim to “help to reduce the reporting burden on providers.”

Providers have expressed concerns about the EHR Incentive Programs’ requirements and their burden on providers. In response to those concerns, CMS is considering whether to:

  • Shorten the EHR reporting period in 2015 to 90 days to accommodate these changes.
  • Realign hospital EHR reporting periods to the calendar year to allow eligible hospitals more time to incorporate 2014 Edition software into their workflows and to better align with other CMS quality programs.
  • Modify other aspects of the program to match long-term goals, reduce complexity, and lessen providers’ reporting burdens.

CMS is expected to engage in rulemaking this spring to implement these changes to the EHR Incentive Programs. These changes will not be included in the proposed regulations regarding Stage 3 meaningful use requirements and criteria that CMS plans to issue by early March 2015 and which will apply in 2017 and subsequent years.

 

Can’t Complete the Stage 2 MU Summary of Care Measure 3 Test with a CMS Designated Test EHR? CMS Issues New FAQ on Alternative

HCP with stethoscope using phone while on laptopOn January 22, 2015, the Centers for Medicare and Medicaid Services (CMS) updated previously posted FAQ No. 11666 to help guide providers who are striving to meet Stage 2 Meaningful Use criteria under the Medicare and Medicaid EHR Incentive Programs implemented by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. The updated FAQ addresses the problem providers are having in meeting Measure 3 under the Stage 2 Summary of Care objective. The question posed is:

“When reporting on the Summary of Care objective in the EHR Incentive Programs, how can eligible professionals, eligible hospitals, and critical access hospitals (CAHs) meet measure 3 if they are unable to complete a test with the CMS Designated Test EHR (NIST EHR-Randomizer Application)?”

The CMS answer is as follows: Continue reading