HHS HIT Policy Committee discusses privacy & security standards for “meaningful use” of Electronic Health Records

September 21, 2009January 15, 2010 Kathie McDonald-McClure Electronic Health Records, Health Information Technology, HITECH Law, Meaningful Use, Privacy & Security Electronic Health Records, Health Information Technology, HITECH Act, linkedin, personal health records

On Friday, September 18, 2009, from 8:30 am to 3:00 pm, the HHS HIT Policy Committee discussed the standards under development for the 2013 and 2015 “meaningful use” criteria related to privacy and security. The Committee’s webpage gave the following overview of the purpose of the meeting:

Protecting health data through comprehensive privacy policies and security functions are foundational requirements for appropriate management and exchange of individuals’ health data. It constitutes one of the five categories of criteria in the meaningful use criteria matrix. The HIT Policy Committee is holding an initial informational public hearing on September 18, 2009, as input to further deliberations regarding recommendations for 2013 and 2015 meaningful use criteria. Initially, the Committee is seeking testimony in four broad categories: 1) individual choice/control, data segmentation; 2) use, disclosure, secondary use, data stewardship; 3) aggregate data use, de-identification/re-identification, models for data storage; and 4) transparency, accountability, audit.

The Agenda and other materials supplied for this meeting are available on the HIT Policy Committee webpage (scroll down to Meetings and September 18, 2009). For information on how to access future meetings, go here. For more information about the HIT Policy Committee, a list of its members, and to access previous meeting transcripts and documents, visit the HIT Policy Committee webpage.

State surveyors not to determine whether EHR meets HIPAA Privacy and Security Rules; Providers and Suppliers must provide access to EHR to Surveyors

September 15, 2009January 15, 2010 Kathie McDonald-McClure Electronic Health Records, Federal Law Resources, Health Information Technology, Privacy & Security Electronic Health Records, linkedin

In a letter to State Survey Agency Directors dated August 14, 2009, the Centers for Medicare and Medicaid Services (CMS) gave state surveyors guidance regarding surveys of facilities that use electronic health records (EHRs). CMS first stated its support and commitment to the goal that, by 2014, most Americans “will have access to health care providers who use EHRs.” CMS notes that the expanded use of EHRs will cause surveyors to encounter more and more situations where there is no paper-based record immediately available for review. In addition, there may be concerns about the scope of responsibility of State Survey Agencies in enforcing the Conditions of Participation (CoPs), Conditions for Coverage or Conditions for Certification (CfCs) applicable to the surveyed provider or supplier. The CoPs and CfCs include requirements respecting confidentiality of clinical information stored in an EHR.

HHS and FTC Issue Breach Notification Rules

August 20, 2009March 2, 2010 Kathie McDonald-McClure Electronic Health Records, Federal Law Resources, Health Information Technology, HITECH Law ARRA, Electronic Health Records, HITECH Act, linkedin, personal health records

On August 17, 2009, the Federal Trade Commission (FTC) issued its final rule requiring vendors of “personal health records” to notify consumers when the security of their electronic health information is breached. On August 19, 2009, the U.S. Department of Health and Human Services (HHS) issued its interim final rule requiring health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their health information is breached. These rules were issued pursuant to the Health Information Technology for Economic and Clinical Health Act (HITECH), which is part of the American Recovery and Reinvestment Act of 2009 (ARRA). HITECH required FTC and HHS to collaborate on development of the breach notification rules. The FTC’s press release and a link to its Breach Notification Rule is available here. The HHS press release and Breach Notification Rule is available here. HHS published the Breach Notification Rule in the Federal Register on August 24, 2009.

HIT Policy Committee Workgroup Releases Second Draft of “Meaningful Use”

July 15, 2009December 18, 2009 Kathie McDonald-McClure Electronic Health Records, Health Information Technology, HITECH Law, Meaningful Use EHR, Electronic Health Records, Health Information Technology, HIT, HITECH Act, Meaningful Use, ONC

On Thursday, July 16, 2009, the HIT Policy Committee presented its revised recommendation on the “meaningful use” definition. At the end of this meeting, the HIT Policy Committee forwarded its recommendation on the “meaningful use” definition to the Office of National Coordinator per the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). The revised meaningful use matrix, 2011 Draft Quality Measures and other materials presented or discussed during the MU meeting on July 16, 2009 are available on the HIT Policy Committee webpage.

ARRA’s Competitive State HIT Grants and the Small Physician Practice

June 26, 2009June 27, 2009 Kathie McDonald-McClure Electronic Health Records, Health Information Technology, HITECH Law, Physician EMR Stimulus, State HIT Grants & Loans ARRA HIT Grants, Electronic Health Records, small physician practice

Many small physician practices may be relying on health information technology (HIT) loans from their state to adopt electronic health records (EHRs) in their practices. Before a physician can seek such a loan, the state must have such loans available. The American Recovery and Reinvestment Act of 2009 (ARRA) provides grants to states to make such EHR loans available to health care providers. However, states must competitively bid for the ARRA HIT grant money to be made available for such loans.