March 31st Attestation Deadline for Eligible Professionals

strike before midnightReminder:  The deadline for Medicare eligible professionals to attest to meaningful use of certified electronic health record technology for the 2013 program year is just two weeks away.  Attestations are due on March 31, 2014 at 11:59 pm EST.  Click here for addition information about the EHR incentive program as well as to register or attest to meaningful use.

Puerto Rico Imposes Massive Fine for Insurer’s Data Breach

HITECH EHR Incentive Program PaymentsThe Puerto Rico Health Insurance Administration has fined Triple-S Salud Inc. (TSS) $6.8 million for failure to safeguard Medicare beneficiary numbers. This far exceeds any fine imposed by or settlement reached by the United States Office of Civil Rights to date for HIPAA data breaches. How did the fine reach such a staggering amount? What lessons can be learned? Continue reading

The FTC: Watchdog for Privacy and Security of Sensitive Personal Data

Data transmissionThose who dwell in the world of health care privacy and security know well that the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) is the federal agency that issues the regulations, provides guidance and ultimately enforces the complex requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended by the Health Information Technology for Economic & Clinical Health Act of 2009(HITECH).  But we also know, as citizens of the 21st Century, that privacy and security concerns extend far beyond insurance claims and health records in our doctors’ offices.  With every new smartphone we indulge in, every online purchase we make, every retail loyalty program for which we register, we share valuable chunks and tidbits of data about ourselves that now can be used to tell others far more about us than we ever would have dreamed possible, or probably desire.  The internet and astounding connectivity of so many technological devices, both consumer and commercial, allow extremely private and sensitive information to be accessed by parties we do not know and cannot imagine, for both our benefit and detriment.  Continue reading

OIG recommends fraud safeguards in hospital EHR technology

Doctors Using EHROn December 10, 2013, the Office of Inspector General for the United States Department of Health & Human Services (OIG) issued a report finding that hospital implementation of fraud safeguards in electronic health records (EHRs) falls short of the recommended standards. The report carries out one of the OIG’s 2013 Work Plan objectives to study how EHR technology may lead to improper payments by federal healthcare programs.  In its Work Plan, the OIG had noted that: “Medicare contractors have noted an increased frequency of medical records with identical documentation across services.”

The OIG’s findings were extracted from the responses to an on-line questionnaire to 864 hospitals that had received Medicare EHR incentive payments as of March 2012. The questionnaire focused on four EHR fraud safeguards: 1) EHR audit functions; 2) EHR user authorization and access; 3) EHR data transfer; and 4) patient involvement via the ability to access and comment within their EHR.   The OIG criticized the Centers for Medicare and Medicaid Services (CMS) and the Office of National Coordinator of Health Information Technology (ONC) for failing to incorporate recommended safeguards into meaningful use criteria and EHR certification standards.

Continue reading

HHS Announces Dramatic Increase in Adoption of Electronic Health Records

Doctors Using EHROn May 22, 2013, Kathleen Sebelius,  Secretary of the United States Health & Human Services Department, announced that over 50 percent of doctors and over 80 percent of hospitals are making a “meaningful use” of electronic health records (EHRs) and have received incentives for such use.   By comparison, in 2008, just nine percent had adopted EHRs.  Secretary Sebelius credits the “dramatic increase” in adoption of EHRs to the Health Information Technology for Economic and Clinical Health Act (HITECH Act) that was passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA).  The HITECH Act awards incentives to eligible professionals (physicians) and hospitals who make a “meaningful use” of EHR technology that has been certified by the HHS Office of National Coordinator of Health Information Technology (ONC).  The HHS press release with further information is available here.