HHS HIT Policy Committee discusses privacy & security standards for “meaningful use” of Electronic Health Records

September 21, 2009January 15, 2010 Kathie McDonald-McClure Electronic Health Records, Health Information Technology, HITECH Law, Meaningful Use, Privacy & Security Electronic Health Records, Health Information Technology, HITECH Act, linkedin, personal health records

On Friday, September 18, 2009, from 8:30 am to 3:00 pm, the HHS HIT Policy Committee discussed the standards under development for the 2013 and 2015 “meaningful use” criteria related to privacy and security. The Committee’s webpage gave the following overview of the purpose of the meeting:

Protecting health data through comprehensive privacy policies and security functions are foundational requirements for appropriate management and exchange of individuals’ health data. It constitutes one of the five categories of criteria in the meaningful use criteria matrix. The HIT Policy Committee is holding an initial informational public hearing on September 18, 2009, as input to further deliberations regarding recommendations for 2013 and 2015 meaningful use criteria. Initially, the Committee is seeking testimony in four broad categories: 1) individual choice/control, data segmentation; 2) use, disclosure, secondary use, data stewardship; 3) aggregate data use, de-identification/re-identification, models for data storage; and 4) transparency, accountability, audit.

The Agenda and other materials supplied for this meeting are available on the HIT Policy Committee webpage (scroll down to Meetings and September 18, 2009). For information on how to access future meetings, go here. For more information about the HIT Policy Committee, a list of its members, and to access previous meeting transcripts and documents, visit the HIT Policy Committee webpage.

HHS HIT Standards Committee gives update on quality measures for “meaningful use”

September 21, 2009February 2, 2010 Kathie McDonald-McClure Health Information Technology, HITECH Law, Meaningful Use, Privacy & Security HITECH Act, meaningful use of certified EHR

On Tuesday, September, 15, 2009, the HHS HIT Standards Committee gave an update on the quality measures that providers seeking to establish “meaningful use” of “certified EHR” must meet in order to qualify for stimulus funds available under ARRA’s Health Information Technology for Economic and Clinical Health (HITECH) Act. The meeting ran from 9:00 am until 2:30 pm. The discussion included an update on the quality measures used to determine “meaningful use” and an update from the HIT Standards Committee’s Privacy & Security Workgroup. Materials and slides used during the meeting are available for download from the HIT Standards Committee webpage (scroll down the page to the September 15, 2009 Meeting). This meeting, as all the others, was open to the public via a web conference and public comments were solicited. For instructions on how to listen and participate in upcoming web conferences, go here. See the HIT Standards Committee Meetings webpage for more information about the Committee, a list of its members, and for documents and transcripts from the previous meetings.

HIMSS Summit of the Southeast: Tennessee Commissior Gives Overview of State Grant Process

September 10, 2009January 15, 2010 Kathie McDonald-McClure Electronic Health Records, Health Information Technology, HITECH Law, State HIT Grants & Loans ARRA HIT Grants, HITECH Act

I attended HIMSS Summit of the Southeast in Nashville on September 9, 2009. As is probably no surprise, this was a well-attended conference with some good speakers and engaging panel discussions. Among the excellent speakers was David Goetz, Commissioner of the Tennessee Department of Finance and Administration, who gave a “state of the state” address regarding Tennessee’s preparation to implement electronic health records.

Mr. Goetz highlighted the recent decision by HHS to allocate money to the states rather than use a competitive application process with regard to the award of grants for HITECH “cooperative agreements” that, per CMS, “focus on developing the statewide policy, governance, technical infrastructure and business practices needed to support the delivery of HIE [health information exchange] services.” Mr. Goetz indicated that using an allocation process rather than competitive applications probably is more fair to those states who are not as far along with e-Health and are dealing with a budget crisis. States still must file a letter of intent by Friday, September 11, 2009 to participate in this funding. The actual application is due by October 16, 2009. Not much time!

Many more details about the grant application process are available here.

HHS Letter to State Medicaid Directors Gives Guidance on HITECH’s Medicaid Incentives

September 10, 2009March 2, 2010 Kathie McDonald-McClure Electronic Health Records, Eligible Professional Incentives, Health Information Technology, HITECH Law, State HIT Grants & Loans ARRA, eligible professional incentives for electronic medical records, HITECH Act, linkedin

On September 1, 2009, CMS issued a letter to State Medicaid Directors to provide initial guidance on state administration of the incentive payments for eligible Medicaid providers who adopt and become meaningful users of electronic health records. These incentives were authorized by the American Recovery and Reinvestment Act (ARRA), specifically section 4201 titled Health Information Technology for Economic and Clinical Health (HITECH). Under the ARRA, HHS is authorized to reimburse states 100% of the incentives paid to eligible providers, and 90% of the state’s planning and implementation expenses incurred to administer the Medicaid incentive program. The criteria that states must meet, as set forth in this initial guidance, illustrates that states should act promptly to engage in certain, significant planning activities in order to ensure that the ARRA Medicaid incentives can be made available in a timely manner to eligible Medicaid providers in the state.

HHS and FTC Issue Breach Notification Rules

August 20, 2009March 2, 2010 Kathie McDonald-McClure Electronic Health Records, Federal Law Resources, Health Information Technology, HITECH Law ARRA, Electronic Health Records, HITECH Act, linkedin, personal health records

On August 17, 2009, the Federal Trade Commission (FTC) issued its final rule requiring vendors of “personal health records” to notify consumers when the security of their electronic health information is breached. On August 19, 2009, the U.S. Department of Health and Human Services (HHS) issued its interim final rule requiring health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their health information is breached. These rules were issued pursuant to the Health Information Technology for Economic and Clinical Health Act (HITECH), which is part of the American Recovery and Reinvestment Act of 2009 (ARRA). HITECH required FTC and HHS to collaborate on development of the breach notification rules. The FTC’s press release and a link to its Breach Notification Rule is available here. The HHS press release and Breach Notification Rule is available here. HHS published the Breach Notification Rule in the Federal Register on August 24, 2009.