HHS HIT Policy Committee discusses privacy & security standards for “meaningful use” of Electronic Health Records

September 21, 2009January 15, 2010 Kathie McDonald-McClure Electronic Health Records, Health Information Technology, HITECH Law, Meaningful Use, Privacy & Security Electronic Health Records, Health Information Technology, HITECH Act, linkedin, personal health records

On Friday, September 18, 2009, from 8:30 am to 3:00 pm, the HHS HIT Policy Committee discussed the standards under development for the 2013 and 2015 “meaningful use” criteria related to privacy and security. The Committee’s webpage gave the following overview of the purpose of the meeting:

Protecting health data through comprehensive privacy policies and security functions are foundational requirements for appropriate management and exchange of individuals’ health data. It constitutes one of the five categories of criteria in the meaningful use criteria matrix. The HIT Policy Committee is holding an initial informational public hearing on September 18, 2009, as input to further deliberations regarding recommendations for 2013 and 2015 meaningful use criteria. Initially, the Committee is seeking testimony in four broad categories: 1) individual choice/control, data segmentation; 2) use, disclosure, secondary use, data stewardship; 3) aggregate data use, de-identification/re-identification, models for data storage; and 4) transparency, accountability, audit.

The Agenda and other materials supplied for this meeting are available on the HIT Policy Committee webpage (scroll down to Meetings and September 18, 2009). For information on how to access future meetings, go here. For more information about the HIT Policy Committee, a list of its members, and to access previous meeting transcripts and documents, visit the HIT Policy Committee webpage.

State surveyors not to determine whether EHR meets HIPAA Privacy and Security Rules; Providers and Suppliers must provide access to EHR to Surveyors

September 15, 2009January 15, 2010 Kathie McDonald-McClure Electronic Health Records, Federal Law Resources, Health Information Technology, Privacy & Security Electronic Health Records, linkedin

In a letter to State Survey Agency Directors dated August 14, 2009, the Centers for Medicare and Medicaid Services (CMS) gave state surveyors guidance regarding surveys of facilities that use electronic health records (EHRs). CMS first stated its support and commitment to the goal that, by 2014, most Americans “will have access to health care providers who use EHRs.” CMS notes that the expanded use of EHRs will cause surveyors to encounter more and more situations where there is no paper-based record immediately available for review. In addition, there may be concerns about the scope of responsibility of State Survey Agencies in enforcing the Conditions of Participation (CoPs), Conditions for Coverage or Conditions for Certification (CfCs) applicable to the surveyed provider or supplier. The CoPs and CfCs include requirements respecting confidentiality of clinical information stored in an EHR.

HHS Letter to State Medicaid Directors Gives Guidance on HITECH’s Medicaid Incentives

September 10, 2009March 2, 2010 Kathie McDonald-McClure Electronic Health Records, Eligible Professional Incentives, Health Information Technology, HITECH Law, State HIT Grants & Loans ARRA, eligible professional incentives for electronic medical records, HITECH Act, linkedin

On September 1, 2009, CMS issued a letter to State Medicaid Directors to provide initial guidance on state administration of the incentive payments for eligible Medicaid providers who adopt and become meaningful users of electronic health records. These incentives were authorized by the American Recovery and Reinvestment Act (ARRA), specifically section 4201 titled Health Information Technology for Economic and Clinical Health (HITECH). Under the ARRA, HHS is authorized to reimburse states 100% of the incentives paid to eligible providers, and 90% of the state’s planning and implementation expenses incurred to administer the Medicaid incentive program. The criteria that states must meet, as set forth in this initial guidance, illustrates that states should act promptly to engage in certain, significant planning activities in order to ensure that the ARRA Medicaid incentives can be made available in a timely manner to eligible Medicaid providers in the state.

HHS and FTC Issue Breach Notification Rules

August 20, 2009March 2, 2010 Kathie McDonald-McClure Electronic Health Records, Federal Law Resources, Health Information Technology, HITECH Law ARRA, Electronic Health Records, HITECH Act, linkedin, personal health records

On August 17, 2009, the Federal Trade Commission (FTC) issued its final rule requiring vendors of “personal health records” to notify consumers when the security of their electronic health information is breached. On August 19, 2009, the U.S. Department of Health and Human Services (HHS) issued its interim final rule requiring health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their health information is breached. These rules were issued pursuant to the Health Information Technology for Economic and Clinical Health Act (HITECH), which is part of the American Recovery and Reinvestment Act of 2009 (ARRA). HITECH required FTC and HHS to collaborate on development of the breach notification rules. The FTC’s press release and a link to its Breach Notification Rule is available here. The HHS press release and Breach Notification Rule is available here. HHS published the Breach Notification Rule in the Federal Register on August 24, 2009.

Kentucky Governor establishes Office of Electronic Health Information

August 19, 2009September 15, 2009 Kathie McDonald-McClure Health Information Technology, HITECH Law, State HIT Grants & Loans ARRA HIT Grants, HITECH Act, Kentucky Health Information Technology, linkedin

On August 14, 2009, Kentucky Governor Steve Beshear signed an Executive Order creating Kentucky’s Office of Electronic Health Information. This new Office will be the conduit for development of health information exchanges and the stimulus grants available to states under the HITECH Act. The Secretary of Kentucky’s Cabinet for Health and Family Services is vested with authority to appoint the Executive Director for the Office.

The press release announcing the creation of the office states that the Kentucky E-Health Network Board, which is administratively attached to the Cabinet for Health and Family Services, will also serve as an integral resource to the Office as it moves forward. CHFS Secretary Janie Miller said, “The Governor’s action will allow the Commonwealth to be in a position to apply for federal stimulus funds for planning and implementation of health information exchange to support infrastructure and build resource capacity, particularly for underserved communities.” The Executive Order’s effective date is August 16, 2009.