| HIPAAdvisory > HIPAAnews > Archives |  |
|
|
October 2001 News Archives:October 31, 2001 Industry Survey Finds Uncertainty with HIPAA in Pharmacy Claims Processing A new survey released today by HealthTrans and the National Council for Prescription Drug Programs finds that while many healthcare organizations are confident of their own HIPAA compliance, they are not as certain about their outsource partners. The survey, which consisted of telephone interviews with NCPDP's HMO, Health Insurer and Pharmacy Benefits Manager (PBM) membership, was conducted by a third party. Questions were asked about readiness for HIPAA and Version 5.1, standards for electronic handling of medical information scheduled to go into effect next year. Survey results found many organizations believe they are ready for HIPAA, there is much uncertainty about HIPAA compliance among outsource partners, organizations are taking multiple strategies for HIPAA compliance, and 97 percent of organizations intend to implement all segments of Version 5.1, and all expect it will save time. Full Story. October 31, 2001 Braithwaite and Sanches Announce Career Moves Senior DHHS staffers William Braithwaite and Linda Sanches have announced major career moves. DHHS's most visible advisors on HIPAA-related issues, Braithwaite and Sanches have been credited with much of the evolution of HIPAA and its mandated regulations. "Bill" Braithwaite, PhD, MD, and senior advisor on health information policy at DHHS, has reported that he is leaving government to join PriceWaterhouseCoopers as director of its healthcare practice in Washington, DC. He has been closely involved with HIPAA since its beginnnings, having served on the Senate Finance Committee staff in the early 90's that developed the Administrative Simplification Provisions. Linda Sanches, a DHHS senior health policy analyst, is moving to the Office for Civil Rights, the body that has been charged with enforciing HIPAA. She was a lead member of the team that created the HIPAA Privacy Rule. October 31, 2001 Health Care, Labor Organizations Urge Thompson to Make 'Critical' Changes to HIPAA Privacy Regulations In a letter dated October 23, more than two dozen health care and employer organizations--including the U.S. Chamber of Commerce, the Health Insurance Association of America and the Healthcare Leadership Council--urged HHS Secretary Tommy Thompson to make "critical changes" to the HIPAA privacy rules. According to the organizations, revisions are "urgently needed" in several areas, including: medical research, prior consent, oral communications, and the "minimum necessary" provision. Full Story. October 29, 2001 Hospital Taps Biometrics for Single Sign-on St. Vincent Hospital and Health Services in Indianapolis has rolled out a biometric authentication pilot project that combines the practicality of single sign-on workstations with biometric authentication devices for roaming enterprise users, reports ComputerWorld. "Biometrics has become synonymous with single sign-on," said Bruce Peck, information security manager at St. Vincent. "We saw this as a way to raise the bar for security across the board." The hospital is showing itself to be a robust proving ground for the combination of the two capabilities. And officials at both the hospital and the software vendors said they're confident that if it can work there, it can work at any company. "The key thing is to get users on and off the workstations quickly. If it slows them down, it impacts patient care," said Peck. Read more. October 29, 2001
Homeland Security: The need for HIPAA The new office of Homeland
Security has created a new mission for everyone to participate in
keeping our nation safe and secure from anyone who would want to
put us at risk. A need that is beginning to be addressed is the
coordination of our healthcare resources. The ability to have an
efficient healthcare system to support Homeland October 26, 2001 Bush Signs Sweeping Anti-Terrorism Surveillance Bill into Law President Bush today signed into law an anti-terrorism package, called the Patriot Act, giving law enforcement vast new powers despite warnings from human rights and privacy advocates that the legislation goes too far. The final legislation does include a few changes: most notably, a sunset on the electronic surveillance provisions, and an amendment providing judicial oversight of law enforcement's use of the FBI's Carnivore system. However, it retains provisions vastly expanding government investigative authority, especially with respect to the Internet. Since the terrorist attacks, Bush and Attorney General John Ashcroft have demanded legislation to expand the FBI's wiretapping and electronic surveillance authority, impose stronger penalties on those who harbor or finance terrorists and increase punishments of terrorists. The bill, approved by the House 357-66 on Wednesday, went to the White House today for Bush's signature after Senate approval of 98-1 only yesterday. Read more, including the ACLU's and EPIC's reactions. October 25, 2001 Governors Continue to Support HIPAA Delay UPDATE: On October 4, the National Governors Assocation (NGA) sent a letter to key House and Senate members. The letter included a list of policy options for Congress to consider in developing its final economic stimulus plan. The NGA updated its recommendations in a second letter sent today. The NGA is continuing in its request to delay HIPAA compliance deadlines, noting that if the House economic stimulus bill is enacted, it would further reduce state revenues by at least $5 billion annually. Without any changes in HIPAA or new federal funding for HIPAA implementation in state-administered programs, states will have to divert funds to comply. According to the NGA, "This means that significantly less state funds will be available for education, critical state services, capital investment, infrastructure improvement, and additional efforts to respond to bioterrorism and other threats to homeland security." Read more. October 22, 2001 Shoring Up Internal System Security Helps Protect Against External Threats As users gear up to protect systems against external cyberterrorism threats, they also will have to consider locking down internal security by better managing the identity of their end-users. This point was underscored last week by industry players who were in New York to explore Gartner's findings that companies are indeed ramping up enterprise identity management initiatives because of government compliance, cost savings, and the benefits of easing administrative burdens. For Louisville-KY based Baptist Healthcare System's statewide hospital network, HIPAA proved the biggest justification for the organization's heightened internal security. Running a fine-tooth comb over possible internal threats allowed the organization to patch up or eliminate dormant rogue accounts, close exposed backdoors, and provide a much clearer picture of system vulnerabilities and multiple access points. Full Story. October 22, 2001 New Report Urges HIPAA Support of Racial/Ethnic Health Data Sharing A new report from The Commonwealth Fund finds wide gaps between the goals of federal initiatives to eliminate racial and ethnic disparities in health care and how federal health agencies are collecting the data needed to achieve these goals. The report, Racial, Ethnic, and Primary Language Data Collection in the Health Care System: An Assessment of Federal Policies and Practices, calls for DHHS to take a leadership role in meeting the challenges of collecting and reporting health data that include information on race, ethnicity, and primary language. Read more. October 22, 2001 A Federal Privacy Commission? That's Right In the wake of the September 11 terrorist attacks, privacy advocates have trouble mustering a case against government plans to intelligently link their databases with those of the State Dept. and the FBI to help prevent terrorist suspects from entering the country. A government agency of technology and policy experts could help policymakers balance national security and personal privacy.That doesn't mean that the battle over privacy rights is over, however. In the next few months, the government will be making dozens of critical decisions about who has access to what data and how it will be scanned, sorted, and linked. That's why now, more than ever, it's essential to strike a balance between security and the right to be left alone. Full Story. October 18, 2001 CERT: Security Attacks Set to Double In 2001 The Washington Post reports attacks on Internet computers are on pace to easily double the number reported last year, according to statistics released Monday by a government-funded security information clearinghouse, Computer Emergency Response Team (CERT). With three months still remaining in 2001, the number of security incidents (defined by CERT as "attempts, either failed or successful, to gain unauthorized access to a system or its data") reported to CERT in 2001 has already soared past the totals for 2000. So far this year, 34,754 attacks have been reported, a 60 percent increase over the 21,756 incidents logged by the organization in all of 2000. If the incident reports continue at the current pace, this year could see over 46,000 reported security attacks, more than twice the number of such breaches reported in 2000. Full Story. October 17, 2001 Hospitals Take Steps to Tighten Security The Associated Press reports hospital officials advised the public Tuesday to expect delays at Hawaii facilities as stronger security measures are put in place amid heightened concerns about terrorism. The new measures could include inspections in parking garages and hospital entrances. The Healthcare Association of Hawaii said visitors and patients at all of Hawaii's 34 hospitals should be prepared for some delays. Association president Richard Meiers said some of the heightened security measures may become permanent. The Queen's Medical Center is now patrolled by security officers on bicycles. Some hospital entrance doors also are being closed, and unattended cars are not allowed in front of the hospital. At Straub Hospital, a security control center is being manned 24 hours a day and security officers patrol the entire facility, hospital officials said. Like Queen's, Straub is considering searching visitors' bags and packages. "It takes just one person to shut down our operation, especially at a health care facility," Straub's safety supervisor said. "We want to be prepared and proactive in protecting our facility." October 16, 2001
AMA, AHA Urge Better Security & Disaster Planning The American
Medical Association and the American Hospital Association have issued
strong advisories to healthcare providers to pay new attention to
security and disaster preparedness. Both organizations are urging
upgrades in emergency response and disaster plans, including strong
back-up and recovery of telecommunications, information systems
and data storage. For specific recommendations, read: AHA's
Advisory on Disaster Readiness and October 15, 2001 NCVHS Asks HHS for HIPAA Privacy Modifications The National Committee on Vital and Health Statistics (NCVHS) has released recommendations on HIPAA Privacy implementation, following lengthy public hearings held in August. The recommendations, which are documented in an October 1, 2001 letter by the Subcommittee on Privacy and Confidentiality to HHS Sec. Tommy Thompson, address several issues including Emergency Access, First Encounters, Revocation of Consent, Consent by Minors, Disclosure for Accreditation and Health Care Quality, Involuntary Commitment, Minimum Necessary, and Defensive Practices. In addition, the sub-committee recommended that HHS issue advisory opinions, best practices information, and model policies, procedures, and forms related to HIPAA compliance. The group expects to issue additional recommendations in the future, addressing research and marketing under the Privacy Rule. For details concerning the NCVHS recommendations, view the full text of NCVHS' letter to Sec. Thompson. October 15, 2001 House Members Offer Comprehensive Privacy Measure The U.S. House Committee on Energy and Commerce Friday offered up a set of baseline privacy rules that companies would be required to follow in both online and offline transactions, according to ComputerWorld. The plan was one of the most comprehensive privacy proposals offered so far by lawmakers, and it drew mixed reviews from those in industry and from privacy advocates. Under the plan outlined by committee leaders, businesses would have to provide simple, easy-to-read and conspicuous privacy notices. Moreover, users would also have the ability to stop a company from sharing personal information for the purpose of sale or other consideration. The federal measure would preempt any state privacy laws -- a provision seen as absolutely necessary by industry to keep companies from having to follow a patchwork of varying state privacy regulations. Full Story. October 12, 2001
House Lawmakers Direct HHS to Address HIPAA Costs According
to an October 11 report by AHA News Now, the House Appropriations October 12, 2001 Web Attacks Have Doubled, Survey Says PCWorld reports attacks on Web servers doubled in 2001, compared to 2000, and nearly 90 percent of companies surveyed have been infected with worms or viruses, despite having antivirus software installed, according to the Information Security Industry Survey. Information Security magazine, which is owned by security firm TruSecure, conducted the survey from late July to early August and received responses from 2545 information security workers. Nearly 50 percent of the companies surveyed experienced attacks against their Web servers from external sources in 2001, up from 24 percent in 2000, the study found. Nearly 90 percent were hit with worms, viruses, or Trojans; almost 40 percent suffered denial of service attacks, and a third faced buffer overflow attacks, the survey found. Security threats from those inside the company were more varied and frequent, but somewhat less serious, the study found. Full Story. October 12, 2001 IT Managers Must Weigh Privacy vs. Security in Terror Battle According to ComputerWorld, corporations will feel more pressure to re-examine IT security and privacy policies and procedures now that Washington is calling for new measures to fight terrorism. Yet most companies don't have chief security officers who have both the IT skills and law enforcement training to guide management through the legal and technical issues stemming from government acquisition and analysis of private data and communications. John J. Davis, president of John J. Davis & Associates Inc., a New York-based IT management search firm, says financial services and health care companies have senior-level IT security executives because of government mandates, but most industries don't. "After Sept. 11, this issue is on the front burner," he says. Read more. October 12, 2001 FBI Warns Infrastructure Owners to Brace for Attacks The FBI Sunday issued a nationwide alert to law enforcement agencies and private-sector owners of critical infrastructure facilities to prepare for a new wave of attacks after military strikes were launched against terrorist targets in Afghanistan, according to ComputerWorld. Intelligence officials have told members of Congress that the likelihood of further attacks, either physical or cyber, is virtually certain. A spokesperson for the FBI's National Infrastructure Protection Center said the warnings serve to encourage a "heightened awareness for security and safety of critical infrastructure systems in the aftermath of the Sept. 11 bombings, and especially since the beginning of US military strikes." Full Story. October 11, 2001 Administration Launches Cybersecurity Office The White House Tuesday officially launched a new, separate office focusing on information security and appointed Richard Clarke as President Bush's special advisor on cybersecurity issues, reports National Journal's Technology Daily. Previously, cybersecurity was part of the administration's general anti-terrorism efforts. For that reason, several high-tech industry officials said cybersecurity issues were not getting necessary attention. Clarke's new Office of Cyberspace Security will be a part of the White House's new Office of Homeland Security, which will be led by former Pennsylvania Gov. Tom Ridge, a Republican. Full Story. October 10, 2001 Disaster Planning Goes Beyond IT Any good disaster plan must go well beyond bulletproofing IT and consider a variety of human factors, reports ZDNet, according to a panel of research analysts speaking Monday at the Gartner Symposium/ITxpo 2001 in Lake Buena Vista, Florida. Specifically, Gartner analyst Roberta Witty emphasized that disaster planning requires such preparations as geographic dispersal of key executives, virtual work environments, and grief counseling programs. In light of the Sept. 11 tragedies, business continuity has emerged as a major theme at this year's Gartner conference. Gartner's panel of business continuity experts talked about how businesses must reconsider locating executives, staff, as well as IT systems and departments to multiple locations. Full Story. October 10, 2001 US & UK Sign
Agreement on Healthcare Data Sharing & Quality Efforts The
United States and the United Kingdom today agreed to new joint health
efforts, aiming at improved quality of health care as well as effective
response against possible incidents of bioterrorism. Under the quality October 10, 2001 Public Health Hampered by "Paper Records" - HIPAA Offers Solutions It can take several days, even weeks to alert public health authorities about potential outbreaks of communicable diseases, according to Healthkey's new report, "Report to the Community." Laura Ripp, program director of Healthkey, a coalition of non-profit healthcare organizations, stated that replacing the paper-based system with secure electronic information exchange via standardized, secure e-mail would "significantly reduce reporting time and allow state and local health departments and the CDC to react much more quickly to stop the spread of an infectious disease." She emphasized that collaboration among information technology leaders, healthcare vendors and government policy-makers will be the determining factor for successful resolution of this issue, which is one of many standardized security and privacy initiatives supported by HIPAA. Read more. October 9, 2001 Survey: Privacy Top Issue of Compliance Officers Some 62% of health care compliance officers responding to a recent survey cite the final medical information privacy rule as the biggest compliance issue facing their organizations, reports Health Data Management. Top issues following privacy include monitoring and auditing (50%), education and training (37%), and compliance with government regulations (36%). Respondents could select multiple answers. The Health Care Compliance Association in Philadelphia sent surveys to 3,548 compliance professionals and received 665 replies. About 40% of respondents represent integrated delivery systems and 30% represent hospitals. Full Story. October 5, 2001 House Leaders Urge Immediate Administrative HIPAA Simplification According to the American Hospital Association (AHA), a bipartisan group of House health care leaders are calling on an end to delays to the implementation of administrative simplifications to HIPAA. In a letter sent yesterday to their congressional colleagues, Ways & Means Health Subcommittee members Reps. Bill Thomas (R-CA), Charlie Rangel (D-NY), Nancy Johnson (R-CT), and Pete Stark (D-CA), said the provisions will improve administrative efficiency in the health care field by facilitating electronic transactions between health plans and health care providers. Citing a letter sent last week by AHA and others opposing the delay, the House lawmakers said if the provisions are delayed, public programs such as Medicare and Medicaid, private payers and ultimately all Americans will needlessly continue to pay for the inefficiencies inherent in the current "Byzantine" system. Read the Ways & Means Health Subcommittee letter. October 5, 2001 Governors Support HIPAA Delay "To Strengthen National Safety Net, Stimulate the Economy" The National Governors Association (NGA) has included a request to delay HIPAA compliance deadlines in its proposals for a legislative stimulus package being considered by the Administration and Congress. In an October 4 press release, the NGA announced three categories of proposals: assistance to families affected by the recent terrorist attack, economic stimulus to accelerate state spending, and a "reduction or deferral of federal requirements that limit the states financial ability to respond to economic disruption." Full Story. October 4, 2001 HIPAA Regs Update: Employer ID & 3 NPRMS Likely by 12/31; Security Coming Early 2002 The Employer Identifier Rule has been drafted and sent to DHHS for its final review, according to an October 1 report by WEDI (Workgroup for Electronic Data Interchange). WEDI's report, which has been confirmed by government sources, also stated that two proposed rules (NPRMs) for revising the Transaction and Code Set standards should be published by the end of the year. These rules will propose making certain changes in Designated Standard Maintenance Organizations (DSMOs), and removing the NDC code as the drug-coding standard for all but retail pharmacy transactions. A NPRM for Privacy is currently anticipated to be released in December of this year. DHHS noted in its July 6 Privacy Guidance document that it would issue NPRMs "expeditiously" that would propose modifications of the final Privacy Rule "to correct any unintended negative effects." WEDI also reported that the Claim Attachment NPRM and the Security final rule are in the final stages of preparation, and may be published early next year. The Provider Identifier and Plan Identifier are in process, but no definitive action is anticipated this year. Before HIPAA final rules and NPRMs may be published, the Federal rule-making process requires that they undergo a last DHHS review and approval by the Secretary. Then they must be submitted to the Office of Management and Budget (OMB) for final review from a government-wide perspective. October 4, 2001 FTC Will Not Seek New Internet Privacy Laws Federal Trade Commission (FTC) Chairman Timothy J. Muris delivered remarks today at the 2001 Privacy Conference in Cleveland, OH, outlining the FTC's new Privacy Agenda and announcing that the agency plans to increase resources dedicated to privacy protection by 50 percent. Muris presented a detailed FTC enforcement plan, developed over the past four months through meetings with agency, consumer, industry, and trade association officials, that will involve "every division of the Bureau of Consumer Protection and increase the resources devoted to privacy issues substantially." Regarding possible legislation concerning both Internet and off-line privacy, the Chairman cited the recent GLB privacy notices and said "we should at least digest this experience" before moving forward. Read more. October 4, 2001 Global Experts Redefine the Role of Privacy & Security The impact of the 9/11 attacks on America transformed Americans attitudes about privacy and security according to a recent poll conducted by Scientific American of U.S. and international experts on privacy and security in advance of the November 13/14 Scientific American Global Summit on Privacy & Security in the Digital Age. The survey, conducted by Leflein Associates, was sent to the Summit's 54 advisory board members and speakers, a Who's Who among the global privacy and security community, which includes U.S. government officials, IT leaders, and privacy commissioners from around the world. Read the Top 10 Key Findings. October 4, 2001 Hackers Keep On Trying To Breach Insurers’ Security While the insurance industry seems to have dodged a bullet in not having major Web sites or networks successfully broken into by hackers, security managers at Mutual of Omaha report that the company’s network has been the target of numerous attempted attacks. "Imagine the eyebrows of our CEO when I reported to him that in one week’s time we had 190 Code Red worm attempts on our network," said Steven J. Clauson, director of system security for the Omaha, Neb.-based insurer. "Every day, we see between 10 and 20 serious-risk hacker attacks against our network," he added. A survey of 500 companies—done by the Computer Security Institute and the FBI—stated that viruses alone had cost these companies $150 million over the course of a year. Full Story. October 3, 2001 AHA Advises Hospital Disaster Readiness In a message to America's hospitals, the American Hospital Association (AHA) has produced a Disaster Readiness Advisory containing guidance about emergency preparedness in light of the recent terrorist attacks. As part of America's vital health care infrastructure, hospitals will play a special role in the effort to strengthen our national security and emergency readiness. As organizations that continually try to improve what they do, hospitals must now refocus their readiness efforts so that they are prepared to deal with potential terrorist attacks. Read more. October 2, 2001 HPP Says Transactions Delay Would Threaten Patient Privacy On September 21, the Health Privacy Project responded to a Congressional inquiry on how a delay in the HIPAA Transactions compliance deadline would impact the HIPAA privacy regulation. In a letter to Senator Edward Kennedy, Janlori Goldman, Director of the Health Privacy Project at Georgetown University's Institute for Health Care Research and Policy, described the Transactions, Privacy and Security Rules as so interrelated that a delay in Transactions compliance would directly affect compliance with patient privacy and information security mandates. Goodman noted, for example, that "According to HHS, only providers that engage in electronic transactions using the standard formats set out in the transactions regulation must comply with the privacy regulation. Thus, any delay in the transactions regulation directly impacts the time frame for provider compliance with the privacy regulation." Goodman was asked for her comments in the wake of recent Congressional initiatives to extend the Transactions Rule compliance deadline up to two years past its published deadline of October 2002. Read the Letter (PDF). October 1, 2001 DHHS Secretary Thompson: Transactions Compliance Delay is Unlikely Delay in HIPAA electronic standards' October 2002 compliance date is unlikely to pass Congress, DHHS Secretary Thomspon said Sept. 27 at a National Association of Manufacturers meeting. The Senate Finance Committee is seeking a one-year delay in transaction and code set implementation only, but any delay is opposed by Sen. Kennedy (D-Mass.) because it may also push back privacy regs. A March bill to replace the privacy rule (HR 1215), introduced by Rep. Greenwood (R-Penn.), has been referred to the House Judiciary/Crime Subcommittee.
|
|
Schedule for Reg Publication/
|
