April 2003 News Archives

April 30, 2003 OCR Provides Guidance on Research Use of Data; Medical Device Cos. as BAs Health Data Management reports drug company Eli Lilly recently expressed concern to Department of Health and Human Services (HHS) officials that the HIPAA privacy rule may impede clinical research trials. In a response letter, Richard Campanelli, director of the HHS Office of Civil Rights, wrote, "From the point of view of privacy rule compliance and enforcement, all that is required is that HIPAA authorizations used for research or other disclosures comply with the requirements of the rule, whether the HIPAA authorization form is created by the covered entity itself or by a third party."

Last month, Campanelli responded to a letter sent by the Advanced Medical Technology Association (AdvaMed) requesting HHS to clarify whether, according to HIPAA, medical device companies are business associates in their various roles as manufacturers, sponsors of clinical research, providers of training, technical service and support for their products, and FDA-mandated device trackers. Campanelli's response explains the Privacy Standards' requirements in each of these roles.

Read OCR's guidance on research use of data (PDF).

Read OCR's guidance on medical device companies' roles as BAs (PDF).

Read "Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule" (PDF) from HHS' National Institute of Health.

April 30, 2003 High Court Rejects Challenge to SC Patient Records Rules USA Today reports the US Supreme Court rejected a challenge Monday to South Carolina regulations that let health inspectors examine and copy patient records at clinics that perform abortions. A Greenville, SC clinic and physician argued that the regulations unconstitutionally intrude on women's privacy. The challengers were supported by the American College of Obstetricians and Gynecologists, which urged the justices to hear the case, saying the policy "violates basic principles of medical confidentiality." The high court's rejection of the appeal -- made in a one-sentence order -- sets no national precedent. But it allows the South Carolina regulations to take effect and closes a chapter of litigation stemming from the state's mid-1990s regulation of abortion providers.

Read more.

April 28, 2003 Senator Seeks Assurance Privacy Enforcement Will Be ‘Reasonable’ Sen. Judd Gregg (R-NH), chairman of the Senate Committee on Health, Education, Labor and Pensions (HELP), has written to HHS Secretary Tommy Thompson, to bring to Thompson's attention "serious concerns that have been raised by many providers of vital health care services, including state Medicaid agencies, about the impact of the medical privacy rule under HIPAA." In his April 24 letter, Gregg asks Thompson "to publicly assure providers and other covered entities that the medical privacy rule will be enforced in a reasonable, non-punitive manner and that special consideration will be given to the rule’s most complex requirements for which the department has provided no formal guidance.”

Read Sen. Gregg's letter (PDF).

April 21, 2003 WEDI Alerts HHS Over Impending TCS "Train Wreck" On April 15, the Workgroup for Electronic Data Interchange (WEDI) sent a letter to HHS Secretary Tommy Thompson advising him on how the industry will be making the short-term transition from its current state to a successful implementation of the HIPAA Transaction and Code Set (TCS) standards. WEDI believes that a substantial number of covered entities are not far enough along to achieve compliance by the October 16, 2003 TCS deadline. In its letter, WEDI identifies several courses of action which may avoid the "train wreck" that will result from reversion to paper claims or stoppage of cash (payment) flows.

Related to this, the HHS Office of Inspector General (OIG) recently reported that about one in five state health agencies say they will not be compliant by the October 16, 2003 deadline. Only one of the five territories with Medicaid programs expects to be compliant by October.

View OIG's reports:

• "HIPAA Readiness: Administrative Simplification for Medicaid State Agencies" (PDF)
  
  
• "HIPAA Readiness: Administrative Simplification for Territories with Medicaid Programs" (PDF)

Read WEDI's letter (PDF).

April 21, 2003 Homeland Security Issues NPRM on Critical Infrastructure Data Submission CNET News reports that last week, the new Department of Homeland Security published a set of proposed regulations designed to convince corporate America to hand over infrastructure information to the government, promising that it will be kept in the strictest confidence. The proposal sweeps broadly, covering any data submitted to the government about any real or possible attack on "critical infrastructure or protected systems by physical or computer-based attack" or any programming errors, glitches or bugs that could endanger important services.

Read CNET's article, "Uncle Sam Wants to Know Your Weakness."

Read the proposed regulation.

April 21, 2003 HIMSS Goal: Quicken Electronic Records Adoption Health Data Management reports more than 70 provider organizations and information technology vendors have signed a declaration calling for a summit and additional action to support universal implementation of computer-based patient records systems. The Healthcare Information and Management Systems Society (HIMSS) wrote the declaration as part of a pledge to

• Define the electronic health record and its functionality to facilitate adoption and interoperability.
• Develop a standard summary patient data set to achieve initial interoperability among providers.

Meanwhile, iHealthBeat reported that few hospitals and only about 5% of US primary care physicians use EMRs, according to an article in Technology Review.

Read more.

April 21, 2003 Security Agency Selects Privacy Watchdog The Washington Post reports a former privacy official for the controversial Internet advertising firm, DoubleClick, was named chief privacy officer of the Department of Homeland Security last week. Lawyer Nuala O'Connor Kelly will review whether the department's collection and use of personal information about US citizens is legal and appropriate.

Read more.

April 15, 2003 HHS Releases Interim Final Rule on Enforcement; Posts New Privacy Guidance The interim final rule, "Civil Money Penalties: Procedures for Investigations, Imposition of Penalties, and Hearings," establishes rules of procedure for the imposition, by the Secretary of Health and Human Services, of civil money penalties on entities that violate HIPAA standards. This rule will be the first installment of the "Enforcement Rule" which, when issued in complete form, will set forth procedural and substantive requirements for imposition of civil money penalties. In the interim, HHS is issuing these rules of procedure to inform regulated entities of its approach to enforcement and to advise regulated entities of certain procedures that will be followed as it enforces the Administrative Simplification provisions of HIPAA. The interim final rule will be effective May 19, 2003 and provides for a 60-day comment period. This interim final rule will cease to be in effect on September 16, 2003.

The Centers for Disease Control (CDC) published HIPAA Privacy Rule and Public Health Guidance, including appendices on selected Privacy Rule concepts and definitions and sample text that can be used to clarify public health issues under the Privacy Rule. OCR also posted three documents to assist covered entities in complying with the Privacy Rule:

• CDC's Privacy Rule and Public Health Guidance
  
  
  • Appendix A -- Selected Privacy Rule Concepts and Definitions
    
    
  • Appendix B -- Sample Text That Can Be Used To Clarify Public Health Issues Under the Privacy Rule
    
    
• Protecting the Privacy of Patients' Health Information
  
  
• How to File a Health Information Privacy Complaint with the Office for Civil Rights
  
  
• Summary of HIPAA Privacy Rule (PDF)

View the text of the Interim Enforcement Final Rule.

April 14, 2003 HHS Secretary Thompson and the Press: On Reaching the Privacy Deadline On Friday, Department of Health and Human Services' Secretary Tommy Thompson issued a press release on the HIPAA Privacy regulations going into effect today. Sec. Thompson focused on how the new federal health privacy protections "will reassure patients of the confidentiality of their medical records...[and give them] greater access and more control over...[the] personal information...in their own medical records." Meanwhile, newspapers across the nation have been focusing on today's Privacy Rule compliance deadline, alerting the public of what to expect when interacting with the healthcare industry. Major papers running stories are:

• Boston Globe
• Chicago Tribune
• Dallas Morning News
  
• Los Angeles Times
• New York Times
• Washington Post
  (some of these links require free registration)

Read the text of Sec. Thompson's release.

April 11, 2003 HIPAA Roundtable Scheduled for April 30 A National HIPAA Implementation Roundtable has been scheduled by the Centers for Medicare & Medicaid Services (CMS) for April 30, 2003 from 2:00 PM - 3:30 PM ET. It will focus on HIPAA Administrative Simplification, specifically electronic transactions and code sets, and security. The call in number is 1-877-381-6315. The conference identification number is 8688774. CMS is requesting that callers RSVP to Alikia Brown at Abrown1@cms.hhs.gov or by fax to 410-786-1710.

The transcript of the February 28 Roundtable, focusing on security and electronic transactions and code sets, is now available; the transcript of the Privacy Roundtable held in March in conjunction with the Office of Civil Rights will be coming soon.

Read the February Roundtable transcript (PDF).

April 11, 2003 Citizens for Health, American Psychoanalytic Assn. File Last-Minute Privacy Rule Lawsuit A lawsuit was filed yesterday federal court in Philadelphia to try to block the HIPAA privacy law that is to take effect Monday, reports the Philadelphia Inquirer. The plaintiffs in the suit, the Citizens for Health consumer group and the American Psychoanalytic Association, charge that the new law will give insurance companies, drug companies and police more access to individual medical records. The lawsuit asks the court to invalidate the parts of the privacy rule that say patient consent is not needed for sharing medical information with health plans or billing companies and their business associates.

Also yesterday, Rep. Edward J. Markey (D-MA) and Rep. Ron Paul (R-TX) separately introduced legislation regarding patient privacy. Markey's bill (HR 1709), the "Stop Taking Our Health Privacy" (STOHP) Act first introduced in October 2002, requires patients' permission before their records could be used or disclosed for treatment, payment and health-care operations. Paul's bill (HR 1699), the "Patient Protection Act," repeals the HIPAA Privacy regulations, abolishes a national patient identifier, and prohibits the use of federal funds to develop or implement a database containing personal health information.

Read more regarding the lawsuit.

Read the text of Markey's bill, HR 1709 (PDF).

April 10, 2003 Balancing SARS Patients' Privacy with Public's Need to Know The Miami Herald reports that Florida's Department of Health issued news releases last week detailing the state's ability to monitor an outbreak of severe acute respiratory syndrome (SARS), but short on specific information about the afflicted. Current University of Miami president Donna Shalala, Secretary of Health and Human Services in the Clinton administration, thinks that the state Health Department has it right, saying that individuals shouldn't be identified and potentially stigmatized.

Read more.

April 10, 2003 HPP to Monitor HHS Enforcement of Privacy Rule The Health Privacy Project (HPP) announced today it will be monitoring the oversight and enforcement of the HIPAA privacy rule by HHS’ Office for Civil Rights (OCR) to ensure that patients’ privacy rights are enforced effectively. HPP has posted a model complaint form on its website and is asking the public to provide HPP with copies of complaints submitted to OCR. OCR has yet to post an online complaint form, even though most health care providers and health plans are required to comply with the new privacy law by April 14, 2003.

Read more.

April 1, 2003 CMS to Hold HIPAA 101 Satellite Broadcast The Centers for Medicare & Medicaid Services on April 16 will present a free satellite broadcast to inform health care providers about the administrative simplification provisions of HIPAA. The Medicare Learning Network broadcast, "HIPAA 101: the Basics of Administrative Simplification," can be accessed by anyone with an analog satellite dish. It also will be available at local carrier and intermediary sites and at selected Indian Health and Tribal Health facilities in 25 states.

The program will cover:

• The history of HIPAA and its benefits
• How to tell if you are a 'covered entity' under HIPAA
• The standards that have been adopted for electronic transactions and code sets
• Why the Designated Standards Maintenance Organizations may be important to you
• What you need to do to be compliant with the administrative simplification provisions of HIPAA
• How HIPAA's rules and deadlines will be enforced
  

More information.

News Archives

Go to TOP

Current News

Recent News

News Archives

Conference Calendar

Schedule for Reg Publication/
Compliance Calendar

HIPAAlert - Newsletter

HIPAAlive & Kicking

Change Your Settings
or Unsubscribe

List Guidelines
(in brief)

HIPAAlive FAQ

Detailed List Policy

Our Privacy Policy

Copyright
Disclaimer

Advertise

Contribute

About Phoenix Health Systems