| HIPAAdvisory > HIPAAnews > Archives |  |
|
July 2003 News ArchivesJuly 30, 2003 National Health Information Infrastructure Act of 2003 Introduced in Congress Congresswoman Nancy Johnson (R-CT), Chairman of the House Ways and Means Health Subcommittee, introduced last week the "National Health Information Infrastructure Act of 2003." The bill, HR 2915, which was referred to the House Committee on Energy and Commerce, would create within the Department of Health and Human Services (HHS) a national health information officer serving for five years unless Congress extends the term. The officer, in consultation with an advisory group comprised of health care industry members, would issue recommendations for a uniform health information system to ensure compatibility and interoperability. The legislation would also require the development of national, voluntary data and communications standards such as medical vocabularies and electronic messaging. July 29, 2003 AHIMA to HHS: Adopt ICD-10 Now Health Data Management reports the American Health Information Management Association (AHIMA) is asking the Department of Health and Human Services (HHS) to take "quick and decisive" action to adopt the International Classification of Diseases (ICD), 10th Edition. In a letter to HHS Secretary Tommy Thompson, Chicago-based AHIMA noted the federal government's licensure of the SNOMED CT clinical terminology for free national use compels a quick move away from the "obsolete" ICD-9 coding system. July 24, 2003 CMS Presents Guidance on TCS Compliance During a Special Open Door Forum on HIPAA this afternoon, the Centers for Medicare and Medicaid Services (CMS) presented guidance on compliance with the October 16 transactions and code sets (TCS) deadline. In response to inquiries received expressing concern over the health care industry’s state of readiness, the Department of Health and Human Services issued the guidance outlining its approach to enforcement of the TCS provisions. The guidance reiterates what CMS officials have been saying all along: "The law is clear: October 16, 2003 is the deadline... (a)fter that date, covered entities, including health plans, may not conduct noncompliant transactions" and "CMS will focus on obtaining voluntary compliance and use a complaint-driven approach for enforcement...". CMS also made available the following TCS compliance materials:
July 23, 2003 CMS Rejects HIPAA Claim; Presenting TCS Guidance Tomorrow The Centers for Medicare and Medicaid Services (CMS) has sent a memo instructing its Medicare carriers to accept only paper forms after the transactions and code sets (TCS) compliance deadline for a secondary claim with more than one primary payer, reports Health Data Management. The X12 837 implementation guide does not have the data fields which the Medicare program needs to process the obscure claim type. The HIPAA transactions rule, which CMS is charged to enforce, currently prohibits payers, including Medicare, from requiring electronically submitted claims to include data elements not supported in the implementation guides. CMS declined to make officials available for interviews about the memo, citing a rush to complete a guidance document on compliance with the October 16 TCS deadline. That guidance is expected to be released tomorrow during a CMS Special Open Door Forum on HIPAA at 2:00 PM (EDT). Documents containing information discussed during the meeting will be posted on the CMS web site. For more information on how to participate in CMS' forums, register at the Open Door Forum web page. July 21, 2003 CMS: Put Transactions Testing on Schedule Now Health Data Management reports the Centers for Medicare and Medicaid Services (CMS) is sending a letter to provider organizations imploring them to schedule HIPAA transactions testing with Medicare carriers and fiscal intermediaries. "Time is growing short," says Administrator Thomas Scully in the letter. "Please be sure to test and start sending and receiving HIPAA compliant transactions as early as possible to avoid any last minute problems." Karen Trudel, Deputy Director of the Office of HIPAA standards at the Centers for Medicare and Medicaid Services (CMS), addressed the issue of doing transactions testing now during CMS’ eighth HIPAA roundtable discussion. Meanwhile, the OIG recently issued a final report based on a survey of Medicare Part B providers finding that overall, most providers expect to be in compliance by October 2003. July 21, 2003 Report: CA Project Shows Health Data Sharing Feasible A California county's health data sharing project shows promise, although the federal government must do its part to ensure the success of these local efforts, according to a report from the California HealthCare Foundation. The report, "Moving Toward Electronic Health Information Exchange: Interim Report on the Santa Barbara County Care Data Exchange," offers guidance for other communities and national policy. The report concludes that community health information exchange is feasible and can be financially sustainable. July 21, 2003 VA's Health Records Portal to Launch in September Government Computer News reports the Veterans Affairs Department (VA) is ramping up its HealtheVet services portal for a nationwide release in mid-September. The portal ultimately will give veterans secure access to their health records. It will let veterans personalize their accounts with links to information explaining their records and medical conditions. When fully interactive in April, veterans will be able to track their medical data and make appointments, refill prescriptions, enter self-taken information such as blood pressure and chart their conditions. July 21, 2003 Congress Eyes Small Steps on Privacy Legislation While the US Congress focuses on fighting spam email, legislation aimed at protecting consumer privacy online has taken a back seat, according to Computerworld. One privacy bill, Sen. Dianne Feinstein's (D-CA) "Notification of Risk to Personal Data Act," which would require companies to notify consumers when a database containing private information has been compromised, might not win passage because of technology industry opposition. A bill that may have more support than Feinstein's is the Consumer Privacy Protection Act of 2003, introduced by Rep. Cliff Stearns (R-FK) and 22 co-sponsors. The Stearns bill requires that companies collecting personal information give customers privacy notices and tell them why the information is being collected. July 18, 2003 CMS to Issue Guidance on HIPAA Transactions Compliance Following pleas from healthcare providers, software vendors and billing clearinghouses, CMS will give its first guidance on compliance with the HIPAA transaction regulations next week, reports Modern Physician. Numerous organizations have complained, including the Association For Electronic Health Care Transactions (AFEHCT) which sent a "laundry list of concerns" only two days ago, to Department of Health and Human Services (HHS) Secretary Tommy Thompson that there is not enough time to complete electronic claims testing with all payers prior to the October 16 compliance deadline. CMS officials are trying to figure out whether the HIPAA statute or the rule on transactions and code sets(TCS) allows for any "wiggle room." July 17, 2003 Hopkins Seeks Patient Waiver of HIPAA Privacy Johns Hopkins Medicine wants to ask all its patients to waive certain privacy rights so researchers can comb through their medical records, hunting for people they can invite to enroll in clinical trials, reports the Baltimore Sun. The university called its proposal, which is subject to federal approval, a straightforward attempt to balance patients' rights under a new medical privacy law with researchers' need to find volunteers for human tests of drugs and devices. July 15, 2003 HIMSS Working on Electronic Medical Record (EMR) Standard Department of Health and Human Services Secretary Tommy Thompson recently announced an effort to develop a national standard for the electronic medical record (EMR). As a sponsor with the Healthcare Information and Management Systems Society (HIMSS), the Centers for Medicare and Medicaid Services (CMS) and the Department of Veterans Affairs (VA) are providing financial and content expertise to support this initiative. A definitional model of the electronic medical record (EMR) proposed by HIMSS' EHR Steering Committee work group was submitted to Health Level 7 (HL7) and the Institute of Medicine (IOM), and is now under review by the federal government. The IOM also requested, and has received, a listing of the winners of the HIMSS Nicholas E. Davies Award of Excellence for use of EMRs, and in-depth specifics about the attributes of each winner’s EMR systems. Once the recommended specifications have been evaluated, HHS will share all components of the EMR standardized model record with the US health care system. The HIMSS EMR Definitional Model identifies eight key attributes that an electronic medical record must have. Meanwhile, HIMSS and the American Academy of Family Physicians (AAFP) are collaborating on a six-month demonstration project studying the implementation of an open ASP (application service provider) electronic medical record (EMR) in six to 10 small family physician practices across the United States. The open ASP system manages and delivers information to multiple users, such as the family practice offices in the demonstration, from a remote location across a wide network area. The actual demonstration will begin no later than November 1, 2003. HIMSS has been working toward the adoption of a universal EMR with its members, government and the private sector. In working with its membership, the AAFP has identified the need to address implementation of low-cost, standards-based EMR systems in the offices of small- and medium-sized physician practices. The collaboration between the two organizations focuses on eliminating the obstacles that can prevent the adoption of the EMR in a medical practice setting. Read the HIMSS EMR definitional model (PDF). July 14, 2003 Panel Says Privacy Rules Obstruct Patient Communication According to IHealthBeat, Technology Daily reports a panel of health care officials testified last week at a congressional briefing that the HIPAA privacy rules are impeding adoption of new health care technology. One health care organization officer said it is harder for many providers to use electronic media such as email to communicate with patients. Another said that the rule caused the delay of an online information program because it was not encrypted. July 11, 2003 CMS & OCR Update NCVHS on HIPAA Data & Privacy Standards Issues Representatives of the Centers for Medicaid and Medicare Services (CMS) and Office for Civil Rights (OCR) gave presentations at the June 24, 2003 meeting of the National Committee on Vital and Health Statistics. Karen Trudel of CMS updated the committee on the TCS and identifiers portions of HIPAA, discussing regulations that are pending, some of the outreach efforts CMS has undertaken recently, and the issue of readiness for the transactions and code sets deadline that is coming in October. Stephanie Kaminsky, OCR, spoke on Privacy Rule compliance and issues including enforcement. She noted that OCR had received 637 complaints so far; of those, they had closed 124 and accepted 260 for investigation. Read the relevant portion of the June 24 NCVHS meeting transcript. July 9, 2003 From CMS: Medicare Waiver for Small Providers Billing on Paper The Centers for Medicare & Medicaid Services (CMS) posted a memo on June 24, 2003, stating the Administrative Simplification Compliance Act (ASCA) includes a provision that, effective October 16, 2003, Medicare may not pay claims submitted on paper, with certain exceptions. One of the major exceptions is for claims submitted by "a small provider of services or supplier." The term "small provider of services or supplier" is defined to mean:
There will also be other limited exceptions. Regulations clarifying the exceptions are expected to be published soon. If you believe that you meet the small provider exception, you cannot yet apply for a "waiver;" simply continue to bill via paper. CMS will provide further instructions on changes to this waiver process after the regulations have been published. If you are not a small provider, CMS recommends that you prepare to bill Medicare electronically using the appropriate HIPAA transactions. Read the "Medicare waiver for small providers billing on paper" memo (document file). July 9, 2003 Suit Says School Ordered Girls Tested for Diseases after Party The New York Times reports officials at an intermediate school in New York are being sued for violating students' constitutional rights to privacy, bodily integrity, equality and due process. The suit alleges that the officials, after finding out about a dozen students that cut classes at the school to attend a mid-day party in April, ordered the girls who were reported to be at the party to undergo medical tests for pregnancy and sexually transmitted diseases, and demanded to see doctors' notes about the results. The New York Civil Liberties Union learned about the party and its aftermath from medical professionals at the clinic who were taken aback by the girls' requests for tests and notes. They expressed concerns about medical confidentiality. July 9, 2003 HPP Files Comments on HIPAA Enforcement Rule On June 16, 2003, the Health Privacy Project (HPP) filed comments on the Interim Final Rule on Civil Monetary Penalties for HIPAA. The interim final rule is the Department of Health and Human Services' (HHS) first installment of a bigger rule that the Department intends to promulgate in the future for the enforcement of HIPAA, called the "Enforcement Rule." The Enforcement Rule will set procedural and substantive requirements for the imposition of civil monetary penalties. In this first installment, HHS has set out to inform regulated entities about their approach to enforcement and to inform them of a few basic procedural rules that will govern enforcement. All of the substantive issues about enforcement - such as what will actually constitute a violation, and how will penalties be determined - and much of the more complicated procedural questions will be addressed in the bigger "Enforcement Rule" that is forthcoming. The Health Privacy Project’s comments emphasized two points. First, HPP is concerned with the general approach to enforcement of the privacy rules, which is to primarily respond to complaints about possible violations of the rules instead of actively monitoring entities covered by the rules to ensure compliance. In its comments, HPP is asking for the routine monitoring of covered entities for compliance, for an annual report by HHS accounting for enforcement activities and for better education of the public regarding its rights, if HHS is to rely on the public's complaints for enforcement. Second, HPP is also very concerned by the absence in the interim final rule of any role in the enforcement process for the individual whose privacy was violated by the unlawful use or disclosure of his or her sensitive medical information. Under HIPAA, consumers do not have a private right of action; instead the HHS Secretary can initiate an investigation and enforcement process. HPP suggests ways in which the role of the individual harmed can be strengthened in the enforcement proceedings, including notification of the individual and acceptance of testimony or written statements by the individual in the proceedings. Read HPP's comments on the Interim Final Rule (PDF). July 3, 2003 AHA, Provider Groups Urge Action to Prevent HIPAA TCS 'Train Wreck' In a letter delivered to HHS Secretary Tommy Thompson late yesterday, the American Hospital Association (AHA), American Medical Association, and several other provider groups urge HHS to act promptly to prevent an impending "train wreck" from an uncoordinated implementation of HIPAA standardized transactions on Oct. 16. AHA News reports the letter warns that absent action from HHS, rejection of non-standard electronic transactions and resulting reversion to paper transactions by significant numbers of providers will lead to a major disruption of payments to providers under Medicare, Medicaid and private sector health plans. The organizations urge HHS to clarify that during a reasonable migration period, transactions standards compliance requires only that claims be in the HIPAA standard format, use the standard codes and contain only the data content necessary for adjudication. They also urge the agency to develop a process to ensure an adequate level of cash flow to providers during the transition. July 3, 2003 New CA Security Breach Reporting Law Will Have Nationwide Impact A new California law, Senate Bill 1386, which became effective on July 1, is likely to have a significant impact on the information security practices of companies doing business in California, including virtually all sectors of the healthcare industry. Although the healthcare industry is currently preparing for the April 2005 compliance date of the final Security Rule, SB 1386 will cause many organizations to take immediate steps to strengthen security practices, particularly with respect to security incident response procedures. The new law requires anyone conducting business in California to report any breach of security resulting in disclosure to an unauthorized person of personal information in electronic form. SB 1386 only applies to security breaches involving the personal information of California residents. Unlike HIPAA, which does not provide for a private right of action, SB 1386 seems to be an open invitation to class action lawsuits by individuals who have suffered damages arising from identity theft. Read more, including what actions healthcare companies should take to comply with SB 1386. July 3, 2003 BugBear Worm Creates Privacy Breach at Harvard The BugBear.B worm infected some computers at Harvard University, which resulted in private email messages being sent out randomly. One such piece of private correspondence was a memo from Secretary of the Faculty John Fox to the Dean of the Faculty regarding possible disciplinary action against a student. Fox said that "computer security is not [his] responsibility," that it rests with the Director of Harvard Arts and Sciences Computer Services. The Crimson, Harvard University's newspaper, sent the student's father, a physician in California, a copy of the email. The father said that he was concerned about the apparent lack of privacy and compared the situation to a breach of medical privacy: "Technology is a double-edge sword. Most of physicians in this country don't email their patients because of concern of privacy leakage. However, if indeed there is a violation of privacy, patients have the right to be informed by their service providers." July 2, 2003 NCVHS Says "NO" to Further TCS Extensions, Recommends "Flexible Enforcement" by HHS The National Committee on Vital and Health Statistics (NCVHS), an advisory body to the Secretary of Health and Human Services (HHS), has written HHS Secretary Tommy Thompson its recommendations concerning the upcoming Transactions and Code Sets (TCS) compliance deadline. NCVHS argues against delaying the TCS compliance date and recommends HHS provide more assistance to covered entities in contingency planning and TCS education. July 1, 2003 HHS Taking Steps to Promote Paperless Health Care System HHS Secretary Tommy G. Thompson today announced two new steps in building a national electronic health care system. A common medical language will be established and a standardized model of an electronic health record will be designed, both of which will be available at no cost to the healthcare industry. These steps are part of the ongoing HHS effort to develop the National Health Information Infrastructure by encouraging and facilitating the widespread use of modern information technology to improve the nation's health care system. "We want to build a standardized platform on which physicians' offices, insurance companies, hospitals and others can all communicate electronically, which will improve patient care while reducing the medical errors and the high costs plaguing our health care system," said Thompson. In a related effort, Government Computer News reports HHS will begin work on a Federal Health Architecture incorporating multiple agencies’ health-care programs. Melissa Rose Chapman, the department’s CIO, said that HHS will lead the effort to find common business functions among the health programs at the Environmental Protection Agency and the departments of Agriculture, Defense, Energy and Homeland Security. “We are hoping to take a broader view of the health enterprise architecture,” Chapman said. “It will be very exciting in terms of how we take the complex exercise of enterprise architecture and apply it to developing real solutions.”
|
