June 2003 News Archives

June 30, 2003 NCAA Recommends Authorization Form for Electronic System to Monitor Student Athletes' Injuries The NCAA is converting its Injury Surveillance System (ISS) to a Web-based format, linking individual student-athlete injury data in order to conduct longitudinal studies to aid in the development and evaluation of appropriate safety rules and policies. An important aspect of the conversion is the potential application of federal privacy laws such as HIPAA and the Family Educational Rights and Privacy Act (FERPA).

According to the National Collegiate Athletic Association (NCAA )'s "Report of the NCAA Division I Championships/Competition Cabinet," Proposal No. 2003-19 recommends member institutions be required to distribute annually to student-athletes the "Student-Athlete HIPAA Authorization/Buckley Amendment Consent for Disclosure of Protected Health Information" form. NCAA general counsel has assisted in the creation of the form, which is optional for student-athletes to complete. According to the NCAA, the form ensures its compliance with federal regulations and allows institutions to continue to participate in the ISS.

Read more.

June 26, 2003 AHA Calls for HHS Plan to Prevent Claims Processing Delays Continuing to voice concerns that the October 16 deadline for HIPAA mandated transactions and code sets (TCS) standards will cause disruptions in claims submissions and payment cycles, the American Hospital Association (AHA) has written a letter to Department of Health and Human Services (HHS) Secretary Tommy Thompson requesting that HHS develop a system-wide implementation plan. "Even a slight decrease in claims processing volumes or lengthening of the payment cycle could negatively affect hospitals' ability to care for their patients," wrote AHA Executive Vice President Rick Pollack in the letter.

The association emphasizes that it is not arguing for a delay in the Oct. 16 compliance date or for modifying the TCS standards. Instead, AHA would like HHS to outline remedial actions that it will take to ensure an adequate level of cash flow to hospitals is maintained during the transition to HIPAA standardized claims, require insurers to identify deficiencies in the standard claims a provider submits, and trigger a contingency payment from government payers if the provider's daily volume of processed claims or payments received falls more than 5% below the provider's daily average for the prior year.

Read AHA's letter (PDF).

June 17, 2003 AHA Comments on HIPAA Enforcement Rule AHA News reports that the American Hospital Association (AHA) today submitted comments on the interim HIPAA final Enforcement Rule. In the comment letter, AHA recommends specific changes to HIPAA enforcement rule procedures to make them track more closely with those of the HHS Inspector General. The changes would ensure that the rule does not jeopardize the due process rights of hospitals and other covered entities. AHA also highlights several key HIPAA privacy rule concerns where HHS could provide additional assistance and clarification that would be helpful to hospitals, including the accounting of disclosures requirements. Generally, AHA called for HHS to provide more specific, operational level information that would provide greater clarification of the rule's requirements and identify "appropriately scalable" best practices for compliance with the requirements.

Read AHA's comment letter (PDF).

June 17, 2003 JCAHO, NCQA Establish Privacy Certification for Business Associates The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) and the National Committee for Quality Assurance (NCQA) announced yesterday that their new Privacy Certification Program for Business Associates (PCBA) will officially launch this month. The new program is designed to assess whether organizations referred to as business associates under HIPAA are meeting essential requirements for safeguarding protected health information (PHI).

Read more.

June 16, 2003 HHS, FDA Hope Their Efforts Lead to Healthcare IT Use Health Data Management reports HHS Secretary Tommy Thompson “think(s) it’s absolutely ridiculous how the health care delivery system uses information technology.” Thompson was speaking at the American Association of Health Plans’ 2003 Institute and Display Forum last week in Washington, DC. Thompson, however, is hopeful. HHS recently adopted a number of clinical messaging standards for use in federal health care programs and its advisory panel, the National Committee on Vital and Health Statistics (NCVHS), expects this fall to recommend standard clinical vocabularies. US Food and Drug Administration (FDA) Commissioner Mark McClellan, M.D., also spoke at the Forum, saying that the proposed FDA rule mandating the use of bar codes on all drugs could "help speed up the development of the nation’s health care information infrastructure." The government agencies are hoping their efforts will lead to industrywide adoption of electronic records.

Read more.

June 16, 2003 More Free HIPAA Help from CMS HHS' Centers for Medicaid and Medicare Services will be offering an additional workshop focusing on implementing the critical electronic transactions and code set (TCS) requirements at MK Central Plaza Auditorium in Boise, Idaho on June 25.

• Register for the CMS HIPAA Workshop for Small Providers.
  
  • View the program agenda (PDF).
  • View the conference PowerPoint presentation (PPT).

The Tenth National HIPAA Implementation Roundtable is scheduled for June 25, 2003 from 2:00 PM - 3:30 PM ET. It will focus on HIPAA Administrative Simplification, specifically electronic transactions and code sets, and security.

• Call-in number: 1-877-381-6315
• Conference ID number: 427383
• No RSVP required
  
• View the February Roundtable transcript (PDF).
• View the April Roundtable transcript (PDF).
• (The March and May Roundtable transcripts will be available soon.)

CMS will also be re-airing its free satellite broadcast of "HIPAA 101: Basics of Administrative Simplification" on July 16 and July 30.

• Register for "HIPAA 101" satellite broadcast.
  • View a transcript of the program (Word document).

June 13, 2003 HHS Advisor: National IT Infrastructure Depends on Local Efforts According to an HHS advisor, the best chance of success for a nationwide network of interconnected healthcare information technology systems lies in local and regional initiatives, reports Modern Physician. William Yasnoff, M.D., HHS senior advisor on the National Healthcare Information Infrastructure (NHII) project, speaking Tuesday at the Healthcare Information and Management Systems Society's (HIMSS) conference in Chicago, compared the NHII concept to the Internet. "It is not a centralized database of medical records but is a network of interoperable systems," Yasnoff says.

HHS is convening a summit, National Health Information Infrastructure (NHII) 2003: "Developing a National Action Agenda for NHII", June 30 - July 2 in Washington, DC. Representatives of all stakeholders will be brought together to develop a consensus for a national action agenda to guide the further development of NHII by both the Federal government and the private sector.

Read more.

June 11, 2003 UPDATE: BugBear.B Worm Harvests Bank Passwords Symantec has discovered a previously unknown functionality within the Win32.Bugbear.B worm and is strongly advising financial institutions worldwide that they may be at greater risk of exposure. The worm contains a large list (over one thousand) of targeted bank domain names from around the world. When the worm finds names of banks in a victim's mailbox, it tries to send sensitive data such as cached passwords and keystrokes to one of 10 public email addresses included in its code.

The Win32.Bugbear.B belongs to a new class of e-mail worm that not only attempts to clog networks through malicious replication, but also attempts more serious forms of criminal activity.

No major bank has yet to report a security breach as a result of the worm.

Read more.

June 9, 2003 Genetic Discrimination Bill Moving Ahead in Senate
AMNews reports a bill to add genetic testing results to the list of patient information protected by HIPAA and the Employee Retirement Income Security Act has received bipartisan support from the Senate Health, Education, Labor and Pensions (HELP) Committee. The full Senate could vote on the bill as early as this month. The legislation would bar health plans or employers from using information gleaned from genetic testing to decide whether to provide coverage to a person or to set an individual's premium. It also would prohibit companies from requiring job applicants to be tested for genetic abnormalities before being hired.

Read more.

June 6, 2003 VIRUS ALERT: BugBear.B Worm Considered High Threat The BugBear.B worm is even more dangerous that the original malicious code, Bugbear, which caused a widespread epidemic last September. BugBear.B is a mass-mailing virus that infects Windows PCs and is being called a high-risk threat to corporate and home users by antivirus vendors. After it infects a PC, the virus searches the machine for email addresses and sends a message out to each address, with a copy of itself attached. The virus disables security software, hide its path, and makes off with confidential information.

More from McAfee.

More from Symantec.

June 6, 2003 Study: Healthcare Industry Unwittingly Transmitting PHI in Email Zix Corporation, a global provider of e-messaging management and protection services, today announced the results of a recent study revealing that 53% of the top healthcare chains and systems and 35% of the top healthcare payors are still transmitting email messages containing protected health information (PHI) without using appropriate safeguards. Company e-messaging policies may be in place, but these policies may not be effective or are not properly implemented by users. The study analyzed a sample of over 4,400,000 email messages sent and received by over 7,500 healthcare organizations, representing the inbound and outbound traffic for approximately seven days for each of the audited organizations, to determine what percentage of such messages contained protected health information.

Read more.

June 4, 2003 HIPAA-related Costs Projected to Be Less Than Anticipated According to a new study by Fitch, HIPAA-related costs for hospitals and health systems will be less than originally anticipated, due to health providers' recent revenue cycle management initiatives that have led to system upgrades, many of which concurrently have met HIPAA compliance requirements.

While costs for being HIPAA compliant have ranged from conservative estimates such as $5.8 billion from the Centers for Medicare and Medicaid Services (CMS) to $43 billion by Blue Cross Blue Shield, Fitch expects that standardized claims will produce operating efficiencies that will ultimately exceed the cost of meeting compliance.

"We believe that most hospitals will be able to absorb these costs without a large negative impact,' says Joseph Korleski, associate director, at Fitch Ratings. 'It is important to note that the hospitals that implemented systems for compliance when the rules were announced are more likely to realize efficiencies at a faster rate. Costs associated with HIPAA will be more easily absorbed due to recent revenue cycle management initiatives and software upgrades that have been in line with HIPAA compliance, as well as the extension that was granted in 2002 for compliance under the Transactions and Code Sets rule."

View the Fitch report, "HIPAA: Final Rules and Compliance."

June 3, 2003 Free CMS Online HIPAA Training The CMS Southern Consortium's Achieving Compliance Together (ACT) Team has developed a series of HIPAA presentations available for access via the internet at no cost:

1. HIPAA Message to Providers from the Southern Consortium Administrator
2. HIPAA Basics
3. Provider Steps to Getting Paid under HIPAA
4. HIPAA Security (coming soon)

The Webcast presentations are designed to automatically detect the line-speed of your connection to the internet. If you are accessing the presentation via a modem (dial-up), the video portion will convert to a still picture. Everything else will function the same.

NOTE: Some firewalls appear to block the automatic line-speed detection. If that occurs, you can select your connection speed from the launch page.

Register to access the free presentations.

June 3, 2003 Ruling Upholds Patient's Privacy The Wisconsin State Court of Appeals last week upheld a jury's verdict that an emergency medical technician invaded a patient's privacy by telling someone else about the patient's overdose. Telling just one person can be enough to invade someone's privacy, the District II appeals panel ruled, according to the Milwaukee Journal Sentinel.

Read more.

June 3, 2003 Software to Help Eckerd Handle HIPAA Health Data Management reports Eckerd Corp., which operates 2,680 pharmacies in 21 states, will implement identity and access management software enterprise-wide as part of its HIPAA compliance efforts. The software will give Eckerd a centralized security management system to implement, monitor and enforce authentication, authorization and audit policies. The software also will assist the pharmacy chain in separating different components of its business by controlling access to protected health information.

The Florida Attorney General's office last year investigated the marketing practices of Eckerd to determine whether or not they violated customers' privacy. According to the St. Petersburg Times, Eckerd insisted customers picking up prescriptions sign a log if they didn't want the counseling from a pharmacist that drugstores are required to offer. Eckerd then stuck the signature, written on a gum-backed sticker, on a form authorizing the chain to use the customer's prescription record for promotions and discount deals bankrolled by drug companies. Clerks put a copy of the form letter authorization in the customer's bag with the prescription.

Read more.