| HIPAAdvisory > HIPAAnews > Archives |  |
|
May 2003 News ArchivesMay 28, 2003 HHS Sets Schedule for Several HIPAA Rules The Department of Health and Human Services (HHS) yesterday issued its semi-annual regulatory agenda, which specifies when it expects to publish several HIPAA rules. According to Stanley Nachimson, senior technical advisor at the Centers for Medicare and Medicaid Services (CMS), however, the actual expected publication date for two HIPAA rules are different from what appears in yesterday's Federal Register. The correct schedule is:
View our "Schedule for Reg Publication/Compliance Calendar" for details. May 28, 2003 DOT Issues Q&A Concerning HIPAA Regulations The Department of Transportation (DOT) has released guidance in the form of a question and answers detailing the reasons why the HIPAA privacy regulations do not affect DOT mandated drug and alcohol testing. In addition, the Q&A reinforces the DOT regulation prohibiting the use of consent and authorization forms in order to release results. May 23, 2003 Kaiser Refutes Claim Its Off-Shore Computing Contracts Risk Patient Privacy IHealthBeat reports Kaiser Permanente’s outsourcing of tech support to India risks patients privacy and is not covered under the HIPAA privacy rules, according to the San Francisco Chronicle. In a letter to the Chronicle, Kaiser officials refuted those claims and said Kaiser’s offshore work meets and exceeds the HIPAA privacy rule. Read the San Francisco Chronicle article, "Kaiser Exporting Privacy." May 22, 2003 Groups Working Together to Develop Patient Continuity of Care Record Standards The ASTM International, Healthcare Information and Management Systems Society (HIMSS), and Massachusetts Medical Society have joined forces to establish a standard for the Continuity of Care Record (CCR) to work towards the goal of achieving electronic health records. An ongoing record of care, the CCR would be created or updated at the end of every healthcare encounter and available for review by the next provider, no matter what and where the healthcare setting might be. As a result, that provider would use the CCR to guide the care process for the patient. The patient also may request a CCR printout to provide valid and current information for another healthcare provider. May 21, 2003 AFEHCT Advocates TCS Contingency Plan in NCVHS Testimony Health Data Management reports that in testimony today before the National Committee on Vital and Health Statistics (NCVHS), the Association for Electronic Health Care Transactions (AFEHCT) stated many providers, payers and vendors are at serious risk of missing the Oct. 16, 2003, transactions and code sets (TCS) compliance date. AFEHCT, a vendor trade group, joins a growing chorus of organizations — including the American Hospital Association and Workgroup for Electronic Data Interchange — in advocating contingency plans to ensure electronic transactions keep flowing after Oct. 16. AFEHCT is calling for specific dates when payers must be completely ready to test with providers, clearinghouses, software vendors, and other trading partners. May 21, 2003 AHA Urges HHS to Ensure TCS Testing, Contingency Plans In a letter sent yesterday, the American Hospital Association (AHA) urged HHS' Centers for Medicare & Medicaid Services (CMS) to ensure health plans test their implementation of the transactions and codes set (TCS) standards with hospitals in time to correct any problems before the rule's Oct. 16 compliance deadline, reports AHA News. AHA also urged CMS' Office of HIPAA Standards to develop a system-wide implementation plan well before the Oct. 16 deadline, including a contingency payment plan to protect providers from short-term cash-flow shortages. "Even a slight decrease in claims processing volumes or lengthening of the payment cycle negatively affects hospitals' ability to care for their patients," wrote Melinda Hatton, AHA vice president and chief Washington counsel. The letter was accompanied by a proposal outlining AHA's recommendations. Testifying today before HHS' National Committee on Vital and Health Read AHA's letter to Jared Adair, Office of HIPAA Standards, CMS (PDF). Read AHA's statement to the NCVHS (document file). May 20, 2003 Survey: Providers Ready for Transactions Standards AHA News reports about 96% of Medicare Part A providers expect to be compliant with the HIPAA electronic transactions standards and code sets by the Oct. 16 deadline for compliance, according to a new report from HHS' Office of Inspector General (OIG). The report indicates 92% of Part A providers are developing an implementation schedule to meet the deadline, and half of them are developing contingency plans in the event their system is not fully compliant by the deadline. May 19, 2003 NIST Releases Draft Security Standard Federal Computer Week reports the National Institute of Standards and Technology's (NIST) Computer Security Division recently released the draft of a new Federal Information Processing Standard, FIPS 199, which dictates how agencies should categorize their systems based on the security risk faced by each. The standard is the first step in setting minimum security requirements for all government systems not related to national security. The draft outlines three categories of risk, which are based on the potential impact of a breach in three areas: the confidentiality, integrity, and availability of the information in the system. The SANS (SysAdmin, Audit, Network, Security) Institute notes
that "although this NIST document is just the first step in
a series that will lead to useful new standards, it is still extremely
important. Its unique value arises because it is the first federal
document that explains to federal agencies (and any other May 19, 2003 Murder-Suicide Suspect's Medical Condition Kept Private Under HIPAA The Helena, MT, Independent Record newspaper reports little new information was available in what appeared to have been an attempted murder-suicide on Thursday afternoon. Ron Newman, 67, was in critical condition after he was taken to St. Patrick Hospital by Life Flight on Thursday afternoon, but hospital officials were unable to release any information about his condition Friday. Under new federal rules outlined by HIPAA, his family requested that all medical information remain private. Missoula County Sheriff Mike McMeekin said he was working with the county attorney's office on Friday to determine if there is a legal way to require the hospital to provide Newman's medical condition to either a law enforcement officer or the Deputy County Attorney. May 15, 2003 CMS Offers Free HIPAA Workshops for Small Providers & More Roundtables HHS' Centers for Medicaid and Medicare Services will be offering workshops focusing on implementing the critical electronic transactions and code set (TCS) requirements. Checklists, how to’s, and a special segment on security are included as well, and the Office for Civil Rights (OCR) has been invited to speak on privacy issues. Reservations are on a first-come, first-served basis, however, they are required as space is limited. Preference will be given to those providers located in the geographic area of a workshop. For more information email mjohnson3@cms.hhs.gov and put “WORKSHOP” in the subject heading.
To register, email hipaamail@titan.com or fax 410-944-3868. Include your name, email address if applicable, company name, title, address, and the workshop location of your choice. CMS also has two upcoming HIPAA Roundtables:
Callers are requested to RSVP to Alikia Brown at Abrown1@cms.hhs.gov or by fax to 410-786-1710. The transcript of the February 28 Roundtable, focusing on security and electronic transactions and code sets, is now available; the transcripts of the Roundtables held in March and April will be coming soon. Read the February Roundtable transcript (PDF). May 13, 2003 Insurer Offers HIPAA Coverage Health Data Management reports Healthcare First has added HIPAA coverage to its liability insurance policy targeting electronic-based transactions for health care operations, especially in managed care settings. The policy provides liability protection for organizations that use electronic transactions to manage, process and disseminate information. The updated eHealth/Internet Liability Policy also covers damages for HIPAA-related events, such as unauthorized disclosures of protected health information (PHI) resulting from computer security breaches. The policy, however, will not cover fines levied by the government for HIPAA violations. May 13, 2003 URAC Approves Independent HIPAA Privacy & Security Accreditation Standards Last week, URAC's Board of Directors approved the nation's first independent HIPAA Security Accreditation program for Covered Entities and Business Associates. The first organizations going through the security program also are among early participants in URAC’s recently launched privacy rule accreditation program. URAC's HIPAA accreditation programs enable health care organizations to demonstrate that they have taken the necessary steps to protect health information in accordance with the HIPAA Privacy and Security Rules. More information on URAC's HIPAA Privacy & Security accreditation programs. May 13, 2003 NCVHS to Discuss Standard Vocabulary, TCS Contingency Plan The National Committee on Vital and Health Statistics (NCVHS) will meet May 20 - 22 to hear testimony about HIPAA transactions and code sets (TCS) contingency plans and standard clinical vocabulary issues. On May 20, NCVHS will hear from the Workgroup for Electronic Data Interchange (WEDI) on its HIPAA contingency planning proposal for a brief transitional period during which covered entities could use partially-compliant HIPAA transactions with those who will not not meet the October 16 TCS compliance deadline. On May 21 - 22, the committee will hear testimony about the development of an industrywide standard clinical vocabulary that incorporates messaging standards, classification systems, and code sets. More information on NCVHS' May 20-22 meeting. Read Health Data Management's article, "NCVHS to Extol a Standard Vocab." May 13, 2003 Practice vs. Privacy on Pelvic Exams The Washington Post reports a growing number of activists say they think women should be advised about the pelvic exam lessons medical students and residents at teaching hospitals routinely perform on patients under anesthesia, and be given the opportunity to refuse. A New York-based group called People Against Non-Consensual Pelvic Exams says that most of the nation's 400 teaching hospitals use the generalized consent form as permission to perform the exams, and the group wants federal legislation to ban the practice. Dennis O'Leary, president of the Joint Commission on Accreditation of Hospitals (JCAHO), said while the issues of privacy and respect for women are paramount, he is not sure that congressional intervention is as important as sensitizing the schools and students to this problem. In recent years, some medical schools and teaching hospitals have set new policies with some requiring more explicit discussions with patients about student participation. May 8, 2003 Pentagon Surveillance Plan to be Less Invasive The New York Times reports that the Total Information Awareness program, intended to forestall terrorism by tapping computer databases - but curbed by legislation this winter because of privacy fears - would not look into Americans' financial or health records. Instead, the program would rely mostly on information already held by the government, especially by law enforcement and intelligence agencies. May 6, 2003 HealthcareEdu, Featuring Online HIPAA Privacy Training, Announced Phoenix Health Systems and Health Professor Inc., today announced HealthcareEdu, a joint Internet-based venture that offers comprehensive e-learning programs enabling healthcare organizations to comply with HIPAA privacy and security training requirements. HealthcareEdu's premier offering is HIPAAedu, an in-depth HIPAA privacy training solution which enables staff of organizations, large and small, to easily access, track, and complete their HIPAA training requirements at any time or location.
May 5, 2003 HHS Corrects Interim Enforcement Rule's Expiration Date In last Monday's Federal Register, the Department of Health and Human Services (HHS) issued a correction to the Interim HIPAA Enforcement Rule. The rule as originally published had an expiration date of September 16, 2003; the correction changes the expiration date to September 16, 2004. Read more about the Interim Enforcement Rule. May 5, 2003 Suit: Hospice Violated Privacy The St. Petersburg, FL, Times reports a lawsuit filed Thursday May 1st in Pinellas-Pasco circuit court alleges that the Hospice of the Florida Suncoast violated state law by intentionally releasing medical and personal information about thousands of patients and their next of kin. The suit claims the hospice released the patient information over the last several years as its for-profit subsidiary, Hospice Systems Inc., marketed a software product to other hospices around the nation. The Hospice allegedly used patient information to help demonstrate, market, sell and train people to use the software, also putting some of the information on the Internet. Read the court documents and exhibits. May 2, 2003 CMS to Hold HIPAA Readiness Workshop May 8 The Centers for Medicare & Medicaid Services (CMS) will hold a one-day Health Care Provider HIPAA Readiness Workshop in Mesa, AZ on May 8, 2003. The workshop will be held from 8:30 AM to 5:00 PM at the Mesa Centennial Center, Paloverde Room in the Conference Center Building. The workshop is free, but participants are responsible for their own hotel accommodations. The workshop, aimed at meeting the information needs of physicians and individual practitioners, will focus on implementing the critical electronic transactions and code set requirements by:
To register for the workshop, email your name and address to hipaamail@titan.com or fax to (410) 944-3868. For more information visit: www.cms.hhs.gov/hipaa/hipaa2. For hotel reservations, call the Sheraton Phoenix East, 200 North Centennial Way, Mesa, AZ 85201, (480) 898-8300. May 2, 2003 Court Upholds Constitutionality of HIPAA Privacy Rule; Plaintiffs Plan Appeal to the Supreme Court The 4th Circuit US Court of Appeals has upheld the constitutionality of the HIPAA Privacy Rule in what HHS Secretary Tommy Thompson called a “victory for America’s patients and the principle that the federal government can provide protections to insure the enhanced confidentiality of their medical records.” Thompson went on to say:
In its ruling, the court rejected arguments from the South Carolina Medical Association, Physicians Care Network, and several individual doctors that certain HIPAA provisions are unconstitutional and exceed HHS’ authority, reports iHealthBeat. The group, along with the Louisiana State Medical Society and supported by medical societies from five other states, plans to appeal the decision to the Supreme Court. Read the 4th Circuit US Court of Appeals decision (PDF).
|
