| HIPAAdvisory > HIPAAnews > Archives |  |
|
October 2003 News ArchivesOctober 30, 2003 CA Bill Would Bar Hospitals from Allowing Medical Data to Leave US The San Francisco Chronicle reports that following news of a Pakistani medical transcriber who threatened to post a California medical center's patient records online, a California state senator said she will introduce in January a bill barring all California hospitals from allowing medical data to leave the country. State Sen. Liz Figueroa (D-CA) said, "California already has the strongest medical-privacy laws in the nation, but not strong enough. There's always something you didn't anticipate." What she and other framers of the state's medical-privacy laws didn't see coming is the explosive growth of the $20 billion medical-transcription industry. October 27, 2003 New Law Would Require Computer Security Audits & Status Reports Computerworld reports new legislation being drafted by Congress would require all publicly-traded companies to conduct independent computer security assessments and report the results yearly in their annual reports. Known as the Corporate Information Security Accountability Act of 2003, the bill is being sponsored by Rep. Adam Putnam, (R-FL), chairman of the House Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census. The bill would require companies to inventory their critical IT assets; provide an annual risk assessment; spell out their risk mitigation, incident response and business continuity plans; lay out company policies and procedures for reducing security risks to an acceptable level; and detail tests of the company's security controls and techniques to ensure their effectiveness. October 24, 2003 VA Offers EMR Application to Industry Health Data Management reports the Veterans Administration (VA) is offering a public domain version of its VistA electronic medical records (EMR) software for provider organizations that otherwise could not afford such technology. The move is part of the VA's effort to support the National Health Information Infrastructure, a public-private program to develop standards and technologies. More on the National
Health Information Infrastructure. October 24, 2003 CMS HIPAA Conference Scheduled for Dec. 4 & 5 CMS is sponsoring a HIPAA conference on Thursday and Friday, December 4 and 5, 2003 at the Hyatt Regency Woodfield in Schaumburg, IL. Speakers will include national representatives from the Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) and Centers for Medicare and Medicaid Services (CMS), as well as local and regional provider, health plan, and industry leaders. The meeting will have two tracks - one focused on privacy and security, and the other focused on transactions and code set standards. Participants are encouraged to register early as space will be limited to the first 800 registrants. View registration
and meeting details. October 23, 2003 National Provider ID Final Rule On Its Way The Final Rule announcing the National Provider Identifier (NPI) was received by the White House Office of Management & Budget (OMB) for review earlier this week. Final clearance takes between two weeks and 90 days, at which point, the final version of the regulations is placed on display at the Government Printing Office (GPO) in Washington, DC, and then published in the Federal Register. The Proposed Rule was published over five years ago, recommending the adoption of a standard 8-position alphanumeric health care provider identifier. The Final Rule will address public comments and may contain changes from the proposed rule. Meanwhile, today's Federal Register contains notice that HHS Secretary Tommy Thompson has delegated his authority, effective October 7, to the Administrator of the Centers for Medicare & Medicaid Services (CMS) to carry out the administrative and enforcement activities related to the HIPAA regulations, excluding those pertaining to the Privacy Standards. All actions that pertain to the Privacy Standards were already delegated by the Secretary to the Director of the Office for Civil Rights (OCR). The CMS Administrator now has the authority to impose civil monetary penalties for a covered entity's failure to comply, and to make exceptions concerning when State laws that are contrary to the Federal standards are not preempted by the Federal provisions. This delegation to the Administrator excludes the authority to issue regulations, and to hold hearings and issue final determinations if the respondent has requested a hearing on the imposition of civil monetary penalties. October 23, 2003 Low-cost EMR for Family Physicians Put On Hold Medical Economics reports the American Academy of Family Physicians (AAFP) has dropped its plan to offer members a low-cost, internet-based electronic medical record system. The AAFP will, however, continue trying to get a CMS grant to test an EMR in family practices. Simultaneously, it will talk with commercial vendors about group purchasing arrangements that could deliver a low-cost product to doctors. October 21, 2003 New Web Site Offers HIPAA & Medical Records Tips for Consumers The American Health Information Management Association (AHIMA) has launched the MyPHR.com web site to help consumers understand their personal health information privacy rights. Health Data Management reports Linda Kloss, AHIMA’s president and CEO, unveiled the site at the AHIMA National Convention and Exhibit going on now in Minneapolis. One of the main goals of the project, Kloss says, is to "create a credible resource" to counter misinformation about the HIPAA privacy rule. October 16, 2003 Senate Backs Genetic Privacy Bill The New York Times reports the Senate voted unanimously this week to pass the first federal bill aimed exclusively at safeguarding genetic privacy, ending six years of legislative gridlock. The White House announced that it supported the measure, which would bar companies from using genetic information to deny health coverage or employment. October 15, 2003 CMS Posts Basic Contingency Planning Guidelines Saying that it has "heard the concerns expressed by the health care industry – most notably, that testing rates are low and the process is complex," the Centers for Medicare and Medicaid Services (CMS) has posted to its site contingency planning guidelines for the Oct. 16 transactions and code sets (TCS) compliance deadline. The guidelines cover understanding CMS's compliance policy, what is a contingency plan, steps for contingency planning, health plan responsibilities, and reviewing your good faith efforts to comply. October 15, 2003 Humana Establishes Contingency Plan Humana announced today that it has implemented a contingency plan to accept non-compliant electronic transactions from providers after the October 16th transactions and code sets (TCS) compliance deadline. In September 2002, Humana began testing and introducing HIPAA-compliant transactions in a "live" production environment. Humana will continue to accept and process transactions sent in pre-HIPAA electronic formats while physicians, hospitals and clearinghouses that file claims on behalf of providers who are showing a "good-faith effort" continue implementing their plans to meet HIPAA standards. This contingency plan will be in place until all providers and clearinghouses are capable of transmitting fully compliant standard transactions as defined in the HIPAA implementation guidelines or until CMS begins enforcement of the HIPAA Electronic Data Interchange (EDI) regulations. Only approximately 10 percent of all electronic transactions currently received by Humana are HIPAA compliant. Humana management believes that the implementation of its contingency plans will minimize any disruptions in its business operations during the transition period. October 15, 2003 WebMD Envoy Posts Its HIPAA Contingency Plan As the October 16th compliance deadline for the Transactions and Code Sets (TCS) Rule nears, WebMD Envoy has outlined the elements of its HIPAA contingency plan: for a limited time, WebMD Envoy will continue to transmit claims in legacy formats or to translate to and from HIPAA standard formats as necessary based on the needs of its business partners. HIPAA Processing Edits will be used by WebMD Envoy to supplement and enhance the information submitted in a claim in order to assist in claim processing. Finally, in order to maintain the integrity, stability, and pace of transaction processing, WebMD Envoy has implemented a 30-day freeze on all pending transitions to HIPAA standards for its clients. Read the details of WebMD Envoy's HIPAA Contingency Plan (PDF). October 9, 2003 CMS Exempts Benefit Debit-Card Transactions From HIPAA EDI Requirements In a letter dated October 2, 2003 to Evolution Benefits, a producer of benefit debit cards, the Centers for Medicare & Medicaid Services (CMS) exempts benefit debit-card transactions from the HIPAA EDI requirements. The letter states, "After a thorough review of the situation, we have determined that a beneficiary's use of the flexible spending account (FSA) debit card for payment of out-of-pocket expenses at a pharmacy or provider's office that accepts MasterCard is comparable to a beneficiary's payment to a health care provider using a conventional credit card and that debit card transmissions are not subject to HIPAA EDI requirements. This is because it is considered a transaction between the beneficiary and a provider, not a health plan and provider." According to Evolution Benefits, to apply the HIPAA EDI rules would have required all administrators and card vendors to incur significant unnecessary expense without any resulting benefit to the consumer. October 8, 2003 SANS Releases Top 20 Security Flaws List with Multinational Consensus Computerworld reports the US Department of Homeland Security (DHS), along with its Canadian and British counterparts and the SANS Institute, today released a list of the top 20 security vulnerabilities most often exploited by criminal hackers. The creation of the Top 20 list of commonly exploited Windows, Unix and Linux flaws marks one of the first times that a multinational consensus has been reached on critical Internet vulnerabilities that must be fixed to meet a minimum level of security protection for computers connected to the Internet. SANS started the process of issuing a Top 10 list of vulnerabilities three years ago, when it released its first list with the National Infrastructure Protection Center. October 6, 2003 Tauzin, Bilirakis to HHS: Clarify Policy on Taking Claims After Oct. 16 AHA News Now reports the chair of the House Energy & Commerce Committee and the head of the panel's health subcommittee are urging HHS "to issue further clear guidance" regarding what types of claims it will accept after HIPAA's Transactions and Code Sets Rule takes effect Oct. 16. In particular, the two requested that HHS agree that "Less than perfect claims (specifically those that do not include all of the myriad data elements) are 'compliant claims'." The letter was sent on Sept. 22 to HHS Secretary Tommy Thompson by Reps. W.J. "Billy" Tauzin, R-LA, and Michael Bilirakis, R-FL. October 3, 2003 Florida Medicaid Follows CMS, Unveils Contingency Plan The Orlando Business Journal reports Florida's Medicaid program has decided to give doctors, hospitals and other health care providers more time to comply with new federal medical privacy rules that were to take effect Oct. 16. In giving the extra time, the state is following the lead of the federal Centers for Medicare and Medicaid Services (CMS). As part of its contingency plan, Florida's Medicaid program also will continue to accept and process Medicaid claims in the electronic formats currently in use. October 2, 2003 CMS to Host TCS Implementation Roundtable Oct. 8 The On Wednesday, October 8, from 2:00 to 3:30 PM (Eastern) the Centers for Medicare and Medicaid Services (CMS) will be hosting its Fourteenth National HIPAA Implementation Roundtable conference call, focusing on the HIPAA Transactions and Code Sets Standards. The deadline for compliance with these standards is October 16, 2003.
Due to the volume of callers wishing to participate, CMS asks that you dial in 15 minutes before the start of the meeting.
|
![[external link]](../../images/extlink.gif "external link"){kind=small}
