| HIPAAdvisory > HIPAAnews > Archives |  |
|
May 2004 News ArchivesMay
28, 2004 Less Than Half of Self-Insured Organizations Addressing
HIPAA Security Only about 40 percent of self-insured organizations
have begun to work toward the security requirements mandated by
HIPAA, according to META Group, Inc. These observations are based
on META Group's change management work with insurance organizations
and employers. "Many of these companies, particularly those with
less than $1 billion in annual revenues, have only recently become
aware that the HIPAA requirements apply to them, and less than half
of them have begun the first or second phase of compliance efforts,
including risk assessment and gap analysis," said Paul Proctor,
vice president with Security & Risk Strategies at META Group.
META Group is conducting an online HIPAA security readiness survey;
to participate, visit http://www.metagroup.com/mgsurveys/hipaareadiness_0404.htm.
May 20, 2004 HHS Creates Task Force to Promote Medical Technology Innovation Department of Health and Human Services (HHS) Secretary Tommy Thompson recently announced that the department is forming an internal task force to examine and promote innovation in healthcare. The task force will issue a report this year on steps that can be taken across the department to speed the development and availability of new medical technologies. "Often, a new technology must clear several hurdles in different parts of HHS before it can reach consumers," Sec. Thompson said. "By better coordinating this process across HHS, we can streamline the way we do business and make safe, effective medical technologies more quickly and readily available... ." To assist the task force's efforts, HHS is seeking comments from the public on how to stimulate innovation in medical technologies. May 19, 2004 HHS Answers Privacy Questions, Soon to Issue Security Guidance Richard M.Campanelli, Office for Civil Rights (OCR) Director, sent a letter May 17 to healthcare providers this week encouraging them to visit OCR's website and take advantage of "the wide variety of helpful guidance and technical assistance materials the Department of Health and Human Services (HHS) has published and made available." The letter tells where guidance can be found on the site regarding aspects of the Privacy Rule, such as:
Stanley Nachimson, senior adviser for the Office of HIPAA Standards in the Centers for Medicare and Medicaid Services (CMS), told providers and payers that same day they should be well into their security compliance efforts, reports Health Data Management. Speaking May 17 at the Workgroup for Electronic Data Interchange's (WEDI) Annual National Conference, Nachimson emphasized to attendees that the Security Rule requires covered entities to protect against 'reasonably' anticipated threats to security. "We do not expect covered entities to protect against every possible security breach," said Nachimson. We do not expect covered entities to double their information technology budgets just to meet the security rule." Nachimson also announced that CMS will soon post on its HIPAA website guidance to help small providers implement the security rule. Read
OCR's Privacy Guidance letter
(PDF). May 18, 2004 NCVHS to Study Electronic Prescribing Issues The Subcommittee on Standards and Security of the National Committee on Vital and Health Statistics (NCVHS), an advisory body to the Department of Health and Human Services, will hold public hearings May 25-27 in Washington, DC. The main focus of the hearings will be on e-prescribing: standards, practices, and incentives and barriers to adoption. The first day will include findings from a recent RAND study on e-prescribing, an overview of patient safety issues, perspectives from the two major e-prescribing networks, and presentations from several major implementation initiatives. The second day will include discussions on e-prescribing from the perspective of software vendors and knowledge base vendors. Time will be devoted later in the afternoon to follow up on issues related to the DSMO request on transaction standards for billing of supplies by retail pharmacies, which had been discussed at the March 31, 2004, hearing of the Subcommittee. The morning of the third day will focus on the perspectives of health care providers on e-prescribing. The afternoon will be devoted to Subcommittee discussion and planning for future agendas. May 14, 2004 Kennedy Introduces Electronic Health Records Bill Sen. Edward Kennedy (D-MA) introduced a bill (S. 2421) yesterday that would require healthcare providers to adopt electronic records and claims processing by 2011 or have their reimbursements reduced, reports iHealthBeat. The Health Care Quality Modernization, Cost Reduction and Quality Improvement Act focuses on improving the healthcare system through the use of information technology (IT), results-based reimbursement, quality improvement, and disease prevention. Read Sen. Kennedy's statement. May 13, 2004 NIST Releases Draft HIPAA Security Resource Guide The Computer Security Division of the National Institute of Standards and Technology (NIST) has recently completed a draft of NIST Special Publication 800-66, "An Introductory Resource Guide for Implementation of the HIPAA Security Rule," for public comment. The guidance is intended to assist in identifying available NIST guidance which can provide useful reference material in addressing the HIPAA security standards. In addition, for federal agencies subject to both the Federal Information Security Management Act (FISMA) and HIPAA, it provides a cross-mapping between the two sets of requirements to assist agencies in not doing double work since the two sets of requirements overlap. The draft is available on the CSRC Drafts Publications page. NIST is requesting comments by July 15, 2004. Comments should be addressed to sec-hipaa@nist.gov. Read
NIST's Draft "Introductory Resource Guide for Implementation
of the HIPAA Security Rule" (PDF). May 13, 2004 Two-Week Payment Penalty Threatens as Claims Deadline Looms Tens of thousands of doctors will soon see their Medicare payments postponed for two weeks if they don't begin meeting HIPAA transactions and code sets standards, reports American Medical News. The American Medical Association (AMA) is advising physicians to contact their software vendors and clearinghouses to check whether those firms are submitting electronic claims that conform to the rules. In a recent communication, the Centers for Medicare & Medicaid Services (CMS) recommends physicians put pressure on their vendors to get compliant or consider switching to a new company. Beginning July 1, anything received in legacy format will be treated like paper claims and reimbursed in no sooner than 28 days. HIPAA-compliant electronic claims, however, are reimbursed after 14 days. As of mid-April, nearly 80% of electronic claims sent to Medicare were received in HIPAA-standard format, leaving the remaining 20% of electronic claims to be hit by the slowdown. May 12, 2004 URAC Report Sets HIPAA Security Timetable A new report from URAC, a Washington, DC-based accreditation firm, contends most covered entities are not yet compliant with the security rule, according to Health Data Management. The report identifies major areas of concern, including risk analysis and management, and security incident reporting and response. The report lays out a timetable of tasks covered entities should perform between now and the security rule deadline of April 21, 2005. May 6, 2004 Health Information Technology Legislation to Be Unveiled This Summer Sen. Judd Gregg, Chairman of the Senate Committee on Health, Education, Labor and Pensions (HELP), announced he will introduce legislation promoting use of health information technology (HIT). The proposal will closely track ideas outlined last week by President Bush. Gregg plans to introduce a bipartisan bill in the coming month for HELP Committee consideration with provisions to develop standard terminology through the leadership of a single IT coordinator and provide resources for high-need communities, and rural and underserved areas to help all Americans gain access to IT. May 6, 2004 Sec. Thompson Announces HIT Coordinator & Development Milestones Department of Health and Human Services (HHS) Secretary Tommy G. Thompson today announced the appointment of David J. Brailer, M.D., Ph.D., to serve as National Health Information Technology (HIT) Coordinator. This is a new position at HHS, created by President Bush last week to coordinate the nation's HIT efforts. Secretary Thompson announced the appointment at a Secretarial Summit on health information technology (IT) convened in Washington today. At the summit, Secretary Thompson also announced several new accomplishments in developing standards to help bring about electronic medical records and other health IT benefits:
May 3, 2004 16th National HIPAA Roundtable Scheduled for May 12 The Centers for Medicare & Medicaid Services (CMS) announced today that it will be hosting the Sixteenth National HIPAA Implementation Roundtable Wednesday, May 12, from 2:00 to 3:30 PM Eastern Time. The call-in number is 1-877-203-0044 and the conference ID number is 6858845. No registration is required. CMS also announced the addition of new answers to the Frequently Asked Questions section of its site. Answers are provided for the following questions:
Read
transcripts of past Roundtables. May 3, 2004 Pets' Privacy Protected at Their Own Hospitals Officials with the University of Georgia's College of Veterinary Medicine say the same confidentiality rules that apply to human patients apply to animal patients, reports the Associated Press. As HIPAA has tightened policies at human hospitals, some say they've seen vets hold back more information about animal patients even through HIPAA does not apply to animals. The American Animal Hospital Association introduced new accreditation standards last year requiring policies and procedures that protect the privacy of animals treated by its 3,000 members in the US and Canada.
|
