| HIPAAdvisory > HIPAAnews > Archives |  |
|
November 2004 News ArchivesNovember 30, 2004 CMS Releases First in Series of Guidance Papers on HIPAA Security The Centers for Medicare & Medicaid Services (CMS) last week released the first in a new series of papers providing guidance on the HIPAA Security Rule. The first paper, "Security 101 for Covered Entities," provides an overview of the Security Rule and its intersection with the HIPAA Privacy Rule. The series will contain seven papers, each focused on a specific topic related to the Security Rule and designed to give HIPAA covered entities insight and assistance with implementation of the security standards. The series aims to explain specific requirements, the thought process behind those requirements, and possible ways to address the provisions. Topics planned for future papers include administrative, physical and technical safeguards; organizational policies and procedures and documentation requirements; the basics of risk analysis and risk management; and implementation for the small provider. View
CMS' HIPAA Security Educational Paper Series. November 30, 2004 AHA Urges Immediate Action on HIPAA Accounting of Disclosures Requirement Earlier this month, the American Hospital Assocation (AHA) wrote to Department of Health and Human Services (HHS) Secretary Tommy Thompson, calling for swift action to modify the HIPAA requirement that healthcare providers keep records of mandatory disclosures of medical information to public health authorities. In its letter of November 4, AHA cited concerns about the burden of complying with the requirement and its potential to interfere with important public health initiatives such as voluntary reporting on disease patterns and quality measures. AHA noted that the Government Accountability Office (GAO) in September urged that the rule be changed immediately. Instead of requiring providers to track individual disclosures as they occur, the rule should require that privacy notices inform patients that their information will be disclosed to public health authorities when required by law, the GAO said. AHA urged HHS to issue "without delay" a rule that is consistent with the GAO recommendation and with an earlier AHA proposal outlining the categories of disclosures the association believes should be exempted from the HIPAA requirement. AHA noted that the GAO said such a modification would ensure protection of patients' privacy "without imposing unnecessary costs or barriers to quality health care or interfering with other important public benefits." November 24, 2004 Brailer Calls on Private Sector to Adopt Electronic Records While the government will provide incentives, the private sector must ultimately make health IT a widespread reality, National Health IT Coordinator Dr. David Brailer told attendees at a conference last week, sponsored by the California HealthCare Foundation (CHCF) and the Center for Health Research of the University of CA - Berkeley. "My goal is not to get [electronic health records] EHRs in the doctors' offices; it is to create a marketplace for those EHRs," Brailer said later in an interview with eWEEK.com. He said the government will not regulate EHRs into existence or use brute force. November 16, 2004 Patient Sues Healthcare System Over Ad Containing PHI A Cumberland County, PA, woman is suing a major midstate hospital system, claiming it publicly broadcast her personal and patient information in an advertisement two years ago for Breast Cancer Awareness Month, reports the Patriot-News. Donna Vozenilek claims a medical file the doctor holds in the ad is hers and that PinnacleHealth System violated HIPAA by displaying her file without her permission. She claims those who saw the ad could clearly discern her name, Social Security number and birth date, and learn that she had undergone a mammogram. Vozenilek contends Pinnacle officials continued to run the ad even after she demanded verbally and in writing that it be pulled. November 15, 2004 HHS Seeks Input on Developing National Health Info Network The Office of the National Coordinator Health Information Technology (ONCHIT) today issued a Request for Information (RFI) in the Federal Register that seeks public comment regarding how widespread interoperability of health IT and health information exchange can be achieved through a National Health Information Network (NHIN). Through the RFI, ONCHIT seeks input from health IT organizations, healthcare providers, industry associations and others to deploy, operate, and sustain health information exchange. The public comment period is 60 days and expires on January 18, 2005. If you have any questions regarding the RFI, check ONCHIT's
NHIN FAQ Read
the RFI in the Federal Register. November 15, 2004 RFID Gets FDA Push Food and Drug Administration (FDA) officials released new policy guidelines today designed to stimulate the use of passive radio frequency identification (RFID) tags for prescription drugs, and Purdu Pharma said it will start using the technology this week on shipments to two large customers of the company's OxyContin narcotic pain treatment drug. FDA officials recommended in February that the pharmaceutical industry should adopt the technology by the start of 2007 to help combat the proliferation of counterfeit drugs. They added that they believe RFID will also eventually produce significant savings to the drug industry through supply-chain efficiency improvements, reports Federal Computer Week. November 12, 2004 CMS Soliciting Proposals for NPI Enumerator Last week, the Centers for Medicare and Medicaid Services (CMS) released a Request for Proposal, RFP-CMS-2005-0004, for the National Provider Identifier (NPI) Enumerator. CMS intends to award a 5-year cost plus award fee contract, with a performance period of one base year and four one-year options, to a small business to assist CMS in the assignment of NPIs to healthcare providers and plans by utilization of the National Plan and Provider Enumeration System (NPPES). The contractor will be expected to:
Sealed bids will be accepted until 12:00 noon EST on December 14, 2004. November 11, 2004 HIMSS Creates Industry Standard for Ensuring Medical Device Security In light of increased focus on medical device security and the upcoming April 2005 deadline for compliance with the HIPAA Security Rule, the Medical Device Security Workgroup of the Healthcare Information and Management Systems Society (HIMSS) has created a standard Manufacturer Disclosure Statement for Medical Device Security (MDS2). The MDS2 is intended to supply healthcare providers with important information that can assist them in assessing the vulnerability and risks associated with electronic protected health information (ePHI) transmitted or maintained by medical devices. HIMSS recommends that the information in the MDS2 be used as part of each organization’s HIPAA Security compliance efforts. November 10, 2004 Healthcare Worker Sentenced Under HIPAA for ID Theft In the first prosecution nationally under HIPAA, US District Judge Ricardo S. Martinez sentenced a Seattle-area healthcare worker last week to 16 months in prison for stealing the identity of a cancer patient and running up credit-card bills in his name. Martinez sentenced Gibson to the maximum allowable under federal sentencing guidelines, reports the Seattle Times. November 9, 2004 AMIA Supports Voluntary Identifier The Board of the American Medical Informatics Association (AMIA) voted last week to support the adoption of a voluntary healthcare identifier that would easily enable the cross-referencing of an individual’s health records regardless of where care is provided, reports Healthcare IT News. In a statement announcing the board's decision, AMIA noted that "the Voluntary Health Care Identifier is one way to enhance dissemination of Electronic Health Records and support interoperability of these systems.” The topic of a national patient identifier, however, is a controversial one. November 8, 2004 ASC X12 Web Site Gives Access to Experts' Interpretations on HIPAA Implementation Guides The Accredited Standards Committee (ASC) X12 and the Data Interchange Standards Association (DISA) today launched the ASC X12 Implementation Guide Request for Interpretation web site. The site initially gives visitors "access to the experts" in the ASC X12 Insurance Subcommittee (ASC X12N) for those Implementation Guides that have been adopted for use under HIPAA. The site allows visitors to submit questions about interpretation of the guides and will allow searching of prior interpretation questions and answers. November 5, 2004 Survey Says Hospitals' EHR Hurdles Remain About 88% of hospitals, health plans, physician practices and IT vendors polled by healthcare consulting firm Capgemini say they have taken concrete steps toward the adoption of electronic health records (EHRs) or expect to in the next six months, reports AHA News. Respondents' suggestions for speeding the nation's adoption of EHRs included developing uniform technology standards, and government subsidies or tax credits to help defray implementation costs. November 4, 2004 PR Dept. of Health Launches Largest North American Healthcare Smart Card Rollout The Puerto Rico Department of Health will launch its new Health Smart Card ("Tarjeta Inteligente De Salud") project with two million microprocessor cards from Axalto to cover all of the Commonwealth's Medicaid recipients, making it the largest deployment of healthcare smart cards in North America to date. "Smart cards enable compliance with HIPAA regulations, as well as support for new applications that deliver clinical and administrative benefits," said Paul Beverly, president, Americas, Axalto. "They support the delivery of fast, efficient and appropriate medical care and allow institutions to securely manage patient records while protecting privacy, verifying patient eligibility and billing appropriate entities for the proper amounts." November 3, 2004 CA Lawmakers Want Victims of Security Breach Notified Directly Four members of the California state assembly want the state's Department of Social Services (DSS) to individually notify 1.4 million home care clients and their providers that the privacy of their personal information may have been compromised due to a security breach at the University of CA-Berkeley in August, reports Computerworld. In a recent letter to the secretary of the state's Health and Human Services Agency, which oversees the DSS, the lawmakers were critical of the department's decision to "only issue a media advisory about the 'unauthorized access.'" The letter from the legislators also took the department to task for the length of time it took to disclose the potential information theft. "We suggest that the agency develop a stronger policy that both prevents the unauthorized access to personal information and requires departments to respond quickly if security breaches occur." November 3, 2004 IOM: Rural Docs Will Need NHII Help Congress should provide appropriate direction and resources to help rural providers adopt electronic medical records technology over the next five years, the Institute of Medicine (IOM) recommends in a new report, according to Health Data Management. While all communities in the United States stand to benefit from a national health information infrastructure (NHII), "rural communities are at risk of being left behind," the Institute contends in the report, "Quality Through Collaboration: The Future of Rural Health."
|
