April 2006 News Archives

April 28, 2006 Aetna Reports Health Data Breach Aetna Inc. has notified about 38,000 health plan members of a data security breach after a laptop containing identifiable information was stolen from an employee's car, reports Health Data Management. The laptop contained the members' names, addresses and Social Security numbers. For about 5,000 members, data also indicated that a member was enrolled in a diabetes or heart failure disease management program, the only medical information on the laptop, according to an Aetna spokesperson. The theft occurred less than two weeks ago and Aetna began notifying members within days after determining what information was on the laptop, the spokesperson says. Data on the laptop was password-protected.

Read more.

April 28, 2006 HHS Outlines Regulatory Agenda The Department of Health and Human Services (HHS) has published its semi-annual agenda that identifies regulatory actions it intends to take, reports Health Data Management. Several of the upcoming actions will affect HIPAA requirements and efforts to build a national health information network. The long-awaited proposed rule for a national payer identifier, mandated under HIPAA and finally expected early this year, has been withdrawn. According to HHS, "withdrawn" simply means that there is not a specific publication date at this time. Development of the rule has been delayed; however, when the exact date is determined, the rule will be put back on the agenda. Other items of interest to the healthcare IT industry include:

• The HHS Office of Inspector General expects in October 2006 to publish a final rule establishing a safe harbor to anti-kickback laws permitting hospitals and others to assist physician practices in adopting information technology. But an accompanying final rule from the Centers for Medicare and Medicaid Services (CMS) to give similar exceptions in the Stark Act regulating physician referral practices is not slated until October 2008. However, both rules should be out this year, says David Brailer, MD, National Coordinator for Health IT.
• CMS in August 2006 anticipates publishing a detailed notice to describe data that will be available from the National Plan and Provider Enumeration System.
• Proposed rules making periodic revisions to HIPAA transactions and code sets are expected in January and February, 2007.
• A final rule establishing standards for electronic claims attachments is expected in September 2008.

Read more.

April 12, 2006 CalRHIO Recommends Data Standards The California Regional Health Information Organization (CalRHIO) has published a list of recommended data standards necessary to achieve interoperability across the state. CalRHIO’s data standards roadmap provides a guide for California healthcare organizations as they purchase new or upgrade current health information technology. It is also intended to assist health IT vendors in upgrading and developing products. The roadmap illustrates the current data standard in use and the standard expected to be in use by 2010 and beyond. Nine areas are addressed: administration and finance, allergies, clinical documentation, imaging, immunization, laboratory, medication, services, and vocabulary.

View the roadmap (PDF).

April 12, 2006 Privacy Concerns Delay Action on Health IT Legislation Witnesses and lawmakers at a House Ways and Means Health Subcommittee hearing on Thursday, April 6, urged the House to act on a bill (HR 4157) that would encourage the adoption of health IT, reports KaiserNetwork. The Senate has passed similar legislation (S 1418), but the House has not yet acted on its bill, in part because of concerns from privacy advocates that the legislation does not provide adequate safeguards. At a press briefing April 5, 26 organizations urged House lawmakers to make strong privacy rights a large part of any health IT legislation approved by Congress.

Read more.

April 12, 2006 Texas Appeals Court Taking Time Deciding HIPAA Case Soon after an overhaul of federal health care privacy laws took effect in April 2004, journalists sometimes found they could not gather information usually taken for granted, reports the Associated Press. Then in December 2004, Texas Attorney General Gregg Abbott ruled that state public information laws trumped HIPAA. Information already deemed public under state laws would remain that way, Abbott said, calling it the strongest legal opinion on the matter in the country. But that ruling was soon challenged in court. And nearly a year after oral arguments before the Third Court of Appeals in Austin, freedom of information advocates are still waiting for a decision.

Read more.

April 12, 2006 Groups Work on Health Info Exchanges Last week, Connecting for Health released its Common Framework for the policy and technical components needed for healthcare information exchange, reports Healthcare IT News. Connecting for Health, a public-private collaborative led by the Markle Foundation, tested the approach in Boston, Indianapolis and Mendocino County, CA, using 20 million electronic health records from more than 500,000 patients.

Meanwhile, according to a new report from the American Health Quality Foundation, healthcare quality-improvement organizations in 41 states are supporting the development of health information exchanges at the state, regional and local levels, reports Government Health IT. The organizations are working with medical offices and clinics to implement health IT and with the exchanges that are trying to get started nationwide, the foundation’s report states. The report, "Quality Improvement Organizations and Health Information Exchange," states that quality-improvement organizations can accelerate the formation of health information exchanges because of the organizations’ expertise in many of the activities that exchanges typically do in their formative stages.

Read Healthcare IT News' article, "Group Creates Framework for Healthcare Data Exchange."

Read Government Health IT's article, "Quality-Improvement Groups Help Form Health Info Exchanges."

April 6, 2006 OCR Releases Updated Unofficial Version of Full HIPAA Text The Office for Civil Rights (OCR) has posted the updated Unofficial Version of the HIPAA Administrative Simplification Regulation Text, as amended through February 16, 2006. This document includes the final "HIPAA Administrative Simplification Enforcement Rule" that was published at 71 Federal Register 8389 (February 16, 2006), as well as for the first time the HIPAA Administrative Simplification rules at 45 CFR Part 162 that are administered by the Centers for Medicare & Medicaid Services (CMS). Thus, this version now includes all of the final HIPAA Administrative Simplification regulations.

Read the "Updated Unofficial Version of HIPAA Administrative Simplification Regulation Text (PDF)."

April 5, 2006 UK's Move to Patient Record System Reports Major Difficulties, Are We Next? The UK's National Audit Office is being urged to investigate reports the switch to a new National Health Service (NHS) computer system could have put patients at one hospital at risk, reports BBC News. Reports seen by Computer Weekly show Oxford's Nuffield Orthopaedic Centre saw "major" difficulties when it moved to the 6.2 billion pound patient record system. Concerns over patients being "lost in the system" were also raised. NHS Connecting for Health, which is delivering the system, denies patients' safety was affected.

Here in the US, the Federal Family Health Information Technology Act (HR 4859) recently submitted by US Congressmen Jon Porter (R-NV) and William Clay (D-MO) pushes for the deployment of an electronic medical record (EMR) system to manage the medical and insurance records of Federal employees, which is designed to be used as a springboard for a nationwide EMR system for all US citizens, reports Computerworld. Concerns over the potential risks and costs of the sytem, however, are a critical factor.

Read BBC News' article, "Fears Over Patient Record System."

Read Computerworld's article, "EMR/EHR Problems in the UK, Are We Next?"

Read Government Computer News' article, "Let Federal Employees Lead the Charge for Electronic Health Records" by Rep. Jon Porter.

April 5, 2006 Two New Data Protection Bills Await Vote in Congress Two new measures that have come out of committee and await voting in the House of Representatives seek to protect the data handled by information brokers and to set standards for notification when a security breach occurs, reports PC World. The two bills approach the problem in different ways. The first, the Financial Data Protection Act (HR 3997), amends an existing law – the Fair Credit Reporting Act – while the other, the Data Accountability and Trust Act (HR 4127, or DATA) creates a new law. Both measures go beyond breach notification and introduce new regulations for the affected industries, and both would supersede anything at the state level.

Read more.

April 5, 2006 AHA Comments on Commission's Proposal to Certify Hospital IT Products In a comment letter last week, the American Hospital Association (AHA) applauded the Certification Commission on Health IT for pursuing certification of inpatient IT products, but recommended several improvements to the panel’s proposed approach, reports AHA News. AHA recommended the commission form a work group to explore ways to certify whether a product is user-friendly, reliable, and easily maintainable. It also advised the panel to consider products’ ability to integrate within the enterprise, such as connecting to ancillary department systems like lab and pharmacy. AHA expressed concern about the meaning of certification for hospitals and health systems with advanced IT systems, as they already have considerable investments in specific systems and sometimes their own software. The commission is developing criteria to certify IT products as meeting certain standards for functionality, security and interoperability. It expects in late April to approve final criteria for ambulatory electronic health records and certify its first vendors in June. The commission also is starting work on certification criteria for inpatient electronic health records.

Read more (PDF).