| HIPAAdvisory > HIPAAnews > Recent News |  |
|
In the News:November 28, 2006 Computers Containing Women's Health Data Stolen More than 7,500 women in Indiana are at risk of identity theft after two computers containing protected health information collected for the state were stolen earlier this month, reports the Evansville Courier & Press. The computers were taken from a health center in Jeffersonville, IN, that contracted with the Indiana Department of Health to manage information in the state's Breast and Cervical Cancer Program, department spokesman Erik Deckers said. Data stored on the computers and protected by two passwords may include a woman's name, address, birthday and Social Security number as well as some medical and billing information, Deckers said. November 28, 2006 HHS Developing Emergency-Responder Health IT Use The Department of Health and Human Services (HHS) is developing details of an emergency-responder electronic health record as another early use for health IT and plans to publish the final detailed use case in December, reports Government Computer News. Based on lessons learned from Hurricane Katrina, a federal study recommended use of interoperable electronic health records systems for use by emergency responders. HHS’ health IT coordinator and the American Health Information Community, a public-private advisory group, have established other health IT early uses for the exchange of data in electronic health records and consumer-controlled personal health records in response to bioterrorism and to support chronic-care treatment. The final version of the emergency-responder health record use case is expected for the next AHIC meeting is Dec. 12. November 22, 2006 Only Six Months Remaining to Get Your NPI, CMS Posts More NPI FAQs The Centers for Medicare and Medicaid Services (CMS) is reminding everyone that only six months remain until the National Provider Identifier (NPI) compliance date of May 23, 2007. The implementation of the NPI is a complex process that will impact all business functions of your practice, office or institution including billing, reporting and payment. This is why providers are urged to get, share, and use their NPI now to avoid a disruption in cash flow. It is estimated that use of the NPI can require a transition period of no less than 120 days. Providers should begin to test and use their NPIs in electronic healthcare transactions no later than January 31, 2007. May 23, 2007 is not when the process starts, but when the process must be completed. CMS continues to update its Frequently Asked Questions (FAQs) to answer many of the NPI questions they receive on a daily basis. View recent updates to CMS' NPI FAQs. November 22, 2006 NCVHS to HHS: Extend HIPAA Privacy Rule In a draft report, the National Committee on Vital and Health Statistics (NCVHS) recommends that the Department of Health and Human Services (HHS) extend the reach of the HIPAA privacy protections to all personal health records, reports Government Health IT. It recommends that HHS provide those protections "through enhancements and extensions to HIPAA or through other appropriate mechanisms." The draft report, which lists functional requirements for the Nationwide Health Information Network (NHIN), also recommends that HHS develop policies for identifying individuals and the locations of their health information, such as doctors' offices or hospitals, to ensure that medical professionals accurately match people to their health records. The recommendation does not require a national system of health ID numbers, which would be optional. A scheduled November 30 meeting of NCVHS' Subcommittee on Privacy and Confidentiality will gather more information about uniform protection of information, wherever it resides. November 10, 2006 NIST Releases Information Security Handbook for Managers The National Institute of Standards and Technology (NIST) announced yesterday the release of Special Publication 800-100, Information Security Handbook: A Guide for Managers. This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program. Even though the document is geared toward the federal sector, the handbook can also be used to provide guidance on a variety of other governmental, organizational, or institutional security requirements and is useful to any manager who requires a broad overview of information security practices. View NIST's "Information Security Handbook: A Guide for Managers." November 9, 2006 Akron Children's Hospital Computer System Breached Akron Children's Hospital has notified federal authorities following the discovery of two unauthorized breaches into separate computer databases at the hospital, reports the Akron Beacon Journal. The first database contained personal information about hospital patients and the parents or guardians who provide their health insurance. The hospital said there is no evidence that any medical or financial patient information was exposed. The second breach involved a server containing information about individuals who have made donations to the hospital. That breach may have exposed personal financial information, including some unencrypted bank account and routing numbers, the hospital said. November 9, 2006 Group Promotes Medical Banking Standards The Medical Banking Project has announced the ratification of an initial set of Advisory Board members related to its open source, open standards-based initiative called COMBAT for "Cooperative Open-source Medical Banking Architecture and Technology." The effort, intended to spur industry adoption of medical banking principles and technology, targets rising healthcare costs by implementing a real time administrative and clinical messaging test platform that banks can use to engage all healthcare stakeholders, including consumers. November 2, 2006 DOD E-Health System Goes Dark The Clinical Data Repository (CDR), which holds the medical records of 8.6 million active-duty and retired military personnel and their family members, failed Nov. 1 and is unavailable to Department of Defense (DOD) clinicians, reports Government Health IT. The CDR is part of the Armed Forces Health Longitudinal Technology Application (AHLTA), the DOD electronic health record systems. Because the CDR was "degraded" and “completely unavailable,” clinicians should use a local failover cache, according to an internal DOD e-mail. The CDR is housed at one of the 17 data centers operated by the Defense Information Systems Agency, and the internal e-mail said DISA engineers are investigating the problem. System downtime and slow system response have hampered clinician productivity according to top medical officials in the Army, Navy and Air Force. November 2, 2006 CMS Might Seek to Promote Healthcare IT through Regulation Acting Administrator of the Centers for Medicare and Medicaid Services (CMS) Leslie Norwalk on Wednesday in a keynote speech to the World Healthcare Innovation and Technology Congress said that without the enactment of legislation to promote healthcare IT, CMS "might have to help forward health IT on a regulatory basis," reports the Kaiser Daily Health Policy Report. According to Norwalk, CMS might seek to promote healthcare IT through demonstration projects that test new forms of reimbursement and healthcare delivery and through Medicare Quality Improvement Organizations. Norwalk also discussed the need for interoperability standards to promote healthcare IT. November 2, 2006 Mixed Reaction Greets First 'Harmonized' Health IT Standards The first set of 30 harmonized health IT standards elicited mixed reactions when it was delivered Oct. 31 by the federally sponsored Health Information Technology Standards Panel (HTSP) to the American Health Information Community (AHIC), reports Government Health IT. Senior officials from two of the federal agencies that are expected to implement the standards praised the hard work and dedication of the volunteers who put in 12,000 hours to complete the standards, but the officials said their organizations would not implement the standards until they reviewed and tested them. The panel was asked to identify the best existing standards that would be needed for using health IT to carry out three scenarios:
|
