von Briesen Health Law Blog

After a long wait, CMS has published the “meaningful use” rules on electronic health record technology.  Click here to review the final rule (276 pages) or view a quick summary in a CMS fact sheet. CMS has relaxed the final rules in some respects from its rules proposed in January.

With a grace period for implementing Business Associate Agreements and lots of proposed revisions, it looks like its going to be a while before we know the “real” impacts of HITECH on HIPAA.  Stay tuned.  Here’s a link to the new, proposed regulations.  Let us know if you have comments!

The HHS Office of the National Coordinator for Health Information Technology (ONC) released a final rule June 18 establishing a certification program for health information technology.  The rule describes the temporary certification program for EHRs, and what organizations need to do to be authorized to test and certify EHR technology.

“[EHR technology certification] assures healthcare providers that the EHR technology they adopt has been tested and includes the required capabilities they need in order to use the technology in a meaningful way to improve the quality of care provided to their patients,” according to the June 18 HHS press release.

The rule specifically establishes a temporary certification program that will help ensure the availability of certified technology prior to October, when some providers become eligible for EHR meaningful use incentive payments. It also states that a permanent program that will eventually replace the temporary one, according to the ONC.

To qualify for incentive payments organizations must use certified technology per the Medicare and Medicaid EHR Incentive Programs provisions. The program was authorized in the 2009 Health Information Technology for Economic and Clinical Health Act enacted as part of the American Recovery and Reinvestment Act.

The final rule takes effect June 24, when it will be published in the Federal Register. The ONC expects to release the permanent certification program final rule later this fall, according to the press release.

CMS recently issued Transmittal 327, which sets forth new and tougher signature requirements for medical records.  The transmittal and the specific examples of acceptable and unacceptable signatures can be found at: www.cms.gov/transmittals/downloads/R327PI.pdf.

OCR recently issued a “HITECH Act Rulemaking and Implementation Update” on its website, confirming it expects to release proposed rules regarding privacy and security provisions of HITECH.   OCR did not say when it will release the rules, but did say it will release the provisions  through notice and comment rulemaking.

The U.S. Department of Health & Human Services, as required by section 13402(e)(4) of the HITECH Act, has posted a list of breaches of unsecured protected health information affecting 500 or more individuals.  View a listing of “Breaches Affecting 500 or More Individuals” on the HHS web site.

Read the January 21, 2010 press release here.

CMS recently announced that Wisconsin’s Medicaid program would receive approximately $1.37 million in federal matching funds for state planning activities necessary to implement the electronic health record (EHR) incentive program established by the 2009 American Recovery and Reinvestment Act (ARRA).  EHR’s improve health care efficiency and quality, and make it easier for patients to access necessary information about their health.

The first lawsuit by a state attorney general under HIPAA has been filed. This is big news because previous class action suits citing failure to protect private information have failed to gain traction for lack of damages (i.e. mere failure to protect was not enough).  Using new enforcement powers under HIPAA, the state’s attorney general can bring charges for failure to protect and enforce under HIPAA.  Download the entire news story.