Government & Policy
NewYork-Presbyterian Hospital to pay $2.2 million for 'egregious disclosure' of PHI in HIPAA violat…
NYP's actions while filming the TV show 'NY Med' blatantly violated HIPAA rules, said Jocelyn Samuels of the Office for Civil Rights.
Privacy & Security
Raleigh Orthopaedic Clinic of North Carolina will pay $750,000 to settle charges that it violated the Health Insurance Portability and Accountability Act of 1996 Privacy Rule. The group allegedly handed over protected health information for approximately 17,300 patients to a potential business partner without first executing a business associate agreement.
HIPAA-covered entities cannot disclose protected health information without authorization, and the lack of a business associate agreement left this information without safeguards, rendering it potentially vulnerable to misuse or improper disclosure.
[See them all: 10 stubborn cybersecurity myths, busted]
Raleigh Orthopaedic is a provider group practice that operates clinics and an orthopedic surgery center in the Raleigh, North Carolina, area.
The Office of Civil Rights, a division of the U.S. Department of Health and Human Services, launched its investigation of Raleigh Orthopaedic following receipt of a breach report on April 30, 2013. The investigation found that Raleigh Orthopaedic released X-ray films and related protected health information of 17,300 patients to a group that promised to transfer the images to electronic media in exchange for harvesting the silver from the X-ray films. Raleigh Orthopedic allegedly failed to execute a business associate agreement with this company prior to turning over the X-rays and health information.
[Also: OCR unleashes second wave of HIPAA audits, but will it diminish patients' privacy and security expectations?]
In addition to the $750,000 payment, Raleigh Orthopaedic is required to revise its policies and procedures to establish a process for assessing whether entities are business associates.
It is also required to designate a "responsible individual" to ensure business associate agreements are in place prior to disclosing public health information to a business associate; create a standard template business associate agreement; and establish a standard process for maintaining documentation of business associate agreements for at least six years beyond the date of termination of such a relationship. The group also must limit disclosures of personal health information to any business associate to the minimum necessary to accomplish the purpose for which it was hired.
[Also: Tips for detecting ransomware and other malware before it cripples your network]
"HIPAA's obligation on covered entities to obtain business associate agreements is more than a mere check-the-box paperwork exercise," OCR Director Jocelyn Samuels said in a statement. "It is critical for entities to know to whom they are handing personal health information and to obtain assurances that the information will be protected."
Twitter: @JELagasse
U.S. Senators and Representatives introduced a bill on Wednesday that would reduce the meaningful use reporting period from a full year to 90 days – and do so in 2016, a move pressed by healthcare organizations across the country.
Sens. Rob Portman and Michael Bennet and Reps. Renee Ellmers, Tom Price, Bobby Rush and Ron Kind introduced bipartisan legislation.
CHIME, the Medical Group Management Association, the National Rural Health Association, the Federation of American Hospitals and physician groups, not only support the bill, but have also pressed lawmakers for it.
Many of the organizations wrote CMS on March 15, asking for a 90-day reporting period for 2016.
[Also: Healthcare providers press CMS for 90-day meaningful use reporting]
“A preliminary yet critical step to facilitate increased provider success, we respectfully request CMS adopt for the 2016 reporting year the same 90-day reporting period policy for participants in the Meaningful Use program that was offered in 2015,” they wrote to CMS Acting Administrator Andy Slavitt.
CMS required a full year reporting period last year, but later reduced the requirement to 90 days in a rule that also reduced the number of meaningful use, Stage 2 requirements.
Twitter: @Bernie_HITN
Email the writer: bernie.monegain@himssmedia.com
Like Healthcare IT News on Facebook and LinkedIn
Claiming that it was "startled" by VA officials' recent testimony, the committee put strict conditions on full funding that a Senate committee already approved.
National Coordinator Karen DeSalvo, MD, is stepping away from the co-chair role on the ONC Health IT Policy Committee.
Kathleen Blake, MD, vice president of performance improvement at the American Medical Association, will replace DeSalvo, according to Politico, which reported the announcement was made Tuesday at the joint meeting of the Health IT Policy and Standards Committees.
Blake will serve alongside DeSalvo's current co-chair, Paul Tang, MD, chief innovation and technology officer at the Palo Alto Medical Foundation. Tang is also the head of ONC's meaningful use workgroup.
[Also: How satisfied are you with your EHR? Satisfaction Survey results]
DeSalvo currently serves as both National Coordinator for Health IT and Acting Assistant Secretary of Health and Human Services. She's been with ONC since January 2014.
Health and Human Services Secretary Sylvia Burwell brought DeSalvo to HHS in October 2014 to help coordinate the federal government respond to the Ebola outbreak – touting her public health qualifications after having served as New Orleans Health Commissioner in the wake of Hurricane Katrina.
In May 2015, President Barack Obama appointed DeSalvo HHS Acting Assistant Secretary for Health. If she gets a Senate confirmation hearing and is approved, she would step down from the National Coordinator post at ONC.
Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com
Like Healthcare IT News on Facebook and LinkedIn
Care coordination, quality measurement, patient engagement and population health management strategies are routinely used by physicians with electronic health records who participate in accountable care organizations or patient-centered medical homes, according to a new study published in the American Journal of Managed Care.
Aiming to find out whether doctors using health IT and working within new reimbursement models were actually employing improved care processes, researchers Jennifer King, Vaishali Patel, Eric Jamoom and Catherine DesRoches examined cross-sectional data on office-based physicians from the 2012 National Ambulatory Medical Care Survey Physician Workflow Survey.
"Early indicators suggest strong physician participation in initiatives to support health IT adoption and to reform healthcare payment and delivery," they said. "However, evidence on whether provider participation in these initiatives has translated to better care delivery is just beginning to emerge.
"Although studies prior to HITECH and the ACA found health IT and external reporting or payment incentives to be associated with a higher likelihood of performing these care processes," they added, "they are performed at low rates even when these factors are in place."
[Also: 4 surprising benefits of PCMH]
King et al. examined how ACO and PCMH docs used their EHRs for 14 specific processes in four categories: population management, quality measurement, patient communication and care coordination.
They found that those factors were independently associated with better processes: "Physicians who were using EHRs in combination with participation in ACO or PCMH initiatives had the highest likelihood of routinely performing the care processes."
Indeed, those docs "were between 6 and 22 percentage points more likely to routinely perform the care processes than physicians with EHRs alone."
While fewer than half (44 percent) reported routinely doing quality measurement, substantial majorities of docs said they routinely engage in care coordination (89 percent), patient communication (69 percent), and population management (67 percent).
"Given the cross-sectional nature of this study, these results do not establish a causal relationship between payment reform, EHR use, and these care processes," researchers said. "Nonetheless, this finding is consistent with other research that shows that healthcare providers are most likely to perform these care processes when practicing in a payment environment that incentivizes and supports such care."
Moreover, many U.S. physicians are still "not performing these processes routinely," researchers said. "Our analysis highlights several specific areas – including population management processes that require the aggregation and analysis of individual patient data and communication with patients and other care team members – where additional technology and policy supports may be important to facilitate wider adoption of these activities."
Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com
Like Healthcare IT News on Facebook and LinkedIn
Starting in 2019, Centers for Medicare & Medicaid Services, will change how they pay physicians in a profound way. Unfortunately, the details are complicated and confusing, and many of the particulars have yet to be worked out, which has led many healthcare leaders to glaze over the details and focus on more immediate concerns.
Senate Appropriations Committee approves funding VA for interoperable EHR, telemedicine, claims pro…
The bill gives the Veterans Affairs money to digitize claims processing, advance telemedicine, and modernize its electronic health record software, but only once it proves interoperability with the DoD and private sector.
The imminent set of best practices will help healthcare organizations become more penetration-resistant, more effective at limiting damage attackers can inflict and ultimately better able to withstand cyberattacks.
Bernie Sanders guarantees healthcare as a right, while Hillary Clinton says she can get to 100 perc…
Sanders is calling for a single payer system, while Clinton said she would support expanding the Affordable Care Act to insure every American.