Header graphic for print
HIPAA, HITECH & HIT Legal Issues, Developments and Other Pertinent Information Relating To The Creation, Use and Exchange of Electronic Health Records

Category Archives: HITECH Act

Subscribe to HITECH Act RSS Feed

OCR Gets Coal in its Stocking from OIG

Posted in Articles, HIPAA Enforcement, HITECH Act, Privacy & Security

Who watches the watchdogs to ensure they’re not sleeping on the job? The Office of Inspector General (OIG) of the Department of Health and Human Services has published a report of its review of the Office of Civil Rights’ HIPAA/HITECH Security Rule oversight efforts, and some of the findings are not pretty. The report’s lengthy… Continue Reading

Lost in the Shuffle: The September 23 HIPAA Notice Requirements

Posted in HIPAA Business Associates, HIPAA Enforcement, HITECH Act, Omnibus Rule, Privacy & Security

Our partner Keith McMurdy posted a timely summary of the requirements of the HIPAA Omnibus Rule for employers and benefit plan sponsors at his Employee Benefits Legal Blog.  It is reproduced below: Lost in the Shuffle: The September 23 HIPAA Notice Requirements By Keith R. McMurdy on September 6, 2013Posted in Plan Administration, Welfare Plans… Continue Reading

Omnibus Rule Takes Effect Today – Or Does It?

Posted in HITECH Act

The HIPAA/HITECH Omnibus Rule that appeared in the January 25, 2013 Federal Register contained this cryptic and apparently contradictory statement: DATES: Effective date: This final rule is effective on March 26, 2013. Compliance date: Covered entities and business associates must comply with the applicable requirements of this final rule by September 23, 2013.   What… Continue Reading

OIG Reports Shortcomings In EHR Incentive Oversight

Posted in Articles, HITECH Act, Meaningful Use

CMS should improve its oversight of its electronic health record incentive program, according to a report by the Office of Inspector General released this month.   The government watchdog agency faults CMS for both inadequate prepayment safeguards and insufficient postpayment monitoring of recipients of federal funding intended to help cover the costs of adoption and implementation… Continue Reading

HITECH EMR Incentive Registration Opens January 3, 2011

Posted in HITECH Act, Meaningful Use

  Early EHR adopters, mark your calendars:  CMS will begin accepting registration for participation in the Medicare EHR incentive program beginning January 3,  2010.   CMS will post a link to the registration process on its Registration and Attestation page on January 3.  The sooner you apply, the sooner you can begin to qualify for the $44,000 in additional Medicare funds per… Continue Reading

OCR Releases Notice of Proposed Rulemaking Implementing HITECH Act HIPAA Changes

Posted in HITECH Act

With a press conference featuring top officials including HHS Secretary Kathleen Sibelius, the Office of Civil Rights rolled out a 234-page Notice of Proposed Rulemaking on July 8, 2010. The full text is here. The agency described the proposed rulemaking as including significant modifications to the HIPAA Privacy, Security and Enforcement rules, as well as resources and… Continue Reading

Indictments in Florida Scheme to Sell Stolen Medical Records

Posted in HIPAA Enforcement, HITECH Act

Ambulance-chasing meets the age of electronic records.  The husband and wife team of Ruben E. Rodriguez and Maria Victoria Suarez  have been charged with conspiring with an ambulance company worker to steal personal identification information of individuals transported by Randle Eastern Ambulance Service, Inc., d/b/a American Medical Response (“AMR”) and sell the information to various South… Continue Reading

Getting Meaningful with EHR

Posted in HITECH Act, Meaningful Use

   The Health InformationTechnology for Economic and Clinical Health Act or the “HITECH Act”  provides incentive payments for adoption and meaningful use of HIT and qualified EHRs.  CMS published a proposed rule defining "meaningful use" on December 30.  It’s 566 double-spaced pages long, and can be found here:  http://www.federalregister.gov/OFRUpload/OFRData/2009-31217_PI.pdf.   An eligible physician or other professional… Continue Reading

HHS Issues Interim Final Rule to Implement the HITECH Act’s Strengthened Civil Money Penalty Scheme

Posted in HITECH Act

On October 30, 2009, the Secretary of the HHS adopted an Interim Final Rule amending HIPAA’s enforcement regulations relating to the imposition of civil monetary penalties (“CMP”). Most significantly, the Interim Final Rule distinguishes between violations occurring before February 18, 2009 and violations occurring on or after that date with regard to the penalty amount… Continue Reading

Covered Entity Liability for Business Associate Ignorance of Breach under HITECH — Really?

Posted in HIPAA Business Associates, HITECH Act

For covered entities (CEs) who have tight privacy and security measures in place, the breach notification requirements under HITECH (amending HIPAA) might not seem especially onerous.  But what about breaches the CE doesn’t know about?  What if the CE’s business associate (BA) fails to report a breach of unsecured health information?  What if the BA… Continue Reading

Let the Breach Notifications Begin! . . . (in 30 days, or so)

Posted in HITECH Act, Security Breach Notification

The U.S. Department of Health and Human Services (HHS) announced today in a News Release that it has issued new regulations requiring health care providers, health plans, and other entities (e.g., now also Business Associates) covered by the Health Insurance Portability and Accountability Act (HIPAA), to notify individuals, and in some instances the media and HHS, in the event of… Continue Reading

HITECH Help Is On the Way! August 19, 2009

Posted in HITECH Act, Speaking Engagements & Conferences

     Do you need help understanding what to do in light of HITECH’s privacy and security changes to HIPAA?  Are you concerned about HITECH’s increased penalties for HIPAA violations? Are you struggling to understand what needs to be done under the New Jersey Security Breach Notification Act, and how these state requirements reconcile with the HITECH breach notification requirements?      … Continue Reading

Relationship of “Meaningful Use” of EHR, and the Department of Veterans Affairs

Posted in EHR and PHR, Governance Issues, HITECH Act, Meaningful Use

[Installment 5 – Governance Considerations from HIT for the Board and Other Hospital Stakeholders]  This is the fifth in a series of blog posts that relate to the governance concerns surrounding developments in HIPAA, HITECH and HIT.  The other week, two separate and apparently unrelated events occurred on consecutive days with respect to electronic health records… Continue Reading

Will Too Much “Meaning” = Not Enough Use?

Posted in EHR and PHR, HITECH Act, Meaningful Use

When I first reviewed the Matrix and other documents released by the HIT Policy Committee’s “Meaningful Use” Workgroup, my initial reaction was “When did defining ‘Meaningful Use’ of EHR morph into attempting to use EHRs to ‘meaningfully’ reform the entire healthcare delivery system.”?  More simply put, the Workgroup’s initial recommendations seemed to me to be over-ambitious. The term… Continue Reading

“Meaningful Use” Comments Due June 26th

Posted in HITECH Act, Meaningful Use

The Office of the National Coordinator for Health Information Technology (ONC) is seeking comments on the preliminary definition of “Meaningful Use,” as presented to the HIT Policy Committee on June 16, 2009.  Comments on the draft description of Meaningful Use are due by    5:00 pm EST June 26, 2009.  Below are links to the HIT… Continue Reading

Putting ARRA Money in the HIPAA/HITECH Enforcement Mouth

Posted in HIPAA Enforcement, HITECH Act, New Jersey, Privacy & Security

In accordance with the 90-day deadline established for an operating plan to be submitted to Congress on expenditures related to the $2 Billion Dollars appropriated under the American Recovery and Reinvestment Act ("ARRA") relating to health information technology ("HIT"), the Office of the National Coordinator ("ONC") has submitted its proposed ARRA Implementation Plan to Congress. The Plan’s proposed Funding Table is as… Continue Reading

HHS Issues Guidance on Security Breach Notification

Posted in HITECH Act, Security Breach Notification

On April 17, 2009, the federal Department of Health and Human Services (HHS) issued guidance specifying the technologies and methodologies that render PHI unusable, unreadable, or indecipherable to unauthorized individuals, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of the American Recovery and Reinvestment Act of 2009… Continue Reading

FTC Issues Proposed Rules for Security Breach Notification under HITECH

Posted in HITECH Act, Security Breach Notification

The Federal Trade Commission (FTC) posted its proposed rule today implementing new breach notification requirements for health records, which were required to be promulgated by the Health Information Technology for Economic and Clinical Health ("HITECH") Act.  The FTC rule will apply to vendors of personal health records and related entities not covered directly by HIPAA.   The Department of… Continue Reading

HITECH Act Signed Into Law – High Hopes Follow

Posted in HITECH Act, Privacy & Security

Today, President Obama signed the Health Information Technology for Economic and Clinical Health Act (known as the "HITECH Act") into law. The final version of HITECH Act is posted on the Library of Congress’ THOMAS website. The HITECH Act addresses various aspects relating to the use of health information technology ("H.I.T."), including providing for federal… Continue Reading