HIPAA, HITECH & HIT :: Fox Rothschild LLP

The Secretary of Health and Human Services (HHS) released today a compendium of reports on state law, business practices, and policy variations to assist health information exchange efforts.  I reviewed some of the documents linked through HHS's e-mail and find it extremely helpful that the government is aggregating resources on its website to be used by all in their HIE and RHIO efforts.  The links and summaries of each such report provided through HHS' s e-mail are reprinted here below:

• Report on State Medical Record Access Laws This report analyzes state laws that are intended to require health care providers (specifically, medical doctors and hospitals) to afford individuals access to their own health information and to identify potential barriers to the electronic exchange of health information.  Specific state law provisions examined: scope of medical records to which patients are afforded access, format of information furnished, deadlines for responding to requests, fees for furnishing copies, record retention laws and access to records of minors.
   
• Report on State Law Requirements for Patient Permission to Disclose Health Information
  In Phase I of the HISPC project a majority of participants reported significant variation in the business practices and policies surrounding the need for and process of obtaining patient permission to use and disclose personal health information for a variety of purposes, including for treatment. This report furthers the initial work of this project by collating and analyzing state laws that govern the disclosure of identifiable health information for treatment purposes to identify commonalities and differences.
  
   
• Releasing Clinical Laboratory Test Results: Report on Survey of State Laws For this report, state statutes and regulations were analyzed to determine to whom clinical laboratories may release test results. This report focused on clinical laboratory and hospital licensing laws (that contain standards for hospital laboratories). It also examined general state medical record access laws to determine whether they provided an avenue for patients to access their clinical laboratory results directly.  
  
  
• Report on State Prescribing Laws: Implications for e-Prescribing This report identifies and analyzes the impact and variation of state laws related to e-prescribing.  The report addresses state laws related to the e-prescribing of controlled and non-controlled substances as well as topics such as record keeping and content requirements, out-of-state prescriptions, and generic substitution laws.
  
  
• Perspectives on Patient Matching: Approaches, Findings, and Challenges This report analyzes various approaches to matching patients to their health information in the context of electronic health information exchange.  Current and potential methods for matching patients to their health records are discussed, challenges to performing patient matching such as scalability and ease of use are analyzed, and the types of information some HIOs use to match patients to their health records is described.

• Print
• Comments
• Trackbacks
• Share Link

The National Health Information Network (NHIN) may get information moving as early as the first quarter of 2009.  In its December 16th Press Release, the Social Security Administration (SSA) indicates that it will begin receiving medical records for some disability applicants via the "MedVirginia" health information exchange (HIE) based in Richmond.  

SSA and MedVirginia were also among several federal agencies and HIEs that participated in demonstrations of the national network during the 3rd annual NHIN Forum in Washington D.C., which took place this December 15-16.  Other federal agencies that are participating in the NHIN Trial Implementation include Centers for Disease Control (CDC), Veterans Administration (VA), Department of Defense (DOD) and Indian Health Service.  There are also several other state HIEs that are actively participating in the NHIN Trial Implementation, including HIE networks from Indiana, North Carolina, Ohio, Delaware, West Virginia. 

As I've posted before, New Jersey is actively working on developing its own state-wide HIE.  The New Jersey Health Information Technology (NJ HIT) Commission is charged with approving the plan for the creation of an infrastructure to move health information, in a confidential and secure manner, among participants in a state-wide RHIO.  On December 4, 2008, I participated in the first meeting of the NJ HIT Commission, which was both inspiring and daunting at the same time, with respect to the road that lies ahead.  Yet, I look forward to working together with the other Commission members during a time of potentially revolutionary changes to health care delivery in this State, and nationally.

• Print
• Comments
• Trackbacks
• Share Link

The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has published a new HIPAA Privacy Rule guidance as part of its "Privacy and Security Toolkit" (the "Toolkit") developed in connection with "The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information" (the "HIE Framework").  The new HIPAA guidance is available on the OCR Privacy Rule web site.

The federal government developed the HIE Framework and Toolkit in order to establish privacy and security principles for health care stakeholders engaged in electronic health information exchange ("e-HIE").  The documents also include tools to help implement these principles. Among other things, the new HIPAA Privacy Rule guidance document discusses how the Privacy Rule supports and can facilitate e-HIE in a networked environment.  In addition, the documents address electronic access by patients to his/her PHI, and how the Privacy Rule applies to and supports the use of Personal Health Records.

• Print
• Comments
• Trackbacks
• Share Link

On June 12, 2008 at the Government Health IT Conference & Exhibition in Washington D.C., Microsoft released version 2 of its Connected Health and Human Services Framework, which it touted as providing a "flexible, individual and family-centered approach for addressing the challenges that face HHS agencies, departments and programs as they respond to complex social needs and problems and deliver services to individuals and families in need."

Health Data Management notes that Microsoft has been working with numerous HHS state and federal agencies, and noticed the need for a connected HHS framework that links people, information, systems and devices to help expand access to care, improve quality of services and outcomes, and help protect the safety and well-being of clients and the community. 

Eventually, if nationwide HIE becomes a reality, then public sector agencies also need to be technologically linked-in and ready to receive and send information electronically.  Many licensed facilities and providers are obligated under either state or federal reporting laws to transmit certain health information to agencies for monitoring and tracking of public health issues.  Such releases are not prohibited under HIPAA under either the "public health" disclosure exception, or because they are "required by law."

• Print
• Comments
• Trackbacks
• Share Link

The National Alliance for Health Information Technology released its final Report to the Office of the National Coordinator for Health Information Technology (aka "ONC") today which, among other things, provides consensus definitions for the following six key health information technology terms:

• Electronic Medical Record (EMR)
• Electronic Health Record (EHR)
• Personal Health Record (PHR)
• Health Information Exchange (HIE)
• Health Information Organization (HIO)
• Regional Health Information Organization (RHIO)

The project which resulted in the Report was called "Defining Key Health Information Technology Terms" and was funded by ONC with the goal of addressing the need to clarify terminology used in health IT policy, regulation, contracts and other initiatives.  The Report, which also includes helpful explanations, guidance, statistics, and links to a number of other helpful resources, is an must-see for all individuals, groups or organizations engaging in HIE and/or looking to form an HIO or RHIO . . .  as such terms are defined in the Report, of course.

• Print
• Comments
• Trackbacks
• Share Link

On May 13th, the Office of the Governor announced several direct appointments to the New Jersey Health Information Technology (NJ-HIT) Commission, and I am extremely pleased to pass along that I have been appointed to the attorney seat on the Commission.  I look forward to bringing my experience and enthusiasm to the table, and contributing to the success of the Commission's goals.

The NJ-HIT Commission was created by the New Jersey Health Information Technology Promotion Act, and its members, with the assistance of the Department of Banking and Insurance, are charged with developing, implementing and overseeing the establishment and creation of a state-wide health information technology plan utilizing electronic medical records.  Among other things, the Commission will be looking to the national standards for the State's HIT system for security, privacy, data content, format, vocabulary and information transfer standards.

The Commission will ultimately include over 19 members of the public, including representatives from professional health care organizations from across the State.

In 1994, Thomas Edison State College released a health care information networks and technology study that showed that New Jersey could save as much as $760 million by migrating from paper-based systems to an electronic network.

• Print
• Comments
• Trackbacks
• Share Link

Axolotl Corp. of San Jose, California, has been chosen to implement the Interboro Regional Health Information Exchange in order to facilitate data exchange among providers in the Queens area of New York City. The RHIO will use Axolotl's Elysium Community Virtual Health Record and EMR-Lite applications to enable participating physicians to access patient lab reports, radiology reports, medication history, allergies and other clinical data via a secure Web application. The RHIO will also use use Axolotl's Patient Index to ensure correct identification of all patients. 

Elmhurst Hospital Center and Queens Hospital Center are spearheading the development of the RHIO. Other participating organizations are New York Hospital Queens, Woodhull Medical and Mental Health Center, HHC Health and Home Care center and several payers.

• Print
• Comments
• Trackbacks
• Share Link

The Agency for Healthcare Research and Quality has released a series of reports funded by AHRQ and the Office of the National Coordinator for Health IT which examine the variations in data privacy and security among 34 regional health information organizations.  The reports found that state RHIOs varied in several areas, including the level of adoption for electronic health data exchanges, state health care market forces, and legal and regulatory conditions related to health information.   According to Health Data Management, the reports also recommend additional research and guidance on:

• Determining states' varying interpretations of HIPAA
• Assessing differences between state and federal privacy laws 
• Assessing technologies that could protect the security and privacy of individuals, as well as the related administrative processes and liabilities
• Creating a system that matches patients with their health information and is updated by various providers and organizations, and
• Developing a standard set of definitions and terms to ease health data sharing

• Print
• Comments
• Trackbacks
• Share Link

• Offering cost and quality information on payers and providers so consumers can make more informed decisions;
• Using IT to improve the management of chronic diseases, community-based long-term care, public health surveillance and a certificate-of-need process;
• Preparing for emergencies by allowing for the exchange of health information, including medications and lab test results; and
• Increasing the use of telemedicine, remote monitoring devices and other applications to help clinicians and providers in rural and underserved areas. 

• Print
• Comments
• Trackbacks
• Share Link

The California Health Care Foundation reported in its iHealthBeat publication today that Rhode Island's Department of Health has awarded a three-year, $1.7 million contract to EDS to design, implement and manage the country's first statewide electronic health record network.  The health data exchange is expected to go live in summer 2008.  The Rhode Island HIE will consolidate state residents' health data and provide authorized hospitals, physicians, pharmacists and other health care providers with access to the health records.   

According to a press release today in the Providence Business News, the HIE will be "developed with strict adherence to patient-consent policies and in conjunction with industry best practices with regard to security and privacy standards."   Interestingly, however, Rhode Island appears that it will go with an "opt-in" approach where residents must give permission before their records are stored on the network.  The majority of HIEs and RHIOs use the "opt-out" approach because it is more effective in populating the network with data for exchange.   Without data, the HIE's purpose falls apart.   Thus, it will be interesting to see if Rhode Island's HIE can effectively address the functionality, privacy and cost issues that plagued California's Santa Barbara RHIO, which was formally shut down in March of 2007, as per California's Community Clinic Voice.

• Print
• Comments
• Trackbacks
• Share Link

A three-year, $1.5 million federal grant is helping Kern County, California to begin building the infrastructure necessary for an electronic health record system, reports the Antelope Valley Press.
The Tehachapi Valley Health Care District, which operates rural health clinics in Mojave, California City and Tehachapi, in addition to Tehachapi Hospital, has created and designated the "East Kern County Integrated Technology Association" to be the hub for the EHR database. The EHR Exchange will be accessible to physicians, hospitals, pharmacies and other providers. The system will also allow patients to access their personal health records (PHR) through a secure Web site called myhealthkeeper.org. They will also be able to print out a wallet-sized card with their data to keep handy in case of emergency.

• Print
• Comments
• Trackbacks
• Share Link