Home » Tag: HIPAA

HHS Issues HITECH Act HIPAA Enforcement Rule

The Department of Health and Human Services has published an interim final rule to conform the enforcement regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the HITECH Act, the Health Information Technology for Economic and Clinical Health Act which was enacted as part of the American Recovery and Reinvestment Act of 2009. The HITECH Act privacy and security provisions became effective on Feb. 18, 2009.

HITECH is concerned with defining the requirements for being compatible with the security and privacy regulations of the Privacy Rule. HITECH also facilitates the expansion of HIPAA standards.

The interim final rule is an amendment of HIPAA’s enforcement rules relating to civil monetary penalties incorporating the HITECH Act’s categories of violations, ranges of civil money penalty amounts, and revised limitations on the Secretary’s authority to impose civil money penalties for established violations of HIPAA’s Administrative Simplification Rules. This interim final rule is effective 30 days after today.

Prior to the HITECH Act, the money penalty for HIPAA violations was not more than $100 for each violation or $25,000 for all identical violations of the same provision. A covered entity could also avoid the civil money penalty by showing that it did not know that it violated HIPAA regulations.

HITECH Act Enforcement Interim Final Rule

Section 13410(d) of the HITECH Act, which became effective on February 18, 2009, revised section 1176(a) of the Social Security Act (the Act) by establishing:

  • Four categories of violations that reflect increasing levels of culpability;
  • Four corresponding tiers of penalty amounts that significantly increase the minimum penalty amount for each violation; and
  • A maximum penalty amount of $1.5 million for all violations of an identical provision.

It also amended section 1176(b) of the Act by:

  • Striking the previous bar on the imposition of penalties if the covered entity did not know and with the exercise of reasonable diligence would not have known of the violation (such violations are now punishable under the lowest tier of penalties); and
  • Providing a prohibition on the imposition of penalties for any violation that is corrected within a 30-day time period, as long as the violation was not due to willful neglect.

This interim final rule will become effective on November 30, 2009.

The HITECH Act
What is HITECH Act? The HIPAA Privacy Rule defines the regulations that are to be followed to become HIPAA-compliant but it is the HITECH Act that defines on the criticality of following these norms and elaborates on enforcement, accountability, penalty and persecution-related guidelines for those involved in sharing or accessing Protected Health Information.

You can find our more information on http://whatishipaa.org/hitech-act.php

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

admin 31 October 2009 Privacy , No Comments

Benefits of President Obama’s Health-care Information System Plan

The benefits of a fully computerized health record system in President Elect Obama’s American Recovery and Reinvestment Plan

President-elect Barack Obama recently spoke at George Mason University on the economy and his plans for it. One of his main promises was that he would take steps to computerize paper health records within a period of five years. This according to Obama would eliminate red tape while minimizing waste, medical errors and the repetition of costly medical tests. This is certainly a good move, but what are the challenges and obstacles faced by this initiative? What are the benefits that would be gained through this venture?

Challenges and obstacles

There are many challenges and obstacles in the way of fully computerizing health-care information systems throughout USA. These are

1] High Costs – According to estimates by Harvard and other organizations, the initiative could cost up to 100 billion dollars over the expected 10 year implementation period.

2] The need for specialized labor and effort – Setting up and maintaining an electronic health records system will be a highly technical task that will require specialized labor and skills. It would require the employment of large numbers of health information technology professionals, who unfortunately are hard to find at the moment. Because of this, many Information Technology professionals will need to be provided with specialized training for employment in the healthcare system.

3] Patient privacy concerns – Patient’s medical records need to be kept private because of their sensitive nature. A computerized health record system raises new challenges to privacy of the records such as hackers and computer failures.

4] HIPAA compliance Issues – Many of the currently existing online health record systems do not comply with HIPAA [Health Insurance Portability and Accountability Act], the American health privacy law.

5] The current state of medical records keeping – Only around 17% of physicians and 8% of hospitals utilize computerized health record systems at the moment. The majority still use paper record systems, hence there is much to be done in this regard.

Tremendous benefits

However, tremendous benefits are expected if the above mentioned challenges and concerns are successfully resolved. One of the main objections to Obama’s plan has been its cost. However the healthcare industry spends around $2 trillion every year whereas Obama’s plan would cost $100 billion to implement according to estimates. So it is a small amount when compared with the expected benefits that the move can bring. Moreover the computerization of the health record system can save the healthcare industry up to 300 billion dollars per year according to some expert estimates. Another benefit is that a number of new jobs will be created, as personnel will be needed to implement and maintain a computerized health record keeping system. Some estimates place the amount of jobs generated at up to 212,000. The system will standardize health record keeping and make tracking a patient’s health data across providers easier. There will also be increased savings for every US family as health care costs will be reduced.

So is this initiative a giant leap forward? Or a shot in the dark? Considering the state that the economy is, we need innovative and forward thinking plans even if they involve taking risks or overcoming many challenges. Moreover, the future is digital. Everything we have seen indicates a switch to computerized systems. Why should the system of keeping medical health records be any different? This initiative will certainly increase healthcare quality and reduce healthcare costs if all goes well.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

admin 23 January 2009 Medical , , , 14 Comments

Electronic Medical Records for (HIPAA) Compliance

Technology promises many important advances in the way the medical industry maintains health records. By introducing new technology and electronic medical records, health-care professionals can prevent medical mistakes, and provide more cost effective record management. Technology improves efficiency and productivity while leading to better health care value. The health care industry has long been at the forefront of technological innovation and this is particularly evidenced by the growth in electronic patient medical records.

There are two types of computerized medical records. The first type of computer medical records are digital images from scanned paper-based medical records in TIFF or PDF formats. The second type is paperless electronic medical record (EMR).

The EMR is the legal record of what happened to the patient during the clinical patient encounter. Included in this information are patient meta data, progress notes, prescriptions, electrocardiogram (EKG) tests, medical history, immunizations, lab results and radiology reports.

The electronic medical record (EMR) is essential for the efficient storage, distribution, and retrieval of patient records in hospitals. An important benefit of EHR is improved workflow as document management software contain built in workflow modules. Workflow modules include manual workflow and rule-based workflow. Manual workflow allows users to view the document and decide who to send it to. Rules-based workflow allows administrators to create rules to direct the flow of the health care through the facility. For instance, approval workflow routes a medical record or data to a group of people for approval.

Hospitals and health care providers still require the old paper-based medical records after the introduction of an electronic medical record (EMR) in a hospital. The solution is to scan in existing medical records and charts using OCR can create PDF files that are searchable. Searching is also done by reading the contents, aided by naming conventions of the PDF file name. These searchable files can be stored on secured servers that can be accessed only by those with the proper credentials. This technology is a win for doctors and patients alike.

This new way data management of patient medical records addresses compliance issues with the Health Insurance Portability and Accountability Act, commonly referred to as the HIPAA. This act requires that hospitals and health care providers maintain detailed patient medical records so that health records are accessible and portable.

When information is stored on a computer connected to a network, there are naturally concerns expressed about the security of the patient medical records. Because of these concerns, the HIPAA mandates that precautions must be taken to ensure the security and confidentiality of any medical records stored on the server. This is accomplished by securing both the server and the network from unauthorized individuals.

The HIPAA also requires that health care providers and hospitals must maintain proper records concerning who has access to the medical records as well as information on those who access the records. This helps maintain the confidential nature of patient medical records.

The end result of scanning in the patient medicals, storing them on a secure server, and then tracking access to the records is that patients are able to receive better, more accurate health care while doctors are able to have much more information about the patient’s condition available to him. Everyone in the health care system can benefit from this increased efficiency.

Do you need a medical records scanning company? Go to New York Document Scanning for medical records document scanning, HIPAA compliance and more.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

admin 17 January 2009 Medical, document management , , 10 Comments