The use of home-based blood pressure monitoring devices and online reporting tools can help patients manage hypertension, according to preliminary research from a new study, Healthcare IT News reports.
Researchers from Kaiser Permanente Colorado, the American Heart Association and Microsoft conducted the study, which was presented last week at AHA’s 11th Scientific Forum on Quality of Care and Outcomes Research in Cardiovascular Disease and Stroke.
Study Details
The study involved 348 patients ages 18 through 85 who had uncontrolled high blood pressure. Researchers randomly divided the study participants into a home monitoring group and a usual care group (Millard, Healthcare IT News, 5/21).
The home monitoring patients received a blood pressure device with a USB connection that allowed users to transmit readings to AHA’s Heart 360 website and a Microsoft HealthVault personal health record account (Hobson, “Health Blog,” Wall Street Journal, 5/21).
The system also uploaded the information to Kaiser’s electronic disease registry, which allows clinical pharmacists to monitor readings and consult with patients to adjust their medications (Goedert, Health Data Management, 5/24).
After six months, researchers found that 58% of patients using the monitoring device had lowered their blood pressure to healthy levels, compared with 38% of patients in the control group (Dotinga, HealthDay/BusinessWeek, 5/21).
Study authors said more research would be necessary to confirm the findings (“Health Blog,” Wall Street Journal, 5/21).
Source: iHealthBeat
On Tuesday, Sens. John Thune (R-S.D.) and Mark Begich (D-Alaska) introduced a bill (S 3416) that would exempt certain small businesses — including physician and dentist offices — from the Federal Trade Commission’s so-called “Red Flags Rule,” which aims to minimize identity theft, Health Data Management reports (Goedert, Health Data Management, 5/26).
The FTC rule classifies physicians and other small businesses as “creditors,” thus requiring them to adopt certain measures to prevent identity theft (Rapid City Journal, 5/25).
The regulations are scheduled to take effect on June 1. Several medical associations recently filed a lawsuit to prevent federal officials from applying the rule to physicians (Health Data Management, 5/26).
Thune said FTC’s regulations “are too broad and ensnare businesses that pose little risk to consumers.” He added that S 3416 “will help small businesses avoid the costly implementation of unnecessary measures to guard against identity theft” (Rapid City Journal, 5/25).
Next Steps, Outlook
The bill was referred to the Senate Banking, Housing and Urban Affairs Committee, but a hearing has yet to be scheduled.
Last year, a similar bill (HR 3763) passed the House in a 400-0 vote (Health Data Management, 5/26).
Source: iHealthBeat
HCA, Nashville, said it has hired Thomas Garthwaite, M.D., to be chief operations officer of its clinical services group, effective June 1. Garthwaite, 62, has been executive vice president and chief medical officer of Catholic Health East, Newtown Square, Pa., since 2006.
Source: Modern Physician
Michael Schatzlein, M.D., will end 16 years as an executive with Lutheran Health Network, Fort Wayne, Ind., effective June 4, to become president and CEO of St. Thomas Health Services, Nashville, according to the health network.
Schatzlein, 59, first came to Fort Wayne in 1980 as a physician in charge of building an open-heart surgery program, Lutheran Health Network says. His executive career began in 1994 and has included roles as senior vice president of development and chief operating officer of Lutheran Health Network and CEO of two of the seven hospitals in the system, which is now owned by Community Health Systems, Franklin, Tenn. Schatzlein replaces Patrick Madden, who was president and CEO of another Ascension Health system, Sacred Heart Health System, Pensacola, Fla., and Gulf Coast/North Florida market leader when he took the helm at St. Thomas on an interim basis. Madden retired from those positions on Jan. 1, according to Ascension. Madden replaced Jim Houser, who announced his resignation in February 2009 amid heavy physician criticism of potential cost-cutting moves that were in response to the recession. Two other executives left the system the following week.
Source: Modern Healthcare
Patient records can contain information that is both life-saving and life-threatening. Physicians consult over the Internet; orders are sent via e-mail; data are accessible and stored in any number of ways. For the most part, the health care industry is chock-full of data security challenges.
The high level of interest in computerized patient record systems means that more people have access to the patient record, opening the door to new liability issues. Simply stated, organizations are at greater risk of violating a patient’s legal right to privacy.
Due to increased attention to quality, cost, utilization, and increased access as a result of automation, the list of people who potentially have access to the electronic patient chart could easily exceed 50 in any given 24-hour period. This list includes not only direct caregivers, but also case managers, utilization review and quality management staff, allied health professionals, financial managers, medical records personnel, billing specialists, payer representatives, and federal and state government agencies.
Computerized medical records can improve the costs and outcomes of health care delivery by providing improved efficiency and access to data. The advent of new and expanded information technology in health care has created both concern and liberation for health care organizations. Topping the list of these concerns are security, confidentiality, accessibility, and integrity of information. As discussed in the December issue, negative publicity about the Internet has created increased public concern about the security and confidentially of information. While rushing to implement new systems and address year 2000 issues, health care organizations must ensure that the confidentiality and security of patient data are not jeopardized.
Source: BNET
“As the federal government prepares to spend up to $27 billion in stimulus funds to promote electronic medical records, a health technology industry survey suggests that a number of hospitals, health clinics, and insurance firms are violating federal security rules on patient data and putting sensitive health information at risk,” The Center for Public Integrity reports. “The November survey by the health technology trade association Healthcare Information and Management Systems Society (HIMSS) found that one in four of the 196 health organizations that responded do not conduct a formal risk analysis to identify security gaps in electronic patient data. … failure to conduct a formal risk analysis is a violation of the Health Insurance Portability and Accountability Act (HIPAA), which became law in 1996.”
Susan McAndrew, deputy director for health information privacy at HHS’s Office for Civil Rights, “said the agency hasn’t issued any fines because the goal of enforcement is to nudge doctors, hospitals, and insurers into compliance, not to punish them.” Industry insiders “say there have been few patient data security cases at HHS because the agency relies on media reports, complaints, and referrals from other agencies to learn of potential HIPAA rules violations, which has not generated a wide number of leads or investigations” (Eaton, 1/19).
Source: Kaiser Health News
If your patient records aren’t already stored digitally, they are likely to be digitized soon. There is a tremendous push by the federal government—as well as by some private payors and self-insured employers—to get all healthcare providers wired in the near future, in order to better coordinate patient care, improve outcomes, and “bend the cost curve” all at the same time. There are some financial incentives in play to achieving “meaningful use” of “certified” EHR systems; those terms are to be defined in federal regulations later this year, but the outlines of those definitions are already pretty clear.
Once all that patient data—or as it is known in HIPAA-speak, protected health information (PHI)—is stored electronically, it becomes exposed to potential data breaches. In late September, two sets of federal regulations took effect that address the way in which PHI should be maintained, and the steps that should be taken to prevent a data breach and to notify the government and affected individuals in the event there is a data breach.
Compliance with these rules— issued under authority of the HITECH Act by the US Department of Health and Human Services (HHS) with respect to healthcare providers, and by the Federal Trade Commission (FTC) with respect to EHR vendors and other similar third parties—requires affected practices and businesses to assess and update their data privacy and security policies and procedures, as well as train all affected staff accordingly.
The exposure in case of violation is significant, both in terms of fines and penalties and in terms of bad publicity—certain data breaches require notice to potentially affected individuals via the general media in addition to notices required to be filed with the regulators. The new rules—I call them Son of HIPAA— are layered on top of existing HIPAA privacy and security rules: the FTC’s Red Flags Rule, regarding identity theft protections to be put in place by any “creditor” (which includes healthcare providers not paid in full at the time of service), and state privacy rules. While HHS and FTC took some pains to harmonize the new rules so that patients will not be bombarded with multiple data breach notifications about the same incident, for example, the other applicable rules out there have not been harmonized.
The key concept in the new breach notification rules is that encryption of patient data will eliminate the need to notify patients and the federal regulators in case of an inappropriate release of data. Such a release, if the data is encrypted (ie, unusable, unreadable, or indecipherable), is not considered a breach. Encryption is not required, though, and each affected entity must engage in a cost-benefit analysis before deciding whether to encrypt all affected data.
Another important aspect of the rule is the concept of harm—the regulators decided that not every data breach should trigger all of the notice requirements, just breaches that “pose a significant risk of financial, reputational, or other harm to the individual.” For example, if an employee of a healthcare provider accesses a patient record inappropriately, but immediately realizes his or her mistake, and exits the record quickly and does not retain any PHI, that is not a reportable data breach.
Finally, “business associates” under HIPAA are now required to implement policies and procedures to maintain privacy and security of PHI, parallel to those that have been required of “covered entities” under HIPAA since the beginning. All business associate agreements and notice of privacy practices (NPPs) will have to be updated to account for the new requirements before February. Healthcare providers that wish to distinguish themselves should consider revising their NPPs to highlight the ease with which they will make copies of records available to patients. This is a bone of contention for many patients, and ensuring that patients’ rights to their records are easily exercised () could be a way to build goodwill among patients and potential patients.
By necessity, this is an extremely brief introduction to a very involved set of regulations. My hope is that you now have a sense of how important it is to be sure that your operations are fully compliant with the regulatory requirements before full enforcement and random field audits begin in February 2010.
Source: KevinMD
The Federal Trade Commission said it is reviewing concerns that digital copy machines were retaining sensitive information and is reaching out to retailers and government agencies to safeguard users’ private data.
FTC Chairman Jon Leibowitz said in a letter (pdf) last week to Rep. Ed Markey (D-Mass.) that the agency has also launched an education campaign around informing users of copy machines that information such as financial and health data can be retained on hard drives. Machines that retain data can be accessed by identity thieves, particularly as copiers are resold without wiping clean hard drives.
“Like you, we also are concerned that personal information can be so easily retrieved by copiers, making it vulnerable to misuse by identity thieves,” Leibowtiz wrote.
The privacy implications of digital copy machines stem from a report by CBS that showed copiers were essentially acting as computers, with hard drives data being circulated among several parties as copiers were resold. Markey had called for an investigation into the issue.
“I am also pleased to learn that the FTC is reaching out to copier manufacturers and resellers to ensure that all parties are aware of the privacy risks associated with digital copiers while helping to educate the public about this important issue,” Markey said.
Source: The Washington Post
On Wednesday, the Medical Group Management Association sent a letter to HHS’ Office for Civil Rights asserting that the new disclosure requirements under the HITECH Act would be “extremely difficult to achieve without an enormous outlay of resources,” Health Data Management reports
MGMA sent the letter in response to a recent request for information from OCR, which is developing a rule to address the disclosure of protected medical information under the HITECH Act (Goedert, Health Data Management, 5/19).
The HITECH Act, part of the 2009 federal economic stimulus package, strengthens the HIPAA privacy rule. The act requires all health care providers, payers and their business associates to account for the disclosure of protected patient data included in an electronic health record, even if the information is disclosed for health care treatment or billing purposes (Cadet, CMIO, 5/19).
MGMA Survey
In the letter, MGMA cited a recent survey it conducted among its member medical groups that use EHR systems.
Out of the 369 medical groups that participated, the survey found that:
In addition, 55% of the survey respondents said meeting the new HIPAA requirements would be “extremely burdensome” on their practices.
MGMA Concerns
MGMA wrote that providing an account of all health information disclosures would require “a substantial amount of manual collection from multiple data sources.”
William Jessee, MGMA president and CEO, said the requirement “may be such a significant impediment for physician practices” that it could hinder EHR adoption (Conn, Modern Healthcare, 5/20).
MGMA urged OCR to consider revising the disclosure requirements and said it would continue working with the office to ensure patient privacy while promoting EHR adoption (CMIO, 5/19).
Source: iHealthBeat
Physicians and other health care providers increasingly are turning to Web-based communication tools such as videoconferencing applications, e-mail and instant messages to develop closer relationships with patients and provide them with more comprehensive treatment information, ComputerWorld reports.
Some physicians also are looking to connect with patients through social networking websites such as Facebook and Twitter. Health care providers use the online portals to disseminate health information and establish online communities that provide patients with a platform to share their experiences.
Concerns Over Privacy, Security
Neal Neuberger, executive director of the Institute for e-Health Policy, said doctors who use social networking websites should be aware of potential liability issues that could arise over the privacy and security of patient medical data.
Some experts recommend that physicians who use Web 2.0 tools should focus their online discussions on broad health topics rather than patient-specific medical information
Source: (Mearian, ComputerWorld, 5/20).
Copyright 2015 - Pulse Practice Solutions | 615.425.2719