Many health data privacy and security problems could be avoided if health care providers and insurers knew the regulations that applied to them, according to an analysis by HHS contractor KPMG, Modern Healthcare reports.
KPMG conducted the analysis of audits that it performed on behalf of HHS’ Office of Civil Rights (Carlson, Modern Healthcare, 4/23).
Background
As part of a 2012 pilot program, OCR called for 115 random HIPAA privacy and security compliance audits of health care providers, payers and claims clearinghouses.
The pilot program aimed to help OCR prepare to establish a permanent audit program during fiscal year 2014 (iHealthBeat, 3/19).
Details of Analysis
According to the analysis, about one-third of the 980 problems identified during the 115 HIPAA audits happened because health care organizations were unaware of certain regulations that applied to them.
Out of the organizations that had documented problems:
The analysis also found that 47 of the 61 audited health care providers had not completed a full and accurate risk assessment to identify potential data problems.
Comments on Findings
OCR Senior Adviser Linda Sanches said it appeared that some organizations wrote their data privacy and security policies only after being targeted for an audit.
She noted that the health care entities with documented problems will not face penalties because the audits were conducted by contractor KPMG. However, Sanches added that OCR officials might review findings from the audits during future investigations.
According to Sanches, the analysis’ findings suggest that many health care providers could benefit from reviewing HITECH Act regulations that broaden HIPAA data privacy and security safeguards (Modern Healthcare, 4/23).
Source: iHealthBeat
About one in 20 participants in the meaningful use program can expect to face an audit for compliance with the program’s requirements, according to a CMS official, Modern Healthcare reports.
Background
Under the 2009 federal economic stimulus package, eligible hospitals and health care professionals who demonstrate meaningful use of certified electronic health record systems can qualify for Medicare and Medicaid incentive payments.
Since October 2012, CMS has conducted audits of meaningful use program participants who have received incentive payments.
In January, CMS started conducting prepayment audits of health care providers who attested to the meaningful use of EHR systems.
CMS Official’s Comments
During a telephone update on CMS’ meaningful use audits, Robert Anthony — deputy director of CMS’ Health IT Initiatives Group — said that CMS aims to audit about 5% of all meaningful use program participants by conducting approximately the same amount of prepayment and post-payment audits.
He added that Figliozzi & Company, CMS’ audit contractor, will conduct the majority of reviews through “desk audits” but that a few on-site audits could occur.
Anthony said CMS so far has sent few letters notifying health care providers about adverse audit findings. However, he noted that the agency still is in the early stages of its auditing efforts. He added that a few health care providers with adverse audit notices are starting the appeals process and that some providers are facing investigation for possible fraud.
According to Anthony, the most common problems identified in the audits so far are:
Source: iHealthBeat
Some physicians find that emailing with patients saves time and money, but others have concerns about the practice, the Wall Street Journal reports.
Benefits of Emailing With Patients
Physicians who email with their patients say the practice:
Andrew Martorella — an endocrinologist in New York — said that if he did not email with patients, he likely would need at least one extra staff member to field patients’ phone calls. He added that emailing with patients has “definitely made a big change in terms of reducing costs, especially for solo practitioners.”
Concerns About Emailing With Patients
Physicians who do not communicate with patients via email cite concerns about the practice, including:
Andrew Adesman — chief of developmental pediatrics at Steven & Alexandra Cohen Children’s Medical Center of New York — said he prefers office visits and phone calls to emailing with patients. “Often times brevity has the potential to compromise clarity,” he said.
Comments About Secure Communication
Jane Thorpe — an associate professor of health policy at George Washington University — said that doctors should use a secure system — such as an encrypted message or protected portal — to communicate with patients instead of using personal email.
Peter Dehnel — a Minneapolis-based pediatrician who is chair of the American Academy of Pediatrics — said that AAP and other industry groups are working to develop guidelines for physicians’ electronic communications (Reddy, Wall Street Journal, 3/25).
Source: iHealthBeat
CMS has launched prepayment audits for certain health care providers who have attested to the meaningful use of electronic health record systems, FierceEMR reports (Durben Hirsch, FierceEMR, 3/24).
Background
Under the 2009 federal economic stimulus package, health care providers who demonstrate meaningful use of certified EHR systems can qualify for Medicare and Medicaid incentive payments.
In November 2012, HHS’ Office of Inspector General released a report that criticized CMS for poor auditing of the incentive program.
OIG’s report recommended that CMS strengthen its prepayment assessment program by randomly selecting “high-risk” providers and asking them to “submit supporting documentation for prepayment review” (iHealthBeat, 11/29/12).
Details of Audits
Elizabeth Holland — director of the Health IT Initiatives Group in CMS’ Office of E-Health Standards and Services — said that CMS is conducting prepayment audits of 5% to 10% of providers who attested to meaningful use in January (FierceEMR, 3/24).
She said that prepayment audit selections were “made both randomly and also based on protocols that identify suspicious or anomalous attestation data.”
Holland said that an additional 5% to 10% of meaningful use attesters will undergo post-payment audits.
New York-based accounting firm Figliozzi & Company — which was chosen by CMS to conduct the audits — is sending letters notifying health care providers who have been selected for audits.
According to Holland, providers who receive a letter should respond to it immediately because meaningful use incentives will be withheld until providers pass the audit review (Porter, AAFP News Now, 3/19).
Source: iHealthBeat
Although Tuesday is the effective date for multiple new rules that expand and update HIPAA provisions, compliance for the majority of the new rules’ provisions will not be required for another six months, Modern Healthcare reports (Conn, Modern Healthcare, 3/25).
Background
The final omnibus rule — which includes four final rules that implement tougher privacy and security provisions — was called for under the 2009 federal economic stimulus package’s HITECH Act and the Genetic Information Nondiscrimination Act. The rules:
Compliance for New Provisions
Angela Dinh Rose — director of health information management practice excellence at the American Health Information Management Association — said the compliance date for most of the rules’ provisions is Sept. 23.
Entities that already had a HIPAA-compliant agreement with a business associate prior to the rules’ official publication date of Jan. 25 will be granted a one-year grace period, as long as the contract does not require renewal between March 26 and Sept. 24.
Out-of-Pocket Provision Could Be a Challenge
According to Modern Healthcare, one of the biggest challenges under the rules is a provision allowing patients to request that insurers not be informed of treatments that are paid for out-of-pocket.
Dinh Rose said training staff and implementing new systems capable of complying with that provision will be “an operational challenge and a system challenge.”
The Department of Veterans Affairs, HHS’ Substance Abuse and Mental Health Services Administration and other groups already have developed a system that will allow such records to be blocked (Modern Healthcare, 3/25).
Source: iHealthBeat
Some health care professionals are concerned that the Physician Payment Sunshine Act — which requires health care providers to disclose compensation they receive from medical industry companies — could stifle innovation, MedPage Today reports (Pittman, MedPage Today, 3/12).
Background
Last month, CMS released a long-awaited final rule on the Physician Payment Sunshine Act and outlined a timeline for its implementation.
The Sunshine Act — which is part of the Affordable Care Act — requires medical industry companies to disclose consulting fees, travel reimbursements, research grants and other gifts that they give to physicians and teaching hospitals.
Starting Aug. 1, manufacturers of pharmaceutical and biological drugs, medical devices and medical supplies will be expected to report all transfers of monetary value over $10 to physicians and teaching hospitals.
All data collected from August through December must be reported to CMS by March 31, 2014, according to the final rule. The agency will publish the data on a public website by Sept. 30, 2014. CMS is creating an electronic system to help facilitate the reporting process.
Physicians will be given a 45-day “review and correction” period to ensure the accuracy of any disclosures to CMS, according to the final rule (iHealthBeat, 2/5).
Physicians’ Concerns
During an event sponsored by the Healthcare Leadership Council, several physicians voiced their concerns about the Sunshine Act.
The Healthcare Leadership Council said its members generally are satisfied with the way the Sunshine Act’s rules were presented but are concerned about the website that CMS is launching to make the data publicly available.
David Caraway — a physician at St. Mary’s Regional Medical Center in West Virginia — said that public disclosure of industry gifts is a “disincentive for innovation and collaboration” and could make some doctors less likely to participate in educational events or collaborative projects sponsored by pharmaceutical companies.
Ryan Hohman — managing director of policy and public affairs at the advocacy group Friends of Cancer Cancer Research — said, “Like it or not, successful innovation requires commercial entities to be involved, and successful education of physicians will require all experts to be educating each other” (MedPage Today, 3/12).
Source: iHealthBeat
Researchers at the Intermountain Heart Institute have developed a tool that aims to eliminate 30-day hospital readmissions for heart failure patients in part by adding specific information to patients’ electronic health records, Healthcare IT News reports.
Tool Development
To develop the tool — known as the IMRS-HF — researchers examined the EHRs of more than 6,000 heart failure patients discharged from Intermountain Healthcare hospitals between 1999 and 2011.
Researchers then adapted the Intermountain Risk Score, a system used to predict the mortality rates of trauma patients.
Finally, researchers validated the tool by applying it to 459 patients who were hospitalized between April 2011 and October 2012.
How the Tool Works
IMRS-HF combines statistical modeling data into a risk score that tells physicians how likely a patient is to be readmitted to a hospital within 30 days.
The score — which is calculated when a patient is admitted to the hospital — is included in the patient’s EHR, where it is available as an alert to help inform physicians’ treatment decisions (Monegain, Healthcare IT News, 3/11).
Hospitals that used the tool saw a 2.5% decrease in 30-day readmission rates compared with hospitals that did not use the tool, according to a recent Intermountain Healthcare study.
Benefits and Goals of the Tool
Jose Benuzillo — a senior outcomes analyst at Intermountain Healthcare — said, “Use of this tool reduces variation in practice between the most skilled and experienced specialists in cardiovascular care and more general practitioners who see cardiovascular patients more infrequently” (Hall, FierceHealthIT, 3/11).
In a statement, Benjamin Horne — lead researcher and director of cardiovascular and genetic epidemiology at Intermountain Heart Institute — said, “Our next step is to look at ways to integrate this tool into the planning for all of our heart failure patients so we can reduce the number of 30-day readmissions and provide better quality care at a lower cost” (Healthcare IT News, 3/11).
Source: iHealthBeat
During the Healthcare Information and Management Systems Society’s annual conference last week, the National eHealth Collaborative unveiled the results of a survey evaluating stakeholders’ views on health information exchange, Clinical Innovation & Technology reports (Godt, Clinical Innovation & Technology, 3/7).
Survey Respondents
The 219 respondents to the survey include:
Drivers of Health Data Exchange
When asked about the major factors driving widespread health information exchange:
Under the 2009 federal economic stimulus package, health care providers who demonstrate meaningful use of certified EHR systems can qualify for Medicaid and Medicare incentive payments.
Barriers to Health Data Exchange
When asked about the biggest barriers to health data exchange implementation:
Role of ONC
When asked about the role that the Office of the National Coordinator for Health IT should play in facilitating health data exchange governance:
Source: iHealthBeat
Several health care industry groups have submitted comments to the Office of the National Coordinator for Health IT, expressing concern about the proposed requirements and timeline for Stage 3 of the meaningful use program, Healthcare IT News reports (Miliard, Healthcare IT News, 1/14).
Background
Under the 2009 federal economic stimulus package, health care providers who demonstrate meaningful use of certified electronic health record systems can qualify for Medicaid and Medicare incentive payments.
In November 2012, the Health IT Policy Committee asked for public comment about its proposal for Stage 3 of the meaningful use program. The final rules for Stage 3 are expected to take effect in 2016 (iHealthBeat, 11/9/12).
American Hospital Association’s Letter
On Monday, the American Hospital Association submitted a letter to ONC stating that it is too soon to define the requirements for Stage 3.
AHA wrote that hospitals have not had enough experience with Stage 2 rules and that no products to support Stage 2 currently are available.
AHA recommended that:
College of Healthcare Information Management Executives’ Letter
Also on Monday, the College of Healthcare Information Management Executives submitted a letter urging ONC to reconsider the timeline and scale of Stage 3 of the meaningful use program.
CHIME recommended that ONC conduct extensive evaluations of what already has been accomplished through the meaningful use program to determine whether the proposed Stage 3 criteria are realistic and achievable by 2016 (Healthcare IT News, 1/14).
Federation of American Hospitals’ Letter
On Monday, the Federation of American Hospitals submitted a letter stating that ONC should evaluate current meaningful use requirements before health care providers invest money in preparing for Stage 3.
FAH wrote that it believes the current timeline of two years for each meaningful use stage is a barrier to fully achieving the meaningful use program’s goals of improving care quality, efficiency and safety (Millman et al, “Pulse,” Politico, 1/15).
Source: iHealthBeat
Several health care organizations have submitted comments to the Office of the National Coordinator for Health IT about the proposed requirements for Stage 3 of the meaningful use program.
Under the 2009 federal economic stimulus package, health care providers who demonstrate meaningful use of certified electronic health record systems can qualify for Medicaid and Medicare incentive payments.
Summaries of the organizations’ comments are provided below.
American Academy of Family Physicians’ Letter
Last week, the American Academy of Family Physicians sent a letter requesting that ONC delay implementation of Stage 3 until 2017.
Glen Stream, AAFP board chair, wrote, “We remain concerned that HHS is attempting to raise the bar for what constitutes meaningful use before the majority of physicians and hospitals are able to achieve the meaningful use Stage 1 or 2 objectives” (Perna, Healthcare Informatics, 1/16).
Association of American Medical Colleges’ Comments
In its comments on Stage 3, the Association of American Medical Colleges recommended that policymakers:
Healthcare Information and Management Systems Society’s Letter
On Monday, the Healthcare Information and Management Systems Society sent a letter to ONC, urging the agency to publish the final rule for Stage 3 “at least 18 months before the beginning of the required implementation period.”
The letter stated that such a strategy would give developers time to make needed changes to their technology.
HIMSS also recommended that ONC focus more on helping providers take advantage of the capabilities established in Stages 1 and 2 (Bowman, FierceEMR, 1/17).
HIMSS EHR Association’s Letter
Also on Monday, the HIMSS EHR Association sent a letter to ONC, stating that the agency should not begin Stage 3 until at least three years after the start of Stage 2.
The association added that Stage 3 should focus on increasing interoperability and more extensive use of Stage 2 capabilities (HIMSS EHR Association letter, 1/14).
Texas Medical Association’s Letter
The Texas Medical Association also submitted comments to ONC, requesting that the agency accommodate physicians whose vendors go out of business or stop supporting EHR systems already purchased by the doctors.
The association recommended that physicians in such situations be allowed to meet “only 90 days of meaningful use during two transitional years, with appropriate documentation of making the transition to a new, certified EHR” (Conn, Modern Healthcare, 1/16).
Source: iHealthBeat
Copyright 2015 - Pulse Practice Solutions | 615.425.2719