Weak Passwords Put Patients’ EHR at Risk

By M. Thomas Langan II.

A recent government report criticized the current electronic health record certification process for failing to require strong passwords.  These vulnerabilities make it easier for hackers to penetrate electronic health record (“EHR”) systems and access patient records.  The report comes amid a study that many patients are reluctant to divulge their information when their physician uses EHR out of fear of their data’s security.  Despite the current lax requirements, it is recommended that all passwords be at least 8 characters long and contain 3 of the following: capital letters, lowercase letters, numbers and special characters and are changed at least monthly.

The government’s report can be found here: http://oig.hhs.gov/oas/reports/region6/61100063.asp

The study can be found here:  http://jamia.bmj.com/content/early/2014/07/24/amiajnl-2014-002804.abstract

© 2014 Parsonage Vandenack Williams LLC

For more information, Contact Us

Meaningful Use Stage 2 Rule Released

CMS released the final requirements for Stage 2 of the meaningful use program on August 23, 2012. The meaningful use program’s goal is to promote health care providers’ implementation of electronic health records.

The rules released by CMS indicate that Stage 2 will begin as early as 2014. No providers will be required to comply with Stage 2 requirements prior to 2014. The rules also set forth the criteria for the certification of EHR technology, which will allow eligible professionals and hospitals to ensure that the systems they implement and/or use will work, help them to meaningfully use health information technology, and enable them to earn federal incentive payments.

CMS also stated that it will allow the current “2011 Edition Certified EHR Technology” to be used until 2014.

To view the final rule in rule, click here: http://content.hcpro.com/pdf/content/283723.pdf.

© 2012 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

Stage 2 Proposed Rules Published

CMS has published a proposed rule providing standards and guidance for Stage 2 of the Medicare and Medicaid EHR Incentive Program (the “Program”).  The CMS proposed rule explains the requirements that eligible professionals and hospitals must meet to qualify for meaningful use incentive payments under the Program.

The Office of the National Coordinator for Health Information Technology (“ONC”) has also issued Stage 2 certification standards.  The ONC standards establish the technical requirements that electronic health records (“EHR”) must meet to become certified as supporting Stage 2 meaningful use criteria.

Basically, the CMS proposed rule governs the requirements that providers must meet in order to qualify for meaningful use and successfully obtain EHR incentive payments.  The ONC certification standards govern the requirements that EHR must meet so that such EHR can be used by providers to qualify for meaningful use.

Stage 2 of the Program is set to begin no earlier than 2014 (for participants who met the Stage 1 requirements in 2011 or 2012).  Comments on both proposed rules are due by 5:00 p.m. on May 7, 2012.

© 2012 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

4 Meaningful Use Tips for Physicians

The concept of meaningful use is key to earning federal electronic health records (“EHR”) incentives.  The following are four tips to keep in mind when working towards meeting meaningful use criteria:

  1. Track Progress.  Many meaningful use measures establish a threshold that must be reached.  Use “to do” lists and progress charts to track progress as needed.  Make sure that all applicable criteria are addressed with respect to each objective.  Test and re-test any changes made.  Note such changes and results of testing in your progress charts.
  2. Adapt Workflow.  Workflow changes may be necessary and desirable in order to obtain, report and share certain patient information.  Try out different workflow scenarios and determine what works best for your organization. Clinical-care summaries and transition-of-care summaries should be routine.
  3. Welcome Changes.  Develop an environment that is fully supportive of efforts to meet meaningful use criteria.  Encourage behavior that works to reach your organization’s meaningful use objectives and to obtain incentive payments.  Reward behaviors that improve patient care and advance meaningful use goals.
  4. Know Your Vendors.  Ask specific questions about what your organization needs to meet meaningful use requirements.  Do not assume that the software a vendor is trying to sell is certified by the Office of the National Coordinator – Authorized Testing and Certification Body.  Obtain independent verification

© 2012 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

Are You Ready for HIPAA 5010?

On January 1, 2012, covered entities will be required to conduct the current HIPAA electronic transactions using the upgraded 5010 version.  Such transactions include claims submission, remittance advice, eligibility, claims status, referral authorizations, and others.

In order to successfully implement the 5010 transactions, covered entities should take the following steps if they have not already been completed.  This will help to avoid rejected claims and cash flow interruptions.

1. Review the details involved in the upgrade and assess the impact the change to HIPAA 5010 will have on your business operations and systems.

2. Contact your vendors for specific information regarding the installation of upgrades to your system. Also, contact your clearinghouses, billing service, and payers for preliminary information on when they expect their upgrades will be completed and they will be ready to accept the 5010 transactions.

3. Have your vendor install the necessary 5010 upgrades. Remember that the timing of the system upgrades will depend on your vendor’s readiness, both with respect to product development and scheduling.

4. Once the upgrades are completed, internally test your systems to make sure you can generate the 5010 transactions. Allow extra time to resolve any issues that may arise and work with your vendor to address these.  It is important to make sure that staff members are properly trained on the 5010 transactions as part of this process.

5. Contact your clearinghouses, billing service, and payers to conduct external testing with them. This will help to ensure that you can send and receive the transactions properly.

6. After you have completed external testing, you may switch to using only the 5010 transactions. You are permitted to begin using the 5010 transactions prior to the compliance date, as long as you and the other organization are in agreement with the early conversion.

Important Dates to Keep in Mind:

January 1, 2012 – Covered entities must use only 5010 transactions as of this date.  The 4010 transactions will be rejected.

January 1, 2012 to March 31, 2012 – The first 90 days is a period of discretionary enforcement.  A covered entity generally will not receive penalties for failing to comply with HIPAA 5010 as long as it is making reasonable efforts to follow the requirements.

October 1, 2013 – The industry switches from the ICD-9 to the ICD-10 diagnosis and procedure code sets.

© 2011 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

 

Medicare Attestation of “Meaningful Use” Begins April 18

Physicians who believe they have met the objectives to qualify for meaningful use incentives under the Medicare Electronic Health Record (“EHR”) Incentive Program can start attesting to having met the criteria on April 18, 2011.  Although registration for meaningful use began on January 1, 2011, physicians are required to meet the meaningful use criteria for 90 consecutive days before they qualify for incentive payments. The Centers for Medicare and Medicaid Services (“CMS”) has published a Medicare user guide and webinar to help physicians with registration and attestation.

Physicians are encouraged to register as soon as possible, even if they do not yet have a certified EHR or enrollment record in PECOS.

In Stage 1 of meaningful use, meaningful use includes both a core set and a menu set of objectives that are specific for physicians.

Eligible Professionals must complete:

  • 15 core objectives
  • 5 objectives out of 10 from menu set
  • 6 total clinical quality measures (3 core or alternate core, and 3 out of 28 from alternate set)

It is important for physicians to make sure to start their 90-day reporting period no later than October 1, 2011, in order to attest and receive a Medicare payment in 2011.

For more information, go to Medicare EHR Incentive Program User Guide and the Medicare and Medicaid EHR Incentive Program Webinar.

© 2011 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

56 Organizations Agree on Priorities for “Meaningful Use” Program

According to recommendations from a large collaboration of organizations, the success of the new federal incentives program for health information technology (“HIT”) largely depends on a specific set of health improvement goals, a prioritized set of metrics, and the widespread participation of health care providers and patients.

Health care leaders from 56 different organizations filed a joint public comment on the program, which is part of the economic stimulus in the American Recovery and Reinvestment Act (“ARRA”). The Markle Foundation, the Center for American Progress, and the Engelberg Center for Health Care Reform at Brookings coordinated the collaborative comments on the Centers for Medicare & Medicaid Services’ Notice of Proposed Rulemaking for the Electronic Health Record Incentive Program.

The joint public comment recommends priorities to the U.S. Department of Health and Human Services (“HHS”), which will manage the new Medicare and Medicaid subsidies to doctors and hospitals for “meaningful use” of HIT starting in 2011. 

The comment requests that HHS make clear a set of health improvement goals such as improving medication management and reducing readmissions to hospitals, so that everyone can contribute to these priorities.

Peter Basch, MD, senior fellow at the Center for American Progress, said: “As a practicing physician who has gone through the process of implementing health IT, I can say that it’s critical to set a bar that is ambitious but also achievable for the many diverse practices and hospitals that might participate in this program. We point out areas in which HHS can lower burdens on physicians without losing focus on the important goals of using health IT in ways that improve the patient’s experience and outcomes.”

Among other things, the collaborative letter stressed that the HIT program should encourage broad participation of providers by prioritizing the requirements necessary to receive payments and should enhance the ability of patients to obtain electronic copies of their health information. 

© 2010 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com