The Office of the National Coordinator for Health Information Technology (ONC) on June 18 issued a final rule to establish a temporary certification program for electronic health record (EHR) technology. The temporary certification program establishes processes that organizations will need to follow in order to be authorized by the National Coordinator to test and certify EHR technology.
Use of “certified EHR technology” is a core requirement for providers who seek to qualify to receive incentive payments under the Medicare and Medicaid Electronic Health Record Incentive Programs provisions authorized in the Health Information Technology for Economic and Clinical Health (HITECH) Act. HITECH was enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009. The Centers for Medicare & Medicaid Services will soon issue final regulations to implement the EHR incentive programs.
Certification is used to provide assurance and confidence that a product or service will work as expected and will include the capabilities for which it was purchased. EHR technology certification does just that: It assures health care providers that the EHR technology they adopt has been tested and includes the required capabilities they need in order to use the technology in a meaningful way to improve the quality of care provided to their patients.
On March 10, 2010, the U.S. Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) entitled Proposed Establishment of Certification Programs for Health Information Technology. The NPRM proposed the establishment of two certification programs for purposes of testing and certifying EHRs —one temporary and one permanent. The temporary certification program final rule issued today will become effective upon publication in the Federal Register. The final rule for the permanent certification program is expected to be published this fall.
“By purchasing certified EHR technology, hospitals and eligible professionals and hospitals will be able to make EHR purchasing decisions knowing that the technology will allow them to become meaningful users of electronic health records, qualify for the payment incentives, and begin to use EHRs in a way that will improve quality and efficiency in our health care system,” said David Blumenthal, M.D., M.P.P., national coordinator for health information technology. “We hope that all HIT stakeholders view this rule as the federal government’s commitment to reduce uncertainty in the health IT marketplace and advance the successful implementation of EHR incentive programs.”
This final rule is issued under the authority provided to the National Coordinator for Health Information Technology in section 3001(c)(5) of the Public Health Service Act (PHSA) as added by the HITECH Act.
For more information about the temporary certification program and rule, please visit http://healthit.hhs.gov/certification.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Follow us on Twitter: @GAFrontPage
Monday, June 21, 2010
ONC Issues Final Rule to Establish the Temporary Certification Program for Electronic Health Record Technology
Thursday, August 20, 2009
HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information
New regulations requiring health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their health information is breached were issued today by the U.S. Department of Health and Human
Services (HHS).
These "breach notification" regulations implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).
The regulations, developed by the HHS Office for Civil Rights (OCR), require health care providers and other HIPAA covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500
individuals. Breaches affecting fewer than 500 individuals will be reported to the HHS Secretary on an annual basis. The regulations also require business associates of covered entities to notify the covered entity of breaches at or by the business associate.
"This new federal law ensures that covered entities and business associates are accountable to the Department and to individuals for proper safeguarding of the private information entrusted to their care. These protections will be a cornerstone of maintaining consumer trust as we move forward with meaningful use of electronic health records and electronic exchange of health information," said Robinsue Frohboese, acting director and principal deputy director of OCR.
The regulations were developed after considering public comment received in response to an April 2009 request for information and after close consultation with the Federal Trade Commission (FTC), which has issued companion breach notification regulations that apply to vendors of personal health records and certain others not covered by HIPAA.
To determine when information is "unsecured" and notification is required by the HHS and FTC rules, HHS is also issuing in the same document as the regulations an update to its guidance specifying encryption and destruction as the technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals. Entities subject to the HHS and FTC regulations that secure health information as specified by the guidance through encryption or destruction are relieved from having to notify in the event of a breach of such information. This guidance will be updated annually.
The HHS interim final regulations are effective 30 days after publication in the Federal Register and include a 60-day public comment period. For more information, visit the HHS Office for Civil Rights web site at http://www.hhs.gov/ocr/privacy/.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Tuesday, June 16, 2009
Process Begins to Define "Meaningful Use" of Electronic Health Records
Building on the historic $19 billion investment provided through the
American Recovery and Reinvestment Act of 2009 (Recovery Act), efforts
continued today to further the national adoption and implementation of
health information technology (HIT) -- an essential tool to modernize
the health care system and bring about improved health for all
Americans. The Health Information Technology (HIT) Policy Committee, a
Federal Advisory Committee (FACA) to the U.S. Department of Health and
Human Services (HHS), met today to begin the process of defining
"meaningful use" of electronic health records (EHRs). This meeting is a
first step for the department, as it investigates possible definitions
for meaningful use.
"We are moving fast to achieve the President's goal to improve the
health and well-being of every American through the on-going use of
health information technology," stated HHS' National Coordinator for
Health Information Technology David Blumenthal, M.D., M.P.P. "The work
of the policy committee is a first step toward assuring that technology
-- the electronic health record -- is used in a meaningful way to
provide better patient care."
The Recovery Act provides Medicare and Medicaid incentive payments to
eligible providers, such as physicians and hospitals, in order to
increase the adoption of EHRs. To receive the incentive payments,
providers must demonstrate "meaningful use" of a certified EHR.
Building upon the work done by the HIT Policy Committee, the Centers for
Medicare & Medicaid Services (CMS), along with the Office of the
National Coordinator for Health Information Technology (ONC), will be
developing a proposed rule that provides greater detail on the incentive
program and proposes a definition of meaningful use. CMS expects to
issue the proposed rule in late 2009, which will be followed by a
comment period.
The recommendations discussed today represent extensive work by the
Committee's Meaningful Use Workgroup to review and evaluate diverse
ideas and contributions from Workgroup members along with information
from a public hearing on meaningful use convened in April by the
National Committee on Vital and Health Statistics (NCVHS). The NCVHS
hearing brought together key healthcare and information technology
stakeholder groups. The workgroup also reviewed written comments from
additional diverse stakeholders.
A public comment period on today's recommendations will be open through
the close of business on Friday, June 26, 2009. Instructions on how to
submit public comment can be found at http://healthit.hhs.gov.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
Wednesday, February 18, 2009
Patients Gain Protections in Health Information Technology Law
/PRNewswire-USNewswire/ -- Patients across the United States will benefit from a new health information technology (HIT) law providing comprehensive privacy and security standards for patient records including strong, protective provisions for psychotherapy records. The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the economic stimulus package, was passed by the House and Senate on February 13 and signed into law by President Obama on February 17.
The HITECH Act builds on the federal government's current efforts to encourage the development of a national interoperable, electronic health records network with the goal of providing improved patient care at lower cost. The core of the HITECH Act contains provisions to ensure records privacy and security as HIT develops. The Act will:
-- Provide for an ongoing process for setting standards to better ensure
that privacy and security are protected in the health care system
-- Incorporate Health Insurance Privacy and Accountability Act (HIPAA)
Privacy and Security Rule standards, where possible, including with
regard to psychotherapy notes and other sensitive patient information
-- Improve upon the HIPAA "minimum necessary" standard, which requires
that only the minimum amount of patient information can be disclosed
depending on the request for the information
-- Implement further restrictions on health care plan use of patient
records for administrative "health care operations" purposes
-- Allow a patient to pay privately for health care and not have his or
her records included in an electronic network
-- Implement a process to explore segmenting particularly sensitive
patient records (such as mental health records)
-- Provide a notice to the patient when privacy is breached
-- Examine technologies to help patients track how their records have
been disclosed
-- Contain new strong patient enforcement measures and strengthen
existing HIPAA enforcement measures
-- Require Health and Human Services to study expanding the HIPAA
psychotherapy notes authorization requirement to include mental health
testing data
-- Make psychologists eligible for funding provisions in the law to
implement health information technology into their practices and to
join into electronic networks in their communities
-- Preserve stronger state privacy laws and allow the continued
application of state consent provisions
-- Require a study for providing for patient consent in electronic
records systems
-- Protect the well-established psychotherapist-patient privilege
currently recognized under federal and state law, and
-- Provide for continued Congressional oversight to ensure the bill's
privacy and security standards are effective.
The HITECH Act is the most comprehensive HIT legislation introduced by Congress and represents a giant leap forward for psychologists and their patients, achieving strong patient records privacy and security protections.
-----
www.fayettefrontpage.com
Fayette Front Page
www.georgiafrontpage.com
Georgia Front Page
