Archive for the ‘In the news’ Category:
Survey reveals that healthcare organizations are keen to comply with Federal Privacy laws
FairWarning recently commissioned an independent firm to execute a national survey of healthcare providers. The survey included 200 unique hospitals from across the US, the majority of which were compliance, privacy or risk personnel, followed by IT management and executive management. The survey was designed to elicit answers regarding opinion and insights on new healthcare privacy regulations (specifically ARRA HITECH), patient safety, privacy and auditing budgets and information technology risk management.
In the survey, nearly half of healthcare organizations (or 47.3 percent) believed their organization is already compliant with federal privacy laws such as ARRA HITECH and HIPAA and is audit ready. However, nearly one-third of survey respondents stated they will not be compliant with ARRA HITECH requirements by the set deadlines. Again, just 7 percent of respondents have demonstrated that they have both processes and automated systems in place which incorporate cornerstone technologies designed to eliminate security and privacy vulnerabilities.
The greatest concern of the respondents surrounding non-compliance with any of the federal privacy laws, were reputational impact of a failed audit or major privacy breach, financial penalties for non-compliance and media exposure.
“It is highly unlikely that an organization can fully comply with its obligations under HIPAA and the ARRA HITECH without implementing automated systems for patient and user privacy auditing, managing and aggregating accounting of disclosures and identity management,” stated John Houston, Vice President of Privacy and Information Security and Assistant Counsel at the University of Pittsburgh Medical Center. “While respondents felt that their level of compliance was high, their implementation of necessary technologies was much lower.”
The survey findings concluded that healthcare organizations are:
1. Familiar with new healthcare privacy and security regulations, specifically ARRA HITECH
2. Concerned with the reputational impact associated with a breach and breach notification requirements
3. Mobilizing to meet compliance requirements and deploying critical technologies to plug security gaps and meet compliance requirements
4. Allocating budget to meeting new privacy and security requirements
5. Beginning to believe that enforcement of these laws is a government priority and,
6. In need of further education to align spending and technology deployments to government expectations.
Subscribe to the comments for this postEmdeon lunches HIPAA Simplified to help compliance
According to the rules issued by HHS on January 16, 2009, all healthcare segments, hospitals, physicians, dentists, pharmacies, PBMs, payers and vendors require to comply with the new HIPAA 5010 and NCPDP D.0 standards by January 1, 2012. This has posed a number of challenges for the covered entities.
Now, Emdeon has launched HIPAA Simplified to be a one-stop resource for the information that covered entities needed for HIPAA readiness. HIPAA Simplified will be a communications focal point as Emdeon helps its customers adopt the 5010 and D.0 standards prior to 2012. The website offers technical gap analyses, simplified business-level downloads, trading partner transition strategy information, frequently asked questions and testing tools.
HIPAA Simplified is classified according to business units across the entire healthcare industry, eliminating the need for complex web navigation or surfing multiple sites. As such, the visitors simply select their line of business and all available resources are located on the page to browse and download. For free. Besides, HIPAA Simplified offers informational and analytical tools, from high-level FAQs, to documents that explain the transition in business-level language, to in-depth technical analyses.
With this, Emdeon may be tagged as the nation’s largest health information network offering a most comprehensive source for HIPAA readiness. Just as with HIPAA 4010 and the National Provider Identifier (NPI), Emdeon is working diligently to deliver solutions that enable its customers to seamlessly meet the new requirements for HIPAA 5010, NCPDP D.0, and ICD-10.
The need of document shredding companies for protection of PHI
HIPAA laws have made the services of document shredders indispensable for medical offices as it deals with the protection of those private information which many patients are forced to provide to heath care providers of all kinds. Though the patients need to submit these information t the healthcare providers to avail their service, but law provides that the ownership of that information still belongs to the patients. As such, the health care professionals are responsible for protecting it, which means destroying any documents which contains that information when they are no longer necessary.
The law covers not only hospitals and doctor’s offices, but also any secondary health care practitioners such as massage therapists, dentists, or chiropractors. As such, if your company deals with any aspect of the health care industry, you need to ascertain it for sure whether you are covered under HIPAA.
Although, HIPAA does not lay down specifically that the healthcare providers should go for document shredding services for the destruction of documents containing Personal Health Information of patients, it does lay down that these organizations must have a written document destruction policy in place which they adhere to at all times. This is why each of these organizations must have a shredding service which they routinely feed their paperwork to as per the terms of their own policies which they have written themselves.
Adhering to HIPAA at all times is absolutely essential for the long term success of any health care provider as the organization is liable to protecting the private information of anyone that doesn’t belong to it. Any sort of leakage could result in heavy penalties apart from loss of trust and goodwill. As such, all healthcare service providers should look for a good and suitable HIPAA compliant shredding company to keep their firm running smoothly at all times.
New HITECH Law deadline knocks at the healthcare industry’s door
The new HITECH Law gets effective from February 20, 2010 and with this, will change the way you handle Private Health Information (PHI), especially when using computers. Internet information sharing has made Private Health Information (PHI) vulnerable to employees stealing patient info and maliciously posting it on the internet and hackers stealing insurance ID information and misusing social security numbers.
This has provoked the federal government to take protective measures and go for The Health Information Technology for Economic and Clinical Health Act (HITECH or “The Act”), of 2009 (ARRA), which encourage the use of health information technology by endorsing several incentives.
As the new laws become effective, electronic health information sharing will be subject to much stricter guidelines. Penalties for HIPAA violations range from $100 to $50,000 per incident for businesses in non-compliance. And civil penalties (placed upon employee breaches) will be strict and hefty as well.
However, the basic problem is getting your Risk Management / HI TECH Law requirements in place properly and effectively as this new law has many written components it can take several days to research, format and get into place. Although there are many websites which offer organized, easy to understand and customized support, most of them are charging upwards of $400 for this info. Make sure that you go in for the right help and support which makes your HI TECH Law is comprehensive and user friendly!
Getting started with your home-based medical transcription business
As HIPAA becomes more and more important, the career opportunities for a home-based medical transcriptionist are very bright. But to start your career as a medical transcriptionist you need to follow certain guidelines and steps so that you can set up a successful home-based medical transcription business.
To begin with, you have to find a good space for your home-office which should be a space dedicated totally for the medical transcription work without which you cannot start a medical transcription career from home, let alone flourish in i. The work area should be secluded, noise-free and comfortable ensuring that it is not frequented by others in the family.
After you are done with the work space, you need to acquire all medical transcription tools and aids. You would need a medical dictionary, a medical spell checker and a copy of the medical transcription style guide issued by the Association for Healthcare Documentation Integrity (AHDI). Your system should have the best anti-virus and firewall software.
Another important step to be followed by a medical transcriptionist is becoming HIPAA-compliant. One has to remember that the Health Insurance Portability and Accountability Act (HIPAA) has laid down certain rules on keeping patient information confidential and secure and as a home-based transcriptionist, certain measures have to be taken to comply with HIPAA’s requirements. For example, a secure FTP connection is needed to transfer work files, an encryption software is needed to encrypt work-related e-mails, a paper-shredder is to be used to shred papers that are no longer required.
Last, but not the least, your computer should be dedicated to your work. It is neither to be used for personal purposes nor anyone else must be allowed to use it. Also, get a secure cabinet to keep work-related papers.
MCS sues CHS for breach of contract
Managed Care Solutions (MCS) had signed an exclusive three-year deal in 2003 to manage and collect payments for all Franklin, Tenn.-based Community Health Systems (CHS) hospitals, which then numbered 111, for a 22 percent cut of collections. However, now CHS, which operates 122 hospitals with approximately 18,000 licensed beds in 29 states, is being sued by Managed Care Solutions (MCS) Inc. for breach of contract. The Hollywood, Fla.-based collections agency claims it was fired by the hospital chain on the pretext of the alleged arrest of a third-party employee.
It also charges that CHS didn’t provide adequate paperwork for 109 of the hospitals and claims that it has already more than $1.2 million in collections software to provide services to CHS.
In its lawsuit, MCS alleges that CHS was already trying to find a way out of the deal when it learned that an MCS employee had been arrested for identity theft for stealing patients’ confidential information at a New Jersey hospital. CHS then canceled the contract, citing a material breach.
In its defense, MCS argues that the employee actually worked for a third-party staffing firm and that it has no proof the employee either stole patient information or was arrested. MCS also says that the employee shouldn’t have had access to such information, holding CHS accountable and suggesting potential HIPAA violations.
Treatment of requests for additional restrictions on disclosure of PHI
Under HIPAA’s Privacy Rule, individuals may request additional restrictions on uses and disclosures of their protected health information. However, covered entities are not bound to agree to any restriction.
If the restriction is accepted, covered entities must abide by it except in emergency situations where a use or disclosure is necessary to provide treatment and those to whom the restricted information is disclosed must be asked not to redisclose it.
It must be noted here that such restrictions do not apply to the broad “fourth class” of uses and disclosures for which no consent, authorization nor opportunity to agree or object is required. These uses and disclosures include:
* Public health
* Abuse
* Neglect or domestic violence reporting
* Health oversight
* Judicial or administrative proceedings
* Law enforcement
* Research under Privacy Board or IRB waiver
* Immediate threats to public safety
* National security
* Government functions
* Uses and disclosures otherwise required by law.
A covered entity may terminate its agreement to a restriction, if the:
* individual agrees to or requests the termination in writing;
* requests such a termination orally (there oral declaration must still be documented); or
* covered entity informs the individual that it is terminating its agreement to a restriction. Here, the termination is only effective for protected health information created or received after the individual has been informed.
MindLeaf introduces new 5010 conversion services
MindLeaf Technologies, Inc., is a leading provider of HIPAA 5010 conversion services. The company has announced that it will provide these services to clearinghouse, payer and provider organizations.
MindLeaf’s introduced its new 5010 conversion services at the 2nd WEDI 5010, ICD-10 Forum, February 2nd through 4th, at the Hyatt Regency in Austin, TX. At the forum MindLeaf announced that it would offer the event attendees a limited number of complementary 5010 pre-engagement analysis packages on a first-come, first-serve basis which would include up to 40 hours of work by experienced EDI professionals and deliver a full inventory of affected EDI translation maps and transaction processes suitable for use with MindLeaf or any conversion services provider — or to support internal teams.
“Many organizations still see 5010 conversion as a future challenge, and they are not making it a ‘now’ issue,” said Paresh Shah, MindLeaf president. “However, the Level I testing phase is already underway, and organizations that begin the process now will benefit from better quality and lower costs, while conversion vendors are still not in high demand. Companies that begin to transition now will also have time to get in front of unexpected issues and will also have a chance to run their 4010 and 5010 systems in parallel to ensure zero downtime through the transition.”
Emedon launches online resource to help transition to HIPAA upgraded version
Emdeon Inc. has announced the availability of HIPAA Simplified, a one-stop online resource for guiding the healthcare industry’s transition to HIPAA 5010, NCPDP D.0 and ICD-10 standards. The Web site is located at www.hipaasimplified.com and it will feature technical gap analysis documentation, simplified business-level topics, trading partner transition strategy information, frequently asked questions, testing tools and resource pages that are specific to each of the affected healthcare industry segments.
As per the U.S. Department of Health and Human Services (HHS) updated standards of HIPAA (Versions 5010 and D.0) will replace the current standards (Versions 4010/4010A1 and 5.1). These are designed to promote greater efficiency in electronic transactions and compliance with the new HIPAA 5010 and NCPDP D.0 standards is required by January 12, 2012. The ICD-10 code sets are required in transactions as of October 1, 2013.
Emdeon has launched HIPAA Simplified as a resource to help guide the healthcare industry through the transition to the new standards. In December 2009, Emdeon senior vice president of corporate strategy and government services, Miriam Paramore, testified before the National Committee on Vital and Health Statistics and said, “Emdeon is committed to supporting our customers and leading the industry in compliance and adoption of the new standards and code sets. Our goal is to be ready in advance of the government mandated deadlines to ensure a smooth and successful transition.”
ResCare deploys GuardianEdge services for HIPAA compliance
GuardianEdge is the leader in endpoint data protection and ResCare is one of the nation’s leading providers of services to people with disabilities and the elderly. Serving more than 65,000 people daily in 40 states, Washington D.C., Puerto Rico and in a growing number of international locations, ResCare has selected GuardianEdge to secure the company’s more than 6,000 endpoint devices and to assist in Health Insurance Portability and Accountability Act (HIPAA) compliance. As such, ResCare has deployed GuardianEdge Hard Disk Encryption, GuardianEdge Removable Storage Encryption and GuardianEdge Device Control to protect its sensitive data.
Ram Krishnan, senior vice president of products and marketing at GuardianEdge, said, “Health care providers are entrusted with their patients’ most sensitive information, with the expectation that it will remain secure under all circumstances. Regulations such as HIPAA underscore these concerns. With our solutions, organizations in all industries that rely on sensitive customer or company information to conduct business are secure from internal and external threats, assisting with compliance efforts.”