|
Reprints
_0_0_0.jpg)
HIPAA Compliance Audits on the Horizon According to the HHS Office of Civil Rights, a pilot audit program to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards has begun. A three-step process has been in development since July and a test of twenty initial audits will begin in November and go through April, OCR indicated on its website. The OCR responded by saying the audit program launched Nov. 4 with the sending of notification letters to five of the first 20 entities to be audited. The OCR intends to complete upwards of 150 audits by the end of calendar 2012. According to OCR, audits are primarily a compliance improvement activity. The Office will review the final reports, including the findings and actions taken by the audited entity to address findings and the aggregated results of the audits will enable OCR to better understand compliance efforts with particular aspects of the HIPAA Rules. “Should an audit report indicate a serious compliance issue, OCR may initiate a compliance review to address the problem, the Office said, “OCR will not post a listing of audited entities or the findings of an individual audit which clearly identifies the audited entity.”
Multistate Workgroup Agrees to HIE Standards A broad coalition of eight state health information organizations (HIOs) and eleven health IT vendors have agreed to a set of technical specifications that they hope will help standardize health information exchange. The EHR/HIE Interoperability Workgroup was established by the New York eHealth Collaborative (NYeC) and is comprised of its federally designated counterparts in seven states, including California, Colorado, Maryland, Massachusetts, New Jersey, New York, and Oregon. The Workgroup has published Version 1.0 of specifications on two use cases for a compliant Continuity of Care Document, with corresponding functional and technical specifications for each. The first use case, Statewide Send and Receive Patient Record Exchange, describes how encrypted health information can be transmitted over the internet. Developments made by the Direct Project and the Nationwide Health Information Network Exchange informed the Send and Receive use case. The second, the Statewide Patient Data Inquiry Service Use Case, describes the clinician’s ability to query an HIE for relevant data on a specific patient. Specifications for this second use case identify how the consortium agrees to leverage the IHE Profiles and NwHIN Exchange production specifications to facilitate patient queries and CCD retrieval. The documentation included in the Statewide Patient Data Inquiry Service includes a Functional Specification, Technical Specification, Summary CCD Document, and CDA Source of Information.
Health Data Privacy Takes Center Stage during Capitol Hill Hearing The Senate Judiciary Privacy, Technology and the Law Subcommittee held a hearing November 9, 2011 titled “ Your Health and Your Privacy: Protecting Health Information in a Digital World.” In his opening statement, Chairman Al Franken (D-Minn.) conveyed his understanding in the power of health information technology to improve health outcomes and make care more efficient. However, he also acknowledged a growing need to address privacy concerns with the healthcare industry making such a push to go digital. Ranking minority member Tom Corburn (R-Okla.), a physician himself, expressed reservations that electronic health information can ever be adequately secured and wondered if the EHR Incentive Program was the correct course of action. “I have a real concern both for the privacy issue but also the goal that we're trying to accomplish may not be accomplishable,” he said.
Chairman Franken also strongly called for the Obama Administration to publish the final enforcement rules for business associates under HIPAA two and a half years after passage of the HITECH Act (part of the American Recovery and Reinvestment Act of 2009). He emphasized that the public’s trust in the privacy and security of their health information is necessary to gain the widest adoption of electronic health records and health information exchange and to reap the full benefits they will bring to our healthcare system.
