On March 19th, HHS published a notice in the Federal Register that HHS intends to complete approximately 2500 surveys to assess public perception of Health Information Exchanges.[i] Public perception of the security of HIE’s is key to understanding how ONC will eventually regulate HIEs. On a macro level the National Health Information Network (NHIN) is a network of HIEs. At this time most states have received grants to implement an HIE. Recently, however, HHS has also announced a scaled down version of the Connect software to be used for limited transaction between providers. Generally, NHIN Connect software framework is designed to enable secure and interoperable electronic health information exchanges (HIE) with NHIN compliant organizations, including federal agencies, local-level health organizations, and healthcare participants in the private sector. However, the NHIN Direct initiative announced in January, 2010 may replace some HIEs that do not bring value added services to the market [...]
|
||||
|
By Robert Hudock, on March 25th, 2010
 Print This PostMarch 25th, 2010 | Tags: authorization, Connect Framework, consumer consent, DURSAm data sharing agreement, HIE, medical records, NHIN, NHIN Direct | Category: CCHIT, EMR, Federal Agencies, HIPAA Privacy, HIPAA Security, Health Information Exchange, Health Information Technology, Health and Humans Services (HHS), Office of the National Coordinator for Health Information Technology |
Leave a comment
Print This PostBy Robert Hudock, on March 12th, 2010
Print This PostHIMSS is the largest health care technology conference in the United States. This year the conference was held in Atlanta, the conference brought $25 million to Atlanta. The tone of HIMSS 2010 was cautiously optimistic in light of the uncertainty surrounding threatened Governments legislative actions. Vendors are working hard to meet recently promulgated regulatory requirements for EHR systems; some of legislated requirements for EHRs are not essential or likely to be used by most physicians. The government is positioned as the primary funding source for EHR and HIE technology. Grants for HIE implementation total almost 400 million dollars, with a promise of more grants to come. Implementation models for state HIE’s vary from a federated model to states with loosely associated local HIE’s. Thus far a strong centralized structure seems to be the most effective implementation [...] March 12th, 2010 | Tags: Google Health, Health Vault, HIMSS, HIMSS 2010, Interoperability, ownership, patients, proprietary formats, rights | Category: American Recovery and Reinvestment Act, HIMSS, HIPAA Security, HL-7, Health Information Technology, Health Reform, Health and Humans Services (HHS), Interoperability, NIST |
Leave a comment
Print This PostBy Robert Hudock, on March 1st, 2010
Print This PostUnder the HITECH breach notification requirements, covered entities must notify HHS of all reportable breaches. HHS recently released a list of breaches, including the covered entity, the business associate, number of individuals affected, and the location of the information lost. More than 35 HIPAA covered entities have reported breaches involving more than 500 individuals’ PHI since September 2009. The theft/loss of laptops, desktop and portable media by far represent the majority of the security breaches reported thus far. A summary of breaches reported thus far appears [...] March 1st, 2010 | Tags: Department of Health and Human Services, Freedom of Information Act, health information, HIPAA, HITECH Act, security breach | Category: HITECH Act, Health Information Technology, Health Reform, Health and Humans Services (HHS), Office of Civil Rights, unsecured protected health information |
Leave a comment
Print This PostBy Robert Hudock, on March 1st, 2010
Print This PostOn February 25, 2009, at a Health Information Technology Policy Committee Adoption/Certification Workgroup meeting, Dr. Jeffrey Shuren, Director of FDA’s Center for Devices and Radiological highlighted concerns with the current state of regulation around Health Information Systems which are not currently actively regulated by FDA. Dr. Shuren’s testimony highlighted three areas of concern: (1) the FDA’s legal and regulatory authorities over medical devices and the approach we have taken with respect to HIT to date; (2) a Review of various safety issues that have been reported to the FDA and other unique challenges presented by HIT; and (3) Possible approaches the FDA could take in the future to help address these [...] March 1st, 2010 | Tags: 510k, avaliability, confidentiality, Dynamic Testing, Electronic Health Records, FDA, HIT, integrity, MDDS, ONC, Policy Committee, requirements specificastion, Shuren, Validation | Category: Center for Devices and Radiological, FDA, Health Information Technology, MDDS, Medical Device Data System |
Leave a comment
Print This PostBy Robert Hudock, on December 10th, 2009
Print This PostOn December 1st, 2009 the Office of the Secretary of the Office of the National Coordinator (ONC) for Health Information Technology announced the creation of a new Chief Privacy Office and the Office of Economic Modeling and Analysis (among three others including the Office of Chief Scientist, Deputy National Coordinator for Programs & Policy, and Deputy National Coordinator for Operations). The New Chief Privacy Officer is a necessary creation under the ARRA (and the HITECH Act). This role is different from the other positions that seem to be a re-organization of roles and responsibilities that already existed to some extent just with more specificity around functions and duties. Aside from the Chief Privacy Officer the New Economic Modeling and Analysis Position seems like a timely creation given recent articles discussing whether Health Information Technology and more specifically Electronic Health Record Systems (EHRs) actually reduce the cost of care and/or increase the quality of care. Also of note, the new Office of the Deputy National Coordinator for Programs and Policy will be responsible for the open source Connect initiative and the National Health Information [...] December 10th, 2009 | Tags: ARB, ARC, ARD, ARF, ARRA, HITECT, Office of Economic Modeling and Analysis, Office of the Chief Privacy Officer, Office of the Chief Scientist, Office of the Deputy National Coordinator for Programs & Policy, ONC | Category: American Recovery and Reinvestment Act, HIPAA Privacy, HIPAA Security, HITECH Act, Health Information Technology, Health and Humans Services (HHS), Interoperability, Office of the National Coordinator for Health Information Technology |
Leave a comment
Print This PostBy Robert Hudock, on November 29th, 2009
Print This PostThis article discusses techniques for implementing the updated requirements of the HIPAA Security Rule, with particular focus on strategies for assessing the effectiveness of implemented security controls to support compliance and audit, as well as a covered entity’s (or business associate) overarching risk management program in the context of HIPAA Compliance. Covered entities are becoming more pro-active in monitoring their business associate compliance with HIPAA privacy and security regulations and the recent changes largely the product of the HITECH Act. In the past I have used a series of questions to ascertain the compliance status of business associates to comply with HIPAA privacy and security rules. I find it useful to map security controls to NIST Special Publication 800-53. The National Institute of Standards and Technology has collaborated with the military and intelligence communities to produce the first set of security controls for all government information systems, including national security systems. The controls are included in the final version of Special Publication 800-53, Revision 3 “Recommended Security Controls for Federal Information Systems and Organizations,” released in August of 2009. (Available at http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf). [...] November 29th, 2009 | Tags: 800-53, 800-66, compliance, HIPAA, HITECH Act, NIST, security controls | Category: American Recovery and Reinvestment Act, Data Hemorrages, Destruction, Encryption, FIPS 140-2, Federal Agencies, HIPAA Security, HITECH Act, Health Information Technology, Health Reform, Health and Humans Services (HHS), Individually identifiable health information, Interoperability, Meaningful Use, Media Sanitization, NIST, Office of Civil Rights, Privacy, SSL VPNs, anonymization, unsecured protected health information |
5 comments
Print This PostBy Robert Hudock, on November 17th, 2009
Print This PostNext year should be interesting. From Red Flag compliance, federal breach reporting requirements, significantly augmented HIPAA penalties, and HIPAA security standards that are based on NIST guidelines will change the traditional compliance model for Covered Entities and Business Associates. Hot topics for enforcement next year (based on recent CMS audits of their business partners) will likely be in the areas encryption of portable media devices, remote access by employees to protected health information, and failure to document a rational risk management [...] November 17th, 2009 | Tags: ARRA, breach, EHR, Encryption, enforcement actions, FISMA, HIPAA, Interoperability, NIST, OIG, security | Category: American Recovery and Reinvestment Act, EMR, Encryption, FIPS 140-2, HIPAA Security, HITECH Act, Health Information Technology, Health and Humans Services (HHS), Interoperability, Meaningful Use, NIST, unsecured protected health information |
2 comments
Print This PostBy Robert Hudock, on August 31st, 2009
Print This PostOn August 27th open source programmers met at HHS to work on developing CONNECT, an open-source solution, written in Java, for the development and implementation of HIE gateways and interfaces to join NHIN and/or interface multiple systems with incompatible communication protocols. The goal of an HIE is to facilitate access to and retrieval of clinical data to provide safer, more timely, efficient, effective, equitable, patient-centered care. HIEs are also useful for public health authorities to assist in analysis of the health of a population. Federal Health Architecture is intended to deliver free, scalable solution to help organizations to tie health information systems into the NHIN. Thus far the project has yielded at least one success (outside of the federal government) where data have been successfully transferred between a civilian hospital and the [...] August 31st, 2009 | Tags: Connect, FHA, HIE, HIT | Category: American Recovery and Reinvestment Act, EMR, Federal Agencies, HITECH Act, Health and Humans Services (HHS), Interoperability, Open Source |
Leave a comment
Print This PostBy Robert Hudock, on August 24th, 2009
Print This PostThe Office of the National Coordinator for Health Information Technology (ONC) has recently release more information on two grant programs. The HITECH Act authorizes two grant programs: (1) a Health Information Technology Extension Program (Extension Program) and (2) the State Health Information Exchange Coopertive Agreement Program (Agreement Program). This program provides grants for the establishment of Health Information Technology Regional Extension Centers that will offer technical assistance, guidance and information on best practices to support and accelerate health care providers’ efforts to become meaningful users of Electronic Health Records (EHRs). The consistent, nationwide adoption and use of secure EHRs will ultimately enhance the quality and value of health care. The State Health Information Exchange Cooperative Agreement Program supports states and/or State Designated Entities (SDEs) in establishing health information exchange (HIE) capacity among health care providers and hospitals in their [...] August 24th, 2009 | Tags: EHR, Health Information Technology Regional Extension Centers, HIE, Office of the National Coordinator for Health Information Technology, ONC, State Designated Entities, State Health Information Exchange Cooperative | Category: American Recovery and Reinvestment Act, EMR, HITECH Act, Health Information Technology, Health Reform, Health and Humans Services (HHS), Interoperability, Meaningful Use, Office of the National Coordinator for Health Information Technology |
One comment
Print This PostImprove the web with Nofollow Reciprocity. |
||||
|
Copyright © 2010 Law Blog 2.0 - Robert Hudock, Esq., CISSP - All Rights Reserved - This Blog is a personal blog of Robert Hudock. |
||||
ONC 2nd Annoucement for HIE Grants and a Review of Program Requirements
On March 15, 2010, ONC completed the announcement of State Health Information (State HIE) Exchange Cooperative Agreement Program awardees. The first announcement of awards were on February 12th, 2010. These awards are meant as seed money for State HIE’s which are expected to reach financial independent within 2 to 4 years. The Awardees will be evaluated on various criteria over a four year period. The criteria are detailed in http://healthit.hhs.gov/portal/server.pt/gateway/PTARGS_0_10741_888442_0_0_18/FOA_State%20Health%20Information%20Exchange%20Cooperative%20Agreement%20Program_Sept3_updated%20funding%20formula.doc. A PDF of this same document is available here: FOA_State Health Information Exchange Cooperative Agreement Program_Sept3_updated funding formula. Generally, HIEs are intended to transmit healthcare information electronically across organizations within a region, community or hospital system. HIE generally allow for the movement of clinical information among disparate health systems. Various gateways and interface utilities are used to translate data from disparate information [...]