Posted by Jason Greis on August 26, 2009 under Articles | 
On Aug. 24, 2009, the U.S. Department of Health and Human Services (HHS) published interim final regulations (the Rule) governing notification of breaches of unsecured protected health information (PHI) by HIPAA-covered entities and business associates. The Rule is one of several sets of regulations mandated by the Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted on Feb. 17, 2009, as a part of the American Recovery and Reinvestment Act of 2009 (ARRA). The Rule will be effective on Sept. 23, 2009. Read More...
Tags: adrienne walker porter, american recovery and reinvestment act, ARRA, breach, covered entity, elizabeth diller, greisguide, greisguidetoltachs, hipaa, HITECH, hospital, interim final regulations, kimberly kannensohn, ltac, LTACH, LTCH, mcguirewoods, media, nathan kottkamp, notification, phi, ryan scott higgins, unsecured Protected Health Information
Posted by Jason Greis on March 2, 2009 under Articles |
Health care providers and any businesses that provide information technology services for them will be subject to much greater regulation of their information security practices as a result of a major component of the recent economic stimulus legislation. Known as the Health Information Technology for Economic and Clinical Health Act (or the “HITECH Act”), this portion of the federal economic stimulus package is the most expansive modification to the federal privacy and security rules for health-related businesses since the 1996 enactment of HIPAA. Read More...
Tags: american recovery and reinvestment act, ARRA, audit, breach, business associate, business associate agreement, civil monetary penalties, cmp, covered entity, enforcement, federal trade commission, fine, ftc, greisguide, greisguidetoltachs, Health Information Technology for Economic and Clinical Health Act, hhs, hipaa, HITECH, hospital, interim final rules, kimberly kannensohn, limited data set, ltac, LTACH, LTCH, minimum necessary, notification, phi, privac, safeguard, security
Posted by Jason Greis on February 24, 2009 under Articles |
On February 17, 2009, President Barack Obama signed the American Recovery and Reinvestment Act of 2009 (the “ARRA”), commonly referred to as the federal stimulus bill. The ARRA contains several provisions — intended to promote the use of health information technology — that would significantly expand the scope of the privacy and security requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). These changes, summarized below, include: Read More...
Tags: american recovery and reinvestment act, ARRA, BAA, business associate, business associate agreement, covered entity, Department of Health and Human Services, disclosure, federal trade commission, ftc, greisguide, greisguidetoltachs, health insurance portability and accountability act, hipaa, hospital, kimberly kannensohn, liability, ltac, LTACH, LTCH, marketing, minimum necessary, notification, obama, personal health information, personal health record, phi, PHR, privacy, ryan higgins, security
Posted by Jason Greis on under Articles |
On October 22, the FTC announced that enforcement of its Identity Theft Red Flag Rules, originally scheduled to begin November 1, 2008, will now be delayed until May 1, 2009. The reason for the delay is that many entities, including health care providers, have been uncertain or even unaware of their coverage under the Rules until this point. The extension will allow covered entities more time to comply with the mandate to create and implement a written identity theft prevention program. The FTC is also planning to provide additional guidance as to Rules themselves and to which entities the Rules apply, but no date has been provided for this guidance. Read More...
Tags: covered account, creditor, elizabeth diller, FACTA, Fair and Accurate Credit Transactions Act, federal trade commission, ftc, greisguide, greisguidetoltachs, health care, health insurance portability and accountability act, healthcare, hipaa, identity theft, j. brian jackson, ltac, LTCH, mcguirewoods, nathan kottkamp, red flag rules
Posted by Jason Greis on January 21, 2009 under Articles |
The Department of Health and Human Services (HHS) issued a final regulation on Jan. 15, 2009 giving health care providers (including LTACHs) and plans two additional years-until October 1, 2013-to adopt the new health care coding system, the International Classification of Diseases, Tenth Revision (ICD-10). Under a proposed rule issued in August 2008, health care providers would have been required to adopt ICD-10 by October 2011. This new coding system greatly expands on the ICD-9-CM codes sets, which were developed nearly thirty years ago. HHS agreed to delay the compliance deadline in order to accommodate the concerns (generally concerns regarding implementation and training costs) of over 3,000 commenters urging that more time is needed for effective industry implementation of the new coding system. Read More...
Tags: 2013, abuse, altha, Centers for Medicare and Medicaid Services, cms, covered entity, federation of american hospitals, fraud, greisguide, GreisGuide to LTACHs, Health Information Management Association, hipaa, hospital, icd-10, International Classification of Diseases, jason greis, LTACH, LTCH, value-based purchasing
Posted by Jason Greis on December 8, 2008 under Articles |
An increasing number of hospitals and other health care facilities are providing physicians with access to software and other assistance relating to the implementation of electronic health records (“EHR”) systems. These entities which are considered covered entities by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), find it difficult to reconcile the open access of many EHR systems to the HIPAA obligations of a covered entity to secure and to protect the confidentiality of protected health information (“PHI”). HIPAA regulations require that covered entities implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic PHI that it creates, receives, maintains, or transmits. This article provides guidelines to assist hospitals and health care facilities who provide EHR technology to physicians or certain of their representatives on how to incorporate EHR systems with the HIPAA requirements. Read More...
Loading ...
GreisGuide News Feed