CMS Gives Guidance on HIPAA Security Rule - Posted to HIPAAcomply 11/30/04
Experts give HIPAA interpretations - Posted to HIPAAcomply 11/9/04
GAO Recommends Privacy Rule Change - Posted to HIPAAcomply 10/7/04
California Governor Terminates Privacy Bill - Posted to HIPAAcomply 9/30/04
HHS Gets Fundraising Guidance - Posted to HIPAAcomply 9/15/04
HIPAA Enforcement Rule Extended - Posted to HIPAAcomply 9/15/04
Albertsons Faces Privacy Lawsuit - Posted to HIPAAcomply 9/15/04
HHS Clarifies State Disclosures - Posted to HIPAAcomply 8/30/04
Feds Get First Privacy Conviction - Posted to HIPAAcomply 8/23/04
HHS Issues Security Rule Guidance - Posted to HIPAAcomply 8/13/04
HHS Gives Guidance on PHI Disclosures - Posted to HIPAAcomply 7/29/04
Banks, Schools Need Clarity on Privacy Rule Provisions - Posted to HIPAAcomply 7/14/04
Medicare to delay Non-HIPAA compliant claims - Posted to HIPAAcomply 7/6/04
CMS to Publish New Rules in the Fall - Posted to HIPAAcomply 6/24/04
AHA urges CMS to seek provider input on HIPAA NPI process - Posted to HIPAAcomply 6/24/04
HIPAA Privacy Rule Certification Program for Business Associates - Posted to HIPAAcomply 6/3/04
HHS Offers HIPAA Privacy Rule Listserv - Posted to HIPAAcomply 6/2/04
Report Outlines HIPAA Security Work - Posted to HIPAAcomply 4/29/04
OCR Adds Two New FAQ's to website - Posted to HIPAAcomply 2/6/04
DHHS Publishes Final Rule for National Provider Identifier - Posted to HIPAAcomply 1/23/04
CMS Announces the Standard Unique Health Identifier for Health Care Providers for use in Standard Transactions under HIPAA - Posted to HIPAAcomply 1/22/04
U.S. Supreme Court Denies Review Of Federal Appeals Court HIPAA Ruling - Posted to HIPAAcomply 11/10/03
Standard National Provider ID rule sent to OMB - Posted to HIPAAcomply 10/22/03
CMS Decides to Deploy Contingency Plan on Electronic Transactions - Posted to HIPAAcomply 9/23/03
HHS will NOT extend Electronic Claims deadline - Posted to HIPAAcomply 9/15/03
Link to CMS Contingency Planning Package - Posted to HIPAAcomply 9/16/03
CMS Clarifies HIPAA Contingency Plans for Tranactions and Code Sets - Posted to HIPAAcomply 9/10/03
Office of Inspector General issues report on TCS Compliance Efforts - Posted to HIPAAcomply 8/18/03
CMS issues guidance on HIPAA Transactions and Code Sets - Posted to HIPAAcomply 7/28/03
First Installment of HIPAA Enforcement Rule Posted by HHS - Posted to HIPAAcomply 4/17/03
New Patient Privacy Rules to Take Effect - Posted to HIPAAcomply 4/15/03
Corrections Notice for Modifications to Transactions Rule Published - Posted to HIPAAcomply 3/11/03
Rules Finalized on Security and Transactions Standards Modifications - Posted to HIPAAcomply 2/13/03
President Bush Proposes Funding for HIPAA Enforcement - Posted to HIPAAcomply 2/6/03
Final Security Rule delayed - Posted to HIPAAcomply 1/2/03
HHS releases new Privacy FAQ's - Posted to HIPAAcomply 11/19/02
CMS Named to Enforce HIPAA Transaction and Code Set Standards - Posted to HIPAAcomply 10/15/02
Publication of Final Privacy Regulation - Posted to HIPAAcomply 8/12/02
New HIPAA Regulations Published - Posted to HIPAAcomply 5/231/02
Electronic Submission Option for HIPAA Model Compliance Plan Extension - Posted to HIPAAcomply 5/2/02
Beacon Partners Announces New Consulting Line of Flexible HIPAA Solutions - Posted to HIPAAcomply 4/11/02
CMS Publishes HIPAA Model Compliance Extension Form - Posted to HIPAAcomply 3/29/02
Privacy NPRM is Published -
Posted to HIPAAcomply 3/28/02
HHS Outlines Changes to Privacy Rule -
Posted to HIPAAcomply 3/22/02
HHS Press Release on Proposed Changes to Privacy Rule - Posted to HIPAAcomply 3/22/02
Congress Clarifies Intent of HIPAA Transactions Delay Law - Posted to HIPAAcomply 1/8/02
Senate passes House version of Transaction delay bill - Posted to HIPAAcomply 12/13/01
Proposed addenda to the HIPAA Implementation Guides published - Posted to HIPAAcomply 11/1/01
Security Fears Force Cancer Center To Shelve Wireless Plan - Posted to HIPAAcomply 9/6/01
Physician Group Files Privacy Suit - Posted to HIPAAcomply 9/5/01
Industry leaders ask HHS for quick action on Privacy - Posted to HIPAAcomply 8/7/01
Tom Scully, New CMS Administrator, and Congressional Staff comment on HIPAA “Delay” proposals - Posted to HIPAAcomply 7/20/01
HHS to publish NPRM to retract final rule of NDC's as standard - Posted to HIPAAcomply 7/13/01
HHS ISSUES FIRST GUIDANCE ON NEW PATIENT PRIVACY PROTECTIONS - Posted to HIPAAcomply 7/9/01
AHA responds to letter from 31 members of congress regarding delays in HIPAA deadlines - Posted to HIPAAcomply 6/27/01
NCVHS subcommittee to assess transactions standards in public meeting - Posted to HIPAAcomply 6/20/01
HHS to provide guidance on HIPAA - Posted to HIPAAcomply 6/11/01
Arizona Rep. introduces new HIPAA Legislation - Posted to HIPAAcomply 5/30/01
Bill to delay HIPAA still in Committee - Posted to HIPAAcomply 5/29/01
WEDI/SNIP hosts webcast 5/31/01 on Transactions Business Issues - Posted to HIPAAcomply 5/29/01
Democratic Senate could help privacy law - Posted to HIPAAcomply 5/29/01
House Ways & Means committee chair considers legislation to overturn HIPAA Privacy regs. - Posted to HIPAAcomply 5/24/01
AFEHCT Annual Policy Forum scheduled for July 9th and 10th - Posted to HIPAAcomply 5/23/01
WEDI SNIP holds June forum on HIPAA implementation - Posted to HIPAAcomply 5/21/01
Survey respondents on track to meet HIPAA compliance deadlines - Posted to HIPAAcomply 5/21/01
HIPAA Transactions deadline may be missed by Medicare - Posted to HIPAAcomply 5/21/01
Is HHS Preparing for a Universal Medical ID Number? - Posted to HIPAAcomply 5/17/01
Changes to HIPAA Rule Expected Soon - Posted to HIPAAcomply 5/15/01
House Reps. send letter to President Bush regarding Privacy Rule - Posted to HIPAAcomply 5/14/01
House Majority Leader Seeks Changes to Controversial Privacy Regulations - Posted to HIPAAcomply 5/3/01
Gartner Survey Finds Most Healthcare Organizations Are Unlikely to Be Ready by HIPAA Compliance Deadlines - Posted to HIPAAcomply 5/3/01
Privacy Rule Guideline to Address Several Issues - Posted to HIPAAcomply 5/3/01
Final Privacy Rule to be put into effect on April 14, 2001 - Posted to HIPAAcomply 4/12/01
Thompson Seeks Privacy Rule Changes - Posted to HIPAAcomply 3/28/01
HHS Secretary Likely to Change Privacy Rules - Posted to HIPAAcomply 3/28/01
HHS Hopes for Final Security Rule by June - Posted to HIPAAcomply 3/1/01
Guard your genetic data from those prying eyes - Posted to HIPAAcomply 3/1/01
HHS Announces New Dates for Final Privacy Rule - Posted to HIPAAcomply 2/26/01
The Dark Side of Genetic Testing - Posted to HIPAAcomply 2/15/01
Expert: Keep Data Security Practices in Perspective - Posted to HIPAAcomply 2/14/01
Second National HIPAA Summit to Analyze Implications of Final Privacy Regulations - Posted to HIPAAcomply 2/13/01
WEDI to Hold Privacy Policy Action Group Forum in conjunction with HIPAA Summit II - Posted to HIPAAcomply 2/13/01
President Bush's Hold on Pending Regulations is Clarified - Posted to HIPAAcomply 1/25/01
Definitions for HIPAA Final Privacy Rules - Posted to HIPAAcomply 1/15/01
Guide to Understanding and Complying with HIPAA Security and Privacy Regulations updated to include Final Privacy Rule - Posted to HIPAAcomply 1/08/01
Congress Clarifies Intent of HIPAA Transactions Delay Law
Health
Data Management (January 3, 2002)
Courtesy of the Association for Electronic Health Care Transactions, what follows is the congressional intent of H.R. 3323, the recently enacted legislation to delay by one year the compliance date of the HIPAA transactions and code sets rule. Rep. William Thomas (R-Calif.), chair of the House Ways and Means Committee, submitted the congressional intent in the Congressional Record. The congressional intent provides useful clarifications for health care entities that must comply with the transactions rule.
Click here for HDM article and text of congressional intent
Posted to HIPAAcomply 1/8/02
Proposed addenda to the HIPAA Implementation Guides published
Proposed addenda to the HIPAA Implementation Guides have been published. A proposed rule to adopt these addenda as part of the standards is in preparation at HHS for publication soon.
Each of the X12N Implementation Guides originally published May 2000 and adopted for use under HIPAA have had addenda created for them. Since these guides were named for use under HIPAA, these Draft Addenda will go through a Notice of Proposed Rule Making (NPRM) process, just as the original Implementation Guides did, before becoming a final addenda to the guides published by X12N. Only the modifications noted in this Draft Addenda will be considered in the NPRM. For more information and to download the Addenda go to:
http://www.wpc-edi.com/hipaa/addenda
Posted to HIPAAcomply 11/1/01
Security Fears Force Cancer Center To Shelve Wireless Plan
Computerworld.com (August 29, 2001)
The MD Andersen Cancer Center in Houston has put on hold a pilot plan to provide wireless LAN access to users on its five-building campus due to security concerns.
Click here for entire text of the article
Posted to HIPAAcomply 9/6/01
Physician Group Files Privacy
Suit
Health
Data Management (September 4, 2001)
One month after saying it would challenge the constitutionality of the medical privacy rule, the Association of American Physicians and Surgeons filed a lawsuit on Aug. 30. The Tucson, Ariz.-based organization originally announced the filing on July 31, but actually held off to enable other groups and individuals to join.
Click here for complete HDM article
Posted to HIPAAcomply 9/5/01
Industry Leaders ask HHS for quick action on Privacy
Health
Data Management (August 7, 2001)
Some 86 organizations signed a letter asking Health and Human Services Secretary Tommy Thompson to expedite modifications to the privacy rule through new rule making. The American Medical Association and Healthcare Leadership Council spearheaded the campaign. Signers included dozens of provider organizations, major payer associations, and business groups representing food marketers, drug stores, homebuilders, manufacturers and retailers. The U.S. Chamber of Commerce also signed the letter.
Click here for complete HDM article
Posted to HIPAAcomply 8/7/01
Tom Scully, New CMS Administrator, and Congressional Staff comment on HIPAA “Delay” proposals
AFEHCT held its Annual Washington Policy Forum on July 9th & 10th in
Washington, DC. At that meeting, Tom Scully, new CMS (formerly HCFA)
Administrator spoke about HIPAA "delay" proposals. It is the only time
the
Bush administration has spoken in public and on the record on the subject
of
HIPAA "delay" proposals.
Three Congressional staffers close to the HIPAA "delay" situation also
addressed the HIPAA "delay" situation.
Click here to read what they all had to say
Posted to HIPAAcomply 7/13/01
HHS to publish NPRM to retract final rule of NDC's as standard
In response to a letter from the National Committee on Vital and Health Statistics (NCVHS), HHS Secretary Thompson responded with a letter that says, in part, "Your recommendation to modify the standard (section 162.1002(c) in the Final Rule on Standards for Electronic Transactions) would retract the adoption of NDCs as the standard medical data code set for reporting drugs and biologics for certain standard transactions. ... We intend to pursue your recommendation by publishing a notice of proposed rulemaking. We expect to do this in the near future, so we can resolve the issues before substantial work by the industry to convert to NDCs is underway."
Click here for full text of letter
Posted to HIPAAcomply 7/13/01
HHS ISSUES FIRST GUIDANCE ON NEW PATIENT PRIVACY PROTECTIONS
The Department of Health and Human Services (HHS) today issued the first in a series of guidance materials on new federal privacy protections for medical records and other personal health information.
Today's guidance explains and clarifies key provisions of the medical privacy regulation, which was published last December. Providing this guidance is part of an ongoing process to help health care providers and health plans come into compliance with the regulation by April 14, 2003.
"The patient privacy rule will provide strong protections for personal health information while maintaining the high quality of care that Americans expect," HHS Secretary Tommy G. Thompson said. "This guidance is an opening step in helping physicians, health care providers and health plans understand their obligations to patients under the rule."
The guidance -- available on the Web at http://www.hhs.gov/ocr/hipaa/ -- answers common questions about the new protections for consumers and requirements for doctors, hospitals, other providers, health plans and health insurers, and health care clearinghouses. It also clarifies some of the confusion regarding the meaning of key provisions of the rule.
For example, the guidance makes clear that hospitals do not have to build private, soundproof rooms to prevent overheard conversations about a patient's condition, as some mistakenly believed. Rather, the rule simply requires that hospitals provide reasonable safeguards to protect confidential information - such as using curtains, screens or similar barriers, which are often already used. The guidance also indicates that the rule allows a friend or relative to pick up a patient's prescription at the pharmacy, as often occurs today.
Congress in 1996 recognized the need for national patient privacy standards and set a three-year deadline for itself to enact such protections as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). When Congress did not enact such legislation after three years, the law required HHS to adopt such protections via regulation.
HHS proposed federal privacy standards in 1999 and, after reviewing and considering more than 50,000 public comments on them, published final standards in December 2000. Secretary Thompson requested public comment on the rule this spring before allowing the rule to take effect on April 14.
The guidance addresses many key issues of concern reflected in the more than 11,000 separate public comments on the final rule submitted to HHS during a 30-day comment period this March. Topics include patient consent, parental rights, marketing, medical research and governmental access issues.
Most covered entities have until April 14, 2003, to comply with the patient privacy rule; small health plans have an additional year to comply. HHS' Office for Civil Rights will conduct extensive outreach to consumers and health care providers to explain what the rule means for them. HHS also will provide technical assistance and further guidance to health care providers and other covered entities to help them comply.
As permitted under the HIPAA law itself, HHS also expects to propose appropriate changes to the rule in order to ensure that it does not adversely affect patients' access to quality health care. For example, Secretary Thompson has said he intends to propose modifications to ensure that a pharmacist can fill a phoned-in prescription for a new patient, even when the pharmacist does not first have the patient's signed consent on file.
A fact sheet summarizing the privacy rule's rights and protections is available on the Web at http://www.hhs.gov/news/press/2001pres/01fsprivacy.html. More detailed information about the rule, including the initial guidance, is available at http://www.hhs.gov/ocr/hipaa/.
Posted to HIPAAcomply 6/27/01
AHA responds to letter from 31 members of congress regarding delays in HIPAA deadlines
31 members of Congress have sent a letter to President Bush advising that the President not change or delay the privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA). The AHA has responded by expressing disagreement in a letter to the congressional members, led by Rep. Ed. Markey, D-MA.
Click here for text of the letter from congressional members to President Bush (PDF format)
Click here for text of the letter from AHA to members of Congress (from AHA's web site)
Posted to HIPAAcomply 6/27/01
NCVHS subcommittee to assess transaction standards in public meeting
The NCVHS (National Committee on Vital and Health Statistics, which is an advisory body to DHHS) Subcommittee on Standards and Security will meet on June 26 at the Renaissance Hotel, 999 9th Street, N.W., Washington, D.C.
This will be a working session to complete their assessment of the modifications to transaction standards and final rules recommended by the Designated Standards Maintenance Organizations, and of general industry HIPAA readiness.
Recommendations to the Secretary will be drafted for full committee review. For more information visit www.ncvhs.hhs.gov.
Posted to HIPAAcomply 6/20/01
HHS
to provide guidance on HIPAA
AHA
News (June 8, 2001)
A long-awaited guidance document on steps necessary to implement HIPAA privacy regulations is expected to be released in the next few days.
Click here to more information from AHA
Posted to HIPAAcomply 6/11/01
Arizona
Rep. introduces new HIPAA Legislation
Health
Data Management (May 30, 2001)
Rep. John Shadegg (R-Ariz.) has introduced legislation to establish uniform, delayed compliance dates for most of the HIPAA administrative simplification provisions. The bill, H.R. 1975, is similar to legislation Sen. Larry Craig previously introduced in the Senate. Craig on May 25 considered pulling his bill from committee and putting it on the Senate floor for immediate action, but could not muster enough support.
Click here for full text of bill - HR 1975
Posted to HIPAAcomply 5/30/01
Bill
to delay HIPAA still in Committee
Health
Data Management (May 29, 2001)
Efforts on May 25 to bring HIPAA legislation to the Senate floor for an immediate vote failed and the bill remains in the Finance Committee. The bill, S. 836, sets an October 16, 2004 compliance date for HIPAA rules governing transactions/code sets, data security and provider and payer identifiers; or two years after the final rules are adopted and reliable provider and payer identifiers are available, whichever is later. The American Medical Association, American Public Human Services Association and Blue Cross and Blue Shield Association requested the legislation.
Click here for complete HDM article
Posted to HIPAAcomply 5/29/01
WEDI/SNIP hosts webcast 5/31/01 on Transactions Business Issues
Thursday, May 31, 2:00 - 3:30 p.m. EDT
Are you looking for updates on the "hot topics" with which the WEDI SNIP Business Issues workgroup has been grappling for the past few months? Do you need to know what strategies industry experts are developing to resolve these contentious issues? Join a panel of industry experts in a webcast May 31 at 2:00 p.m. EDT to discuss key issues from two White Papers: Direct Data Entry and Data Code Sets Compliance. The primary authors of the White Papers will present a brief overview of their papers, engage in a discussion of the key issues with an industry panel, and address questions submitted by the audience. The webcast will also follow up on key issues that arose from the December audiocast on the 837 transaction.
Participants should review the Direct Data Entry and Data Code Set Compliance white papers (in PDF format) prior to the webcast. Visit WEDI SNIP website for more information, and visit the online registration page to register today.
Posted to HIPAAcomply 5/29/01
Democratic
Senate could help privacy law
Reuters (May 25, 2001)
The U.S. Senate will be more likely to take a favorable view of privacy legislation when it comes under Democratic control, privacy advocates and observers said Friday.
Click here for full text of article
Posted to HIPAAcomply 5/29/01
House
Ways & Means committee chair considers legislation to overturn HIPAA
Privacy regs.
Health
Data Management (May 23, 2001)
Rep. William Thomas (R-Calif.) is considering pushing for legislation to overturn the medical privacy rule authorized under the Health Insurance Portability and Accountability Act. He also wants to examine other HIPAA rules, according to a source close to the committee.
Click here for full story from HDM
Posted to HIPAAcomply 5/23/01
AFEHCT Annual Policy Forum scheduled for July 9th and 10th
The Association For Electronic Healthcare Transactions (AFEHCT) has scheduled it's Annual Washington Policy Forum for July 9 - 10, 2001 at the Marriott Metro Center in Washington, D.C. The issues to be discussed include:
- HIPAA Delay Proposals
- HIPAA Privacy
- HIPAA Enforcement
- Security
- HIPAA: The Early Days
Click here for an agenda in PDF format from AFEHCT's website
Posted to HIPAAcomply 5/23/01
WEDI
SNIP holds June forum on HIPAA implementation,
June 19th and 20th
HYATT REGENCY EMBARCADERO CENTER
5 Embarcadero Center
San Francisco, CA 94111
(415) 788-1234
Join WEDI SNIP in San Francisco on June 19-20 to hear and participate in discussions on the latest HIPAA implementation issues and implementation strategies. This interactive one and one half day meeting will include discussions on the latest and hottest HIPAA implementation issues, and will provide opportunities for interactive discussions with the speakers. Join WEDI SNIP as we begin moving towards HIPAA compliance. Sessions at the WEDI SNIP June Forum On HIPAA Implementation: Moving Towards HIPAA Compliance will include:
EDUCATION WORKGROUP:
New WEDI SNIP Tools and Resources
Hear about the newly available resources from WEDI SNIP. The education
workgroup will unveil the redesigned WEDI SNIP website, improved to make
it easier for you to find the resources you need. The workgroup will also
introduce the new web-based Issues Database, and will review the WEDI SNIP
Discussion Forum that is used to solicit input on topics and white papers.
The workgroup will also solicit your input on topics for future web cast
events.
Regional HIPAA Implementation Efforts:
Getting Up, Close and Personal with HIPAA.
Hear the latest about what Regional Implementation efforts are doing at
the state and local level to bring together providers, plans,
clearinghouses, government, and other affected organizations to work
collaboratively towards the successful implementation of HIPAA. A panel of
four leaders from regional efforts will discuss their local efforts and
will field audience questions.
SECURITY AND PRIVACY WORKGROUP:
Where We've Been and Where We're Going
Join the Security & Privacy workgroup as they review the consensus
making process and the work products they've developed thus far. Offer
comments on where the workgroup is going as they provide the latest
updates and comparisons of the most controversial Privacy areas. The
workgroup will also address how Privacy has changed with the final rules
and how they intersect with Security.
New Policies and Procedures White
Paper
Are you struggling with implementation of the final Privacy Rule? Are you
worried about the policy and procedure to-do's you'll be faced with once
the HIPAA awareness has occurred and the assessment is complete? This
presentation will provide you with a starting point by discussing the most
critical areas of the Privacy rule that require development of policies
and procedures. The paper will provide references to specific sections of
the regulation and preamble where the requirement is specified, and will
note cautions for particularly critical areas of implementation. Learn
about this new sub workgroup and leave with helpful suggestions.
Small Provider Case Study
The large providers and health plans are buzzing with HIPAA activity - but
what about the small practice? The Vendor Technologies sub workgroup,
together with other participants, has completed a small provider survey
and a white paper detailing the key areas of concern for this covered
entity type. Hear some helpful suggestions on how to get started.
INDUSTRY EXPERT PANEL:
Where We Are with HIPAA
Engage in a discussion with leaders in the industry. Invited panelists
represent X12N, HL7, NCPDP, DSMO, NCVHS, ADA, AMA, and AHA. Hear an update
on the activities of the respective groups related to HIPAA readiness.
Each speaker will offer insights on how WEDI SNIP can assist their
organization in this process.
TRANSACTIONS WORKGROUP:
Transactions Workgroup Update
Hear a brief overview of the latest Transactions Workgroup activities,
issues, and work products.
Sequencing
Details to come. Visit the WEDI SNIP website at http://www.wedi.org/snip/Events/SNIP_June/Index.html
next week for a synopsis of this session.
Data Review and the Web-Based Issues
Database
This session will entail the final outcome of Data Review questions from
audience participants from the December 19 WEDI/SNIP audiocast on the
HealthCare Claim/Encounter Transaction (X12N 837). Additional issues that
have been brought to the Data Review sub workgroup will be discussed. The
Data Review workgroup will demonstrate the use of the newly developed WEDI/SNIP
issues database while going through these exercises.
Translations: Data Mapping Issues and
Technology
This session will provide an overview of the latest findings of AFEHCT's
ASPIRE (Administrative Simplification Print Image Research Effort) project
and the Taxonomy crosswalk issue. The workgroup will also present an
introduction to translator technology that is available on the market
today and where you can go to find more information.
Testing Tips, Tools, and Tricks
Join industry experts in a lively discussion of the main issues
surrounding trading partner testing. Learn what has been done to date in
the Testing Sub-workgroup and discover new and interesting ways to relieve
the burden of testing with all of your trading partners. Bring along your
concerns as it relates to this topic to assist making this a productive
discussion.
Business Issues
Details to come. Visit the WEDI SNIP website at http://www.wedi.org/snip/Events/SNIP_June/Index.html
next week for a synopsis of this session.
REGISTER TODAY!
Visit the WEDI SNIP website at www.wedi.org/snip.
The registration fee is $350 for WEDI members and $450 for WEDI
nonmembers. Registrations will be accepted via mail, email, fax, or the
WEDI SNIP website. Please direct any questions about the WEDI SNIP June
Forum to Kristin Becker, Director of SNIP, at kbecker@wedi.org,
or 703/391-2714. Please visit the WEDI SNIP website often for program
updates.
HOTEL ACCOMMODATIONS:
Guest rooms have been reserved at the Hyatt
Regency Embarcadero at a special rate of $220. Call 415/788-1234 to make
your hotel reservation, and be sure to request the WEDI SNIP Forum rate no
later than May 30.
HIPAA SUMMIT WEST:
The HIPAA Summit West conference will be held in conjunction with the WEDI SNIP June forum on June 20-22. The Summit will feature a faculty of over 100 healthcare privacy and security experts presenting five major plenary sessions and over 40 concurrent sessions. The Summit will include special sessions on the HIPAA Regulations by leading Representatives of DHHS; the HIPAA Transactions and Code Sets; Gramm-Leach-Bliley and State Law; a Privacy Mini-Summit and a Security Mini-Summit. For more information contact the HIPAA Summit directly at 1-800-546-3750, or http://www.hipaasummit.com/
Posted to HIPAAcomply 5/21/01
Survey
respondents on track to meet HIPAA compliance deadlines
AHA
News, May 21, 2001
Fifty-seven percent of hospitals responding to a recent AHA member survey said they are on schedule to meet the Oct. 16, 2002, deadline to comply with the electronic transactions standards of the Health Insurance Portability and Accountability Act (HIPAA).
Click here for complete article
Posted to HIPAAcomply 5/21/01
HIPAA
Transactions deadline may be missed by Medicare
From Health Data Management (May
18, 2001)
The Health Care Financing Administration is backing away from earlier assertions that it expected the Medicare program to meet the October 2002 deadline for compliance with the HIPAA transactions standards.
Click here for full story from HDM
Posted to HIPAAcomply 5/21/01
Is HHS Preparing for a Universal Medical ID Number?
House Majority Leader Dick Armey wrote to Health and Human Services (HHS) Secretary Tommy Thompson today, asking him to investigate agency guidelines issued during the Clinton Administration that strongly suggest that HHS has been preparing for a universal medical ID number.
"Are these May 2000 guidelines still in effect?" asked Armey. "If so, federal law is being violated, and I would respectfully urge you to take swift corrective action."
After media reports revealed in 1998 that HHS officials had been working on a universal medical identification number, former Vice President Al Gore moved to assure the public that the program had ended. Congress followed up by passing a law, still in effect, prohibiting just such a number.
"Imagine the implications for personal privacy if everyone had a government-issued medical ID number and the government had an unfettered search-and-seizure power over private medical records," wrote Armey. "That unfettered search-and-seizure power is currently poised to become law, thanks to the Clinton privacy regulations that are being finalized right now." Armey's letter included a photocopy from a May 2000 data standard implementation guideline document describing a database field called the "HIPAA Individual Identifier." Public Law 106-554 specifically prohibits HHS from providing any such a "unique health identifier."
"Mr. Secretary, until Congress speaks again on this subject, I would respectfully ask that you bring the medical ID project to a complete halt," wrote Armey.
A Zogby poll released yesterday reveals that nearly two-thirds of likely voters nationwide have concerns about the government maintaining computerized medical records on all Americans.
To read the letter and it's attachments, click here.
Posted to HIPAAcomply 5/17/01
Changes
to HIPAA Rule Expected Soon
From Health Data Management
(May 11, 2001)
The U.S. Department of Health and Human Services soon will release changes to the privacy and transactions and code sets rules of the Health Insurance Portability and Accountability Act, says William Braithwaite, senior advisor on health information policy in the department’s office of the assistant secretary for planning.
Click here for complete article from HDM
Posted to HIPAAcomply 5/15/01
House Reps. send letter to President Bush regarding Privacy Rule
In a May 9th letter to President Bush, Reps. Bill Thomas (R-CA), chairman of the House Ways and Means Committee, and Nancy Johnson (R-CT), chairman of the committee’s health panel, ask the administration to fix the rule to “balance a patient’s privacy rights against legitimate health care needs.”
Click here to read the letter and it's attachments on American Hospital Associations' Website
Posted to HIPAAcomply 5/14/01
House Majority Leader Seeks Changes to Controversial Privacy Regulations
In a May 2nd letter, House Majority Leader Dick Armey has asked HHS Secretary Tommy Thompson to consider specific changes to the HIPAA Privacy Regulations recently finalized by Health and Human Services. At issue, is a provision that would allow HHS "full access to every American's private patient medical record". Please read on for Rep. Armey's complete letter:
May 2, 2001
The Honorable Tommy G. Thompson
U.S. Department of Health and Human Services
200 Independence Avenue, SW
Washington, D.C. 20201
Dear Secretary Thompson:
Now that the President has decided to finalize the medical privacy regulation under the Health Insurance Portability and Accountability Act (HIPAA), I write to suggest specific changes to that controversial regulation, in hopes you will use your authority to strengthen rather than endanger the medical privacy of all Americans.
As I said in my earlier letter, there is language in the medical privacy regulation that grants the Department of Health and Human Services (HHS) full access to every American's private patient medical records. To wit:
A covered entity must permit access by the Secretary during normal business hours to its facilities, books, records, accounts, and other sources of information, including protected health information, that are pertinent to ascertaining compliance with the applicable requirements of this part 160 [relating to the administration of this regulation] and the applicable standards, requirements, and implementation specifications of subpart E of part 164 of this subchapter [relating to the protection of patient medical records]. If the Secretary determines that exigent circumstances exist, such as when documents may be hidden or destroyed, a covered entity must permit access by the Secretary at any time and without notice. (Emphasis added.)
-- Federal Register, Vol. 65, No. 250, December 28, 2000, p. 82802, Sec. 160.310(c)(1).
This startling provision grants federal agents the power to look into citizens' medical records without a warrant, "at any time and without notice." Every family that cherishes its privacy ought to be disturbed by this massive grant of federal authority. Americans' medical records should be protected from all bureaucrats, not just corporate ones.
I therefore respectfully suggest the following changes be made to this section of the regulation:
- Insert the words "upon at least 24 hours' notice" after the word "Secretary" in the first sentence.
- Strike out the last sentence altogether.
- Add language requiring the Secretary to obtain a search warrant in those exigent cases where he or she has reason to believe documents might be hidden or destroyed.
We demand federal agents obtain a search warrant before going through our other personal papers. Why not our medical records, which are often even more sensitive?
Let us remember that federal agencies have a terrible track record when it comes to protecting sensitive information:
- HHS received an "F" last year on computer security from the House Government Reform and Oversight Subcommittee on Management and Information Technology.
- Monday's newspapers reported that websites operated by HHS and Labor were broken into and vandalized Saturday by hackers, who posted a picture of a deceased Chinese pilot on the HHS site. How can we be sure that other, more sensitive HHS databases have not been similarly compromised?
As you work to modify the medical privacy regulations, please, Mr. Secretary, consider the wisdom of opening up people's personal medical records to federal agents without Fourth Amendment protections. Americans deserve to know their privacy is being protected and not threatened by their own government.
Thank you for your consideration.
Respectfully,
Dick Armey
Member of Congress
Posted to HIPAAcomply 5/3/01
According to a recent survey by Gartner, Inc., a national research and advisory firm, 75% of healthcare organizations have not begun HIPAA compliance efforts by assessing their current environments and risks. The first HIPAA compliance deadline for transactions and codes sets is less than 18 months away and unless health care organizations aggressively begin compliance efforts within the next three months they will most likely miss the deadline and risk incurring high penalties and financial damage.
Click here for Gartner's press release regarding the survey.
Posted to HIPAAcomply 5/3/01
Privacy
Rule Guideline to Address Several Issues
(May 01, 2001) Health
Data Management
Health and Human Services Secretary Tommy Thompson recently announced he soon will issue the first guideline to the medical privacy rule. According to an HHS source, the guideline will clarify several contentious provisions in the rule, such as the right of family members or friends to pick up a person’s prescription. The guideline, according to the source, likely also will address concerns regarding oral communications, patient consent provisions and the “minimum necessary” disclosure of information, among other issues.
Click here for complete HDM article
Posted to HIPAAcomply 5/3/01
Final Privacy Rule to be put into effect on April 14, 2001
DHHS Secretary Tommy Thompson said today that the President will put the HIPAA Privacy Rule into effect on April 14. As a result, covered entities will be required to comply with the provisions of the rule by April 14, 2003.Secretary Thompson stated that the medical privacy debate has gone on long enough but acknowledged some concerns about the rule in the health care industry and pledged “to begin the process of issuing guidelines on how this rule should be implemented.”
The following is the text of an HHS News Release
STATEMENT BY HHS SECRETARY TOMMY G. THOMPSON
REGARDING THE PATIENT PRIVACY RULE
Today, I am pleased to announce that the President is taking a bold and definitive step to protect the rights of citizens to keep their medical records confidential. President Bush wants strong patient privacy protections put in place now. Therefore, we will immediately begin the process of implementing the patient privacy rule that will give patients greater access to their own medical records and more control over how their personal information is used.
We have laws in this country to protect the personal information contained in bank, credit card and other financial records. Our citizens must not wait any longer for protection of the most personal of all information - their health records.
This rule makes sure that private health information doesn't fall victim to the progress of the information and technology age, where an array of data is readily available in computer systems and too often just a keystroke away from being accessed. We are giving patients peace of mind in knowing that their medical records are indeed confidential and their privacy is not vulnerable to intrusion.
The President considers this a tremendous victory for American consumers, who will continue to receive high-quality health care without sacrificing the confidentiality of their private health matters.
This town has been debating patient privacy for the better part of a decade, and President Bush believes it is now time to act and protect patients.
As you know, during the past two months, the Department of Health and Human Services and the White House have met with and listened to a broad and diverse group of lawmakers, interest groups, health care leaders and individual citizens regarding the patient privacy rule.
Our department has received more than 24,000 written comments on this issue. My staff has expedited the review of these comments as they have come in and generally found that most of the submissions broke down into similar categories. In fact, thousands of the comments were clearly part of mass mailing efforts in support of a particular view or concern. And I want to thank my staff for working hard to review these comments and pave the way for a decision this week.
We will keep these comments in mind as we continue to make sure patients receive the highest quality care and begin the process of issuing guidelines on how this rule should be implemented. The guidelines will allow us to clarify some of the confusion regarding the impact this rule might have on health care delivery and access. And we will consider any necessary modifications that will ensure the quality of care does not suffer inadvertently from this rule.
For example, to address some of the concerns raised in comments, we will make it clear through guidelines or recommended modifications that:
- Doctors and hospitals will have access to necessary medical information about a patient they are treating and they will be able to consult with other physicians and specialists regarding a patient's care. Certainly patients want their doctors to make the most informed decisions possible about their care and treatment.
- Patient care will be delivered in a timely and efficient manner and not unduly hampered by the confusing requirements surrounding consent forms. For example, pharmacists will be able to fill prescriptions over the phone and serve their customers in a timely manner.
- And, parents will have access to information about the health and well-being of their children, including information about mental health, substance abuse or abortion. The President believes this patient privacy rule will deliver strong and long overdue protections for personal medical information while maintaining the high quality of care we expect in this great nation.
We appreciate the President's leadership and courage in tackling a very complex and difficult issue that this town has wrestled with for too long. It's another example of how this President is going to be decisive and take bold action to address the concerns of the American people.
As a result of President Bush's decisive action today, our citizens finally will have the peace of mind of knowing their health records are safe and protected.
Posted to HIPAAcomply 4/12/01
Thompson Seeks Privacy Rule Changes
(By LAURA MECKLER, Associated Press Writer, March 27, 2001)
WASHINGTON (AP) - Health and Human Services Secretary Tommy Thompson said Tuesday that he expects to make changes to Clinton administration medical privacy rules, responding to industry complaints about the potential cost.
In a wide-ranging session with reporters, Thompson also indicated that he would push for the Democratic approach to aiding the uninsured and said he's learning that as a cabinet secretary, he can't always speak his mind.
``I found out you have to check with everybody before you move,'' he said. ``I've already been in the dog house several times because I haven't done that.''
The medical privacy rules, several years in the making, establish the first federal right to privacy of medical records, requiring health care providers to get written permission before disclosing personal health information.
Health industry officials pressed for more flexibility before the rules were issued and saw another opportunity when Thompson took over HHS. They heavily lobbied him to revisit the issue, and last month, Thompson put the rules on hold, opening them up for another round of public comments.
On Tuesday, he promised that he would have a decision about changes by the end of April and report to Congress soon after.
``I am fairly certain at this point - without saying for sure - there will be some modifications to simplify and to lessen the financial burden,'' he told reporters. He added that he has heard from many people about ``the tremendous burden'' and ``the tremendous cost'' that the rules would impose.
Some privacy advocates have said they fear the delay will be indefinite. ``Let me reassure you, there will be a privacy rule,'' Thompson said.
On the uninsured, Thompson said he supports tax credits to help people buy private insurance policies, as President Bush (news - web sites) has proposed.
But he said he would also like to see an expansion of the Children's Health Insurance Program, which provides subsidized coverage to families directly, much like the program he created as Wisconsin governor. This is the approach that Democrats typically favor, and Bush did not include anything like it in his budget.
``We have to work under the guidelines that the president had included,'' Thompson said. ``But I'm going to be very supportive of initiatives in Congress'' that expand CHIP.
In the meantime, he said he will encourage officials in his department to approve more state experiments that allow for programs like Wisconsin's.
Thompson also said:
-On prescription drugs for Medicare: Congress is not likely to support Bush's plan to give money to states to offer drugs to poor seniors because they want a federal program for which they can claim credit.
``They have to stand for re-election in less than two years and they want to have the credit for passing a prescription drug bill, more so than ... (sending) money to the states,'' he said.
-On a Medicaid loophole that has allowed the states to collect billions of extra dollars from Washington: He had to recuse himself from discussions because Wisconsin has an application pending to get in on the scheme that began when he was governor. ``Ask me about it in six months from now. I will tell you all you want to know about my transformation,'' he said.
-On the patients bill of rights: He's optimistic that a bill will pass Congress, saying the main sticking point now is not over the right to sue but over whether states can opt out of providing the protections.
-On Medicare contractors: He said Congress should change Medicare law to allow for more competition in choosing insurance companies to process claims and to allow for competitive pricing. ``That's going to be controversial as all get out,'' he said, ``but if you want us to do the job, give me the flexibility for contracting out for the best service possible.''
Posted to HIPAAcomply 3/28/01
HHS
Secretary Likely to Change Privacy Rules
(From Reuters Health, March
27, 2001)
WASHINGTON (Reuters Health) - Health and Human Services Secretary Tommy Thompson said Tuesday that changes to the Clinton administration regulations on the confidentiality of medical records are likely. Thompson did caution, however, that comments on the controversial rules are still coming in.
``I am fairly certain, without saying for sure, there will be some modifications to simplify and to lessen the financial burden,'' Thompson told health reporters at a breakfast meeting.
Thompson said he was moved to reopen the supposedly ``final'' rules after hearing from ``health entities across America about the tremendous burden of the privacy rules and regulations and the tremendous cost that is going to be foisted upon them.'' The rules had to be delayed for 60 days--until April 14--because of an error the Clinton administration made in transmitting them to Congress.
But Thompson assured reporters that there will be privacy regulations issued. ``There will be lots of security placed in there so patients' rights and records will be protected,'' he said. And he even raised the possibility that changes might not force a delay further than April 14--that the administration could publish a ``final rule with amendments.''
The Clinton administration originally issued sweeping regulations to protect patient confidentiality in December of 2000. They were the first ever to establish national standards for how personal health information is used and distributed, and to set criminal and civil penalties for breaching patient privacy.
Consumer advocates hailed the privacy regulations for giving people unprecedented access to and control over their personal medical information. HMOs, however, expressed concern that the regulations would be too costly and complicated to implement effectively. Health plans also argued that health care costs would rise drastically if they were forced to spend large sums of money to comply with the regulations.
Posted to HIPAAcomply 3/28/01
HHS Hopes for Final Security Rule by June
Quashing rumors that the HIPAA security rule would be delayed until the end of the year, HHS says it plans to issue the rule by the end of June. Concerns over a delay were generated in part by the Bush Administration's freeze on the regulations and proposals issued in the waning days of the Clinton White House.
Click here for a PDF of this article in the February 2001 Health Information Privacy Alert
Posted to HIPAAcomply 3/1/01
Guard
your genetic data from those prying eyes
From U.S. News & World
Report
March 5, 2001
http://www.usnews.com/usnews/issue/010305/nycu/genetic.htm
By Dana Hawkins
Seven vials of blood is a lot. That was Janice Avary's first thought when she heard that her husband Gary's employer, the Burlington Northern Santa Fe railroad, was requiring that amount of blood to be taken after he filed claims for a carpal-tunnel injury. As a registered nurse in Alma, Neb., Avary says, her internal alarm was tripped. When she called the company for an explanation, Avary was stunned to hear the words "genetic test."
Her queries led a railroad workers union this month to sue, seeking an end to the allegedly secret testing. BNSF says it has stopped the yearlong pilot program, but Gary Avary thinks that if his wife hadn't asked, it would still be going on. "Unless you have a medical background, you wouldn't know to ask these questions," says Janice Avary.
DNA bias. The lawsuit–the first of its kind against a private employer–was filed just as scientists first published the map of the human genetic code. While genetic advances will likely lead more patients to seek cures for inherited diseases, they are also increasing worries among legal experts and patient rights groups about how genetic data will be used, both in the workplace and elsewhere. "There's no question some employers are testing," says Michael Werner, a lawyer for Bio, a group representing the biotech industry. "And as more tests are developed and the price drops, the market is expected to grow." Even so, there are ways to protect your privacy in the workplace–or if you choose to be tested on your own.
A big concern among genetic experts is that results from such tests could be used to block someone from being hired or promoted, or to deny insurance. Already, there are hundreds of documented cases alleging genetic discrimination by employers and insurers. For example, preliminary results from a survey by the Genetic Alliance, a coalition of patient advocacy groups, show that 42 percent of 220 respondents claimed health insurance discrimination. Sixteen percent cited bias at work and in the military. The survey included such cases as a woman who alleged she was denied long-term disability insurance because the company said she had a predisposition for Alzheimer's disease. Its decision was based on a doctor's scribbled notation in her medical record that her father might have the condition. In another instance, after a first grader was diagnosed with a genetic developmental disorder, his mother's employer eliminated the child's healthcare coverage, saying the diagnosis qualified as a pre-existing condition.
Protect yourself. While federal workers are legally protected against genetic bias in health insurance and employment, private employees are not. Rep. Louise Slaughter, a New York Democrat, says support is building for legislation she cosponsored this month that would ban such discrimination. "Each of us has bad genes, and eventually they'll all be identified with diseases," says Slaughter. Even some genetic experts who advocate responsible testing, like Vivian Weinblatt, president of the National Society of Genetic Counselors, are advising patients to consider waiting for Congress to pass such a law before getting screened. "Ask yourself: Will knowing the results make my life better? Will I make different life choices? Can I wait a year?" says Weinblatt. If results will help you to treat or prevent a condition for which you're currently at risk, like colon cancer, testing may be wise. If not, or if the results could be inconclusive, says Weinblatt, then it's probably not worth the risk of a permanent flag on your medical record.
If you decide to test, experts offer this advice: Express any concerns to your physician or a genetic counselor and ask who would have access to your records. Find out whether your employer is self-insured, meaning your boss might get the bills. And consider buying life, health, and disability insurance before getting screened.
Question whether you really need to be tested. In some cases you might consider making the same lifestyle changes you'd make if you tested positive. Those with a family history of breast cancer, for example, might forgo genetic testing and instead be vigilant about regular breast exams. Also, be aware you may learn something you could later regret knowing. For instance, one of the tests for predisposition to heart disease may also reveal a risk for Alzheimer's.
Finally, become familiar with the mechanics of testing. If your employer requires blood samples, get a list of the tests to be run. And ask what happens with the blood afterward: Is it stored or destroyed? The railroad workers are still waiting to find out; their test called for only two blood samples. "What did they do with the other five vials?" asks Janice Avary. She wonders: Were other tests planned?
© 2001 U.S.News & World Report Inc. All rights reserved.
HHS Announces New Dates for Final Privacy Rule
THIS IS A 'VERBATIM' RETYPED VERSION OF AN HHS PRESS RELEASE FAXED TO AFEHCT
FOR IMMEDIATE RELEASE
Contact: HHS
Press Office
Friday, February 23, 2001
202 690 6343
STATEMENT BY HHS SECRETARY TOMMY G. THOMPSON
On Dec. 28, 2000, the Department of Health and Human Services published in the Federal Register a final rule creating new federal privacy rights for personal health information. These "Standards for Privacy of Individually Identifiable Health Information" are intended to ensure patients that the privacy of their medical records is secure, and to ensure that this information is used appropriately. This administration is absolutely committed to achieving these goals.
At the same time, under the Congressional Review Act, HHS was legally required to submit this regulation for consideration by Congress for a 60-day period. Due to an oversight under the prior administration, this requirement was not met. As a result of this oversight, the 60-day period of Congressional review did not begin until Feb. 13, and therefore the effective date of the regulation has been delayed until April 14, 2001.
This legally-required time period is designed to give Congress the opportunity to review the regulation. However it also creates an opportunity to ensure that the provisions of this final rule will indeed work as intended throughout the complex field of health care, without creating unanticipated consequences that might harm patient's access to health care or the quality of that care. I believe we can protect patient privacy without harming access to health care or the quality of health care.
To ensure a thorough review of these important issues, HHS is opening the final regulation to a 30 day comment period. The Department will review the comments it receives to determine whether changes to the final rule are needed.
Our goal is to achieve privacy protection that works. I believe we should be open to the concerns of all those who care strongly about health care and privacy. And after we hear those concerns, our commitment must be to put strong and effective patient privacy protections into effect as quickly as possible.
###
Posted to HIPAAcomply 2/26/01
The Dark
Side of Genetic Testing - Railroad workers allege secret sampling
From U.S. News & World
Report
February 19, 2001
http://www.usnews.com/usnews/issue/010219/carpal.htm
By Dana Hawkins
John Wiebelhaus, a fourth-generation railroad man, makes his living with his hands, laying miles of track, repairing heavy steel rails, and picking ice from the track's switches. Tough work–but Wiebelhaus loves it. "I like the idea that tracks I lay could be there 100 years," he says. "It's in my blood."
That may not be all that's in his blood, which is why, the track-maintenance foreman claims, his employer, the Burlington Northern Santa Fe railroad, has been secretly testing the blood of workers with carpal tunnel syndrome. "The railroad wants to be able to say: 'You were a time bomb. Because you are genetically predisposed to the disease, you would've gotten it whether you were a soda jerk or running a jackhammer,' " says Harry Zanville, an attorney for the railworkers' union that last week filed a lawsuit, along with Wiebelhaus, to force the company to stop the alleged covert testing. He claims that 125 workers recently gave blood samples and that at least 18 were subjected to gene tests without the employees' consent. The reason: Money, says Zanville, insisting the company hopes to avoid paying out millions in medical bills and disability to workers who develop the painful musculoskeletal disorder on the job.
The federal court lawsuit, the first of its kind against a private company, charges that the furtive testing violates the Americans with Disabilities Act and several state laws barring DNA testing by employers. The U.S. Equal Employment Opportunity Commission filed a separate petition, also in a federal court in the Northern District of Iowa. The EEOC alleges that the Fort Worth-based railroad required blood samples from workers who had submitted claims arising from carpal tunnel injuries. The blood was then allegedly tested for a genetic defect that may predispose a person to some forms of the ailment. Athena Diagnostics, the lab that allegedly conducted the tests, is also a defendant in the union's case.
Hidden reason. Gary Avary, a BNSF employee, says he discovered the alleged covert screening last month after he received a letter from his employer directing him to get his blood tested. The Nebraska track laborer had recently returned to his job after successful carpal tunnel surgery. The lawsuit alleges that when his wife, a registered nurse, inquired about the test "the secret intentions of the BNSF were inadvertently revealed." After Avary refused to take the test, the company informed him that he would be investigated for failing to cooperate. A railroad spokesperson says BNSF doesn't require workers to submit to genetic testing but that "some employees were asked to take a test."
The railroad employees are encouraged by a federal court's approval last December of a settlement in a case involving the genetic privacy rights of workers at Lawrence Berkeley Laboratory. As first reported by U.S. News, LBL workers for decades were tested without their knowledge for syphilis, pregnancy, and the genetic trait for sickle cell disease. President Clinton last year banned genetic discrimination against federal employees, but Congress has not extended the rule to the private sector. "It's important for the public to have confidence that genetic tests will be used for their benefit," says Paul Billings, cofounder of GeneSage, a company that promotes responsible DNA screening. "Unfortunately, this case suggests that we're still in the dark ages of employment-based testing."
Geneticists in particular question the legitimacy of the carpal tunnel test. They point out that the disease is a common workplace disability, and mutations of it are extremely rare. "I'm a humanist physician. I try hard to make the world a better place," says Phillip Chance, a geneticist at the University of Washington in Seattle, who discovered one of the mutations. "This would be the last thing I'd want to see happen with my work."
From Health Data Management 2/13/01
(February 13, 2001) Many industry observers believe health care organizations will spend billions to comply with the final federal data security rule, which is expected this year and authorized under the Health Insurance Portability and Accountability Act. However, hospitals can save money by not going overboard in compliance efforts, says Thomas Hanks, practice director of HIPAA compliance for Beacon Partners Inc., a Boston-based consulting firm.The key word to complying with the security rule is “reasonable,” which appears some 90 times in the proposed rule, Hanks says. That means organizations must make sensible efforts to protect identifiable health information, but are not required to guarantee the safety of such information against all threats. For instance, a theft of identifiable information at a hospital may not constitute a violation of HIPAA security requirements if reasonable policies were in place. “You don’t have to be Fort Knox,” Hanks says. “You have to provide reasonable and diligent protections.”
The largest threats to data security will come from employees who do not follow an organization’s procedures, or who are not properly trained, Hanks says. “About 90% of security is between the ears,” he adds. “There is not enough technology we can buy to protect our information without cultural change.” Hanks spoke at last week’s 2001 HIMSS Conference and Exhibition in New Orleans.
Beacon Partners' Tom Hanks a featured speaker at summit
Norwell, MA - (February 13, 2001) - The Workgroup on Electronic Data Interchange (WEDI) will be co-sponsoring the Second National HIPAA Summit, February 28th through March 2nd in Washington D.C. This important event provides the leading forum on healthcare privacy, data security, confidentiality and HIPAA compliance. Based on the overwhelming success of the first HIPAA Summit in October 2000, an expert faculty has been assembled to address the significant topics surrounding HIPAA legislation, in particular, the implications of the recently finalized privacy regulations.
Among the list of featured speakers is Tom Hanks, Practice Director of Enterprise Security and HIPAA Compliance for Beacon Partners. Mr. Hanks will offer a presentation entitled "HIPAA Privacy Regulations: Comparison of Proposed and Final Rules" on March 1st at 11:30am. Mr. Hanks is well versed in the details of the finalized privacy regulations and is actively involved in a variety of industry associations and workgroups that provide critical policy recommendations. Currently, Mr. Hanks is a board member of WEDI and is co-chair of the WEDI Privacy Policy Advisory Group, co-chair of the WEDI Security Policy Advisory Group and sits on the WEDI/SNIP steering committee. He is also a commissioner for EHNAC (Electronic Health Network Accreditation Commission) and co-chairs the Security Standards Criteria Committee, sits on the HIPAA Security Summit Steering Committee, and participates in the AFEHCT (Association for Electronic Health Care Transactions) Security and Privacy work groups.
The course objectives of the HIPAA summit include providing a basic background to the HIPAA law and regulations, analyzing the differences between the proposed and final HIPAA Privacy Regulations, articulating basic HIPAA compliance strategies, assessing the implications of the HIPAA Privacy Regulations to various sectors of the healthcare system and sharing case studies of organizational approaches to HIPAA compliance.
Full details, program registration and hotel accommodations for the HIPAA Summit may be found on the web at www.hipaasummit.com or by contacting WEDI at 703-391-2743 for additional information.
# # # # #
About WEDI
WEDI's vision is to improve healthcare through electronic commerce and
foster widespread support for the adoption of electronic commerce within
healthcare by providing a forum for the definition of standards, the
resolution of implementation issues, the development and delivery of
education and training programs and the development of strategies and
tactics for the continued expansion of electronic commerce in healthcare.
Among other things, WEDI assists healthcare leaders to define, prioritize
and reach consensus on the critical technical and business issues which
affect the implementation and value of electronic commerce and ensures
that electronic commerce standards, policies and regulations for
healthcare are thoughtfully developed and implemented. More information
about WEDI can be found at www.wedi.org.
About Beacon
Beacon Partners, Inc. -- a leading national provider of health care
management consulting services -- is focused on the delivery and
deployment of strategic, technology, HIPAA and operational solutions to
health care organizations. Experienced consultants deliver measurable
results, sound methodologies and realistic recommendations. Clients whom
have benefited from our solutions include hospitals, IDNs, MCOs, academic
medical centers and physician practices.
Information about Beacon Partners and its management consulting services and technical solutions can be found on the World Wide Web at http://www.beaconpartners.com
Forum to be co-chaired by Beacon Partners' Tom Hanks
Norwell, MA - (February 13, 2001) -In response to the recent release of the final HIPAA rule on Privacy, the Workgroup on Electronic Data Interchange (WEDI) will be conducting a Privacy Policy Action Group Forum on February 26-27, 2001 at the Marriott Wardman Park Hotel in Washington, DC. This program is being coordinated with the Second National HIPAA Summit which will be held February 28-March 2 at the same location. The primary focus of this forum will be to review and discuss in detail the key regulatory issues contained in the Final Privacy Rule, examine the major changes in the rule from the earlier NPRM and to make recommendations for consideration by the WEDI Board of Directors for subsequent submission to the Secretary, HHS.
The forum is being directed by WEDI's Privacy Policy Action Group (PPAG) which is co-chaired by Tom Hanks of Beacon Partners and Tom Jeffry, of Davis, Wright & Tremaine. WEDI's Policy Advisory Groups (PAG's) are intended to provide policy recommendations and guidance to the WEDI Board of Directors on important industry issues, regulations and standard initiatives. In preparation for the forum, the PPAG co-chairs will have conducted a thorough review of the Final Rule, comparing and contrasting the language therein with the earlier NPRM and concentrating on selected issues which are generating the most commentary and concern. The WEDI Board of Directors will utilize the PAG recommendations in its role as Advisor to HHS on HIPAA and as input to WEDI SNIP's industry HIPAA implementation role.
The much-anticipated final HIPAA privacy regulations were issued on December 20, 2000. The regulations were made applicable to all individually identifiable health information, regardless of whether the information is or has been in electronic form. These regulations will profoundly affect many aspects of the financing and delivery of healthcare in the United States.
Full details, program registration and hotel accommodations for the forum may be found on the WEDI website at www.wedi.org. Please contact WEDI at 703-391-2743 for additional information.
# # # # #
About WEDI
WEDI's vision is to improve healthcare through electronic commerce and
foster widespread support for the adoption of electronic commerce within
healthcare by providing a forum for the definition of standards, the
resolution of implementation issues, the development and delivery of
education and training programs and the development of strategies and
tactics for the continued expansion of electronic commerce in healthcare.
Among other things, WEDI assists healthcare leaders to define, prioritize
and reach consensus on the critical technical and business issues which
affect the implementation and value of electronic commerce and ensures
that electronic commerce standards, policies and regulations for
healthcare are thoughtfully developed and implemented. More information
about WEDI can be found at www.wedi.org.
About Beacon
Beacon Partners, Inc. -- a leading national provider of health care
management consulting services -- is focused on the delivery and
deployment of strategic, technology, HIPAA and operational solutions to
health care organizations. Experienced consultants deliver measurable
results, sound methodologies and realistic recommendations. Clients whom
have benefited from our solutions include hospitals, IDNs, MCOs, academic
medical centers and physician practices.
Information about Beacon Partners and its
management consulting services and technical solutions can be found on the
World Wide Web at http://www.beaconpartners.com
TOP
The final Privacy rule is comprised of two sections, both of which contain definitions that should be of assistance to all those trying to comply. Click here to access these definitions!
Posted to HIPAAcomply 1/15/01
AHA FAX UPDATE-Taking Aim on Advocacy
Tuesday, January 23, 2001
Contact: Debra Samuels (202) 626-4629 http://www.aha.org/index.asp
REGULATORY RELIEF UPDATE
We got definitive word today that President Bush’s weekend order about
holding up new or pending regulations excludes the Health Insurance
Portability and Accountability Act (HIPAA) and the Medicare, Medicaid and
SCHIP Benefits Improvement and Protection Act (BIPA). That’s because HIPAA
and BIPA were promulgated to comply with statutory or judicial deadlines.
All the same, we’re encouraged by the new administration’s interest in
the issue of regulatory overload. The president’s order is a welcome
development, coming as it does on the heels of what HHS Secretary-designee
Tommy Thompson had to say at a Senate confirmation hearing last week about
providers being “fed up with excessive and complex paperwork.” We expect
regulatory relief to remain a priority for the Bush administration. It
certainly will be with us. Regulatory relief and reform will be one of many
key issues that we will deal with in 2001.
Posted to HIPAAcomply 1/25/01
Beacon Partners has updated it's white paper on understanding the HIPAA Security and Privacy Regulations to include a detailed treatment of the recently finalized Privacy Regulations. Written by Tom Hanks, a nationally recognized expert on HIPAA security and standards legislation and Practice Director of Enterprise Security and HIPAA Compliance for Beacon Partners, the white paper is a "live" document that is updated as the HIPAA regulations are finalized. The updated version provides valuable information and insight about what you need to know about the finalized privacy regulations.
Click
here to Register for the White Paper
(Please note: this file is in PDF format and is zipped. You will require WinZip
to open the file and Adobe
Acrobat to read it.)
Posted to HIPAAcomply 1/08/01
HHS Secretary Donna E. Shalala today released the nation's first-ever standards for protecting the privacy of Americans' personal health records. This new regulation will protect medical records and other personal health information maintained by health care providers, hospitals, health plans and health insurers, and health care clearinghouses.
For complete information on the final privacy rule click on the links below:
HHS Fact Sheet on the Final Privacy Rule
Download the text of the Final Rule (in PDF) - Beware!! It is quite large!!!
DHHS Administrative Simplification Page
Posted to HIPAAcomply 12/21/00