Health IT and Electronic Health Activate your FREE membership today |  Log-in

Health IT Pulse

November 26, 2014  10:51 AM

Laptop theft exposes protected health information, brings six-figure fine

Posted by: adelvecchio
data breach, HIPAA, HIPAA data breach

Beth Israel Deaconess Medical Center in Boston must pay the state of Massachusetts a $100,000 fine due the theft of an employee’s laptop in May 2012. The laptop — which was not issued by BIDMC — contained the unencrypted protected health information of 3,796 patients and employees. Beyond medical information, patient names and social security numbers were potentially exposed when the device was taken from a physician’s office.

In a release announcing that a consent judgment had been reached, Massachusetts Attorney General Martha Coakley said, “The healthcare industry’s increased reliance on technology makes it more important than ever that providers ensure patients’ personal information and protected health information is secure.” The lawsuit filed against Beth Israel Deaconess Medical Center (BIDMC) was based on violations of federal HIPAA and two state privacy laws. BIDMC failed to notify patients of the security breach within 60 days of discovering it, which was required by those laws.

The release from the attorney general’s office said the owner of the stolen device failed to follow hospital security protocol. The hospital’s policy required employees to physically secure and encrypt all devices that contained sensitive patient information. The majority, $70,000, of the amount to be paid by BIDMC is a civil penalty and $15,000 will go to a fund for educational programs supporting the security of personal and protected health information. The hospital also agreed to review their security policies to find and correct any weaknesses.

Shortly after sharing news of the breach, BIDMC announced its intention for employees to play a larger part in data protection. John Halamka, M.D., CIO at BIDMC, stated his hope that this initiative would strengthen and build upon the hospital’s existing security policies. Halamka also made it clear that the risk of security breaches will always hover over hospital operations as long as employees are accessing patient data on different devices from scattered locations.

November 25, 2014  1:06 PM

Interstate HIE gets boost from 47-group coalition

Posted by: MonicaVallejo
EHR systems, HIE, HIMSS

Health information exchange (HIE) over state lines via EHRs and data exchanges can be difficult at best. A 47-group coalition including the Healthcare Information Management Systems Society (HIMSS), Integrating Healthcare Enterprise (IHE) USA and EHR/HIE Interoperability Workgroup (IWG) collaborate in a plan to simplify and improve it.

Through this cooperative effort, the organizations will work toward achieving connectivity between EHR and HIE systems. The efforts will focus on strengthening current testing and certifying efforts for EHR and HIE vendors, as well as working toward a way to securely transfer data across multiple systems used by different healthcare organizations.

The testing and certification component will be delivered via ICSA Labs, a third-party testing and certification company. ICSA will conduct tests and provide EHR and HIE certifications based on meaningful use stage 2 criteria and testing procedures.

The organizations will work together to achieve the following objectives:

  • Developing and maintaining specifications related to patient and provider identification as well as clinical data exchange.
  • Differentiating health IT products with advanced capabilities in order to make advancements in implementation efforts.
  • Accelerating interoperability between EHR and HIE products and reducing the product development efforts through improvements in interoperability test tools.
  • Reducing the burden on health IT vendors and improving efficiency by joining different certification initiatives

The collaborating parties will pursue set initiatives established by the Office of the National Coordinator for Health Information Exchange (ONC), and provide feedback on national health IT standards. Through the joint program, they will also work to ensure providers implement health IT systems that are interoperable with other software.

November 19, 2014  5:05 PM

HL7 touts FHIR as new interoperability standard

Posted by: ShaunSutner
CommonWell Alliance, FHIR, HL7, Interoperability

The hottest health IT buzzwords of the moment are interoperability and standards.

To that end, standards developer Health Level Seven International (HL7) offered its “critical expertise and leadership” in developing interoperability standards in a recent policy statement. HL7 also promoted its health information exchange architecture — Fast Healthcare Interoperability Resources (FHIR) — as a key emerging standard.

“FHIR is a free, simple-to-use format that offers great promise for enabling electronic health records systems as well as patient participation,” HL7 CEO Charles Jaffe, M.D., said in the statement. “It has already been adopted by both the public and private sectors at unprecedented rates.”

FHIR has also garnered the blessing of ONC, whose Health IT Policy Committee’s JASON task force report designated FHIR as the best application program interface approach to healthcare data and document-level interoperability.

FHIR also recently received praise from private sector health IT leaders such as John Halamka, M.D., Beth Israel Deaconess Medical Center CIO and vice chairman of the federal Health IT Standards Committee.

Halamka told SearchHealthIT in October that even though ONC has been buffeted by significant turnover this year with the departure of top officials — including the agency’s former full-time coordinator, Karen DeSalvo, M.D., deputy coordinator Jacob Reider, M.D., and chief scientist Doug Fridsma, M.D. — private interoperability efforts such as FHIR are becoming de facto standards.

As evidence, Halamka pointed to FHIR’s embrace by a surprisingly wide array of EHR vendors, including bitter rivals Epic Systems Corp. and Cerner Corp., Meditech, Inc. and athenahealth, Inc.

In another interoperability-related development, CommonWell Health Alliance announced it has formalized a services agreement with RelayHealth, a service provider subsidiary of one of the non-profit EHR interoperability group’s members, McKesson Corp.

Also, McKesson, Cerner, and EHR vendors Greenway Health LLC and Computer Programs and Systems, Inc., have signed formal agreements with CommonWell to offer their clients, through RelayHealth, services such as patient identification and matching, records location and retrieval, patient privacy and consent management protection and access to records.

Cerner and athenahealth have both said they will provide these services through CommonWell and RelayHealth without charge.



November 18, 2014  12:16 PM

Article reports reduction to estimated cost of ICD-10 conversion

Posted by: adelvecchio
ICD-10, ICD-10 conversion, ICD-10 implementation

Providers that point to the potential financial burden the impending ICD-10 conversion could have on their practice as a reason to delay making the transition from ICD-9 codes might not have as strong of an argument as previously believed.

Changing over from ICD-9 to ICD-10 codes isn’t as costly as previous estimates suggested, according to an article published in the Journal of AHIMA, entitled “Cost of Converting Small Physician Offices to ICD-10 Much Lower than Previously Reported.” A 2008 report by Nachimson Advisors to the American Medical Association tagged the ICD-10 conversion price range between $22,560 and $105,506 for small providers. An update to that report lowered the range for small providers to $1,960 to $5,900. The new figure includes pricing estimates for clinical documentation and coding training and factors in the cost of purchasing ICD-10 code books.

The difference between the estimation in the 2008 report and the more recent assessment can be attributed to the greater availability and lower costs of the component parts of ICD-10, such as staff training and materials. The Journal of AHIMA article notes three hours of online clinician documentation and coding training can be bought for $50 to $300 and ICD-10 Diagnoses Code book is available for free download. More complete ICD-10 training for staff falls in the $350 to $700 range.

The article states, “The new data suggests that the estimated costs, time and resources required by physician offices are dramatically lower than initially estimated as a result of readily available free and low cost solutions offered by coding, education and software vendors.”

A recent ICD-10 readiness survey conducted by the Workgroup for Electronic Data Interchange (WEDI) prompted the group to submit a letter to HHS Secretary Sylvia Mathews Burwell. In the letter, WEDI shared more than one-quarter of the surveyed health plans don’t plan to begin external ICD-10 testing until 2015. Despite reporting almost three-quarters of providers have started internal testing, WEDI foresees “significant disruption on Oct 1, 2015.” unless the entire industry coordinates and expedites the ICD-10 conversion process.

November 13, 2014  3:12 PM

HIMSS and CHIME voice concerns about ONC leadership changes

Posted by: MonicaVallejo

Motivated by recent and upcoming leadership transitions within ONC, members of the College of Healthcare Information and Management Executives (CHIME) and the Healthcare Information and Management Systems Society (HIMSS) addressed a letter to Sylvia Mathews Burwell, HHS secretary, to express concerns and make recommendations for the future of ONC.

While praising Karen DeSalvo’s appointment as HHS acting assistant secretary of health, HIMSS and CHIME expressed their concerns about the departures of most of ONC’s senior leadership including Doug Fridsma, former chief science officer, Judy Murphy, former chief nursing officer and Jacob Reider,  ex-deputy national coordinator. In the letter, both organizations made it clear they believe that changes in leadership could have a detrimental effect on ONC’s role in addressing health IT issues.

“We urge you to fill all ONC leadership positions as soon as possible with well-respected leaders who possess a combination of clinical training and practice, clinical and business information expertise and a clear vision for IT’s role in enabling healthcare transformation and experience in public policy,” the letter, signed by four HIMSS and CHIME officials, stated.

Some of the IT issues HIMSS and CHIME deem urgent to address once ONC’s leadership is clearly settled include:

  • Keeping the interoperability roadmap on its current trajectory and actively involving all stakeholders in its development;
  • The future of the meaningful use program, including the challenges associated with transitioning into 2014 certified EHR technology and a full year reporting period for 2015;
  • Appropriately mitigating patient safety risks through a risk-based approach and
  • Supporting the development of health IT tools including EHRs, personal health records, mobile technologies and data infrastructure for patients.

November 12, 2014  3:49 PM

Public safety trumps privacy when Ebola threat is real

Posted by: ShaunSutner

Privacy doesn’t trump public safety — especially when it comes to the Ebola virus and other public health threats.

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) — which enforces HIPAA — has issued a bulletin clarifying the circumstances under which patients’ protected health information can be disclosed, even without their explicit authorization, in the interest of their own and others’ safety.

“The HIPAA Privacy Rule recognizes the legitimate need for public health authorities and others responsible for ensuring public health and safety to have access to protected health information that is necessary to carry out their public health mission,” the bulletin states. “Therefore, the Privacy Rule permits covered entities to disclose needed protected health information without individual authorization.”

Under the rule, providers covered by HIPAA, including doctors and healthcare systems, can disclose needed personal health information:

-        To public health authorities such as the Centers for Disease Control and Prevention and state and local health departments

-        At the direction of a public health authority or to a foreign government agency that is working with the public health authority

-        To persons at risk of contracting or spreading a disease or condition

Disclosures to family, friends and others involved in a patient’s care are also allowed under some conditions. These may even be permitted to the police, media and public at large.

However, providers should get verbal permission from afflicted individuals or be able to “reasonably infer that the patient does not object.” If the patient is incapacitated, providers can share health information if they believe it is in the patient’s best interest.

Providers can also share personal information with disaster relief groups such as the American Red Cross. It is not required to obtain a patient’s permission to share information if doing so would interfere with the organization’s ability to respond to the emergency.

Healthcare providers can also share protected health information with anyone to prevent or lessen a threat to the health and safety of a person or the public.

While the Privacy Rule allows these disclosures in circumstances involving threats to public health and safety, limitations apply.

For most disclosures, providers must make try to limit the information they disclose to the “minimum necessary” to accomplish the purpose, according to the OCR bulletin.

Also, in emergency situations, providers must continue to maintain safeguards to protect patient information against intentional or unintentional uses and disclosures that are not permissible.

The HIPAA Privacy Rule is not suspended completely during public health or other emergencies. But HHS may waive certain provisions of the rule under the Project BioShield Act of 2004 and the Social Security Act.

November 11, 2014  2:58 PM

CMS rule rewrites meaningful use hardship exception deadlines

Posted by: adelvecchio
2014 EHR Certification, CEHRT, Meaningful use, meaningful use attestation, meaningul use hardship exceptions

Eligible professionals and hospitals already know they have more time to apply for meaningful use exceptions this year. An interim final rule that’s packaged in the CMS 2015 Physician Fee Schedule 2015 Final Rule would make permanent alterations to the hardship exception process, notably finalizing the decision to extend this year’s hardship exception deadline. The hardship exception interim final rule is open to a public comment period until Dec. 30, 2014.

The rule — set to be published on Nov. 12 in the Federal Register — “makes the necessary changes to the regulation to support the extension of the hardship application period,” according to an email announcement from CMS. The statement also clarifies the circumstances under which providers should file a hardship claim. They must have been unable to install their 2014 Edition CEHRT [certified EHR technology] because of vendor delays and prove they were unable to “attest by the early attestation deadline for new participants.”

In October, CMS announced an extension to the meaningful use hardship exception cutoff date. The last day to submit a hardship exception application is now Nov. 30. The previous deadlines for hardship exceptions were April 1 of this year for eligible hospitals and July 1 for eligible professionals. That delay offered a second break — on top of the 2014 CEHRT Flexibility final rule released in September — for eligible professionals and hospitals that were unable to make their use of CEHRT comply with meaningful use regulations before the original deadlines.

Physicians and other providers that haven’t attested to meaningful use and are approved for hardship exceptions won’t be subject to financial penalties for not qualifying on time. Otherwise, eligible professionals who failed to attest to meaningful use for a 90-day reporting period in 2013 will face penalties in 2015. In the subsequent years, 2014 and beyond, providers must participate in a yearlong reporting period to avoid penalties down the road, unless the Flex-IT bill before Congress alters CMS’s timelines through law.

November 10, 2014  10:36 AM

Meaningful use stage 2 attestation numbers remain anemic

Posted by: MonicaVallejo
CMS, meaningful use attestation, meaningful use stage 2

The Centers for Medicaid and Medicare Services (CMS) released the most recent monthly status report with updated meaningful use attestation data, and health IT observers who are hopeful for a boost in stage 2 participants will be disappointed.

The data shows that through July, the total number of active registrations totaled 487,866, and the total amount paid in incentives was $24,873,262,183. More than 92% of Eligible Hospitals (EHs) have received an EHR incentive payment CMS programs, but most were still in stage 1.

Some 90% of eligible providers (EPs) have also registered for the EHR incentive programs and 75% of them have made a financial commitment to implement EHRs. More than 400,000 Medicare and Medicaid EPs have received an EHR incentive payment. Out of the 8,024 who have attested for the 2014 reporting year so far, 136 of them are new participants and only 143 of them attested to stage2. For the 2014 reporting year, 8,024 EPs have attested, 136 of them are new participants and 143 attested to stage 2.

With less than 17% of the nation’s hospitals and 2% of EPs demonstrating stage 2 capabilities thus far, healthcare leaders from numerous physician and health IT associations are pushing for CMS to shorten the reporting period in 2015.

“If CMS continues to require a full-year of Meaningful Use reporting for 2015, we anticipate that large segments of providers will no longer be able to participate in the program-which hinders our nation’s ability to improve the quality, safety, cost-effectiveness, and access to care,” said Carla Smith, Executive Vice President of the Health Information Management Systems Society.

A group of provider organizations is pressuring CMS to shorten the reporting period as well. The coalition of provider organizations also argues that allowing more flexibility on the Transitions of Care measure as well as the View, Download and Transmit measure would help improve incentive program participation.

November 7, 2014  6:00 PM

HealthCamp draws diverse crowd

Posted by: ShaunSutner
HealthCamp, Microsoft NERD center, nutrition, physical therapy

No sleeping bags, overnight gear or headlamps needed.

HealthCamp (technically “,”) is the umbrella organization for an irregularly scheduled series of transcontinental, mostly health IT-oriented “unconferences,” as the organizers affectionately call them.

The most recent HealthCamp session was held at Microsoft Corp.’s New England Center for Research and Development (NERD) in Cambridge, Mass.

Health Camp agendas are set by impromptu consensus among participants, who posted written notes on a glass wall describing their preferences for breakout discussion topics.

Among the 75 or so attendees were health IT thought and social media leaders and just plain health visionaries such as Adam Poock, an iconoclastic physical therapist and trainer of “older athletes” who was offering a free “body hack” to campers.

Pook’s idea is that everyone needs a valuable piece of health data to carry around.. In his view, the most critical parts of the body are the hips, and the most critical data associated with them is the standing hip angle.

“With this piece of data, you have a window into a treatment path,” Poock told the audience in the first get-together session.

Because of poor posture and worn-out hips, millions of Americans are doomed to a painful and expensive old age, often requiring hip replacement, Poock noted. “The biggest public health threat is hip mobility,” he told SearchHealthIT.

But other than his Web site, Twitter account and email address, Poock had no tech vehicle for his information. He said he was looking for one at HealthCamp.

“I’m a content guy. I’m an open-source physical therapist and I know how to fix problems,” Poock said.

Poock may well have found his platform on one of the PersonalRemedies family of “Choose This Not That” health and nutrition apps, the president and CEO of which, Mory Bahar, also happened to be circulating and networking at Health Camp.

Bahar’s apps formulate personally customized dietary regimens for people with chronic health conditions. But, and this was more in line with Poock’s PT remedies, Bahar also deals with alternative physical treatments such as PT and chiropractic.

“In the healthcare industry, everyone’s a firefighter,” Bahar told the Health Campers. “Nobody’s focused on how to prevent fires.”

The HealthCamp Foundation’s founder, Marc Scrimshire, showed up a little late – in customary HealthCamp fashion – but he could be forgiven because he was only stopping by in Cambridge en route from his home base of Pennsylvania for a 60-hour trip to Dublin.

Scrimshire, a veteran software engineer and a founder and CTO of Medyear, a cloud-based consumer health information exchange, told SearchHealthIT he’s looking forward to his one-year gig in 2015 as an “external entrepreneur,” or sort of visiting fellow, at CMS.

Meanwhile, see you at the next Boston-area HealthCamp.

November 6, 2014  1:53 PM

BSR’s guiding principles define access to healthcare

Posted by: ScotP
Affordable Care Act, health insurance, healthcare, sustainable healthcare

NEW YORK — The concept of access to healthcare in the U.S. is often a foregone conclusion, despite the millions of uninsured persons that led to the Affordable Care Act of 2010. But, in fact, access to healthcare on a global level is a much less certain concept.

Exactly what access to healthcare means led the BSR Healthcare Working Group and a consortium of large global pharmaceutical companies to come together and produce “The Guiding Principles on Access to Healthcare: From Aspiration to Action,” which was released this week at‘s annual conference here. is a nonprofit organization with more than 250 member companies to promote the development of sustainable and socially responsible businesses. Ultimately, the idea of sustainability is behind how healthcare is supposed to work, Cecile Oger, BSR Advisory Services manager, based in Paris, told “If we wanted this to work we had to link the guidelines to business value, and to sustainability.”

The working group worked for two years to develop the guiding principles and another eight months to create the report and get 13 of the world’s largest pharma companies, including Bristol-Myers Squibb Co., GlaxoSmithKline plc. and Merck and Co., Inc., to sign on, Oger said.

The key success factors found in the report outline that access depends on innovation, collaboration, technology, a global perspective, means of measuring access, and driving systemic change. It can be downloaded here.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: