HIPAA Omnibus Rule: What has changed and what needs to be done

March 25th, 2013 marked the beginning of the 180 day transitioning period in which covered entities, business associates and subcontractors will start to modify and update their policies, agreements, procedures, practices and forms to fulfill the compliance requirements of the Omnibus Rule which has a deadline of September 23, 2013.

In the transitioning period, covered entities and business associates should be preparing and executing modified business associate and data use agreements. They should train their staff regarding the changes in the previous rules and educate them on their responsibilities to comply with the requirements of protected health information and breach notifications. With the new changes taking place, it is extremely important for stakeholders to know if they fall within the scope of HIPAA and HITECH regulations.


Covered Entities & Business Associates: Which one are you?
Under the HIPAA Privacy Rule, a Covered Entity includes three different groups which include healthcare providers, health plans and healthcare clearinghouses. The healthcare providers group includes all entities transmitting electronic health information including, doctors, clinics, psychologists, dentists, chiropractors, pharmacies and nursing homes. The second group includes Health Maintenance Organizations, Medicare & Medicaid and different Health Plans. The third group refers to organizations which process the healthcare information received from another organization and turn it into a standard format, including billing services, re-pricing companies, community health management information systems and value-added networks.

Business Associates include all organizations conducting business with covered entities involving the use and access of protected health information. Businesses dealing in Electronic Health Records, EMR software, data analysis, billing claims processing, and provision of services such as administrative, consulting and financial will fall under the category of business associates. All subcontractors of such business associates are also regarded as business associates if they are in any way required to view, use and analyze protected health information. If an entity is creating, receiving, accessing, maintaining or transmitting Personal Health Information, then they will become Business Associates. Entities that come across protected health information but only pass on the information without viewing or accessing it will not be regarded as Business Associates.

So what has changed and what needs to be done?
Previously, covered entities were responsible for reporting data breaches to the department of Health and Human Services (HHS). Covered entities were also required to contractually obligate their Business Associates to safeguard any Protected Health Information they handled. Business Associates were under no obligation to report data breaches to anyone else except the covered entities. With the new HIPAA Omnibus Rule, there have been a few important changes.

Business Associates are now required to directly report any Protected Health Information data breaches to the HHS. They are also required to abide by the same rules which apply to covered entities and to be held liable to the same penalties.

Regarding the changes brought with the Omnibus Rule, Leon Rodriguez, Director of Civil Rights at the HHS said, “This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”

The HIPAA Omnibus Rule contains modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification rules. With the implementation of this rule, HIPAA wants to make sure that every organization that accesses or uses health information comes under the same scrutiny which applies to covered entities and business associates.

By September 23, 2013, every liable stakeholder must recognize their status as a business associate and guarantee their compliance with the Omnibus Rule.

The adjustment in the HIPAA Rules will allow for increased control and protection of public’s health information. Individuals will be given increased rights over their personal medical information so that they will be able to take electronic copies of their Electronic Medical Records and they will be able to ask their providers to not share their treatment information with their health plan. The new rule also forbids organizations to share the patient’s information for marketing or selling purposes without permission. Patients will hence be empowered since they will have authority over the use of their health information.

Talking about the new rule, Secretary HHS, Kathleen Sebelius said, “Much has changed in health care since HIPAA was enacted over fifteen years ago. The new rule will help protect patient privacy and safeguard patients’ health information in an ever expanding digital age.” Get HIPAA Compliant EMR for your practice today.

6 Simple Steps to Improve Practice Revenues

mHealth: The Way Forward

The rate of development in the mobile technology industry is unparalleled and it is now making headway in the field of health IT. The recent influx of medical professionals adopting the latest sophisticated tools to enhance care delivery and engage patients has meant that consumers now expect technology to simplify everything.

Healthcare providers are not the only ones looking to accept these technological advances, as their patients are demanding mobile applications to monitor their own health. Mobile health or commonly known as mHealth refers to the practice of medicine, public health surveillance and patient engagement through mobile devices such as tablets, phones etc. This can provide a means for care givers and patients to access clinical records from anywhere, patients able to request prescription refills or appointments and most importantly the ability for patients to monitor their health constantly and from anywhere in the world.

In a recent hearing launched by the Subcommittee on Communications and Technology, Jonathan Spalter, chairman of Mobile Future, an organization that represents innovators across the wireless community said, “Nowhere is that promise of future innovation and opportunity greater than mobile health. Our message today is that the innovation and vision exist now in both the medical and technology communities working together collaboratively. This progress will proceed, in many respects, as rapidly as the government allows.”

The mobile health market is expected to reach around $26 billion by 2017. According to a recent report, there are close to 100,000 mobile health applications and more in development by well-known health IT vendors. Not only are there a number of mobile phone applications for patients but there are many in the making for healthcare professionals.

The Manhattan Research Survey estimates that in 2012 there were approximately 75 million users of Mobile Health or mHealth, who not only searched for health-related issues on their mobile phones through popular search engines but also actively used mobile phone applications to monitor and improve their health. In the same report, it was stated that almost half of the older population (55 plus) were using mobile devices to search for health-related issues.

Electronic Medical Records or EMRs were originally built to be run on devices which were platform-specific. This has changed with the rapid development and commercial use of technological innovations. Web-based EMRs have now allowed doctors to be truly mobile and can run on any platform or device; whether it be a computer a standard office computer, a laptop, a tablet or a Smartphone. Although the demand for mobile-health solutions is increasing, some in the healthcare community remain skeptical about the implementation of such solutions.

David Levy, MD, global healthcare leader, PwC says, “Despite demand and the obvious potential benefits of mHealth, rapid adoption is not yet occurring. The main barriers are not the technology but rather systemic to healthcare and inherent resistance to change. Though many people think mobile health will be ancillary or bolted on to the healthcare industry, we look at it differently: mHealth is the future of healthcare, deeply integrated into delivery that will be better, faster, less expensive and far more customer-focused.”

There are always obstacles for any potential technology to fully integrate with and possibly overtake current technological systems, but there is no denying that mHealth is the way forward for the healthcare industry. A recent study undertaken by PwC shows that a majority of consumers predict that in the next three years, mHealth will vastly improve the quality, cost, and convenience of the entire care delivery process.


Medical Device Interoperability

Medical devices are of paramount importance to patient care and well being such as the equipment used for clinical measurement, for instance x-ray imaging, temperature, blood pressure and critical life support. Although we depend heavily on modern medical equipment to treat patients, the devices used in practice are usually not interoperable and cannot connect with other devices. This inadvertently causes accidents which may easily be prevented through an interoperable network of devices.

In a traditional intensive care unit, patients are given treatment with the help of numerous devices such as ventilators, electrocardiographs and vital sign monitors. Most of the time, the manufacturers are different for each of these devices, which makes it harder for these devices to be integrated accordingly.

According to a report by the World Health Organization, there are approximately 1.5 million various medical devices in more than 10,000 different types of device groups available globally. These devices are instrumental for effective prevention, diagnosis, treatment and rehabilitation of diseases, and can be used in different settings such as clinics, hospitals and homes by patients, individuals and healthcare workers. They can also be integrated to a cloud Electronic Medical Records network which can make it easier for healthcare providers to record and monitor the performance of these devices.

Peter Pronovost, MD, Medical Director for the Center for Innovation in Quality Patient Care at John Hopkins University sheds some light on the reasons we need interconnected medical devices. “Medical devices need to share data, so that they can better inform clinicians and help patients,” said Mr. Pronovost. “By doing so, we can both improve quality and reduce costs.”

Similarly, a report by Deloitte states that 61% consumers are interested in using a medical device for checking their condition and electronically share that information with their healthcare providers through the use of technologies such as the EMR or Patient Portal.

medical devices

Through the use of medical devices integrated with Electronic Medical Records, precious lives can be saved. For example, surgery procedures require surgical instruments and radiotherapy units are required to treat cancer patients. In the example of a cancer patient, an infusion pump giving pain medication to the patient can share and exchange data with the vital signs monitor to ensure that the patient is not being given a higher dose.

Joseph M. Smith, MD, Chief Medical and Science Officer of San Diego-based WHI said, “We see an enormous opportunity to use information technology and device innovation to bring about the much needed transformation in healthcare delivery.” He further added, “Today’s hospitals are filled with medical devices that are unable to share critical data, creating potential dangers to patients, as well as inefficiencies that put a tremendous financial burden on our healthcare system.”


The Future of Health I.T

The Health IT industry has been booming over the last few years, especially since the introduction and widespread implementation of Electronic Medical Records (EMR).  In the United States, health IT got a major boost in 2009 when the government introduced the Meaningful Use program through the HITECH Act (Health Information Technology for Economic & Clinical Health).

Enacted under the American Recovery & Re-investments Act of 2009 (ARRA), the HITECH Act is seen as an instrumental legislative achievement by the U.S government and health policy-makers. It is the foundation through which the implementation and execution of Electronic Medical Records EMR all across the nation is deemed possible. It stands as a road through which providers and their patients can communicate regardless of location. There are some who remain skeptical about the government’s backing of health IT, however most view the role of health IT and EMR as the primary step towards in making care more affordable, accessible and ultimately saving lives.

The Meaningful Use program is an initiative through which providers can qualify for Medicare and Medicaid incentives. By utilizing approved and certified Systems, eligible providers can earn up to $44,000 for Medicare and $63,750 for Medicaid over a period of five years starting from 2011.

As with any new method, recording medical information electronically may seem challenging for users. It is not easy for physicians to change their existing workflows that they have developed over many years, so the process of implementation and training is the most important step in converting to Electronic Medical Records.

With proper training physicians can avoid any loss of productivity, which is one of their major concerns during the process of conversion. It is also important for them to select customizable systems, that can conform to the existing clinical and administrative workflows. Link to health information exchange networks is another important capability of the system that providers should look for when selecting an EMR.

There is a general consensus within the healthcare community that the communication between all parties involved in the care delivery process is essential to extract the maximum from Electronic Medical Records. MRI scans, lab results, clinical summaries and other information can easily be shared between hospitals, doctors, payers, labs and patients within seconds. This ultimately saves the patient’s time and streamlines the care delivery process with an audit trail being maintained at each juncture.

Patients are not the only beneficiary of the EMR systems (Read more), as providers can also save time by managing their entire practice from anywhere and remain connected with their patients at all times. With the advent of integrated solutions, providers can use the same EMR system to monitor their clinical, administrative and financial performance. The inclusion of innovative tools like the patient portal ensures communication between patients and doctors, while clinical decision support systems help doctors focus more on their patients as the system checks of errors, drug interactions and in some cases even suggest the appropriate codes for billing purposes.

It is clear that not everyone in the care community is realizing the true potential of EMR systems, but recent trends indicate a significant improvement in the overall process of care delivery. The influx of providers adopting this technology suggests that it is only a matter of time before we can see a significant improvement in population health and handling pressing issues like chronic disease management across the nation.