Lobbying Affiliate: MML&K Government Solutions
{ Banner Image }

Healthcare Law Blog

Comprehensive Healthcare law services. It's kind of our bag.

Contact Us

* Indicates a required field.

Categories

McBrayer Blogs

Related Blogs

Showing 14 posts in Electronic Health Records (“EHR").

OIG Alert Shows Increased Concern over Data Blocking

In a report to Congress last April, the Office of the National Coordinator for Health Technology addressed the growing issue of data blocking. Data blocking occurs when some person or entity knowingly and unreasonably interferes with the exchange or use of electronic health information (“EHI”), and this happens due to business incentives that cause those persons or entities to want to control and limit availability to that information. For instance, if one ACO has the capability to send EHI of a patient safely and securely to another ACO treating that patient through a certified health IT system, but instead faxes that patient’s information, it has engaged in data blocking. It has made it more difficult, inefficient and expensive for the rival ACO to treat that patient. In essence, data blocking prevents the exact purpose of the HITECH Act and provisions of the Affordable Care Act which were designed to increase interoperability of electronic health information systems and facilitate the exchange of information. These broad concerns over data blocking found footing in a recent Office of Inspector General (“OIG”) Alert stressing that data blocking can run afoul of the Federal Anti-Kickback Statute. More >

NIST standards provides an oasis of mobile device security in the EHR desert

The healthcare industry has long awaited some certainty in the arena of mobile devices in light of the continued push for electronic health records (“EHR”) and coordinated care. The prevalence, convenience, and speed of such devices is beyond discussion. According to the 2015 HIMSS Mobile Technology Survey, found that 90% of healthcare providers use them in their organizations. Mobile devices provide clinicians with quick access to information at the point of care. However, the use of mobile devices brings a mountain of security risks for covered entities, including the loss or theft of the mobile device and unsecure exchange of health information. When every individual entering a facility has a mobile device, the large number of mobile devices using a facility’s network can overload the system. More >

HIPAA and “Meaningful Use” Audits: Issues to Consider and How to Prepare

As more and more providers adopt electronic health records (“EHRs”) systems (and with new regulations concerning their required use for purposes of Medicare billing for chronic care management, their popularity can only continue to grow), a myriad of compliance issues continue to surround them. To that end, the federal government has stepped up auditing programs to ensure compliance with HIPAA/HITECH as well as making sure taxpayer money has been invested wisely through the Meaningful Use program. The bent of these audit programs is clearly along the lines that applicable covered entities and business associates should be preparing with a “when” mindset, rather than “if,” as these audits are going to happen. More >

The Finalized Meaningful Use Rule – What Providers Need To Know

The Centers for Medicare and Medicaid Services (“CMS”) finalized a rule (“Final Rule”) on August 29, 2014, giving health care providers a bit more breathing room to comply with the Electronic Health Record (“EHR”) Incentive Program’s (“the Program’s”) meaningful use requirements. The Program began as a way to motivate health care providers to implement EHR systems. Hospitals and health care professionals can qualify through the Program for incentive payments from CMS for the “meaningful use” of certified EHR technology (“CEHRT”). What qualifies as “meaningful use” has been the source of much confusion. The Program is intended to be implemented in three stages, with each stage to be completed within one calendar or fiscal year. More >

A Win for Washington: Cutting ER Visits

Posted In Electronic Health Records (“EHR"), Emergency Rooms, Health Care Law, Health Reform, “Superuser”

In the summer of 2012, Washington state emergency rooms (“ER”) began tracking patients in a statewide database. Expanding Medicaid rolls and legislative attempts to cap reimbursements for non-emergency visits to ERs left the state, hospitals, and physicians knowing they had to do something to cut costs and improve quality of care within the ER setting. The product of their collaboration was the creation of seven “best practices,” known collectively as the “ER is for Emergencies” campaign. In addition to the mandatory, statewide database, the campaign urged health care providers to: More >

A New HIPAA Security Risk Assessment Tool For Your Compliance Arsenal

On Friday, the U.S. Department of Health and Human Services (HHS) announced a new security risk assessment (“SRA”) tool for small and medium size healthcare providers. The downloadable tool (available for free here) is a self-contained, independent application that is available for Windows and iOS platforms. The SRA works by asking a series of in-depth questions about the provider’s activities and facilities. The “yes” or “no” answer format for each question reveals whether corrective action is needed in a particular area. Additional resources in the SRA help providers understand the risks associated with the use, disclosure and storage of protected health information. The SRA offers providers the opportunity to generate, update and document assessment materials and corrective action plans through the SRA; documentation is especially important for audit purposes. More >

Small Devices & Big Consequences: Why Medical Practices Need Encryption

On Tuesday, I shared information about the U.S. Health and Human Services (“HHS”) Office of Civil Rights’ (“OCR”) first settlement with a medical practice for alleged violations of the breach notification provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. The $150,000 settlement was made with Adult & Pediatric Dermatology, P.C., (“the Practice”) after the entity reported a stolen jump drive that contained PHI of approximately 2,200 patients. More >

Coming to a Medical Practice near You: HIPAA and Hi-Tech Audits

On December 26, 2013, the U.S. Health and Human Services Office of Civil Rights (“OCR”) announced  its first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. Adult & Pediatric Dermatology, P.C., (“the Practice”) of Concord, Massachusetts agreed to settle potential violations with a $150,000 penalty and corrective action plan. More >

Part II: Understanding All-Payer Claims Databases

Earlier this week, we discussed the benefits of all-payer claims database (“APCD”) systems. Nine states currently have APCDs in place, but Kentucky is not one of them. These systems provide a multitude of information on the cost, use, and quality of health care in a given state, but the question remains: how do providers feel about APCDs? More >

The Sun is Not Setting on the EHR Safe Harbor

The Centers for Medicare & Medicaid Services (“CMS”) and the U.S. Department of Health & Human Services Office of the Inspector General (“OIG”) recently announced that the regulation allowing certain health care entities to donate electronic health records (with the entity subsiding up to 85% of the donor’s costs) to physicians has been extended to December 31, 2021. The regulation, which provided a safe harbor from the Stark Law and Anti-kickback statute, was set to expire on December 31, 2013. More >

Lexington, KYLouisville, KYFrankfort, KY: MML&KFrankfort, KY LawGreenup, KYWashington, D.C.