Chris Apgar, CISSP, consults on information security to the healthcare and financial services industries. He offers this overview of the Federal Trade Commission’s red flag rules regarding identity theft protection programs.

* * *

Healthcare organizations must be in compliance with the FTC’s red flag rules by May 1, 2009. The rules, which require financial institutions and creditors to establish identity theft protection programs, were included in the Fair and Accurate Credit Transactions Act passed by Congress in 2003.

The final rules were published in the Federal Register November 9, 2007, with an original compliance date of November 1, 2008. In October the compliance date was extended to May 1, 2009. The good news for most healthcare organizations is that the requirements represent only a modest expansion of the security incident response teams they have already formed to meet the HIPAA security rule.  (more…)

If you feel there are a thousand healthcare quality measures out there, you’re about right. The Department of Health and Human Services has compiled an inventory of that many measures and more used by its agencies and operating divisions for reporting, payment, or quality improvement.

HHS says that this is the first time it has compiled a comprehensive list of the quality measures in a single location. It intends the inventory as a step in the effort to advance collaboration and synchronization within the quality measurement community. The measures and specifications in the inventory were self-reported by HHS divisions.

The list is available as a spreadsheet, sortable through dropdown menus. HHS says it will be adding more sorting options in the coming months.

An overview of industry activity around data quality, quality management, and data content standards is available on AHIMA’s Web site.

The clarifications continue over CMS’s approach to signature stamps. This past July CMS issued a clarification that stamps were not permissable on any medical record. Now a new clarification advises that some payers do not accept stamps but the Conditions of Participation do not prohibit them.

In the latest memorandum, dated October 24, CMS writes that the Conditions of Participation:

“do not prohibit the use of rubber stamps in a hospital setting, when properly controlled, for authentication of medical record entries. However, as a point of information for surveyors and providers, we are taking this opportunity to add an information-only statement to the interpretive guidance for §482.24(c)(1) to note that some payers, including Medicare, may not accept such stamps as sufficient documentation to support a claim for payment.”

Healthcare is badly in need of some cost-savings. A new study suggests that a change in the way we keep health records could save billions. Last week the industry got a look at a cost-benefit model for personal health records. According to the report, widespread use of PHRs could save the US healthcare industry between $13 and $21 billion a year.

The Center for Information Technology Leadership (CITL), a nonprofit IT research center based at Partners HealthCare System in Boston, offers the projections in the study “The Value of Personal Health Records.” The study describes an evidence-based model that estimates the industry costs and benefits of four different PHR architectures. The study is the first of its kind to examine the different PHR architectures and show their direct cost savings to healthcare providers and payers, CITL officials say. (more…)

“HIM and health IT are finding that the scope and responsibilities of individual job functions are increasingly crossing department domains,” write the authors of the practice brief “HIM and Health IT,” published in this month’s issue. They note a “universal need for alignment between the two disciplines to ensure that both business processes and technology are in place to advance successfully toward a fully functional [electronic health record].”

The brief explores that need for collaboration through three domains: confidentiality and security, data use and maintenance, and terminology asset management. Seven Web-only extras offer tools to help with that alignment. (more…)

The November-December issue examines the workflow processes for organizations with hybrid records, or those with both paper and electronic health records. Other features report on planning forms automation, minimizing hybrid records, and how health IM and health IT can collaborate in the new electronic healthcare environment. (more…)