Washington State’s experiment in consumer-controlled health records has moved into a pilot phase, transforming the health record banking model from theory to testing. Earlier this month the Washington State Health Care Authority (HCA) announced the launch of three pilot sites that will try out the feasibility of a permanent statewide health record bank network.

Health record banks centrally store copies of consumer’s health records, which providers “deposit” into the accounts. Consumers control which providers can contribute information and which providers and individuals can view their records.

This model of health information exchange, where many providers send patient information to one central location, is seen as an alternative to the many-to-many exchange model, where several organizations directly exchange copies of patient’s records. If the pilot project is successful, Washington State hopes to show by example that health record banks are the ideal model for nationwide information exchange, says Juan Alaniz, health record bank pilot project manager for HCA. (more…)

Many in healthcare still haven’t made their peace with HIPAA’s accounting of disclosure requirements—the provision under which covered entities, upon request, must provide patients with a record of the entities to whom they have disclosed the patient’s protected health information (PHI). They consider it an undue administrative burden for requests they rarely receive. Now new requirements in the American Recovery and Reinvestment Act have upped the accounting ante.

The law singles out covered entities that maintain PHI in electronic health records, requiring them to account for disclosures of PHI made even for purposes of treatment, payment, and healthcare operations—actions exempted under HIPAA. Under the new law, covered entities must be able to provide disclosures dating back three years from the patient request. (more…)

Mixed in with the billions of dollars for health IT in the American Recovery and Reinvestment Act are new privacy and security regulations for using it. It’s reminiscent of 1996, when HIPAA mandates on transacting certain health information electronically required accompanying standards for doing so securely.

After the initial trumpet of ARRA’s wake up call, something of a lull is ensuing. The industry is chewing over the published legislation while waiting on the details that will come in interim rules.

ARRA plays largely off HIPAA, which makes this lull a good time to brush up on the HIPAA security rule. A strong working knowledge of the rule will help organizations interpret and implement the new ARRA provisions. It’s been six years since the final rule was published, and it never did get the kind of attention that the privacy rule received.

AHIMA’s policy and governance team offered an analysis of the HIPAA security final rule upon its publication back in February 2003. The article offers a good place start.

AHIMA’s Body of Knowledge library is also rich with subsequent articles on interpreting and working with the rule (requires AHIMA member log in). The Department of Health and Human Services offers guidance and links.

A 19-year-old college student uses her university clinic for gynecological visits. Her parents contact the clinic and ask to see her health record in order to find out if she is using birth control. The clinic shares the record with the parents. Did the clinic staff do wrong?

Maybe not.

The behavior would seem to fly in the face of the HIPAA privacy rule, but virtually all public schools and most private and public postsecondary institutions are covered by a different federal law.

The Family Educational Rights and Privacy Act, or FERPA, regulates the privacy of students’ education records. These can include student health records if the institution chooses to classify them as such. The HIPAA privacy rule does not apply to records covered by FERPA.

It’s a complicated intersection of federal law, and the Department of Health and Human Services and the Department of Education have issued guidance to help schools navigate it. See “When FERPA and HIPAA Collide” in the Winter 2009 issue of AHIMA’s Academic Advisor e-newsletter.

AHIMA has posted reviews of the American Recovery and Reinvestment Act. The law, previously known as the stimulus bill, allots approximately $19 billion to promote the adoption of health IT. It also introduces significant new privacy and security requirements for healthcare entities.

There are two overviews on the AHIMA site: the first on the general provisions of the legislation and the second specifically dedicated to the privacy provisions.

A third review identifies the reports and other submissions the law require from the Department of Health and Human Services and other federal agencies, some of which are due beginning next month.

Provisions in the law will be put into effect over the course of the next two years, with regulations, guidance, and reports still to come. AHIMA offers additional analysis and comments on industry matters at its Advocacy and Public Policy Center.

There won’t be a delay on the ICD-10 final rules, according to the Centers for Medicare and Medicaid Services. The final rule for implementing ICD-10-CM and ICD-10-PCS will go into effect March 17.

The policies in the final rule are considered to be officially adopted on that date. The regulations for the HIPAA electronic transaction standards—published the same day in a separate rule—will go into effect at the same time. The HIPAA transactions must be updated to accommodate the use of the ICD-10-CM and ICD-10-PCS code sets. 

Before becoming official, the rules had been subject to a regulatory review by the new presidential administration, as well as a 60-day hold for Congressional review required by HIPAA. The final rules were published January 16, 2009.

ICD-10-CM/PCS must be implemented by October 1, 2013; the HIPAA electronic transaction standards must be operational by January 2012 and January 2013.

For more on the preparation for the ICD-10 transition, visit AHIMA’s ICD-10 Web site for analysis, tools, training, education, resources, and information.

Google Health, the Internet giant’s free online personal health record service, is nearing a year old. This week the company rolled out some changes to the service, some of which the company anticipated last spring.

Users may now share their health profiles with others, such as doctors and family. Account owners grant access to others via e-mail addresses. Viewers cannot edit or share a profile. Account owners control how much of the profile others see, another change.

Google’s list of partners continues to grow. Partners are primarily national pharmacy chains that can feed medication information into Google Health accounts. However, patients of the Cleveland Clinic and Beth Israel Deaconess Medical Center can import their records through those facilities’ patient portals.

Several days ago the New York Times featured an article titled “How to Make Electronic Medical Records a Reality.” EHRs and their challenges have become a popular topic in the mainstream media. Maybe that’s what a couple billion dollars of federal money will do for a topic that’s been scuffing along.

The Times piece nicely highlights the challenge of implementing health IT in small physician practices, a primary healthcare target in the recently passed American Recovery and Reinvestment Act, or ARRA.

“There’s no way small practices can effectively implement electronic health records on their own,” says Dr. Farzad Mostashari in the article. “This is not the iPhone.” (more…)

In the March print story “Virtual HIM,” Cheryl Servais, MPH, RHIA, discusses the organizational issues in transitioning HIM departments to remote, virtual departments. Servais notes that virtual departments offer organizations operational, financial, and staffing advantages, as well as opportunities to increase levels of service.

Within that article, Deborah Kohn offers a matrix of HIM functions that can be performed remotely and the line-of-business information systems that support them. Kohn, MPH, RHIA, FACHE, CPHIMS, expands that topic in a full web-only feature story.

The March issue outlines how HIM professionals can help improve cash flow in their organizations by contributing to revenue cycle management. Other features examine the opportunities and challenges of separating coding from the HIM department, the benefits of a virtual HIM department, and emergency medical services communication and documentation. (more…)