For the past two days the National Committee on Vital and Health Statistics has been hearing testimony from the industry on what constitutes the “meaningful use” of health IT. Defining the term is no small matter, as it triggers $17 billion in Medicare and Medicaid incentives for the adoption of electronic health record systems. The incentives are part of the American Recovery and Reinvestment Act, or ARRA.

Under the provision, an eligible professional can receive $44,000 in incentives beginning in 2011. After several years, that carrot turns into a stick. In 2015 eligible providers who are not meaningful EHR users will begin receiving reduced reimbursement. Reductions will reach 97 percent of the fee schedule in 2017.

Speaking at Tuesday’s hearings, newly named national coordinator for health IT David Blumenthal noted that defining meaningful use would also affect EHR product certification, funding, and training.

AHIMA offered comments during the hearings, advising that the elements of meaningful use improve the coordination of care, promote health information exchange, and improve the capture and use of data for secondary purposes such as quality and public health reporting. (more…)

The Department of Health and Human Services has published guidance related to the Genetic Information Nondiscrimination Act (GINA) and its effect on researchers.

“Guidance on the Genetic Information Nondiscrimination Act: Implications for Investigators and Institutional Review Boards” provides background on protections provided by GINA and discusses GINA’s impact on investigators who conduct genetic research and the institutional review boards that review it, particularly on criteria for IRB approval of research and the requirements for obtaining informed consent under the HHS regulations for the protection of human subjects (45 CFR part 46).

Final GINA regulations are expected in May.

To review GINA’s provisions, see the July 2008 “Word from Washington” column “Getting to Know GINA.”

The National Quality Forum is in the process of establishing consensus standards for the use of clinically enriched administrative data for reporting performance measures in ambulatory care. In January an NQF work group began identifying and endorsing a set of measures suitable for both public accountability and quality improvement.

Given the difficulty of reporting performance measures from paper records, healthcare has been making do by using administrative data, the only data widely available in electronic form. The trade-off is the quality of the quality measures: administrative data produce a narrow and less reliable look at the care delivered.

(In the worst case, as a Boston Globe story on Google Health related earlier this month, poorly managed use of claims data can result in outright misrepresentation of care delivered. The Journal wrote about this danger in personal health records back in April 2007.) (more…)

Professional practice experience is an important part of an HIM student’s education. Hands-on experience with HIM work is important to helping graduates enter the work force prepared. Each CAHIIM-accredited HIM program must have at least one PPE, which helps students assimilate the HIM theory taught in class with real-world HIM applications.

Both students and sponsoring facilities new to PPEs might not know what to expect. To help them properly prepare and get the most out of their site visits, the AHIMA House of Delegates Team on HIM Higher Education and Workforce has created the Clinical Practice Sites/Professional Practice Experience Guide.

The 25-page guide provides information and best practices on serving as a clinical PPE site as well as advice to PPE students looking to get their first glimpse at HIM work. It offers tips on how to make the most of the program. The guide can be used by site managers, HIM department mentors, academic programs, and students.

The guide is divided into chapters addressing each participant in a PPE experience. The student section, for example, outlines the expectations of a PPE student. The affiliation site guide chapter lays out what is expected of the organization and helps prospective sites develop their PPE programs.

Several stories in the current print issue describe efforts to streamline data collection and reporting for quality measures. Two touch on the Quality Reporting Document Architecture (QRDA), a Health Level Seven draft standard based on HL7’s approved clinical document architecture (CDA).

The QRDA initiative is developing CDA standards for reporting quality measure data across health IT systems that are EHR-compatible. Currently, the work is published in part as an HL7 draft standard for trial use and is being tested in pilot implementation.

In “Advancing Quality Measures Reporting in HIEs,” Randolph C. Barrows Jr. describes the use of the QRDA in the quality measure use case featured in the NHIN demonstrations earlier this year. The QRDA was used in drafting functional requirements to support the exchange of patient-level quality data from provider systems to quality data measurement and reporting facilities. It also factored in writing functional requirements for the exchange of population-level quality measures results from a measurement and reporting facility to quality data recipients. (more…)

The ICD-10-CM/PCS final rule requires a major transition in academic programs as well as in the field. Institutions currently teaching ICD-9-CM in baccalaureate, associate, and certificate programs must transition their curricula to ICD-10-CM/PCS in coordination with the industry’s transition to the new coding systems. Educators will be among the first in the country who need to learn ICD-10-CM/PCS.

The April practice brief “Transitioning to ICD-10-CM/PCS—An Academic Timeline” outlines how and when HIM academic programs should begin integrating ICD-10-CM/PCS education into their curriculum. The article lays out the academic transition into three phases: preparation, hybrid, and full implementation. The countdown to integrating ICD-10-CM/PCS begins on August 1, 2010, when educators should start expanding curriculum content on courses affected by ICD-10-CM/PCS changes. (more…)

The stimulus bill includes provisions for education, outreach, and training around healthcare IT. Bonnie S. Cassidy, MPA, RHIA, FAHIMA, FHIMSS, offers a look at the significant career development and employment opportunities this offers HIM professionals. Cassidy is a strategic leader for the Certification Commission for Healthcare Information Technology and a past-director of the AHIMA Board of Directors.

Title XIII of the American Recovery and Reinvestment Act, or ARRA, includes $19.2 billion in provisions for healthcare information technology and information management. Much of the money is dedicated to health IT adoption, but a significant amount goes toward training, education, and knowledge-sharing.

This article focuses on the education, outreach, and training opportunities that reside within the section “Incentives for the Use of Health Information Technology.” The provisions recognize that the successful adoption, implementation, and use of health IT require a newly trained work force. (more…)

The Federal Trade Commission has its ARRA homework well under way. Yesterday it announced its notice of proposed rulemaking (NPRM) on data breach notification.

The American Recovery and Reinvestment Act establishes the first federal requirements on health data breach reporting and notification. It assigns the Department of Health and Human Services to oversee organizations that qualify as covered entities and business associates under HIPAA. It assigns the FTC to oversee everyone else, including vendors of personal health records.

Both HHS and FTC are required to publish final interim regulations by August 16. The provisions become effective 30 days after publication.

According to an FTC press release, the proposed rule:

• Requires “vendors of personal health records and related entities” to notify consumers of a breach
• Requires a service provider to a PHR vendor to notify the vendor of a breach, which in turn must notify its customers
• Defines the triggers for a notice, as well as the timing, method, and content of the notice
• Requires that entities notify the FTC of a breach, which will in turn post the information on its Web site and share with HHS

The NPRM will appear in the Federal Register shortly, according to FTC.

Public comments on the notice of proposed rulemaking are due by June 1. AHIMA’s commentary will available on this site in advance of that date.

Update April 20: HHS released its required guidance on rendering protected health information unreadable on April 17. The guidance relates to both HHS’s and the FTC’s breach notification regulations. HHS is accepting comments until May 21.

Capping off our Health Information Privacy and Security Week series, Federal Trade Commission attorney Steven Toporoff offers tips on complying with the Red Flags Rule, which goes into effect May 1. Toporoff works in the FTC’s Division of Privacy and Identity Protection, Bureau of Consumer Protection.

Millions of Americans each year fall victim to identity theft.  When identity theft involves healthcare, the consequences can be severe. It can result in losses to the healthcare provider from unpaid bills, the exhaustion of the victim’s benefits, or even potentially life-threatening corruption of a patient’s medical records. 

The crime also can play havoc with an innocent consumer’s credit rating.  Medical identity theft may arise when a person seeks healthcare services or prescription pharmaceuticals using someone else’s name or insurance information.  A recent nationwide survey conducted for the FTC found that 4.5 percent of the 8.3 million identity theft victims have experienced some form of medical identity theft.

The Red Flags Rule is designed to help protect patients and providers from suffering the consequences of medical identity theft.  Briefly put, this new law requires “creditors” and “financial institutions” to determine if they have either consumer accounts that permit multiple payments or other accounts for which there is a reasonable risk of identity theft.  If they do, these covered entities must develop and implement a written identity theft prevention program. Each provider has the flexibility to implement a program that best suits its size, complexity, and actual risk of identity theft.    (more…)

Continuing this week’s focus on privacy, today’s guest author Stacie Durkin, RN-C, RHIA, MBA, owner, Durkin & Associates, explains what ARRA’s privacy provisions might mean for health information exchange. Durkin co-chairs an AHIMA/HIMSS collaborative workgroup focused on privacy and security in the HIE/RHIO environment. 

HIPAA has sharper teeth and a wider net due to the American Recovery and Reinvestment Act of 2009 (ARRA).  A section of ARRA called The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is the healthcare portion of the stimulus package that provides $19 billion for health information technology and the Federal financial commitment which supports and promotes the adoption of electronic health records (EHRs) by 2014.  Some of the perceived weaknesses in HIPAA’s privacy and security regulations will be rectified by ARRA, dubbed “HIPAA II.”

There has been much discussion around the privacy and security issues of shared data.   Before the stimulus package, health information exchanges (HIE) were not directly regulated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The new legislation is loaded with requirements, new enforcement provisions and penalties for covered entities, business associates, vendors and others. (more…)