By Laura Gerdes Long
Since the Health Information Portability and Accountability Act of 1996 (HIPAA) was implemented in 2003, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has not conducted a formalized plan for auditing health care providers, insurance plans and other covered entities … until now.
OCR recently announced its pilot program to audit covered entities for privacy and security compliance and says in 2012 it will conduct up to 150 audits in their effort to ensure that covered entities and their business associates are complying with the HIPAA Privacy and Security Rules and the Breach Notification Standards. The OCR website provides useful information about this program and its objectives.
Previously, there was no mandated auditing process as a part of HIPAA, but rather reviews of covered entities typically would occur as complaints were raised by patients or consumers. With the American Recovery and Reinvestment Act of 2009, Section 13411 of the Health Information Technology for Economic and Clinical Health Act (HITECH) amended portions of HIPAA and requires HHS to develop procedures for auditing covered entities to verify compliance with the Privacy Rules and breach notification.
Covered entities need to ensure that their policies and procedures are updated for privacy and security compliance efforts. The entity must be prepared to provide documentation of its procedures, including with regard to breach notification, and documentation that its key personnel have been trained. Training does not include simply having a notebook containing policies and procedures that no one knows how to use.
According to the OCR website, the timeline is fairly quick, so individuals within the covered entity should be prepared to know what to do upon receiving a written notification that an audit is coming. If a “serious compliance issue” is found, OCR may initiate a compliance review to address the problem.
Of course, OCR will continue to accept complaints from individuals and covered entities through their privacy officers must continue to accept complaints from individuals. The goal of the pilot audit program appears to be to identify best practices and discover risks and vulnerabilities that otherwise have not come to light through the complaint process.
Covered entities that are prepared will shine, while those that are not prepared will have some explaining to do.
Posted by Attorney Laura Gerdes Long. Long practices in tort, insurance defense, legal malpractice, health care, and employment law. Well-versed in employment law policies and processes related to HIPAA, she serves as a trainer and advisor to health care providers, insurers, self-insured employers, and municipalities.
02/17/12 2:48 PM
Employment Law, Healthcare, Litigation | Comment (0) |
Permalink
A Long Road to HIPAA Compliance: Privacy and Security Audits
By Laura Gerdes Long
Fate of the Patient Protection and Affordable Care Act Lies in Hands of Supreme Court
According to the National Law Journal, the Supreme Court justices granted review in three of the five petitions that it had before them regarding the Patient Protection and Affordable Care Act, all from the 11th Circuit Court of Appeals. That court had struck down the mandate that individuals who can afford health insurance must purchase coverage or pay a penalty.
The Journal article lists the issues on which the Court would hear arguments and the amount of time allotted to each issue, for a total of five and one-half hours.
Oral arguments will be made by the United States Solicitor General, 26 state attorneys general (handled by a single lawyer from a Washington firm), and the National Federation of Independent Business (NFIB).
Typically, Supreme Court oral arguments are scheduled for two hours of argument. Arguments are likely to be held in March.
Undoubtedly, with all of the questions raised by the health care act, five hours will not be sufficient time to answer all of them.
Posted by Attorney Laura Gerdes Long. Long practices in tort, insurance defense, legal malpractice, health care, and employment law. Well-versed in employment law policies and processes related to HIPAA, she serves as a trainer and advisor to health care providers, insurers, self-insured employers, and municipalities.
11/17/11 1:37 PM
Business Law, Healthcare, Litigation | Comments Off |
Permalink
Supreme Court: Will Five and a Half Hours Be Enough?
By Christopher D. Vanderbeek
According to a recent study published in the Journal of Occupational and Environmental Medicine, modifiable employee health risks dramatically increase employer operating costs. “Modifiable” health risks are those which can be remedied with appropriate action, such as exercise, diet, or medication.
The study focused on the employees of a large Midwestern corporation. It looked at the most common modifiable health risks: obesity, high blood pressure, high blood sugar, high cholesterol, inadequate exercise, poor nutrition, poor emotional health, tobacco use, and high alcohol consumption.
Researchers focused on two types of costs: health care-related costs, and productivity-related costs. The study suggests that health care costs were driven upward most significantly by high blood pressure, high blood sugar, and inadequate exercise. Productivity costs were driven upward most significantly by poor emotional health, which was also a driver of increased health care costs, though to a smaller extent.
The study also implemented findings from a Mayo Clinic assessment. A few of the pertinent Mayo Clinic findings:
Continue reading »
11/8/11 5:00 AM
Healthcare | Comments Off |
Permalink
Easiest Way to Increase Productivity and Decrease Health Care Costs
By Laura Gerdes Long
The federal government’s efforts at incentivizing medical providers to use electronic health records (EHRs) may be putting some practices at risk.
In “Electronic Records May Increase Malpractice Lawsuit Risk,” Neil Versel with Information Week refers to a white paper published by the AC Group, a Montgomery, Texas, health IT research and consulting firm. The white paper describes the kinds of risks that medical practices may face if they try to implement EHRs too quickly without the appropriate vendors.
Even vendors who have been certified by the Office of the National Coordinator for Health Information Technology (ONC) have been found lacking in the area of “medico-legal training.” For example, according to Versel, it has been discovered that ONC certification may not require providers “to check drug orders against laboratory results or take into account social and family medical history in creating alerts,” such as the need for more frequent mammograms for a female patient with a mother who has had breast cancer.
Here are just a few other issues that have arisen :
- Critical safety alerts are being missed due to incomplete medication lists;
- Problems with time synchronization of records between electronic charting systems; and
- A high percentage of EHRs do not run drug interaction checks when filling prescriptions.
So to the medical practice community: buyer beware.
Posted by Attorney Laura Gerdes Long. Long practices in tort, insurance defense, legal malpractice, health care, and employment law. Well-versed in employment law policies and processes related to HIPAA, she serves as a trainer and advisor to health care providers, insurers, self-insured employers, and municipalities.
10/28/11 12:03 PM
Healthcare, Litigation | Comments Off |
Permalink
Electronic Health Records: Could Your Practice Be at Risk?
By Patrick J. Murphy
The revised Illinois Power of Attorney Act, 755 ILCS 45/2-1 et seq. provides greater protection to principals. These revisions are designed to minimize abuses of the elderly, incapacitated and disabled persons by their agents serving under powers of attorney. House Bill 6477, the new state bill containing the changes, was passed by both houses and signed into law by Governor Quinn on July 26, 2010. The effective date for the changes is July 1, 2011. All powers of attorney which were validly executed prior to this date will continue to remain effective.
A few highlights of the changes to this Act are:
- Definitions of these key terms: “incapacitated,” “incurable or irreversible condition,” “permanent unconsciousness,” and “terminal condition,” some of which are borrowed definitions from the Health Care Surrogate Act.
- The agent’s duties and standard of care for the principal are expanded, particularly in the area of record keeping, as well as liability for neglect or elder abuse.
- The agency-court relationship has been rewritten to allow the review of an agent by the court and additionally adds new remedies to protect the principal.
- New paragraphs with respect to successor agents, co-agents, and powers executed in another state or country.
- Forms for Certification and Acceptance of Authority of agent, successor agent, and co-agents are available.
- New paragraph has been added with respect to persons who may be witnesses to the signature of the principal on a power of attorney. For instance, the witness cannot be a relative of the principal or agent by blood, marriage or adoption, an agent or successor agent, the attending doctor or relative of the doctor, owner or operator or relative of an owner or operator of the health care facility of the principal.
- The health care power does not authorize the agent to make any anatomical gifts, and incorporates recent improvements to the Disposition of Remains Act. The principal’s agent is to be treated as the principal in using and disclosing health records as governed by HIPAA.
- A specific “Notice to Agent” is required under the new statutory short form power of attorney to be given to the agent detailing the agent’s rights and responsibilities so that agents know what they should do and should not do.
If you are interested in learning more about the specifics about the changes to the Illinois Powers of Attorney Act, or any estate planning need please give our office a call and we can provide you with further information
10/18/10 2:00 PM
Estate Planning, Healthcare, Probate | Comments Off |
Permalink
Illinois Changes Its Power of Attorney Laws
