HITPC Releases Tiger Team EHR Amendment/Correction Recommendations

The ONC Health Information Technology Policy Committee (HITPC) released the Privacy & Security Tiger Team (Tiger Team) recommendations concerning amendments and corrections to electronic medical records (EMRs) in a letter to HHS on July 25, 2011 (HITPC Letter).  The Tiger Team's two recommendations are:

  • Certified electronic health record (EHR) technology for Meaningful Use Stage 2 should have the capability to support amendments to health information as well as support compliance with HIPAA obligations to respond to patient requests for amendments, specifically (i) to make it technologically possible for providers to make amendments consistent with their obligations with respect to the legal medical record (e.g., access/view the original data and identify changes made); and (ii) attach any information from the patient and any rebuttal from the entity regarding disputed data.
  • Certified EHR technology for Meaningful Use Stage 2 should have the ability to transmit amendments, updates or appended information to other providers to whom data in question had previously been transmitted. 

The recommendations address the concerns of stakeholders regarding technological capabilities of EHR systems to assist covered entities in complying with HIPAA amendment and correction procedures for their EMRs.  They also address issues concerning data integrity and quality when correcting errors in patient information not at the request of the patient or communicating updates in patient information. 

HIPAA requires covered entities to comply with specific procedures for correcting or amending protected health information (PHI) within their records where a patient requests such correction or amendment.  In addition, the principle of "correction" was adopted by the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information, which requires timely means provided to individuals to dispute the accuracy or integrity of their health information.  

The Tiger Team recommends that the HIT Standards Committee develop standards, specifications and criteria for the certified EHR technology, and that any technological capabilities be kept as simple as possible to start.  Capabilities could evolve over time and become more complex, including "potentially greater standarization and automation."  Most notably, the Tiger Team rejected placing affirmative obligations on providers to inform other providers and entities about errors which were not identified in response to a patient's request, citing the "range of different errors that could occur" and the potential difficulty in distinguishing between what was a difference in medical opinion and an actual error, deciding,

...Providers' existing ethical and legal obligations were sufficient to motivate them to use appropriate professional judgment regarding when to inform any known or potential recipients of amendments to health data.

Finally, the HITPC letter notes that the Tiger Team considered whether health information exchange organizations (HIOs) should be obligated to correct errors and transmit amendments or updates to affected providers where they may be responsible for such errors.  The Tiger Team has specifically sought input from the HITPC and will continue to research existing HIO policies prior to developing future recommendations on this issue. 

The full HITPC letter may be found here: HITPC Privacy & Security Tiger Team Amendment Recommendations

HHS Announces Proposed Rules for Health Insurance Exchanges

In a Press Release posted yesterday, the U.S. Department of Health and Human Services (HHS) proposed a framework to assist states in building Affordable Insurance Exchanges, state-based competitive marketplaces where individuals and small businesses will be able to purchase affordable private health insurance and have the same insurance choices as members of Congress. The Press Release states, in part:

Starting in 2014, Insurance Exchanges will make it easy for individuals and small businesses to compare health plans, get answers to questions, find out if they are eligible for tax credits for private insurance or health programs like the Children’s Health Insurance Program (CHIP), and enroll in a health plan that meets their needs.

“Exchanges offer Americans competition, choice, and clout,” said HHS Secretary Kathleen Sebelius. “Insurance companies will compete for business on a transparent, level playing field, driving down costs; and Exchanges will give individuals and small businesses the same purchasing power as big businesses and a choice of plans to fit their needs.”

HHS indicates that the announcement is designed to help support and guide states in their efforts to implement Insurance Exchanges. HHS proposed new rules offering states guidance and options on how to structure their Exchanges in two key areas:

  • Setting standards for establishing Exchanges, setting up a Small Business Health Options Program (SHOP), performing the basic functions of an Exchange, and certifying health plans for participation in the Exchange, and;
  • Ensuring premium stability for plans and enrollees in the Exchange, especially in the early years as new people come in to Exchanges to shop for health insurance.

These proposed rules set minimum standards for Insurance Exchanges, give states the flexibility they need to design Exchanges that best fit their unique insurance markets, and are consistent with steps states have already taken to move forward with Exchanges.

To reduce duplication of effort and the administrative burden on the states, HHS also announced that the federal government will partner with states to make Insurance Exchange development and operations more efficient. States can choose to develop an Insurance Exchange in partnership with the federal government or develop these systems themselves. This provides states more flexibility to focus their resources on designing the right Insurance Exchanges for their local insurance markets.

Click below for a copy of the HHS's proposed rules for Insurance exchanges:

For a great summary of these new rules, click "Continue Reading" below.

For additional general information, check out www.healthcare.gov/exchanges.

Continue Reading

UCLAHS Settles Potential HIPAA Violations

The HHS OCR has announced its settlement with the University of California Los Angeles Health System (UCLAHS) for potential violations of the HIPAA Privacy and Security Rules. The settlement and resulting Resolution Agreement resolved two separate complaints alleging UCLAHS employees repeatedly accessed the electronic protected health information (PHI) of two celebrity patients out of curiosity. 

The OCR investigations which began in June of 2009 found that throughout 2005-2008, employees of UCLAHS accessed the PHI of patients without reason.  OCR also found that UCLAHS had failed to provide and/or document appropriate HIPAA training for its employees, implement appropriate security measures and assess and/or apply sanctions against employees who accessed PHI without reason. 

UCLAHS is required under the Resolution Agreement to pay $865,500 and implement a corrective action plan that includes putting into place HIPAA privacy and security policies approved by OCR to address permissible and impermissible uses and disclosures of PHI as well as training and appropriate sanctions against employees for non-compliance.  UCLAHS is also required by the Resolution Agreement to designate an independent monitor to assess UCLAHS's compliance with the plan over the next three (3) years.

The Director of OCR, Georgina Verdugo, stated:

Covered entities need to realize that HIPAA privacy protections are real and OCR vigorously enforces those protections.  Entities will be held accountable for employees who access protected health informaiton to satisfy their own personal curiosity.

You can read the full Resolution Agreement here and the HHS press release here