Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

The Final HIPAA Omnibus Rule: A Sharing of Accountability

Posted on February 25, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The following is a guest post by Rita Bowen, MA, RHIA, CHPS, SSGB, SVP of HIM and Chief Privacy Officer, HealthPort. If you’re attending HIMSS, I’ll be doing an interview with Rita at HealthPort’s Booth 6841 at Noon on Tuesday 3/5/13. Come by and learn more about the HIPAA Omnibus Rule and get any questions you have answered.

It seems an eternity ago, four years to be exact, that the HITECH Act introduced changes to HIPAA. After much speculation, rumor, innuendo and anticipation, HHS released the final HIPAA omnibus rule, which significantly amends the original HIPAA Privacy, Security, Breach and Enforcement Rules. HHS Secretary Kathleen Sebelius introduced the new rule by stating:

“The final rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.”

Ms. Sebelius conceded that healthcare has changed dramatically since HIPAA was first enacted and that the new rule is necessary to “protect patient privacy and safeguard patients’ health information in an ever expanding digital age.”

The new rule, at 563 pages, is not brief, but covered entities can’t let that inhibit them from becoming intimately acquainted with this document. I’ve made an initial review of the rule and culled what I feel are its key concepts:

  • Business Associates (BAs) of covered entities are now, for the first time, directly liable for compliance with certain requirements of HIPAA Privacy and Security rules, including the cost of remediation of breaches for which they are responsible.
  • The rule goes so far as to revise the definition of a “breach.” This new definition promises to make the occurrence of breaches – and the required notification of breaches — more common.
  • The use and disclosure of protected health information for marketing and fundraising purposes is further limited, as is the sale of protected information without individual authorization.
  • The rule expands patients’ rights to receive electronic copies of their health information and to restrict disclosures to health plans regarding treatment for which they’ve already paid.
  • Covered entities are required to modify and redistribute their notice of privacy practice to reflect the new rule.
  • The new rule modifies Individual authorizations and other requirements to facilitate research, expedite the disclosure of child immunization proof to schools, and enable access to decedent information by family members and others.
  • The additional HITECH Act enhancements to the Enforcement Rule are adopted, including provisions addressing enforcement of noncompliance with HIPAA rules due to willful neglect.

Getting to Compliance

And now comes the challenging part – compliance! The new rule goes into effect on March 26, and covered entities and BAs are expected to comply by September 23, so there is much work to do. Hospitals and clinics need to thoroughly comprehend — and then prepare for — the sweeping changes in BA liability. They’ll need to communicate these changes and new requirements to BAs and update their BA agreements accordingly. And since BAs are now directly liable for breaches, organizations must decide how they’ll enforce their BA agreements with regard to privacy and security. Additionally, comparable agreements must now be shared between BAs and their subcontractors.

What are the keys to successful compliance?  The following tips should ensure your smooth transition into the new rule:

  • Become intimately acquainted with the new rule — and its ramifications for your organization, your BAs, and their subcontractors.
  • Identify a privacy officer within all of your partner organizations.
  • Define a process for the notification of patients in the event of a breach of their protected health information (PHI).
  • Update breach notification materials to reflect the new Rule.
  • Update, repost and redistribute your Notice of Privacy Practices.
  • Document current privacy and security practices, and conduct a risk assessment.
  • Make certain your healthcare security technology solution is flexible, secure, and scalable to handle the growing volume of audit inquiries promised by the RACs.
  • Encrypt all devices that store patient information.
  • Communicate new HIPAA requirements and expectations to BAs.
  • Update business associate agreements (BAAs) to clarify that BAs pay the cost of breach remediation, when the BA is responsible for the breach.
  • Provide a template of a comparable agreement for BAs to use with their subcontractors.
  • Monitor your partners’ efforts to protect patient data.

The new HPAA omnibus rule has arrived and the challenges it presents should not be underestimated. Communication and organization will be your keys to success!

Rita Bowen, MA, RHIA, CHPS, SSGB

Ms. Bowen is a distinguished professional with 20+ years of experience in the health information management industry.  She serves as the Sr. Vice President of HIM and Privacy Officer of HealthPort where she is responsible for acting as an internal customer advocate.  Most recently, Ms. Bowen served as the Enterprise Director of HIM Services for Erlanger Health System for 13 years, where she received commendation from the hospital county authority for outstanding leadership.  Ms. Bowen is the recipient of Mentor FORE Triumph Award and Distinguished Member of AHIMA’s Quality Management Section.  She has served as the AHIMA President and Board Chair in 2010, a member of AHIMA’s Board of Directors (2006-2011), the Council on Certification (2003-2005) and various task groups including CHP exam and AHIMA’s liaison to HIMSS for the CHS exam construction (2002).

Ms. Bowen is an established speaker on diverse HIM topics and an active author on privacy and legal health records.  She served on the CCHIT security and reliability workgroup and as Chair of Regional Committees East-Tennessee HIMSS and co-chair of Tennessee’s e-HIM group.  She is an adjunct faculty member of the Chattanooga State HIM program and UT Memphis HIM Master’s program.  She also serves on the advisory board for Care Communications based in Chicago, Illinois.

What Do I Look for When I Write? I Like Lines Not Dots

Posted on February 20, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

As most of you know, I’m surrounded by planning for the HIMSS Annual Conference that’s happening in about a week and a half. I apologize for those that get tired of all the HIMSS discussion, but it literally overwhelms most things for me. I have about 200 emails in my inbox from PR people asking me if I want to meet with a healthcare IT company while at HIMSS. At this point I’ve mostly gathered those emails to see what companies are offering and starting today I’ll start replying to those emails as I fill out my HIMSS schedule.

I must admit that my initial look at the pitches I’ve received is pretty underwhelming. I think part of this might be that a year is not a lot of time for many things to change. As I said in my 2013 Healthcare IT predictions post, I think that it’s much more valuable to look at a 5 year horizon as opposed to a single year. A year just isn’t enough time for most innovations to really take shape. However, in 5 years you can see some amazing changes.

I was really impressed with Neil Versel’s post about his HIMSS being all about quality and patient safety. If you’re a PR company or someone interested in working with Neil, then you’ll want to take a good look at that post. I hope that Neil is sending a link to that post to all the PR people who email him. I can imagine if I’d lost my father to poor healthcare quality I’d take a similar view. His post started me to think about what interested me most. What did I want to write about at HIMSS.

This is actually a common question that I get from PR people. Many of them ask, “What stories are you looking for at HIMSS?” I’ve always hated that question. I’ve never gone to HIMSS with specific stories in mind. Instead, my goal is to go to HIMSS to discover what stories should be brought to my readers. Sure, I could probably predict some of the stories that will come out of this year’s HIMSS, but my goal is to be open to discover something my readers may not have thought about before.

Plus, I’ve found that it’s pretty rare that I write about something after one meeting. I’m not as interested in a one off experience with a vendor where I write about whatever they’re selling at the moment (a dot on a chart). It does happen on occasion, but I’m more interested in writing about trends I see happening over time (a line). Where were you last year or the year before that or when I last spoke to you at another conference and where are you today? This makes for a much more interesting story.

Another aspect in the line vs dot coverage is that one EMR vendor discussion is a dot, but my discussion with dozens of EMR vendors creates a line that is often much more interesting to my readers.

There you go. A few of my thoughts on what I like to cover. This is true at HIMSS and throughout the year. If you know of lines I should be writing about, I’d love to hear them. Now time to dig through that stack of emails to see what lines I can find.

4th Annual New Media Meetup at HIMSS 2013 Sponsored by docBeat

Posted on February 14, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

For those of you planning to attend the annual HIMSS Conference in New Orleans, I’m pleased to announce the details for the 4th Annual New Media Meetup at HIMSS 2013.

It’s amazing to think that 4 years have already past since that first event, but I’m really excited by what we’ve put together for all those planning to be in New Orleans for HIMSS. The New Media Meetup is one of the highlights of HIMSS for me each year and I expect this year to be no exception.

A big thanks to docBeat for sponsoring the event and making is possible for those of us in New Media to get together over food and drinks at HIMSS. I hope everyone will check out docBeat and thank them for sponsoring the event.

Now for the details of the event…

Register Here!

When: Tuesday 3/5 6:00-8:00 PM
Where: Mulate’s Party Hall – 743 Convention Center Boulevard, New Orleans, LA MAP
Who: Anyone who uses or is interested in New Media (Blogs, Twitter, Social Media, etc)
What: Food, Drinks, and Amazing People

About Our Sponsor
docBeat Secure Text Messaging Logo
docBeat® allows physicians and other healthcare professionals to seamlessly communicate with one another using their mobile phone or web browser while ensuring HIPAA compliance and avoiding liability issues. Plus, there’s no more dealing with the hassle of being on hold to find out who is on call or busy. docBeat® allows physicians to provide a docBeat phone number to be reached at while keeping their actual phone number private. For more information visit www.docbeat.co.

A big thanks also goes out to Erin and Beth from The Friedman Marketing Group for helping us locate a great venue in New Orleans and helping us plan the event. They are class acts and I always love working with them and their PR company.

Finally, thanks as always to all the members of Influential Networks and Healthcare Scene that help us promote the New Media Meetup. It’s beautiful to use the power of social media to put on such a great social media event at HIMSS.

Let me know if you have any questions and I look forward to seeing many of you in New Orleans very soon!

Using Influencers to Differentiate Your Health IT Products

Posted on January 25, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Shahid Shah and I have been working together for the past little while on a new company called Influential Networks. It’s been a really amazing experience for me to work alongside Shahid and to learn from his amazing expertise.

As HIMSS fast approaches, Shahid and I decided that it would be helpful for us to share some tips and tricks to improve a company’s marketing and messaging strategy and how they can use influencers in that strategy. We’ll be hosting a webinar on Tuesday, January 29th at 2:00pm EST to share these tips. The tips we will be sharing apply at HIMSS or to any company looking to differentiate their product or service in the healthcare market.

For those who don’t want to wait or can’t attend on Tuesday, last Thursday we teamed up with HIMSS Social Media gurus, Cari McLean and Michael Gaspar, to do a similar webinar focused on differentiating your product and services at HIMSS. You can download a recording of that webinar here.

Much of the content in the webinar on Tuesday will be similar to the one we did with HIMSS, but with a few different twists. Plus, we’ll save time for Q&A at the end of the event where you can get your company specific questions answered. Here’s a short outline of the major subjects we’ll cover:

  • Describe the expectations of attendees and why they attend
  • Provide suggestions for how to clearly differentiate your products and services
  • Explain some of the common mistakes exhibitors make
  • Plan what to do before, during, and after the conference

You can register for the Tuesday webinar online. Everyone is welcome to attend.

If you have any specific questions you’d like to make sure we answer at the webinar, feel free to leave a comment below and we’ll be sure to answer them for you.