Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

HITECH Privacy Compliance Gets Trickier – Meaningful Use Monday

Posted on July 9, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

It’s been a very interesting few weeks for privacy protection under  HIPAA. Just in case you haven’t had a chance to catch up on them,  here’s what’s going on.  The OCR has announced the protocols under which it’s going to perform audits required by HITECH.

Here’s how OCR is going to check both you and business associates for compliance with the HIPAA Privacy Rule,  Security Rule and Breach Notification Rule. Here’s a summary from the Beyond Healthcare  Reform blog from lawfirm Faegre Baker Daniels:

Privacy Rule Security Rule
Notices of privacy practices Administrative Safeguards
Right to request privacy protection for PHI Physical Safeguards
Access to PHI Technical Safeguards
Administrative requirements
Uses and disclosures of PHI
Amendment of PHI
Accountings of disclosures

Meanwhile, there’s the matter of the temperature being turned up on your relationship with your business partners. As things stand, maintaining HIPAA-level control over information once it leaves your facility or office is hard enough.  Since 2009, HITECH has required covered entities and business associates to disclose if they’d used information on patients — including for treatment, payment or operations — if the access was through an EMR.

While that’s sticky to enforce, it mostly affects providers, not the business associates in most cases. But things could get a little trickier going forward.  A new proposed rule would now require a basic access report applying not just to EMRs, but also to uses and disclosures of e-PHI in a designated record set.

As the Beyond Healthcare Reform blog notes, this could mean that health plans and business associates (if they have a designated records set) would have to provide the access reports for everything, including treatment, payment and operations.

I doubt any of us are surprised to see OCR getting tougher on data sharing;  in fact, I’d argue that it’s overdue. The question is whether in the mean time, the near-daily data breaches we see (stolen laptops with unencrypted data, lost data disks) still haunt us.  Scary times.

SCOTUS Decision Likely to Indirectly Affect mHealth

Posted on I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

The recent ruling on the ACA by the Supreme Court has certainly caused quite the stir. Comment boards, Facebook statuses, and dinner-table discussions around the country have revolved around this ruling, for better and for worse. Will the SCOTUS decision affect mHealth? According to David Lee Scher, MD, it will. In his recent article at, with the millions of people affected by it, mHealth may be able to help those who may benefit the most. He discussed five ways SCOTUS is going to affect mHealth, which are:

  1. The healthcare infrastructure will benefit from digital and mobile health technologies: Because resources will be stretched thin as millions of uninsured Americans scramble for insurance, Scher believes that Medicaid providers will likely find the easiest way to communicate with new enrollees will be by enrolling them in mobile programs. He said that “it would be much easier to provide public service announcements that include how to donwload an app to enroll or obtain information on benefits than hire thousands of customer service representatives creating countless hours of telephone waiting time and the purchase of streamed music for the wait.”
  2. The increased demand for mHealth will necessitate a more industry-friendly regulatory process: Recent talk of the FDA regulating mobile health apps has made app makers everywhere a bit antsy. However, the SCOTUS decision may cause the mHealth to be in more demand than ever. This will hopefully create a better regulation process, that is unique to mHealth, and “not adaptation of the same processes with retrofitting of definitions and reviews.”
  3. Health information exchanges will be critical for Medicaid success: With the expected growth of Medicaid, the states that are behind in health care IT for Medicaid will likely be forced to get more up to date.
  4. Patient engagement will become a necessity: People are going to have to become more involved with their health care. mHealth technology will help with self-management, from diagnosing symptoms, making appointments, and finding providers through the use of mobile apps. Hospitals and physicians will also benefit by being able to transmit public service announcements.
  5. It will expedite transition from fee-for-service to bundled and outcomes-based reimbursement, facilitating mHealth adoption: The bundled and outcomes-based reimbursement model is far more economical and efficient than fee-for-service. Because mHealth has those same qualities, it will likely be used in the outcomes-based reimbursement.

I think Scher has made some good points and that mHealth will most definitely be affected by the SCOTUS decision. He summed up his article very well, in my opinion, with this:

So while the SCOTUS decision will not directly affect mHealth, its ramifications will, in my opinion, not only facilitate by create the absolute need for proliferation and adoption of the technologies. It will also foster a participatory medicine mentality by necessity, and mHealth will be there when it happens.