HIPAA Blog

[ Monday, February 26, 2024 ]

 

[Note: This should have been posted early January -- I just noticed it was still in Draft]

HHS announces data blocking penalties: The information blocking rule (IBR) is part of the 21st Century Cures Act, which itself is sort of a hodge-podge of a law addressing a bunch of different healthcare research and IT related matters.  Of course, the Cures Act itself follows in a long line of healthcare policymaking that is both omnibus in presentation and reactive and/or deductive in focus.

Remember, HIPAA started out as a law intended to force insurance companies to provide coverage to an applicant who had similar insurance in the immediate months prior.  One way to "scam" insurance is to not participate when you are healthy and only buy it when you are sick, which it the practical equivalent of not buying fire insurance until your house is on fire.  If you can do so, you avoid paying into the insurance risk pool when you'd lose money, and only pay in when you'll get more back.  In other words, you're "free-riding" on other insurance purchasers.  

It's understandable that insurers want to prevent free-riders, and one way to do it is by refusing to cover pre-existing conditions.  If you don't buy insurance until you're sick, and then show up at the insurer's door with an expensive illness, the insurer will say, "OK, you're covered, but not for what you already got."  That's fair.  However, what if you didn't game the system, you weren't a free-rider: you had insurance previously, but you just need new insurance because (e.g.) you got a new job.  For the insurance company, it's still a pre-existing condition, but it's not fair to the insured.  Ultimately, for a lot of people, the pre-existing condition hurdle meant they were stuck in their current job and couldn't take a better one.  That's "job-lock."

HIPAA was originally drafted to target job-lock: if you had "creditable" health insurance coverage within the last 6 months, a new insurer can't deny you for a pre-existing condition.  Remember, the first 2 letters of HIPAA don't stand for health information privacy, but for health insurance portability.  It's a great idea that every politician could support.  However, great ideas get other ideas attached to them, ideas that might not pass into law on their own, but would pass if they were attached to a great idea.  

Several new foci got attached to HIPAA's portability provision, some with merit but none universally supported.  First, regulators wanted the healthcare industry to be more efficient.  At that time, healthcare was a laggard in adopting information technology; most healthcare providers used primarily paper records, and a large portion of billing was done on paper (and that done electronically was done using multiple systems with no coherent or consistent programming logic).   The drafters of HIPAA thought that if all electronic transactions in healthcare were standardized, more people would bill and pay electronically, and the system would be more efficient.  Thus, the transactions and code sets (T&CS) rule was adopted.

However, if all that data is going to be digitized and sent electronically, the data would be at much greater risk in electronic format than in paper format (you can't make money trying to steal paper records, and a breach of a physical paper storage room is a lot easier to catch and prevent).  If we're going to encourage electronic data interchange in healthcare, we also need to ramp up data privacy and security practices.  Thus, the privacy and security rule were adopted.

You see, Portability begat T&CS standards, which in turn begat Privacy and Data Security standards.  And you know that the HITECH Act contains a lot of HIPAA updates and revisions, including the data breach reporting standards.

One of the main foci of the HITECH act (remember, the title is "Health Information Technology for Economic and Clinical Health") was the "meaningful use" rule: the encouragement/forcing of healthcare providers to adopt electronic medical records (EMRs); this was actually a follow-on to the genesis of HIPAA's transaction and code sets, as well as the data privacy and security requirements.  While the T&CS rule was intended to entice the industry to become more digital, not enough providers moves in that direction, particularly small health providers.  Many continued their paper ways.  Congress knew that one way to get them to move would be to give them money to do so: if a healthcare provider uses electronical technology in a meaningful way (i.e., becomes a "meaningful user" of it, i.e. adopts an EMR), CMS will pay it money; if it does not, CMS will reduce what it pays for Medicare and Medicaid patients.  

The IBR is intended to address an issue that has come up with regard to EMR companies intentionally designing their systems to be less-than-fully compatible with other EMRs. 

HHS posts penalties

Hospitals, medical groups push back against penalties

Jeff [9:12 AM]

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template

A discussion of medical privacy issues buried in political arcana

E-mail me at jdrummond-at-jw.com

- Archives - March 2002 April 2002 May 2002 June 2002 July 2002 August 2002 September 2002 October 2002 November 2002 December 2002 January 2003 February 2003 March 2003 April 2003 May 2003 June 2003 July 2003 August 2003 September 2003 October 2003 November 2003 December 2003 January 2004 February 2004 March 2004 April 2004 May 2004 June 2004 July 2004 August 2004 September 2004 October 2004 November 2004 December 2004 January 2005 February 2005 March 2005 April 2005 May 2005 June 2005 July 2005 August 2005 September 2005 October 2005 November 2005 December 2005 January 2006 February 2006 March 2006 April 2006 May 2006 June 2006 July 2006 August 2006 September 2006 October 2006 November 2006 December 2006 January 2007 February 2007 March 2007 April 2007 May 2007 June 2007 July 2007 August 2007 September 2007 October 2007 November 2007 December 2007 January 2008 February 2008 March 2008 April 2008 May 2008 June 2008 July 2008 August 2008 September 2008 October 2008 November 2008 December 2008 January 2009 February 2009 March 2009 April 2009 May 2009 June 2009 July 2009 August 2009 September 2009 October 2009 November 2009 December 2009 January 2010 February 2010 March 2010 April 2010 May 2010 June 2010 July 2010 August 2010 September 2010 October 2010 November 2010 December 2010 January 2011 February 2011 March 2011 April 2011 May 2011 June 2011 July 2011 August 2011 September 2011 October 2011 November 2011 December 2011 January 2012 February 2012 March 2012 April 2012 May 2012 June 2012 July 2012 August 2012 September 2012 October 2012 November 2012 December 2012 January 2013 February 2013 March 2013 April 2013 May 2013 June 2013 July 2013 August 2013 September 2013 October 2013 November 2013 December 2013 January 2014 February 2014 March 2014 April 2014 May 2014 June 2014 July 2014 August 2014 September 2014 October 2014 November 2014 December 2014 January 2015 February 2015 March 2015 April 2015 May 2015 June 2015 July 2015 August 2015 September 2015 October 2015 November 2015 December 2015 January 2016 February 2016 March 2016 April 2016 May 2016 June 2016 July 2016 August 2016 September 2016 October 2016 November 2016 December 2016 January 2017 February 2017 March 2017 April 2017 May 2017 June 2017 July 2017 August 2017 September 2017 October 2017 November 2017 December 2017 January 2018 February 2018 March 2018 April 2018 May 2018 July 2018 August 2018 September 2018 October 2018 November 2018 December 2018 January 2019 February 2019 March 2019 April 2019 May 2019 June 2019 July 2019 August 2019 September 2019 October 2019 November 2019 December 2019 January 2020 February 2020 March 2020 April 2020 May 2020 June 2020 July 2020 August 2020 September 2020 October 2020 November 2020 December 2020 January 2021 February 2021 March 2021 April 2021 May 2021 June 2021 August 2021 September 2021 October 2021 November 2021 December 2021 January 2022 February 2022 March 2022 April 2022 May 2022 June 2022 July 2022 August 2022 September 2022 October 2022 November 2022 December 2022 February 2023 March 2023 April 2023 June 2023 July 2023 August 2023 September 2023 October 2023 November 2023 December 2023 January 2024 February 2024 March 2024 April 2024 May 2024

[ Advertisers ]

[ Links ]
Jackson Walker home page
My (official Jackson Walker) Bio
HHS' Administrative Simplification page
OCR's HIPAA Privacy page
ICD-10 Codes
NIST's HIPAA Security Implementation page
HIPAA.org page
TCS standard-setting
HIPAA Summit's page
Harvard's HIPAA colloquium
Workgroup for EDI
Siemen's HIPAA page
Beacon Partner's HIPAAcomply
FindLaw's HIPAA law page
HIPAAComplete
HIPAADocs
AMA's HIPAA page
AHA's semi-HIPAA page
American Health Lawyers Assn
SHARP (the Southern SNIP)
Boundary Information Group's HIPAAinfo.net
HIPAA academy
MedAbiliti's Health Innovation Daily News
Thompson-West's Privacy Litigation Reporter
HIPAAnswers (HIPAA compliance solutions)
Healthcare Intelligence Network Blog
Prescription Drug Encyclopedia
Compliance Home Portal
HIPAA Training (Supremus Group)
PracticeSuite Practice Management Blog
DMEPOS Surety Bonds
Hospital.com
Human Resources Daily Advisor

[ WebRings ]
< ? law blogs # >

[ Syndicated RSS Feed ]
Click Here