Meaningful Use Stage 1 Requirements
The Meaningful Use Stage 1 Requirements are that providers must adopt certified Electronic Health Records (EHRs) and use the EHRs to collect patient data in four categories – core objectives, menu set, clinical quality measures, and additional quality care measures. Not all categories of data collection need to be fully completed in order to qualify for Meaningful Use incentive payments. The Meaningful Use Program The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on February 17, 2009. One of the main aims of the HITECH Act is to encourage healthcare providers to switch from paper records to EHRs. Starting in 2011, two years after the HITECH Act was signed into law, incentive payments could be claimed by eligible professionals under the Meaningful Use program. Those payments could be claimed until 2015, after which, eligible professional taking part in the program that failed to demonstrate meaningful use of EHRs could be fined. While early adoption of EHRs was encouraged, it was possible to adopt EHRs as late as 2014 and still...
HIPAA Violations Result in Jail Time for New York Identity Thief
A New York identity thief who stole the medical data of approximately 1000 patients and committed $10.7 million in Medicare fraud has been convicted of HIPAA violations by a New York federal court and sentenced to serve 12 years in a federal penitentiary. Over the course of a four year period, Helene Michel, the owner of Hicksville NY., Medical Solutions Management Inc. (MSM), impersonated a doctor – acting under the name Dr. Elene Allonce – as well as nurses, wound care specialists and other healthcare professionals to gain access to Social Security numbers and medical information of patients in order to make fraudulent medical claims to support her extravagant lifestyle. Michel was able to gain access to nursing facilities in Nassau, Suffolk, Queens, Kings and Dutchess Counties between April 2003 and March 2007. She was able to obtain the information necessary to make bogus Medicare claims for services provided by her company. The proceeds from her crimes were used to purchase a $2.2 million Old Brookville home, set up a personal pension plan as well as an investment brokerage...
HIPAA Data Breach Affects 13.5K United Homecare Services Patients
United HomeCare Services had been diligently implementing policies and procedures to protect the PHI of its patients which included installing software to encrypt the data on all of its laptop computers. Upgrading data security measures can take some time, and while laptops had been scheduled for data encryption some devices only employed password protection to protect the data. On January 8, 2013 a billing manager at the hospital returned home with a laptop computer which she was authorized to take off the premises. On the way home from the hospital the employee made a stop to visit a friend who was ill. She left the laptop on the front seat of the car, locked the doors and entered her friend’s house. Despite the visit only lasting 10 minutes, this was enough time for thieves to smash her car window and steal the laptop. United HomeCare Services was made aware of the incident and the local authorities were notified of the theft. UHCS reported the theft to the OCR the following day, and while it was known that the laptop had some patient data stored on the hard drive, it was not...
HIPAA Omnibus Rule Comes into Force
The HIPAA Omnibus Rule was published on Jan 25, 2013 by the Department of Health and Human Services (HHS) as an amendment to the Health Insurance Portability and Accountability Act (HIPAA). The new rule came into force on March 26, 2013 and modifies existing HIPAA regulations to provide greater protection of patient data; extending the reach of HIPAA and modifying regulations to bring them in line with the Health Information Technology for Economic and Clinical Health (HITECH) Act. The HIPAA Omnibus Rule contains many amendments, although it introduces four new rules: The HIPAA Privacy, Security and Enforcement regulations have been updated as follows: Liability for HIPAA compliance extended to include business associates and subcontractors Sale of PHI prohibited without authorization and the use of PHI for marketing or fundraising has been prohibited. Greater powers for patients allowing them access to their electronic medical and health data, while restricting information which must be disclosed to a health plan if treatment has been paid in full by the patient. Notices of...
Pittsburgh 911 Dispatch Center Investigated for HIPAA Violation
A 911 dispatch center in Monroeville, Pittsburgh is being investigated for a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) after failing to safeguard protected health information. The Office for Civil Rights of the U.S. Department of Health and Human Services received a complaint in August 2012 relating to the dispatch center after a former police chief was sent protected health information via E-mail, which violates HIPAA regulations. While the electronic communications violate HIPAA, the complaint also highlighted another potential HIPAA-compliance issue. Generic user names and passwords were created to ‘protect’ a database of 911 callers’ medical information, potentially exposing confidential information to anyone with the login details. Users with those credentials would be able to log into the database and access all of the information held in the database. The complaint was made by Assistant Police Chief Steven Pascarella after the discovery that communications were still being sent via E-mail to a former police chief. Even though...



