On July 28, 2010, CMS published Stage 1 electronic health record (EHR) criteria that health care providers, including hospitals, must meet to qualify for financial incentives made available through passage of the HITECH Act. In its Rule, CMS noted that the EHR incentives would be staged through three separate stages, with each stage having increasing EHR utilization requirements to qualify for financial incentives.
CMS has now proposed the Stage 2 criteria that health care providers and hospitals must meet to qualify for continued financial incentives.
We previously wrote about a proposed Rule that modifies the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to require an accounting of electronic disclosures of protected health information. The proposed Rule was open to comments until August 1 and has received much attention, with over 400 comments.
On February 4, 2011, the Department of Health and Human Services (HHS) issued its first civil monetary penalty for HIPAA violations. The penalty was levied against Cignet Health Center of Prince George’s County, Maryland, and was substantial at $4.3 million dollars. Not only is the penalty notable because it may represent stepped up enforcement of HIPAA privacy provisions by HHS in the wake of the HITECH Act, but it also is the first penalty to implement the HITECH increased penalty amounts.
The Pennsylvania Supreme Court Civil Procedure Rules Committee is considering changes to how litigators deal with electronic discovery in state court. However, the Committee is explicitly charting a course away from the complicated approach adopted in federal court and the increasingly intricate interpretation of the federal rules by federal courts. This should come as good news to health care providers, as electronically stored information becomes more prevalent and litigation becomes more costly.
A key step in any provider’s electronic medical record (EMR) software purchase is the negotiation of the contract or software license agreement (SLA). Contract negotiation often gets passed over for more interesting and timely discussions like developments in the HITECH Act. However, it is every bit as important, especially with HITECH Act provisions making their way into many of the leading EHR vendors’ contracts.
Houston Neal of Software Advice recently contacted me about a guide they have developed for health care providers to manage the legalese of an SLA. In their report, they review five key sections of the SLA: user license, implementation, service obligations, hardware/interfaces, HITECH Act clauses.
Of course there are several other considerations and best practices to keep in mind. Here are some other helpful tips from their post:
- Have a lawyer and senior IT staff review software vendor agreements when possible.
- Review contract language frequently and avoid any ambiguous language.
- Make sure any verbal agreements are backed up by a paper trail.
- Document any “what if” fees. For example, troubleshooting support, late payment fees, system upgrades, etc.
- Make sure the contract includes a clause about security and HIPAA compliance.
- Ask for contract drafts in modifiable formats (e.g. Microsoft Word documents) rather than PDFs.
- Plan a dispute resolution process.
- Reserve the right to take vendor to court rather than submit to arbitration.
- Identify which state’s laws will be used in a dispute or arbitration.
The views, comments, and opinions of Mr. Neal within his article are his own and should not be construed to be those of Defense of Medicine, the authors of this blog, the McQuaide Blasko Law Offices or attorneys associated with the firm.
In fulfillment of the HITECH Act’s promises of financial incentives for eligible professionals who use “certified electronic health record technology,” the Office of National Coordinator for Health Information Technology (ONC) has published a list of electronic health record products certified under the ONC’s temporary certification program. To qualify for financial incentive payments, health care providers must implement electronic health records that have been certified to fulfill published regulatory objectives. Health care providers must also become “meaningful users” of those electronic health records.
The meaningful use and certification definitions go hand-in-hand because the financial incentives are only available when electronic systems are implemented that meet regulatory objectives related to interoperability and tasks the systems are capable of performing. The ONC’s certification program and identification of certified electronic systems ensure that health care providers are adopting technologies capable of meeting those regulatory objectives. To become “meaningful users,” the providers must then implement those technologies in their patient care activities as frequently as the regulations require. Recovery of the available financial incentives further requires that the health care providers attest to the Centers for Medicare and Medicaid Services that they are “meaningful users”; those attestations begin in April 2011.
The publication of electronic systems certified to actually meet the “meaningful use” requirements is clearly the next step toward achievement of the HITECH Act’s goal of broadening standardized implementation of electronic health records. Health care providers should exercise diligence and caution when making the investment in electronic record technology to ensure that the chosen system is certified and that they implement it in accordance with the regulatory criteria required to qualify for financial incentives.
Some recent news on the Health IT front:
- A recent survey shows that most hospital IT executives plan to meet the CMS “meaningful use” requirements to qualify for financial incentives directed to early electronic health record implementation. The survey was conducted by the College of of Healthcare Information Management Executives and consisted of an online questionnaire. Of the 152 respondents, 28% expected to meet the requirements and qualify for the incentive funds before April 1, 2011. Another 62% anticipate meeting the requirements prior to September 30, 2012, when the first round of the incentive program ends. This survey is in contrast to a much broader study conducted in 2009 that showed only 2% of hospitals had sufficiently implemented an electronic medical record system that would meet the meaningful use requirements.
- On August 30, 2010, HHS announced the first two bodies authorized to test and certify electronic health record systems for compliance with the “meaningful use” standards and criteria. They are: “The Certification Commission for Health Information Technology” in Chicago, Illinois and the Drummond Group, Inc. of Austin, Texas. These are the organizations to which electronic health record vendors will have to look to obtain certification of their products. Health care providers will want to ensure that their electronic health systems qualify for certification by these organizations to be obtain the financial incentives available for the “meaningful use” of those systems.
- The American Hospital Association submitted a comment letter on September 10, 2010 requesting that the Department of Health and Human Services make improvements to the HITECH Rule modifying HIPAA. The Hospital Association’s comments were broad, encouraging changes in the HITECH Rule including its breach notification requirements, access rights to electronic health records, and use of patient outcomes in fundraising activities. This was the same Rule that was recently withdrawn quietly by HHS and the subject of a New York Times article. The HITECH modification of HIPAA will likely be a future area of development requiring attention from healthcare providers.
On July 13, the Department of Health and Human Services announced requirements practitioners must adopt to qualify for incentive payments encouraging the implementation of electronic health records (EHR). Using certified EHRs in a meaningful way is critical to individual practitioners and hospitals not only because millions of dollars in incentive payments are available through Medicare and Medicaid but also because those presently available incentives will ultimately transition to penalties if practitioners delay implementation of electronic record-keeping.
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 established the monetary incentive program for the implementation of EHRs. Congress enacted the HITECH Act in conjunction with the broader fiscal stimulus programs of the American Recovery and Reinvestment Act. Under HITECH, Medicare and Medicaid incentive payments are available to “meaningful EHR users” beginning in January 2011. The definition of “meaningful use” has been the subject of debate, which finally resolved with the issuance of two related final Rules on July 13. Read more
Last week, the Office of the National Coordinator for Health Information Technology (ONC) issued a final rule that establishes a temporary program for the certification of electronic health record (EHR) systems. This temporary certification program is a key component for hospitals to meaningfully adopt certified EHR systems and, therefore, be eligible for potentially millions of dollars in incentive payments from the government.
Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, programs exist under Medicare and Medicaid for physicians and hospitals to receive incentive payments for the “meaningful use” of certified EHR systems beginning in 2011. What constitutes “meaningful use” has been the subject of much debate and CMS has proposed the gradual phase-in through three stages, ramping up the the use of EHR that is deemed to be sufficiently meaningful to warrant incentive payments.
However, the first step in meaningfully using EHR systems to qualify for the incentive payments is adopting systems that are certified by ONC. The Department of Health and Human Services summarized the purpose of the certification program in part as follows:
Certification is used to provide assurance and confidence that a product or service will work as expected and will include the capabilities for which it was purchased. EHR technology certification does just that: It assures health care providers that the EHR technology they adopt has been tested and includes the required capabilities they need in order to use the technology in a meaningful way to improve the quality of care provided to their patients.
It will be important for hospitals and physicians to ensure that any EHR systems they implement meet the temporary certification requirements. The burden of fulfilling these technical requirements, however, will likely fall most heavily on vendors marketing their EHR programs. However, in the event hospitals or physicians have developed their own EHR systems, they should be aware of the certification requirements and take steps to have their systems certified. Otherwise they risk failing to quality for the incentive payments available through the Medicare and Medicaid programs that can total up to $44,000 for physicians and millions for hospitals.
On June 17, the United States Supreme Court issued its decision in City of Ontario, California v. Quon, No. 08-1332 (June 17, 2010), a case about Fourth Amendment privacy rights and warrantless searches. What could such a case have to do with healthcare providers? Plenty. This case may have implications for the privacy and security of text pagers ubiquitous to health professionals and, probably more importantly, employee- and employer-owned cell phones and smart phones.
Quon involved a government-employer’s search of an employee’s employer-issued text pager. Quon was a police officer assigned to the SWAT team. He was issued a text pager by the City of Ontario principally so that he could receive emergency text messages requiring rapid response of the SWAT team. The pager carried a monthly text limit, beyond which overage charges applied. Quon repeatedly exceeded the monthly text limit, but paid for his overage charges. His supervisor wanted to determine if the monthly text limit was too low for legitimate work-related activities and, therefore, requested transcripts of Quon’s text messages that were sent or received during work hours. Not only did the supervisor find that the vast majority of Quon’s text messages were personal, but also that some of them were sexually explicit. Quon was disciplined but contended that the City’s search of his text messages constituted an unreasonable search prohibited by the Fourth Amendment. Read more