Web-Tones

The Association of Academic Health Centers (AAHC) issued a statement on June 6 commending the Department of Health & Human Services’ Office for Civil Rights (OCR) for furthering patient protections through the issuance of a proposed change to the HIPAA Privacy Rule. However, AAHC, which represents more than 100 academic medical centers, noted that the accounting for disclosure requirement of the rule “has proved to be excessive and burdensome for the nation’s biomedical research enterprise.”

via www.ehrwatch.com

The AAHC may have a good case for exemptions from disclosure, especially if the PHI has been de-identified according to law, but it does illustrate one of the problems with HIPAA enforcement, everyone thinks it is a good thing that the "other guy" comply. The more exceptions the potentially more fragmented the enforcement.

So far, OCR has been less the aggressive (understatement) in its enforcement actions. I believe that this is mostly due to creating "breathing space" for the healthcare industry as it attempts to deal with EHR implementations and other major initiatives ICD-10.

There is a "messaging middle ground" that OCR should adopt that gets the wheel turning on compliance without taking out the big stick (yet). OCR should indicate what it expects from covered entities of all sizes? Why? Because historically HIPAA enforcement has been almost completely ignored by the industry (treated as an inside joke). There are hardly any business process built around compliance, and little adoption of HIPAA Compliance Software to speak of.

Without business processes enabled by affordable compliance software the industry will lag in its compliance efforts for the next ten years, and unacceptable outcome if we really want a NHIN that everyone participates in.

Looking for a best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH / HIPAAexperience?

On May 31, HHS Published a notice of proposed rulemaking (NPRM) on the HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Act (HITECH).

via geekdoctor.blogspot.com

The post in the link above does a good job of summarizing some of the complexity surrounding the proposed NPRM regarding accounting disclosures. Dr. Halamka makes the point that for large covered entities this may be quite a burdensome requirement to meet.

I would suggest that this holds true for covered entities of all sizes and will be nearly impossible to do without best of breed HIPAA Compliance Software. Fortunately, there are now SaaS based affordable options even for the little guys.

Looking for a best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH / HIPAAexperience?