WV Medicaid Offering Cash Incentive Program to New ePrescribers

The West Virginia Regional Health Information Technology Extension Center (WVRHITEC) announced this week that West Virginia's Medicaid Program is now offering cash incentives to health care providers who become a part of a new e-prescribing system.

WVeScript, is a new web-based ePrescribing tool implemented by the West Virginia Bureau for Medical Services (BMS) and provided to all Medicaid program prescribers and pharmacies. It is located on the BMS MediWeb Clinical Web Portal. This tool can be used to ePrescribe for all patients, not just those with Medicaid insurance. FAQs with more information about the WVeScript and MediWeb Clinical Web Portal.

The announcement by WVRHITEC also indicates that as an added incentive, West Virginia Medicaid will provide cash assistance in the amount of $1,000.00 for the purchase of a computer or to pay toward web access when a provider enrolls in the ePrescribing program at www.WVeScript.com. At the end of March 31, 2011, if a provider has electronically prescribed at least 70% of his or her prescriptions for Medicaid members, she or he will receive an additional $1,000.00. In addition, training is available, and a provider can earn two CME credits for completing the on-line web-based training. The incentives are available to a limited number of providers, so please sign up today.

Educating Physicians About Social Media

Great insight and advice from Bryan Vartabedian, M.D., the author of 33 Charts on "How to Speak to Physicians About Social Media."

Dr. V was responding to a request from Susannah Fox, Associate Director - Digital Strategy at Pew Internet & American Life Project, who will be speaking on a panel at the American College of Surgeons 96th Annual Clinical Congress next month. The session title is To Tweet or Become Extinct?: Why Surgeons Need to Understand Social Networking.

As someone who regularly speaks to groups of physicians I enjoy the opportunity every time (as long as I start off by saying I'm a health care defense attorney). As a group they are always engaging and inquisitive which leads to great discussions. As Dr. V points out the legal aspects and concerns over privacy and liability will be a topic not far below the surface. Like lawyers surgeons are trained to be skeptical technicians. I see that there is a lawyer, Rebekah A. Z. Monson, who is on the panel to cover the dos and don'ts. However, I hope you (Susannah) will weave into the legal discussion the consumer health and e-patient issues that often clash with the legal implications. Don't let the legal issues stand alone.

Dr. V's advice of ". . . discussion of patient-specific issues in public forums is off limits; discussion of patient non-specific issues is encouraged. Any attempt at patient-initiated discussion of specific medical issues immediately goes offline and onto the EMR for issues of record, liability and safety . . ." is excellent. I also like Dr. V's ethical dilemma recommendation for a possible case study approach during the discussion. One example you may want to explore using to address the clash between physician as authoritarian (transparency issue that Dr. V discusses) vs. patient as engaged consumer (e-patient) is the story of Johathan Zittrain's crowdsourcing his diagnosis. His story presents many great angles on social media's use in the health care environment by e-patients.

As for the legal implications of social media if you want to bone up on the topic take a look at the article I co-authored for AHLA earlier this year on the legal implications of health care social media, Risky Business: Treating Tweeting the Symptoms of Social Media.

Good luck Susannah and break a leg (no worries - there will be plenty of docs around to take care of you)!

HIPAA Prosecution: Former UPMC Employee Indicted

The United States Attorney's Office Western District of Pennsylvania issued a press release providing details of their first HIPAA privacy prosecution. The federal grand jury in Pittsburgh issued a 14 count indicted naming Paul C. Pepala.

The press release provides the following details:

According to the indictment, in February 2008, Pepala, then employed at UPMC Shadyside Hospital, disclosed to others names, birth dates and Social Security numbers of patients for personal gain, in violation of federal HIPAA laws, and disclosed Social Security numbers to other persons without their authorization. This information was used to file false tax returns in 2008. Pepala was also charged with violating the Social Security Act by disclosing Social Security numbers in violation of federal law.

The law provides for a maximum total sentence of 80 years in prison, a fine of $4,730,000, or both. Under the Federal Sentencing Guidelines, the actual sentence imposed would be based upon the seriousness of the offenses and the prior criminal history, if any, of the defendant.

Agents of the United States Postal Inspection Service, Internal Revenue Service and United States Secret Service conducted the investigation leading to the indictment in this case.

FSB: Best Lawyers in America 2011

This past week I received notice that I was again selected by my peers for inclusion in The Best Lawyers in America® 2011 in the field of "Health Care Law".

In all, nine lawyers from Flaherty Sensabaugh Bonasso PLLC were selected for inclusion in The Best Lawyers in America® 2011. Congratulations to my partners, David Givens and Mark Robinson, who were selected for the first time this year in the category of "Medical Malpractice".

Below is a list of all the 2011 FSB honorees:

• Mike Bonasso - Commercial Litigation
• Stephen Brooks - Medical Malpractice Law and Personal Injury Litigation
• Bob Coffield - Health Care Law
• Tom Flaherty - Personal Injury Litigation
• David Givens - Medical Malpractice Law
• Ted Martin - Medical Malpractice Law
• Mark Robinson - Medical Malpractice Law
• Don Sensabaugh - Medical Malpractice Law and Personal Injury Litigation
• Jeff Wakefield - Bet-the-Company Litigation, Commercial Litigation, Medical Malpractice

Best Lawyers is based on an exhaustive peer-review survey in which more than 39,000 leading attorneys cast almost 3.1 million votes on the legal abilities of other lawyers in their practice areas. Corporate Counsel magazine has called Best Lawyers "the most respected referral list of attorneys in practice."

CMS Awards WV Medicaid $945K Federal Matching Funds for EHR Incentive Programs

iHealthBeat reports that West Virginia Medicaid along with five other states will receive federal matching funds from the Centers for Medicare and Medicaid (CMS)to help implement electronic health record (EHR) incentive programs.

West Virginia Medicaid will receive $945,000 in federal matching funds. The CMS press release indicates that West Virginia will use the funds for planning activities that include conducting a comprehensive analysis to determine the current status of HIT activities in the state. The funds will be used to gather information on issues such as existing barriers to its use of EHRs, provider eligibility for EHR incentive payments, and the creation of a State Medicaid HIT Plan.

The CMS press release states:

WEST VIRGINIA TO RECEIVE FEDERAL MATCHING FUNDS FOR ELECTRONIC HEALTH RECORD INCENTIVES PROGRAM

In another key step to further states’ role in developing a robust U.S. health information technology (HIT) infrastructure, the Centers for Medicare & Medicaid Services (CMS) announced today that West Virginia’s Medicaid program will receive federal matching funds for state planning activities necessary to implement the electronic health record (EHR) incentive program established by the American Recovery and Reinvestment Act of 2009 (Recovery Act). West Virginia will receive approximately $945,000 in federal matching funds.

EHRs will improve the quality of health care for the citizens of West Virginia and make their care more efficient. The records make it easier for the many providers who may be treating a Medicaid patient to coordinate care. Additionally, EHRs make it easier for patients to access the information they need to make decisions about their health care.

The Recovery Act provides a 90 percent federal match for state planning activities to administer the incentive payments to Medicaid providers, to ensure their proper payments through audits and to participate in statewide efforts to promote interoperability and meaningful use of EHR technology statewide and, eventually, across the nation.

“We congratulate West Virginia for qualifying for these federal matching funds to assist its plan for implementing the Recovery Act’s EHR incentive program,” said Cindy Mann, director of the Center for Medicaid and State Operations at CMS. “Meaningful and interoperable use of EHRs in Medicaid will increase health care efficiency, reduce medical errors and improve quality-outcomes and patient satisfaction within and across the states.”

West Virginia will use its federal matching funds for planning activities that include conducting a comprehensive analysis to determine the current status of HIT activities in the state. As part of that process, West Virginia will gather information on issues such as existing barriers to its use of EHRs, provider eligibility for EHR incentive payments, and the creation of a State Medicaid HIT Plan, which will define the state’s vision for its long-term HIT use.

WVHCA: Proposed CON Standards for Megavoltage Radiation Therapy Services/Units

The West Virginia Health Care Authority has issued a Notice of Public Comment Period on a new Proposed Certificate of Need Standard for Megavoltage Radiation Therapy Services/Unit.

Written comments on the proposed Certificate of Need Standard must be filed with the Authority on or before July 30, 2010. Written comments should be directed to Timothy E. Adkins, Director of Certificate of Need Division.

WVHCA: Proposed Amendment to West Virginia CON Law Defintion of "Private Office Practice"

On June 15, 2010, the West Virginia Health Care Authority filed a Notice of a Comment Period on a Proposed Rule with the West Virginia Secretary of State amending West Virginia CSR 65-7, Certificate of Need Rule.

According to the Summary and Statement of Circumstances filed with the Proposed Rule the "amendment clarifies the definition of "private office practice" for purposes of administering the Certificate of Need Program. Those entities meeting this criteria may be eligible for an exemption from Certificate of Need review pursuant to West Virginia Code 16-2D-R(a)."

Written comments on the Proposed Rule are due on or before July 16, 2010.

What Health Care Employers Need to Know about the West Virginia Patient Safety Act

Ryan Brown, a health care attorney at Flaherty Sensabaugh Bonasso PLLC who specializes in medical malpractice defense, health care regulatory work and health care related employment issues wrote this summary of the West Virginia Patient Safety Act.

In 2001, the West Virginia Legislature passed the Patient Safety Act (“PSA”), W.Va. Code § 16-39-1 et seq. The purpose of the PSA was to provide an avenue for health care workers to report instances of waste or wrongdoing without the fear of retaliatory or discriminatory treatment by their employers through termination, demotion, reduction of time, lost wage, or lost benefits. The PSA requires the identity of a health care worker who reports waste or wrongdoing to a health care entity (e.g., hospital, clinic, nursing facility, etc.) or appropriate governmental authority to remain confidential. Health care entities are also required to post a summary of the important provisions of the PSA on the premises for its employees.

It is important for health care entities to understand that the PSA prohibits retaliation or discrimination against a health care worker who made a good faith report; advocated on behalf of patients, services or conditions of a health care entity; or cooperated in any investigation relating to the care, services or conditions of the health care entity. A health care worker who has been retaliated or discriminated against by his or her employer in violation of the PSA may file a civil suit and recover payment of back wages, costs of the litigation, reasonable attorney fees, and even reinstatement.

Many employers in West Virginia have had experience with the West Virginia Human Rights Act (“WVHRA”), W.Va. Code § 5-11-1 et seq, and its exception to the “at-will” employment doctrine. The WVHRA prohibits discrimination on the basis of race, religion, color, national origin, ancestry, sex, age, disability, and familial status. The WVHRA has been used by former employees as a way to defeat “at-will” employment by alleging that they were wrongfully terminated based on a protected status, rather than for unsatisfactory job performance. Although initially designed to improve the quality of patient care, the PSA has also been used by some former health care employees as a way to get around the concept of “at-will” employment. For example, a discharged health care worker could potentially sue his former employer using the PSA to allege that he was discriminated against after he reported instances of the employer’s waste and wrongdoing.

Health care entities must take special care not only to document the unsatisfactory performance of its employees, but also document and investigate complaints of waste or wrongdoing to shield itself from such PSA lawsuits. These lawsuits can be quite complicated as they encompass elements of both employment litigation and medical professional liability litigation.

ONC Issues Final Rule for EHR Temporary Certification Program

Last Friday the Office of National Coordinator for Health Information Technology (ONC) issued a final rule providing the details on how organizations can be authorized by ONC to test and certify EHR technology. ONC discusses the details the Temporary Certification Program.

Certification is important because the Medicare and Medicaid EHR incentives under HITECH require the use of certificate EHR technology for eligible hospital and providers to recieve payments under the incentive program.

For more information check out the Temporary Certification Program information on the ONC Health IT website, including a link to a complete copy of the Temporary Certification Program Final Rule.

More information from Government Health IT, ONC launches health IT certification program and iHealthBeat, ONC To Start Accepting Bids for Entities to Certify EHR Products.

UPDATE (6/24/2010): The official Federal Register version of the Final Rule is now available: 45 CFR Part 170, Establishment of the Temporary Certification Program for Health Information Technology; Final Rule (75 Fed. Reg. 36158, June 24, 2010). The Final Rule is effective on June 24, 2010.

SAMHSA and ONC: FAQs on Substance Abuse Confidentiality Regulations for HIEs

The Substance Abuse and Mental Health Services Administration (SAMHSA) and the Office of the National Coordinator for Health Information Technology (ONC) announced last week the release of FAQs for Applying the Substance Abuse Confidentiality Regulations to Health Information Exchanges (HIEs).

Cover letter regarding the FAQs by Pamela S. Hyde, the Administrator of SAMHSA, and David Blumenthal, National Coordinator for ONC. The letter describes that the the Substance Abuse Confidentiality Regulations under 42 CFR Part 2 were enacted years ago (circa 1975). Due to the age of the regulations SAMHSA and ONC created the FAQs to provide guidance and understanding of the scope of these regulations in the context of today's move toward an electronic health information system.

The FAQs outline the general requirements under 42 CFR Part 2, provide guidance on its application to HIEs, and identify methods for including substance abuse related health information into HIEs that is consistent with the Federal statute.

As a follow-up to the release of the FAQs, SAMHSA and ONC will convene a meeting of concerned or interested parties from both the Behavioral Health and Information Technology (BH-IT) communities on August 4, 2010. The meeting will be an opportunity for SAMHSA and ONC to receive questions and comments on the FAQs.

The FAQs for Applying the Substance Abuse Confidentiality Regulations to Health Information Exchanges (HIEs) provide information on the following 37 questions:

1. Does the federal law that protects the confidentiality of alcohol and drug abuse patient records allow information about patients with substance use disorders to be included in electronic health information exchange systems?
2. What types of providers are covered programs under 42 CFR Part 2 (“Part 2”)?
3. What patients, and which records and information, are protected by 42 C.F.R Part 2?
4. For the purposes of the applicability of 42 CFR Part 2, does it matter how HIOs are structured?
5. Does 42 CFR Part 2 permit the disclosure of information without a patient’s consent for the purposes of treatment, payment, or health care operations?
6. Under Part 2, can a Qualified Service Organization Agreement (QSOA) be used to facilitate communication between a Part 2 program and an HIO?
7. May information protected by Part 2 be made available to an HIO for electronic exchange?
8. If Part 2 information has been disclosed to the HIO, either pursuant to a Part 2- compliant consent form authorizing such disclosure or under a QSOA, may the HIO then make that Part 2 information available to HIO-affiliated members?
9. How do different HIO patient choice models regarding whether general clinical health information may be disclosed to or through an HIO (e.g., no consent, opt in or opt out) affect the requirements of 42 CFR Part 2?
10. If an HIO is holding or storing Part 2 patient data through a QSOA, can the HIO redisclose the data coming from the Part 2 program to a third party without patient consent?
11. What are the required elements of a patient consent under Part 2?
12. What must a Part 2 program do to notify the HIO, or any other recipient of Part 2 protected information, that it may not redisclose Part 2 information without patient consent?
13. Can a single consent form be used to authorize the disclosure of Part 2 information to an HIO, as well as authorize the redisclosure of that information to other identified parties, such as HIO affiliated members?
14. Does Part 2 allow the use of multiple-party consent forms?
15. Does Part 2 require the use of original signed consents?
16. Under Part 2, may an HIO release demographic information about Part 2 patients without patient consent?
17. Under Part 2, can an HIO reveal that a patient had an encounter at a mixed use facility (or “general medical” facility – see FAQ #2) as long as the HIO does not reveal that the patient was in the mixed use facility’s Part 2 program? A mixed use facility can be defined as a service provider organization that provides substance abuse treatment services as well as other health services such as primary care, dental care, mental health services, social services, etc.
18. Under Part 2, can an HIO use a consent form that provides for disclosure to “HIO members” and refers to the HIO’s website for a list of those members?
19. Can an HIO use a consent form under Part 2 to allow for the disclosure of information to future HIO affiliated health care providers?
20. Can an HIO use a consent form under Part 2 to allow for the disclosure of information to health care providers who are providing on-call coverage for HIO affiliated health care providers or with whom those affiliated providers consult?
21. Can a Part 2 patient consent be used to enable multiple disclosures?
22. Can a Part 2 program or HIO use a consent form that has no specific expiration date but rather states that disclosure is permitted until consent is revoked by the patient?
23. Is “treatment” a sufficient description of the intended purpose of a disclosure on a Part 2 consent?
24. Under Part 2, can any health care provider make the determination that a medical emergency exists, or must a Part 2 provider make that determination?
25. May a computer system be used to automatically determine whether a medical emergency exists and whether a disclosure of Part 2 data can be made without the patient’s consent?
26. If a medical emergency exists, can the entire Part 2 record be released?
27. For documentation purposes, if a medical emergency is present, would it be permissible under Part 2 to have treating providers simply check a drop down box signifying the existence of such a medical emergency?
28. Under Part 2, may an HIO system make clinical decision support functions (such as showing a patient’s medications to clinicians when they write prescriptions, automatically ordering medications, and/or alerting clinicians about potential drug interactions) available to HIO affiliated health care providers in a medical emergency?
29. Does the Part 2 definition of medical emergency also include mental health emergencies?
30. When the HIO keeps an electronic record of a medical emergency, does that fully meet Part 2’s requirement to document disclosures made in a medical emergencies in the patient’s record?
31. If an HIO’s electronic system makes a disclosure in a medical emergency, would documenting the name of the discloser as “electronically disclosed through the system administered by HIO” meet Part 2’s requirement that the name of the person who made the disclosure be documented in the patient’s record?
32. If an HIO’s electronic system sends Part 2 data in a medical emergency to a printer or fax machine in the emergency room, can “the printer in the emergency department” meet Part 2’s requirement to document in the patient’s record the name of the person to whom the disclosure was made?
33. Once Part 2 information is disclosed in a medical emergency, can that information be redisclosed without obtaining patient consent?
34. If a patient has previously refused to consent to the release of his/her Part 2 record to a particular HIO affiliated health care provider, and then the patient is brought to that provider in a bona fide medical emergency situation, can that provider gain access through the HIO to the information without the patient’s consent under Part 2?
35. Can an HIO disclose data for Disease Management purposes under Part 2 without patient consent?
36. Under Part 2, would an HIO be permitted to disclose to an HIO affiliated payer the data of several patients held by the HIO, which may include Part 2 data, in order for the payer to target where interventions could be made with particular patients to improve care and management of disease?
37. If an HIO affiliated health care provider wishes to gain access to a minor’s Part 2 record held by the HIO, may the HIO or provider obtain only the consent of a parent or guardian, or must the minor’s consent also be obtained?

Thanks Blogger Team! Blogs of Note - June 14, 2010

Wow! Thanks to the Blogger Team for highlighting my Health Care Law Blog as a Blogs of Note on Blogger Buzz, the official buzz from Blogger at Google, for Monday, June 14, 2010. More on the Historie of Blogs of Note.

Welcome to all stopping by the Health Care Law Blog for the first time. If you are interested in health care law, privacy, security, and technology I hope you will check out my recent posts and add my blog to your regular reading list. You can follow my future posts via RSS or on Twitter at @HealthLawBlog.

Reversal of Conviction Because Undisclosed MySpace Friendship Between Defendant and Juror

Brian Peterson posts on a fascinating West Virginia Supreme Court of Appeals decision involving the use of social media between a juror and defendant and the issue of disclosure of such connections during voir dire.

In State v. Dellinger, No 3573 (W.Va. Supr. Ct. June 3, 2010) (PDF version) the West Virginia Supreme Court reversed a felony conviction of a Braxton County Sheriff due to a juror's "complete lack of candor" during voir dire. The juror and defendant were MySpace friends, but hardly knew each other. The Court found that the juror should have disclosed the relationship.

The Court describes the juror misconduct as follows:

At the direction of the trial judge, an investigation into alleged juror misconduct was conducted concerning Juror Amber Hyre. During the course of the investigation and at the June 11, 2008, hearing, it was learned that on February 7, 2008, approximately one week before Appellant's trial began, Juror Hyre sent a message to Appellant on “www.MySpace.com,” a social networking website. In that message, Juror Hyre, known as “Amber,” wrote to Appellant:

Hey, I dont know you very well But I think you could use some advice! I havent been in your shoes for a long time but I can tell ya that God has a plan for you and your life. You might not understand why you are hurting right now but when you look back on it, it will make perfect sence. I know it is hard but just remember that God is perfect and has the most perfect plan for your life. Talk soon!

According to Juror Hyre, after she sent this message to Appellant, the two became MySpace “friends,” which allowed Appellant to view postings on Juror Hyre's MySpace page and vice versa.

At the end of the decision, the Court in footnote 11 highlights the need for lawyers and judges to instruct jurors of their responsibility and provides a cautionary note to them about using technology during the trial process and deliberation. The Court provides a link to the model jury instruction developed by the Committee on Court Administration and Case Management of the Judicial Conference of the United States. I previously blogged about this Model Jury Instruction here.

The footnote reads:

As noted above, Juror Hyre posted a message on her MySpace page during the course of the trial in which she wrote, “Amber Just got home from Court and getting ready to get James and Head to church! Then back to court in the morning!” Next to “mood,” she wrote the word “blah.” The trial court found that Juror Hyre “did not state which trial she was hearing or any facts or opinions about the trial.” Though this Court does not condone any communication about a case by a sitting juror, we agree with the trial court's apparent finding that Juror Hyre's posting was benign in nature. We believe that, standing alone, it was not sufficient to find that she engaged in juror misconduct. However, we also believe some cautionary words are warranted concerning the prominent presence of the internet and routine use of and dependence upon various technologies by everyday Americans called to jury service. In an effort to preclude jurors from using cell phones, computers and social media websites such as MySpace, the Committee on Court Administration and Case Management of the Judicial Conference of the United States has endorsed a model jury instruction for federal district court judges to help deter jurors from using such technology for improper purposes (such as communicating about their case or conducting their own research). [Rules for Jurors: No Talking, Texting, Tweeting,] The National Law Journal, February 9, 2010, available at http//www.law.com/jsp/law technologynews/PubArticleLTN.jsp?id=1202442983764. For example, the jury instruction to be given before trial cautions, inter alia:
I know that many of you use cell phones, Blackberries, the internet and other tools of technology. You also must not talk to anyone about this case or use these tools to communicate electronically with anyone about the case. . . .You may not communicate with anyone about the case on your cell phone, through e-mail, Blackberry, iPhone, text messaging, or on Twitter, through any blog or website, through any internet chat room, or by way of any other social networking websites, including Facebook, MySpace, LinkedIn, and YouTube.”

The jury instruction to be given at the close of the case similarly provides:
During your deliberations, you must not communicate with or provide any information to anyone by any means about this case. You may not use any electronic device or media, such as a telephone, cell phone, smart phone, iPhone, Blackberry or computer; the internet, any internet service, or any text or instant messaging service; or any internet chat room, blog, or website such as FaceBook, MySpace, LinkedIn, YouTube or Twitter, to communicate to anyone any information about this case or to conduct any research about this case until I accept your verdict.

We note that, presently, there are no similar uniform standards for jurors in state trials. Id.

Lesson: If you are called for jury duty be sure to review all your MySpace, Facebook, Twitter, etc. contacts to make sure you have no connection to the parties in the matter. The case also highlights that technology has allowed all of us to develop new (more extended, not necessarily deeper) relationships with people that we don't really consider part of our "in person" social circle.The case also points out that jurors need to "go off the grid" during trial and deliberation process.

To get the full context of what occurred I recommend reading the full decision. Also, jump over to Brian's blog post to read more of his comments on the decision. I agree with his conclusion, "It's clear that voir dire and jury instructions need to catch up with technology."

UPDATE (6/15/10): Eric Goldman at the Technology & Marketing Blog and Molly DiBianca at Going Paperless provides additional analysis and thoughts on the decision.

UPDATE (6/18/2010): Ry Rivard at the Charleston Daily Mail covers the decision in his story, Web stirs problems in jury selection.

WVBOM: Policy Statement - Guidelines for Physicians in Collaborative Relationships with Advanced Nurse Practitioners

On May 10, 2010, the West Virginia Board of Medicine has issued a new Policy Statement - Guidelines for Physicians in Collaborative Relationships with Advanced Nurse Practitioners or Certified Nurse Midwives; Standard of Practice.

The new Policy Statement provide West Virginia physicians with guidance on the role and responsibility they play in the collaborative relationship with advanced nurse practitioners and certified nurse-midwifes. In summary, the guidance provides:

A. The physician must be permanently and fully licensed in West Virginia without restriction or limitation.

B. There should be a written collaborative agreement should should include certain specific provisions as outlined in the Policy Statement.

C. Other considerations that are outlined in the Policy Statement

The Policy Statement indicates that the failure by a physician to adhere to these minimum requirements and guidelines may result in discipline by the Board of Medicine.

Credentialing and Privileging Telemedicine Physician and Practitioner

Last week the Centers for Medicare and Medicaid Services (CMS) issued a proposed rule revising the conditions of participation (CoPs) for hospitals and critical access hospitals allowing for a new credentialing and privileging process for physicians and practitioners who provide telemedicine services. The proposed rule should make it easier on smaller hospital (especially critical access hospitals) who don't have the in-house medical staff to adequately evaluate and privilege a wide range of specialty physicians who provide services through telemedicine.

The proposed rule was published in the Federal Register on May 26, 2010, and titled, Credentialing and Privileging of Telemedicine Physicians and Practitioners, 75 Fed Reg 29479 (May 26, 2010). Comments on the proposed rule must be submitted by July 26, 2010.

Traditionally the CoPs have required the governing body of the hospital to make all privileging decisions based on the recommendations of its medical staff using specific criteria. Hospitals often use third-party credentialing verification services to assist in compiling the voluminous documents needed to verify credentialing and then have the governing body of the hospital review and sign off on the privileging decision.

The proposed rule points out that there has been a Joint Commission standard policy that allows "privileging by proxy," which has been in direct conflict with CoPs. "Privileging by proxy" allows Joint Commission accredited hospitals to utilize a different methodology to privilege"distant-site" physicians and practitioners. Basically, allowing one Joint Commissioned accredited hospital to accept the privileging decisions of another Joint Commissioned accredited hospital. In the past, hospitals were deemed (deemed status) to meet the CoPs if they were accredited by the Joint Commission. However, changes in the Medicare Improvement for Patients and Providers Act of 2008 (MIPPA) will halt (effective July 15, 2010) the statutory recognition of the Joint Commission's hospital accreditation program and now requires the Joint Commission to meet CMS standards in order to confer Medicare deemed status.

CMS has decided that requiring each hospital to independently privilege providers is a duplicative and burdensome process, especially for small hospitals who often use telemedicine services from larger academic medical centers and hospitals to provide access to needed specialty services. Thus, CMS is proposing in the rule to revise the hospital credentialing and privileging requirements to allow a hospital who obtains telemedicine services by agreement with another hospital that the agreement can specify that the hospital providing the telemedicine services is responsible for credentialing the telemedicine provider and can provide this information to the medical staff of the hospital receiving the telemedicine services who can then rely upon the credentialing and privileging decisions of the hospital providing the telemedicine services.

For a more detailed discussion and understanding of the proposed revisions read the proposed rule in the May 26, 2010, Federal Register.

OCR Request for Information: HIPAA Privacy Rule Accounting of Disclosures under HITECH

Today the Office for Civil Rights (OCR), Department of Health and Human Services issued a Request for Information titled HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Act (75 Fed Reg 23214 May 3, 2010). More information at the OCR website.

The Request for Information by OCR seeks comments from health consumers and health care providers/organizations. OCR seeks information on the following areas:

• Understanding the interests of individuals (health consumers) with respect to learning of such disclosures; and
• The administrative burden on covered entities (health care providers/organizations) and business associates of accounting for such disclosures.

The Request for Information states that Section 13405(c) of the Health Information Technology for Economic and Clinical Health (HITECH) Act expands an individual’s right under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to receive an accounting of disclosures of protected health information made by HIPAA covered entities and their business associates. In particular, section 13405(c) of the HITECH Act requires that the HIPAA Privacy Rule be amended to require covered entities to account for disclosures of protected health information to carry out treatment, payment, and health care operations if such disclosures are through an electronic health record.

The Request for Information requests specific comments on the following nine questions:

1. What are the benefits to the individual of an accounting of disclosures, particularly of disclosures made for treatment, payment, and health care operations purposes?

2. Are individuals aware of their current right to receive an accounting of disclosures? On what do you base this assessment?

3. If you are a covered entity, how do you make clear to individuals their right to receive an accounting of disclosures? How many requests for an accounting have you received from individuals?

4. For individuals that have received an accounting of disclosures, did the accounting provide the individual with the information he or she was seeking? Are you aware of how individuals use this information once obtained?

5. With respect to treatment, payment, and health care operations disclosures, 45 CFR 170.210(e) currently provides the standard that an electronic health record system record the date, time, patient identification, user identification, and a description of the disclosure. In response to its interim final rule, the Office of the National Coordinator for Health Information Technology received comments on this standard and the corresponding certification criterion suggesting that the standard also include to whom a disclosure was made (i.e., recipient) and the reason or purpose for the disclosure. Should an accounting for treatment, payment, and health care operations disclosures include these or other elements and, if so, why? How important is it to individuals to know the specific purpose of a disclosure— i.e., would it be sufficient to describe the purpose generally (e.g., for ‘‘for treatment,’’ ‘‘for payment,’’ or ‘‘for health care operations purposes’’), or is more detail necessary for the accounting to be of value? To what extent are individuals familiar with the different activities that may constitute ‘‘health care operations?’’ On what do you base this assessment?

6. For existing electronic health record systems:
(a) Is the system able to distinguish between ‘‘uses’’ and ‘‘disclosures’’ as those terms are defined under the HIPAA Privacy Rule? Note that the term ‘‘disclosure’’ includes the sharing of information between a hospital and physicians who are on the hospital’s medical staff but who are not members of its workforce.
(b) If the system is limited to only recording access to information without regard to whether it is a use or disclosure, such as certain audit logs, what information is recorded? How long is such information retained? What would be the burden to retain the information for three years?
(c) If the system is able to distinguish between uses and disclosures of information, what data elements are automatically collected by the system for disclosures (i.e., collected without requiring any additional manual input by the person making the disclosure)? What information, if any, is manually entered by the person making the disclosure?
(d) If the system is able to distinguish between uses and disclosures of information, does it record a description of disclosures in a standardized manner (for example, does the system offer or require a user to select from a limited list of types of disclosures)? If yes, is such a feature being utilized and what are its benefits and drawbacks?
(e) Is there a single, centralized electronic health record system? Or is it a decentralized system (e.g., different
departments maintain different electronic health record systems and an accounting of disclosures for treatment,
payment, and health care operations would need to be tracked for each system)?
(f) Does the system automatically generate an accounting for disclosures under the current HIPAA Privacy Rule (i.e., does the system account for disclosures other than to carry out treatment, payment, and health care
operations)?
i. If yes, what would be the additional burden to also account for disclosures to carry out treatment, payment, and health care operations? Would there be additional hardware requirements (e.g., to store such accounting information)? Would such an accounting feature impact system performance?
ii. If not, is there a different automated system for accounting for disclosures, and does it interface with the electronic health record system?

7. The HITECH Act provides that a covered entity that has acquired an electronic health record after January 1, 2009 must comply with the new accounting requirement beginning January 1, 2011 (or anytime after that date when it acquires an electronic health record), unless we extend this compliance deadline to no later than 2013. Will covered entities be able to begin accounting for disclosures through an electronic health record to carry out treatment, payment, and health care operations by January 1, 2011? If not, how much time would it take vendors of electronic health record systems to design and implement such a feature? Once such a feature is available, how much time would it take for a covered entity to install an updated electronic health record system with this feature?

8. What is the feasibility of an electronic health record module that is exclusively dedicated to accounting for disclosures (both disclosures that must be tracked for the purpose of accounting under the current HIPAA Privacy Rule and disclosures to carry out treatment, payment, and health care operations)? Would such a module work with covered entities that maintain decentralized electronic health record systems?

9. Is there any other information that would be helpful to the Department regarding accounting for disclosures
through an electronic health record to carry out treatment, payment, and health care operations?

Written comments to OCR must be submitted on or before May 18, 2010.

Testing Google's New Search Story

Yesterday I saw a post on the Official Google Blog about making your own search story videos in minutes. The post announced Google's simple to use search story video creation tool. Google introduced these search stories during the Superbowl with this ad, Parisian Love. All you have to do is type in your searches, pick your music and transfer it over to Youtube. Try it out here.

I thought I would test out the tool by creating a quick sample video marketing my health care legal practice featuring my Health Care Law Blog.

Also thinking about how marketing staffs for physicians, hospitals and health care organizations might creatively use this tool to create great marketing and public informational pieces. For example, a search story that reminds people to do a self examination, promotes a public service announcement, recommend certain preventative health measures or make healthier micro decisions.

NCAA Final Four: It's a great day to be a Mountaineer wherever you may be!

Today the WVU Mountaineers take on the Duke Blue Devils in the NCAA Final Four. Good luck to the Mountaineers as they try to move on to the Championship Game on Monday night against the winner of the Bulter vs. Michigan State contest.

West Virginians everywhere are excited about the game and proud of the hard work and dedication put in by the Mountaineer players, coaches and staff. It is a great day to be a Mountaineer!

All week it has been exciting to watch the buzz and excitement grow throughout the state. I loved this picture of some Mountaineers leaving Morgantown headed to Indianapolis with their cooler and couch strapped to back. I had to share it with everyone. Thanks to Lisa Simmons for the photo. You have to be a Mountaineer to understand the couch burning tradition (some history on the tradition and one of my favorite videos below).

Go Mountaineers!

DEA Interim Final Rule on Electronic Prescribing of Controlled Substances

On March 24, 2010, the Drug Enforcement Administration (DEA) released the Interim Final Rule with Request for Comments on Electronic Prescribing of Controlled Substances.

The Interim Final Rule outlines the procedures for health care providers to electronically prescribe controlled substances. The DEA has revised its regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically and permit pharmacies to receive, dispense and archive these electronic prescriptions.

The Interim Final Rule will be officially published in the Federal Register on Wednesday, March 31, 2010 and will include a 60 day comment period.

AHLA Teleconference: The Intersection of Social Media and Human Subjects Research

On May 4, 2010, I will be participating in a teleconference on The Intersection of Social Media and Human Subjects Research. The teleconference is co-sponsored by the American Health Lawyers Association Health Information Technology, Life Sciences and Teaching Hospitals and Academic Medical Centers Practice Groups.

The moderator for the teleconference will be Karl A. Thallner, Jr., Esquire, Partner, Reed Smith LLP, in Philadelphia, PA. The other panel presenters will be:

Naomi Halpern, Esquire
Partner
Frommer Lawrence & Haug, Washington, DC

Laura Odwazny, Esquire
Senior Attorney, Public Health Division
Office for Human Research Protections
Office of the General Counsel
U.S. Department of Health and Human Services, Rockville, MD

More information, including a description of the program and how to register, is available through the AHLA website.

OCR Update on Issuance of HIPAA HITECH Rulemaking

Update from Office for Civil Rights (OCR) on issuance of the Notice of Proposed Rulemaking (NPRM) implementing changes to HIPAA under the Health Information Technology for Economic and Clinical Health Act (HITECH). Health care organizations and health lawyers have been anxiously awaiting rules implementing and interpreting the changes because the effective date for many of the HITECH requirements was February 17, 2010. Of particular interest has been whether or not health care organizations are required to amend business associate agreement.

The notice seems to indicate that the the date for compliance and enforcement may be delayed since it states that the NPRM "will provide specific information regarding the expected date of compliance and enforcement." However, covered entities and business associates need to weigh the risks of not complying with the new requirements while waiting for further clarification from OCR.

The notice states:

OCR will implement important privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act through notice and comment rulemaking, as required by the Administrative Procedure Act. These provisions include: business associate liability; new limitations on the sale of protected health information, marketing, and fundraising communications; and stronger individual rights to access electronic medical records and restrict the disclosure of certain information. OCR continues work on a Notice of Proposed Rulemaking (NPRM) regarding these provisions. Although the effective date (February 17, 2010) for many of these HITECH Act provisions has passed, the NPRM and the final rule that follows will provide specific information regarding the expected date of compliance and enforcement of these new requirements.

However, interim final rules implementing HITECH Act provisions in two areas have already been issued and are currently in effect: enforcement and breach notification. New civil money penalty amounts apply to HIPAA Privacy and Security Rule violations occurring after February 17, 2009. Covered entities and business associates must comply now with breach notification obligations for breaches that are discovered on or after September 23, 2009. OCR announced previously that it would use its enforcement discretion not to impose fiscal sanctions with regard to breaches discovered before February 22, 2010. Since that date has passed, OCR will enforce the Breach Notification Interim Final Rule, including with the possible imposition of sanctions, as it does with the HIPAA Privacy and Security Rule requirements.