In This Issue...
Hospitals, Physicians Face Problems With Meaningful Use Stage 2
According to the latest data from the Centers for Medicare and Medicaid Services (CMS) Office of eHealth Standards and Services, only four hospitals and 50 physicians nationwide had met the 2014 stage 2 meaningful use requirements for electronic healthcare records (EHR) through April.
For providers to move into this stage, at least 30% of lab orders must be entered into the EHR through computerized physician order entry, and 55% of orders must be received electronically in a structured data format among other requirements. Hospitals and physicians also must be measured by quality metrics that rely on lab data.
According to a letter from the American Medical Association (AMA), physicians will also fall behind and face penalties due to what it sees as burdensome requirements of stage 2. AMA is recommending that physicians only be required to meet 50% of the stage 2 requirements to avoid penalties in 2015.
For its part, the American Hospital Association is focusing on problems with the government certification program for EHRs. According to comments submitted on April 28 to the Office of the National Coordinator for Health Information Technology (ONC), certification criteria for EHRs are not clear, making it difficult for hospitals to implement certified EHRs in time to meet stage 2 meaningful use requirements. AHA also urged ONC to "adopt a regulatory pace that allows for evidence-based analysis of the maturity of standards to support regulatory requirements."
More information is available from the AHA website, www.aha.org/advocacy-issues.
Report: Hospital Quality Gains Saved 15,000 Lives, $4 Billion
New preliminary data from the Department of Health and Human Services (HHS) show an overall 9% decrease in hospital acquired conditions nationally during 2011 and 2012. National reductions in adverse drug events, falls, infections, and other forms of hospital-induced harm are estimated to have prevented nearly 15,000 deaths in hospitals, avoided 560,000 patient injuries, and approximately $4 billion in health spending over the same period.
Additionally, between January 2012 and December 2013, the Medicare all-cause 30-day readmission rate dropped 8%—falling from 19% to 18.5%. According to HHS, these improvements reflect policies and public-private collaboration made possible by the Affordable Care Act. Beginning October 1, 2012, the law began penalizing hospitals with excess readmissions for common, expensive conditions. CMS trims up to 1% of a hospital's total reimbursements if its readmissions for heart failure, myocardial infarction, and pneumonia rise above a target based on national averages for Medicare patients.
The report is available from http://innovation.cms.gov.
Stolen Laptops Lead to HIPAA Settlements
Two entities have paid the Department of Health and Human Services Office for Civil Rights (OCR) $1,975,220 collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. These penalties underscore the significant risk to the security of patient information posed by unencrypted laptop computers and other mobile devices, according to OCR.
OCR opened a compliance review of Concentra Health Services upon receiving a breach report that an unencrypted laptop was stolen from one of its facilities, the Springfield Missouri Physical Therapy Center. OCR's investigation revealed that Concentra had previously recognized in multiple risk analyses that a lack of encryption on its laptops, desktop computers, medical equipment, tablets, and other devices containing electronic protected health information (ePHI) was a critical risk.
In the second incident, OCR received a breach notice from QCA Health Plan of Arkansas reporting that an unencrypted laptop computer containing the electronic protected health information of 148 individuals was stolen from a staff member’s car. While QCA encrypted its devices following discovery of the breach, OCR's investigation revealed that QCA failed to comply with multiple requirements of the HIPAA Privacy and Security Rules.
Healthcare providers can access six OCR educational programs on compliance with the HIPAA Privacy and Security Rules. One module focuses specifically on mobile device security. The programs are online, www.hhs.gov/ocr.