In early January, 2014, the Office of Inspector General (“OIG”) for the Department of Health and Human Services (“HHS”) issued a report criticizing HHS’s Centers for Medicare and Medicaid Services (“CMS”) for failing to adopt stronger integrity practices governing electronic health records (“EHRs”). “CMS And Its Contractors Have Adopted Few Program Integrity Practices To Address Vulnerabilities In EHRs,” oig.hhs.gov/oei/reports/oei-01-11-00571.pdf. Here are some of the OIG’s challenges and concerns: “…clues within the progress notes, handwriting styles, and other attributes that help corroborate the authenticity of paper medical records are largely absent in EHRs. Continue reading OIG Criticizes CMS For Lack Of Adequate Fraud Detection Practices in Electronic Health Records
One of the reasons why consumers, healthcare providers, investors, the government and others have been slow to adopt mobile health applications and software (apps), are concerns about the privacy and security of data collected through the apps. For instance, Appthority, a service provider that offers an app risk management solution, recently reported that the iPharmacy Drug Guide and Pill ID app “is playing fast and loose with your personal info.” www.appthority.com/news/mobile-threat-monday-android-app-leaks-your-medical-info-online. iPharmacy is a free app that allows consumers to maintain a personal health record on their prescription drugs, look up information on a drug, provide reminders, and maintain pharmacy discount cards. Continue reading mHealth App Use: Is Data Truly Protected?
Mobile health (“mHealth”) medical app developers, including health information technology (“HIT”) and telemedicine app developers, tend to focus on FDA requirements. Indeed since many of these apps may be categorized as medical devices, and the FDA approval process is lengthy, developers are wise to focus on whether an app is regulated by the FDA. But a successful developer should also build privacy protections (e.g., privacy policies) and security protections (e.g., disaster recovery) into its product from the earliest stages. The Federal Trade Commission (“FTC”) calls this “Privacy By Design.” “Security By Design” is the corollary. Continue reading Attention mHealth, HIT and Telemedicine App Developers: Privacy and Security By Design Is Critical
The meaningful use (MU) regulations provide incentive monies for hospitals and physicians that establish electronic health records systems (EHRs) and satisfy other criteria, such as providing new forms of ‘patient engagement’ like technologically-enabled patient-provider communications. The advantages of a wireless record-sharing are enormous – quicker diagnoses, better quality tracking, and seamless payment systems. But there are lots of steps and decisions required in setting up EHRs and developing broader data exchange systems like health information organizations/exchanges (HIOs or HIEs). Last week, the Department of Health and Human Services’ Office of the National Coordinator denied certification for two small EHRs and promised ongoing rigorous enforcement of EHRs. Continue reading Electronic Health Records and Health Information Exchanges/Organizations: The Changing Landscape
On January 17, 2013 the federal Department of Health & Human Services (“HHS”) announced a final omnibus rule that details amendments to the privacy, security, data breach and enforcement rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The 2013 HIPAA Amendments (which, with commentary from HHS, weighs in at 563 pages) are closely based on statutory changes under the HITECH Act of 2009, and were previewed in proposed and interim rules issued by HHS several years ago. Continue reading HHS (Finally) Issues HIPAA/HITECH Amendments
Mobile health (“mHealth”, “telehealth” or any other terms for health care delivered wirelessly) is revolutionizing the health care industry. That message resounded at last week’s mHealth Summit, which gathered roughly 4,000 investors and angel-funders, telecom and software companies, and entrepreneurs and developers to share ideas and display new mHealth products. Hot mHealth areas include data analytics, texting and medical records. Home health and medical homes also stand to benefit with the introduction of products designed to submit protected health information (“PHI”) and other data between patient and provider. Continue reading mHealth/Telehealth Investors and Entrepreneurs: The Generational Divide
The relationship between privacy and mobile applications is coming into focus. On February 27, 2012, the California Attorney General entered into a Joint Statement of Principles with the six largest mobile application companies – Apple, Google, H-P, Microsoft, Amazon and RIM – regarding consumer privacy and transparency issues when data is collected through an app. http://ag.ca.gov/cms_attachments/press/pdfs/n2647_agreement.pdf. The Five Principles set parameters for good practice. Although not legally binding, the AG promises to review compliance in the fall, and may use California laws on privacy, false advertising, unfair business practices and others as enforcement tools. Since California often leads the way in privacy enforcement it is likely that other states will follow suit.