Hugo Caicedo
Harvard Blogs
Originally published October 1, 2018
Traditional medical practice is rooted in advanced knowledge of diseases, their most appropriate treatment, and adequate proficiency in its applied practice. Notably, today, medical treatment does not typically occur until disease symptoms have manifested. While we now have ways to develop therapies that can halt the progression of some symptomatic diseases, symptomatic solutions are not meant to serve as a cure of disease but palliative treatment of late-stage chronic diseases.
The reactive approach in most medical interventions is magnified in that medicine is prone to errors. In November of 1999, the U.S. National Academy of Science, an organization representing the most highly regarded scientists and physician researchers in the U.S., published the report To Err is Human.
The manuscript noted that medical error was a leading cause of patient deaths killing up to 98,000 people in the U.S. every year. One hypothesis that came up was that patient data was being poorly collected, aggregated, and shared among different hospitals and even within the same health system. Health policies such the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009 and the Affordable Care Act (ACA) in 2010, primarily focused on optimizing clinical and operational effectiveness through the use of health information technology and expansion of government insurance programs, respectively. However, they did not effectively address the issue of medical errors such as poor judgment, mistaken diagnoses, inadequately coordinated care, and incompetent skill that can directly result in patient harm and death.
The blog post is here.
Showing posts with label HITECH. Show all posts
Showing posts with label HITECH. Show all posts
Friday, November 2, 2018
Tuesday, July 1, 2014
An analysis of electronic health record-related patient safety concerns
By D. W. Meeks, M. W. Smith, L. Taylor and others
J Am Med Inform Assoc doi:10.1136/amiajnl-2013-002578
J Am Med Inform Assoc doi:10.1136/amiajnl-2013-002578
Here is a portion of the Discussion Section
Our findings underscore the importance of continuing the process of detecting and addressing safety concerns long after EHR implementation and ‘go-live’ has occurred. Having a mature EHR system clearly does not eliminate EHR-related safety concerns, and a majority of reported incidents were phase 1 or unsafe technology. However, few healthcare systems have robust reporting and analytic infrastructure similar to the VA's IPS. In light of increasing use of EHRs, activities to achieve a resilient EHR-enabled healthcare system should include a reporting and analysis infrastructure for EHR-related safety concerns. Proactive risk assessments to identify safety concerns, such as through the use of SAFER guides released recently by The Office of the National Coordinator for Health Information Technology, can be used by healthcare organizations or EHR users to facilitate meaningful conversations and collaborative efforts with vendors to improve patient safety, including developing better and safer EHR designs.
Sunday, September 1, 2013
Looking at the HIPAA Final Omnibus Rule: An Attorney’s Perspective
By Mark Hagland
Healthcare Informatics
Originally published August 18, 2013
The stringent requirements embedded in what is being called the “HIPAA Final Omnibus Rule”—a set of regulations published by the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) on Jan. 25—are changing the ground rules for healthcare provider organizations across the U.S. when it comes to safeguarding protected health information (PHI). Those requirements extend the privacy, security, enforcement, and breach notification rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for economic and Clinical Health (HITECH) Act.
With compliance with the “Omnibus Rule” required by September 23, healthcare leaders have no time to waste when it comes to understanding and addressing the new requirements.
Recently, Kathryn Coburn, who is of counsel with the Los Altos, Calif.-based law firm of Cooke, Kobrick & Wu, LLP, spoke with HCI Editor-in-Chief Mark Hagland regarding this important topic. The Santa Monica-based Coburn has spent 30 years in healthcare law. Below are excerpts from that interview.
Healthcare Informatics
Originally published August 18, 2013
The stringent requirements embedded in what is being called the “HIPAA Final Omnibus Rule”—a set of regulations published by the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) on Jan. 25—are changing the ground rules for healthcare provider organizations across the U.S. when it comes to safeguarding protected health information (PHI). Those requirements extend the privacy, security, enforcement, and breach notification rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for economic and Clinical Health (HITECH) Act.
With compliance with the “Omnibus Rule” required by September 23, healthcare leaders have no time to waste when it comes to understanding and addressing the new requirements.
Recently, Kathryn Coburn, who is of counsel with the Los Altos, Calif.-based law firm of Cooke, Kobrick & Wu, LLP, spoke with HCI Editor-in-Chief Mark Hagland regarding this important topic. The Santa Monica-based Coburn has spent 30 years in healthcare law. Below are excerpts from that interview.
Thanks to Ken Pope for this information.
Thursday, July 25, 2013
EHR Adoption Steady, but More Work Needed
By David Pittman
MedPage Today
Originally published July 9, 2013
Physicians are continuing to adopt electronic health records at a steady clip, but more work is needed to have those systems communicate with each other, according to two studies published Tuesday.
In 2012, 72% of physicians had adopted some type of EHR system and 38.2% had capabilities required for a basic system (P<0.05), a review by the CDC's National Center for Health Statistics in Hyattsville, Md., found.
The number of basic EHR adopters was up from just over 25% in 2010, Chun-Ju Hsiao, PhD, and colleagues reported in a study that appeared online in Health Affairs. A basic EHR was defined as having seven capabilities including recording patient history and clinical notes, viewing lab results and imaging reports, and using computerized prescription ordering.
The entire story is here.
MedPage Today
Originally published July 9, 2013
Physicians are continuing to adopt electronic health records at a steady clip, but more work is needed to have those systems communicate with each other, according to two studies published Tuesday.
In 2012, 72% of physicians had adopted some type of EHR system and 38.2% had capabilities required for a basic system (P<0.05), a review by the CDC's National Center for Health Statistics in Hyattsville, Md., found.
The number of basic EHR adopters was up from just over 25% in 2010, Chun-Ju Hsiao, PhD, and colleagues reported in a study that appeared online in Health Affairs. A basic EHR was defined as having seven capabilities including recording patient history and clinical notes, viewing lab results and imaging reports, and using computerized prescription ordering.
The entire story is here.
Monday, September 10, 2012
Cancer Care Group Data Breach Exposes Nearly 55,000 Patients
By Kyle Murphy
EHR Intelligence
Originally published August 28, 2012
In a press release today, Cancer Care Group (Indianapolis, IN) announced that a laptop computer containing its computer server backup media was stolen from an employee’s locked care on July 19, 2012. The breach has potentially exposed the protected health information (PHI) or personally identifiable information (PII) of close to 55,000 individuals, including the organization’s own employees. The latest incident comes less than a month after Apria Healthcare reported a similar incident in Arizona where an employee’s car was broken into and a laptop containing information for 11,000 patients stolen.
The entire story is here.
EHR Intelligence
Originally published August 28, 2012
In a press release today, Cancer Care Group (Indianapolis, IN) announced that a laptop computer containing its computer server backup media was stolen from an employee’s locked care on July 19, 2012. The breach has potentially exposed the protected health information (PHI) or personally identifiable information (PII) of close to 55,000 individuals, including the organization’s own employees. The latest incident comes less than a month after Apria Healthcare reported a similar incident in Arizona where an employee’s car was broken into and a laptop containing information for 11,000 patients stolen.
The entire story is here.
Monday, July 9, 2012
Data breach leads to $1.7M fine for Alaska DHSS
By Erin McCann
Healthcare Finance News
Originally published June 27, 2012
The Alaska Department of Health and Social Services (DHSS) – the state’s Medicaid agency – has agreed to pay $1.7 million to the U.S. Department of Health and Human Services (HHS) to settle possible violations of the HIPAA Security Rule, making it the second largest settlement for HIPAA violations to date.
As part of the settlement, the state has also agreed to take corrective action to properly safeguard the electronic personal health information (PHI) of their Medicaid beneficiaries.
The HHS Office for Civil Rights (OCR) began its investigation following a breach report submitted by Alaska DHSS as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The report indicated that a portable electronic storage device (USB hard drive) possibly containing PHI was stolen from the vehicle of a DHSS employee. PHI from an estimated 2,000 individuals was stored on the device.
The entire story is here.
Editorial Note: Please do not tranfer large amounts of personal data from a secure data bank to a jump drive, lap top or other portable storage device.
Healthcare Finance News
Originally published June 27, 2012
The Alaska Department of Health and Social Services (DHSS) – the state’s Medicaid agency – has agreed to pay $1.7 million to the U.S. Department of Health and Human Services (HHS) to settle possible violations of the HIPAA Security Rule, making it the second largest settlement for HIPAA violations to date. As part of the settlement, the state has also agreed to take corrective action to properly safeguard the electronic personal health information (PHI) of their Medicaid beneficiaries.
The HHS Office for Civil Rights (OCR) began its investigation following a breach report submitted by Alaska DHSS as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The report indicated that a portable electronic storage device (USB hard drive) possibly containing PHI was stolen from the vehicle of a DHSS employee. PHI from an estimated 2,000 individuals was stored on the device.
The entire story is here.
Editorial Note: Please do not tranfer large amounts of personal data from a secure data bank to a jump drive, lap top or other portable storage device.
Tuesday, March 20, 2012
Tennessee insurer to pay $1.5 million for breach-related violations
BlueCross BlueShield agrees to pay HHS for HIPAA violations tied to 2009 breach that exposed data on 1 million members
Computerworld
Originally published March 13, 2012
A 2009 data breach that has already cost BlueCross BlueShield of Tennessee nearly $17 million got a little more expensive Tuesday.
The insurer today agreed to pay $1.5 million to the U.S. Department of Health and Human Services (HHS) to settle Health Insurance Portability and Accountability Act (HIPAA) violations related to the breach.
Under the settlement, BlueCross BlueShield has also agreed to review and revise its privacy and security policies and to regularly train employees on their responsibilities under the HIPAA of 1996.
The settlement is the first resulting from enforcement action taken by the HHS under Health Information Technology for Economic and Clinical Health (HITECH) breach notification requirements.
The notification rules require all HIPAA-covered entities to notify affected individuals of any breach involving their health information. It also requires them to notify the HHS and the media in cases where the breach affects more than 500 people.
Leon Rodriguez, director of the HHS Office for Civil Rights (OCR) said the settlement underscores the department's intent to vigorously enforce HIPAA's security and privacy rules.
"This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program," Rodriguez said in a statement.
Subscribe to:
Posts (Atom)