The Medical Group Management Association says expanding HIPAA disclosure requirements is burdensome and will hurt electronic health record adoption.
The Medical Group Management Association has raised concerns that new Health Insurance Portability and Accountability Act disclosure requirements for electronic health records are burdensome, costly, unnecessary, and will impede the adoption of EHRs.
In a letter dated May 18 to Georgina Verdugo, director of the Department of Health and Human Services' office for civil rights, MGMA president William Jessee outlined his organization's position and urged significant modifications to the new HIPAA disclosure requirements.
Under the 2003 HIPAA privacy rule, patients can request an accounting of disclosures of their protected health information. However, under the Health Information Technology for Economic and Clinical Health Act, a new provision expands HIPAA's disclosure requirements to include information on treatment, payment, and health care operations, or TPO.
Additionally, if a request is made, the physician practice must provide individuals with an accounting of disclosures of PHI that occurred within three years prior to the date of the request. HITECH also mandates that if a physician practice uses an EHR, the practice will be required to account for TPO disclosures.
"This mandate runs counter to the nation's efforts to improve patient care and reduce waste and inefficiency through administrative simplification and adoption of electronic health records," Jessee wrote in the letter.
Jessee also concluded that because HITECH stipulates that the TPO accounting is required only for those physician practices with an EHR, the government seems to believe that TPO disclosures would be collected and stored only on EHRs, which is not the case.
"The majority of physician practices store their clinical data in an EHR and their administrative data (including payment information and data that would qualify as 'health care operations') in their practice management system. Satisfying an accounting of disclosures for TPO request in most practices is not a simple keystroke strike," Jessee wrote.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.