Archive for August, 2014

HHS Publishes Final Rule to Delay ICD-10 Until October 2015

August 4, 2014 Leave a comment

On August 4, the Department of Health and Human Services (HHS) Office of the Secretary published a final rule to implement the mandated delay of the International Classification of Diseases, 10th Revision (ICD-10) until October 2015.

In April 2014, the Protecting Access to Medicare Act of 2014 (PAMA, the latest “SGR patch”) mandated that ICD-10 could not be adopted under HIPAA prior to the next fiscal year. The August 4 final rule officially moves the ICD-10 adoption deadline up to October 1, 2015, the first possible date allowed under the revised statute. The explanatory preamble of the final rule includes statistics asserting that most stakeholders are ready now, strongly hinting at a reluctant HHS.

Access the final rule to delay ICD-10

Categories: Medicare

OIG Report on ONC HIT Certification Raises Questions… About OIG

August 4, 2014 Leave a comment

On August 4, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a report addressing the HHS Office of the National Coordinator for HIT’s (ONC) oversight of the testing and certification of EHR technology. The OIG’s two primary concerns, based on a review of the requirements and processes of the now-defunct Temporary Certification Program (replaced at the end of 2012 by the permanent “ONC HIT Certification Program”), were the lack of periodic review of certified products and insufficient log-in/security within certified products.

Interestingly, the report recommended that ONC work with the National Institute of Standards and Technology (NIST) to enhance the product log-in/security requirements via the test procedures for labs and certification bodies that review HIT products. This recommendation was peculiar, and perhaps a little alarming, in that the test procedures are mere guidance for how the responsible bodies should test products against ONC’s EHR certification criteria regulations. The NIST-developed (and future stakeholder-developed), ONC-approved test procedures are not, themselves, the regulatory requirements. ONC would not be able to use the test tools to implement more stringent security in certified products than what is required by ONC’s EHR certification criteria regulations in 45 CFR Part 170.

The OIG’s recommendation, then, indicates the authors do not fully understand the nuances of ONC’s regulations and processes governing the testing and certification of EHR technology—the very subject of their review. That could be a reflection of the confusing complexity of the program (and, for that matter, all things Meaningful Use), or something else (political pressure, etc.) could have resulted in this rare misfire from OIG.

ONC’s official response to the report described the differences between the old Temporary Certification Program, upon which the OIG report is based, and the current HIT Certification Program. It also mentioned the current program features various pre- and post-certification product evaluation processes. Importantly, ONC correctly recognized that enforcing more stringent log-in/security requirements for HIT products would require a rulemaking to revise the federal regulations before making those changes to the guidance for testing labs and certification bodies.

Categories: EHR, meaningful use, Medicare