Based on recent news stories and our experience, it appears that cybercriminals may be targeting healthcare providers with ransomware attacks. Publicly reported incidents and others of which we are aware have involved providers ranging from clinics and imaging centers to hospitals, and these entities have had to pay hundreds to thousands of dollars to gain access to their medical records, billing records or other vital computer systems – often after significant interruption of operations. On March 31, 2016, the U.S. Dept. of Homeland Security issued an alert about these attacks as a result of recent attacks on businesses including healthcare facilities and hospitals worldwide.

Recent remarks made by the Centers for Medicare & Medicaid Services (“CMS”) Acting Administrator Andy Slavitt at a healthcare conference indicated that CMS will be ending the “meaningful use” electronic health record (“EHR”) Incentive Program in 2016, five years ahead of its original final end date of 2021. Acting Administrator Slavitt did not elaborate on the specifics of what will replace meaningful use, but stated it would likely be tied to the implementation of the Medicare Access and CHIP Reauthorization Act of 2015 (“MACRA”) and would include various streamlined quality reporting programs. MACRA emphasizes a new Merit-Based Incident Payment System and alternative payment models, and according to Acting Administrator Slavitt, this new law warrants a new streamlined regulatory approach to EHR as well.

Seemingly picking up where we left off in our recent white paper and Advisory Board article, the Obama administration released a 166-page draft plan January 30th intended to drive providers and patients toward a common set of electronic clinical information and a commitment to more fully connected EHR systems by the end of 2017.

The U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) released a bulletin on Nov. 10 reminding entities covered under the Health Insurance Portability and Accountability Act (HIPAA) that the protections continue to be in effect during emergencies, including Ebola and other outbreaks. HHS wants to make sure healthcare providers are aware of the ways in which patient information may be shared under the HIPAA Privacy Rule in emergency situations.

In the Electronic Health Records (EHR) space, unconnected and competing systems carry the potential for organizational train wrecks.

Until robust, efficient, and mandatory interoperability standards emerge, providers should consider linking systems through other means, as failure to do so may lead to malpractice and regulatory compliance issues.

A new White Paper, Driving the Golden Spike:

Adoption of EHR technologies has greatly increased as the result of the EHR Incentive Program. Touted as one of the necessary building blocks for creating integrated delivery systems, EHR is considered vital to improve health quality, efficiency and patient safety.  The EHR Incentive Program has been very successful and CMS has awarded over $10

On Thursday, March 7, 2013, the Office of the National Coordinator for Health Information Technology and the Centers for Medicare and Medicaid Services (CMS) released a notice and request for information concerning using additional policy levers to accelerate the adoption of electronic health record systems (EHRs). In part, the agencies are looking to increase the number of provider practices satisfying the core requirements for Meaningful Use under the Health Information Technology for Clinical and Economic Health (HITECH) Act.

In the notice, the agencies state that they are looking to accomplish this acceleration by “engaging other policy areas” within the jurisdiction of the U.S. Department of Health & Human Services (HHS), and may include a combination of incentives, payment adjustments, and new requirements. The agencies have identified three main areas in which to use the policy levers:

  • Low rates of EHR adoption and exchange of health information among post-acute and long-term care providers;