Feds offering new risk assessment tool
Feds offering new risk assessment tool

In an age where personal information is increasingly at risk of being exposed and stolen, protecting that data from brazen interlopers has become a monumental challenge.

Many senior living operators are bound by HIPAA privacy and security rules to guard their residents’ information and should have a risk assessment system in place to ensure compliance.

To that end, the HHS Office of National Coordinator for Health Information Technology and Office for Civil Rights are making a new security risk assessment tool available to help small- to mid-sized providers conduct their own risk assessments. 

The ONC application, available for downloading at www.HealthIT.gov/security-risk-assessment also produces a report that can be provided to auditors. The tool is available for both Windows operating systems and iOS iPads.

“The new tool we are releasing will help operators assess the security of their organizations,” says Karen DeSalvo, M.D., national coordinator for health information technology.

Tech snafu victim?

HHS Secretary Kathleen Sebelius announced she was stepping down in April. Many linked her departure to a disastrous rollout of the Healthcare.gov website. 

Her departure coincided with an announcement that more than 7 million people had signed up for insurance cover under the new federal healthcare law. 

President Barack Obama is set to nominate Sylvia Mathews Burwell, director of the White House Office of Management and Budget, to take over at HHS. 

She faces congressional confirmation — where, according to pundits, she is likely to face resistance from Republican senators who continue to oppose the Affordable Care Act.

HIPAA data secure?

Thousands of people receiving senior living services in Michigan have had their personal information compromised due to a laptop and flash drive theft, the state’s Department of Community Health (MDCH) has announced. 

The computer and flash drive belonged to an employee of the state’s Long-Term Care Ombudsman’s Office, and were stolen on Jan. 30 or 31, according to MDCH. 

The unencrypted flash drive contained personal information of more than 2,500 living and deceased individuals, and more than 1,500 records contained a Social Security or Medicaid identification number.

The data on the laptop was encrypted, MDCH said in an April 3 press release.

After being alerted to the Health Insurance Portability and Accountability Act breach on Feb. 3, investigators reconstructed the stolen data and notified affected parties, according to the community health department.

Poor back-ups?

MSS Analytics alleged that too many providers rely on outdated and inefficient practices to back up and archive resident-related information. The organization surveyed 150 senior IT professionals nationwide. They found that processes tend to be inconsistent when it comes to safeguarding data and meeting long-term compliance requirements.

New IT funds

A proposed White House budget for the 2015 fiscal year seeks $1.8 billion to bolster health information technology incentive payments — the same as last year. The proposal also calls on the Department of Health and Human Services to use funds to upgrade technology tools related to Medicare and Medicaid in ways “that encourage high-quality and efficient delivery of health care, improve program integrity, and preserve the fundamental compact with seniors, individuals with disabilities, and low-income Americans.”

Good on balance

A RAND Corporation study finds that the overall benefits of health IT outweigh negative or neutral effects of their use, but challenges remain. Almost 20% of the studies yielded negative results, and only 45% saw overwhelmingly positive outcomes. 

Blast program

The Government Accountability Office released a report that chastises the Meaningful Use EHR Incentive Program. The initiative is not guided by a clear strategy that outlines goals — or how to achieve them, the GAO claimed. One improvement would be to mandate the use of clinical quality measures. Outcome-specific performance measures also should be put in place, authors noted.

Hospice mandate

Operators will have to report certain hospice quality measures to the federal government starting July 1, the Centers for Medicare & Medicaid Services formally announced in a recent Federal Register notice. The Hospice Item Set has been designed to track seven quality measures endorsed by the National Quality Forum, according to the notice. These are pain screening, pain assessment, dyspnea screening, dyspnea treatment, patients on an opioid given a bowel regimen, and patient treatment preferences and beliefs/values. Hospice providers will be required to submit records for each patient at admission and discharge, the Federal Register entry states. These records will include some administrative information related to patient identification, as well as items related to the quality measures.

Assessment update

Lawmakers in both houses of Congress have unveiled a draft bill calling for senior living providers to furnish standard assessment data, with the goals of enabling better quality oversight and driving Medicare payment reform. 

The Senate Finance and House Ways and Means committees on Tuesday introduced companion versions of the “Improving Medicare Post-Acute Care Transformation Act of 2014” (IMPACT Act). 

Should the bill become law, the Minimum Data Set and other assessment instruments would be modified to enable different types of post-acute providers to submit standard data related to patient assessment, quality measures and resource use measures. 

The patient assessment data would include such items as functional status, cognitive function and medical condition, according to the draft. Quality measures would include changes in skin integrity and incidence of major falls. Resource use measures would include total Medicare spending per beneficiary. Risk-adjusted rates of potentially preventable hospital admissions and readmissions also would be tracked as a resource use measure.