HIPAA Survival Guide: The Next Generation

The HIPAA Survival Guide ("HSG") was released as a PDF approximately one year ago. The HSG was introduced as follows:

This Survival Guide attempts a "forest from the trees" overview of the HIPAA Privacy and Security rules. The genesis of these rules is covered in the Background page. The Survival Guide only targets a subset of covered entities, namely providers. Furthermore, the Survival Guide focuses mostly on small providers, since this group will clearly be the most challenged by new laws and regulations, especially if their baseline understanding of HIPAA compliance is lacking.

The motivation behind the guide was to review the HIPAA Regulations under the new light of the HITECH Act. There was a sense at the time that HITECH would transform HIPAA from an under enforced paper tiger into a regulatory scheme with significant electronic teeth.

The HSG quickly morphed into the HITECH / HIPAA Survival Guide for reasons that become more apparent each day. The HSG online now focuses on all things HITECH, with the HIPAA Regulations now only a subset of what that encompasses. Below are the major categories of information that can be found on HSG online:

The Full Text of the HITECH Act	HITECH Act Regulations
The Full Text of the HIPAA Regulations	Links to the Top Healthcare Blogs
Government and Other Industry Resource	The Original HSG PDF
HIPAA Survival Guide Home Page

The recently released HHS Interim Final Rules on HIT Standards and Meaningful Use will be available and fully "clickable" soon at HSG online theater near you.

Stay Tuned...

---

To stay current on the HITECH Act visit the HIPAA Survival Guide website and/or sign up for Digital Business Law Group's free monthly compliance newsletter. Also, check out a FREE EHR Checklist and a FREE Online Backup Checklist, both provided HSG affiliates.

HITECH / HIPAA: What is cybermedicine?

This post cites and comments on a definition from a book edited by renown Healthcare informatics guru Renato M.E. Sabbatini, PhD (Handbook of Biomedical Informatics. Wikipedia Books, December 2009--A dynamic collection of more than 250 Wikipedia articles).

This healthcare informatics treatise is recommended reading (and a recommended reference) for the many stakeholders in the industry who will be required to weigh (e.g. management teams, privacy and compliance officers, HIT, legal, etc.) in on EHR implementations and everything they touch .

What is cybermedicine?

According to the Handbook of Biomedical Informatics cybermedicine is defined as follows:

Cybermedicine is the use of the Internet to deliver medical services, such as medical consultations and drug prescriptions. It is the successor to telemedicine, wherein doctors would consult and treat patients remotely via telephone or fax. Cybermedicine is already being used in small projects where images are transmitted from a primary care setting to a medical specialist, who comments on the case and suggests which intervention might benefit the patient. A field that lends itself to this approach is dermatology, where images of an eruption are communicated to a hospital specialist who determines if referral is necessary. A Cyber Doctor, is a medical professional who does consultation via the internet, treating virtual patients, who may never meet face to face. This is a new area of medicine which has been utilized by the armed forces and teaching hospitals offering online consultation to patients before making their decision to travel for unique medical treatment only offered at a particular medical facility.

Cybermedicine is really not a new area of medicine but rather a new way to practice medicine underpinned by the same enabling technologies that are transforming practices of all kinds and in all industries. There is an entire laundry list of concepts that potentially fall under this rubric including: eHealth, Health 2.0, mobile health, etc. Sure, the semantics of each are slightly different but what they all have in common is the foundational 24/7 communications platform of the Internet.

Clearly, the relentless movement toward cybermedicine is an idea whose time has come. According to Victor Hugo (paraphrasing): "all the forces in the world are no match for it." We have argued consistently that innovation is the real disruptor in the healthcare industry. Government is playing a role (see the HITECH Act) mainly because it is attempting to underpin what is already occurring in the marketplace. In short, government is an enabler but not the driver.

That said, government is a powerful enabler because the force of law in a civilized society has great weight, and as such is capable of providing a significant acceleration effect to the marketplace. The bottom line is that the combination of marketplace innovation and government acceleration is the "perfect storm" for transforming the monopolistic tendencies of the U.S. healthcare industry. The transformation is inevitable, the form it will take will continue to be a work in progress for the next twenty years.

The intersection of cybermedicine and cyberlaw will continue to see significant development as legislators, judges and industry stakeholders attempt to balance competing forces and priorities.

---

For more information regarding the intersection of cybermedicine and cyberlaw visit the HIPAA Survival Guide website or sign up for Digital Business Law Group's free monthly compliance newsletter. Also, check out a FREE EHR Checklist and a FREE Online Backup Checklist, both provided HSG affiliates.

HITECH / HIPAA: What is informatics law?

According to a recently released book edited by renown Healthcare informatics guru Renato M.E. Sabbatini, PhD (Handbook of Biomedical Informatics. Wikipedia Books, December 2009--A dynamic collection of more than 250 Wikipedia articles), informatics law is defined as follows:

Health informatics law deals with evolving and sometimes complex legal principles as they apply to information technology in health-related fields. It addresses the privacy, ethical and operational issues that invariably arise when electronic tools, information and media are used in health care delivery. Health Informatics Law also applies to all matters that involve information technology, health care and the interaction of information. It deals with the circumstances under which data and records are shared with other fields or areas that support and enhance patient care.

The reason that this definition is more relevant than most is that it recognizes the fact health informatics law is much broader than privacy and security. In short, it recognizes the importance that interoperability issues play in this quickly evolving legal domain.

We like to refer to interoperability as the compliance "touch points" that remain largely invisible to most internal compliance staff and a significant number of compliance attorneys as well. This issue is addressed in this month's issue of the HITECH / HIPAA Compliance Newsletter in an article entitled: "The Compliance Crisis: Five Strategies that are Guaranteed to Fail."

---

For more information on healthcare law and the HITECH / HIPAA Privacy and Security Rules go to The HIPAA Survival Guide website or sign up for Digital Business Law Group's free monthly compliance newsletter. Also, check out a FREE EHR Checklist and a FREE Online Backup Checklist, both provided HSG affiliates.

HITECH / HIPAA: HHS' New Rules

As discussed in this post, HHS has issued two new rules: the first pertains to health information technology (HIT) standards (see PDF); and the second to meaningful use (see PDF). These are interim final rules. They are now open for public comment over the next sixty days.

This post provides a forest from the trees overview of the first rule and a subsequent post will do the same regarding the second rule.

Title 45 CFR Additions

The "mind map" below contains HHS' additions to 45 CFR. Sections 160, 162, and 164 are the HIPAA Regulations that we have all come to "know and love." The section added (i.e. Section 170) represents something radically new, the codification of health information technology standards.

The expanded version of this mind map can be accessed here. The new rules will be available on the HIPAA Survival Guide in a fully "clickable" format in the next week or so. For now the respective subparts and sections are listed below.

The HITECH Act's regulatory landscape regarding HIT Standards continues to expand rapidly. We will have a lot more commentary on specific sections in subsequent posts. HHS introduce Section 170 as follows:

The standards, implementation specifications, and certification criteria adopted in this part apply to Complete EHRs and EHR Modules and the testing and certification of such Complete EHRs and EHR Modules.

Subpart A General Provisions

170.100 Statutory basis and purpose.
170.101 Applicability.
170.102 Definitions.

Subpart B – Standards and Implementation Specifications for Health Information Technology

170.200 Applicability.
170.202 Transport standards for exchanging electronic health information.
170.205 Content exchange and vocabulary standards for exchanging electronic health information.
170.210 Standards for health information technology to protect electronic health information created, maintained, and exchanged.
170.299 Incorporation by reference.

Subpart C – Certification Criteria for Health Information Technology

170.300 Applicability.
170.302 General certification criteria for Complete EHRs or EHR Modules.
170.304 Specific certification criteria for Complete EHRs or EHR Modules designed for an ambulatory setting.
170.306 Specific certification criteria for Complete EHRs or EHR Modules designed for an inpatient setting.

For more information on healthcare innovation and the HITECH / HIPAA Privacy and Security Rules go to The HIPAA Survival Guide website or sign up for Digital Business Law Group's free monthly compliance newsletter. Also check out a FREE EHR Checklist and a FREE Online Backup Checklist.

Healthcare: Innovation is the Real Disruptor!

Microsoft Buys Sentillion, The real "disruptor" in the healthcare industry is not the US government but rather the innovation that will be driven by some of America's most tech savvy companies. Microsoft, Google, IBM, Oracle, et. al, all want a piece of this multi-billion dollar market. These are proven players with war chests large enough to attack the market over the next few years, AND moreover, to provide solutions that actually deliver on the promise of interoperability, and other meaningful use measures.

Currently the vendor market appears to be in the middle of the tornado, but this storm will not only impact those players "looking for the money" but the target industry itself as well. In many ways the healthcare industry will be hit by the perfect storm, assaulted by many different forces at once. The ultimate fallout from the storm is completely unpredictable (as these things always are), but the fact that the storm is coming is a natural fact.

Somewhere in the middle of the perfect storm will remain the hurricane like force of privacy and security. There is simply no way that we can achieve the vision of the Health Internet without paying attention to these aspects of the storm.

Check out a FREE EHR Checklist. For more information on healthcare innovation and the HITECH / HIPAA Privacy and Security Rules go to The HIPAA Survival Guide website or sign up for Digital Business Law Group's free monthly compliance newsletter.