Health Information Compliance Alert

Health Information News FRAUD FIGHTING BUDGET INCREASES THIS YEAR

The HHS Office for Civil Rights nets a  cool $34 million in a proposed budget from the  Bush administration, but what amount will be used  on privacy rule enforcement isn’t known. 

The Health Insurance Portability and Accountability  Act mandated steady increases in funding  through 2003 — earmarked to the Health Care  Fraud and Abuse Control Account — for enforcement agencies that take aim at Medicare and Medicaid fraud.

While some observers wondered whether funds for the HCFAC would begin to taper off once the HIPAA mandate expired, the administration’s budget keeps spending for 2004 in line with anticipated expenditures for 2003.

Under the proposed fiscal 2004 Health and Human Services budget, the Centers for Medicare & Medicaid Services would receive $10 million to begin activities related to enforcement of HIPAA’s  transactions and code sets, security, and identifier rules, as well as the promulgation of a HIPAA enforcement rule. The budget would include $34 million in total spending for the Office for Civil Rights, the agency charged with enforce the privacy rule, though the amount appropriated for privacy rule enforcement was not disclosed.

To see the budget estimates, go to http://www.hhs.gov/budget/04budget/fy2004bib.pdf.

  • HMO giant Kaiser Permanente announced Feb. 4 a three-year plan to put the patient records of 8.5 million of its members online.

Kaiser called the plan the “largest ever transition to a paperless   medical record system.” The plan would cost approximately $1.8 billion to revise its Automated Medical Records platform; it will use a “next-generation system” from Madison, WI-based Epic Systems Corporation, Kaiser announced.

The goal is to provide physicians and other  health care staff with proper authorization instant access to patients’ medical records, as well as to give patients the ability to schedule appointments, request scrip refills and ask for referrals.

Kaiser said it was aware of the risks to  patient privacy, but said the system will comply  with the Health Insurance Portability and Accountability  Act’s privacy and security rules. The HMO  claims patient records would not be accessible to outside researchers or employers, and that the system protects against hacker attacks by employing appropriate security checks and audits.

“We are committed to protecting our patients’ privacy and fully complying with government privacy provisions. That is why we selected a system with state-of-the-art security, with many levels of password  protection,” said Permanente Federation executive director Francis Crosson.