Health Information Compliance Alert
OCR Nixes the 'Kill Switch'
PDF
Vendors can’t hold your patient data hostage.
It is not okay for EHR vendors to lock out providers from health records during payment disputes, says HHS’s Office of Civil Rights in recently published guidance.
A vendor that hits a “kill switch” embedded in its software is violating HIPAA provisions that govern protected health information (PHI), the OCR says.
If a covered entity and a business associate terminate an agreement, the business associate must return PHI to the covered entity. If the BA fails to do so, it has broken the law, OCR adds.
The OCR guidance aims to prevent vendors from blocking providers’ access to PHI, as was the case in a high-profile story involving a Maine clinic in 2014, Politico notes. The small clinic was locked out of its EHR system when it could no longer afford to pay its vendor’s fees, according to The Boston Globe (https://www.bostonglobe.com/news/nation/2014/09/21/electronic-health-records-vendor-compugroup-blocks-maine-practice-from-accessing-patient-data/6ILpMv78NARDsrdU5O0T9N/story.html).
Editor’s Note: To read the OCR guidance, go to http://www.hhs.gov/hipaa/for-professionals/faq/2074/may-a-business-associate-of-a-hipaa-covered-entity-block-or-terminate-access/index.html.
Health Information Compliance Alert
- Vendors:
Cutting the Deal: How to Negotiate with EHR Systems Vendors
Beware the ‘kill switch.’ Think you have what it takes to negotiate a contract that [...] - Ransomware:
When Ransomware Attacks, Here's What You Must Do
Does your breach represent a ‘low probability’ of compromised data? With more than 4,000 daily [...] - Ransomware 101:
A Quick-Start Guide
So there’s new guidance from HHS’s Office of Civil Rights about how to fight ransomware, [...] - Train Your Employees To Fight Ransomware
One of your best defenses against ransomware is an educated staff, points out new HHS’s [...] - Adverse Events:
EHR Is Often a Culprit in Patient-Identification Errors
A picture could be the key to preventing dangerous mistakes. Patient-identification errors are common — [...] - Vendors:
OCR Nixes the 'Kill Switch'
Vendors can’t hold your patient data hostage. It is not okay for EHR vendors to [...] - Clinical Documentation:
Prevent Copy-Paste Compliance Woes With Clinician Training
For best results, follow CMS’ best practices. When they complain about EHRs, clinicians almost always [...] - HIT:
Looking for Compliance Solutions? Look to the Cloud
Explore these unexpected benefits of abandoning your client-server EHR. You may have heard HIT experts [...] - EHR:
8 Tips for Successfully Adopting a New EHR
For best results, provide follow up training sessions. Looking to switch out your EHR? If [...]