HHS grants conditional approval to 7 more state-based exchanges   01/03/2013
The Department of Health and Human Services today granted seven more states conditional approval to operate health insurance exchanges beginning in 2014: California, Hawaii, Idaho, Nevada, New Mexico, Vermont and Utah. The agency also issued additional guidance on the partnership exchange model, which allows states to assume primary responsibility for certain functions of a federally-facilitated exchange permanently or as they work towards running a state-based exchange. To date, HHS has granted 19 states and the District of Columbia conditional approval to partially or fully run exchanges. States opting for a partnership exchange must submit a blueprint by Feb. 15. According to the new guidance, states wishing to transition from a partnership exchange to a state-based exchange for plan year 2015 should submit a declaration letter and blueprint application to HHS by Nov. 18, 2013.
HHS delays enforcement for HIPAA standards operating rules   01/03/2013
The Centers for Medicare & Medicaid Services' Office of E-Health Standards and Services will not enforce until April the first two operating rules for Health Insurance Portability and Accountability Act (HIPAA) transaction standards, the agency announced yesterday. Operating rules are intended to make the application of the HIPAA standards more consistent and efficient. The operating rules for the HIPAA standards for health plan eligibility and health care claim status took effect Jan. 1 for health plans, health care clearinghouses and certain health care providers. "Industry feedback suggests that HIPAA covered entities have not reached a threshold whereby a majority of covered entities would be able to be in compliance with the operating rules by Jan. 1, 2013," CMS said. While enforcement action will not be taken before April, OESS will accept complaints associated with compliance. "If requested by OESS, covered entities that are the subject of complaints…must produce evidence of either compliance or a good faith effort to become compliant with the operating rules during the 90-day period," the agency said. The Patient Protection and Affordable Care Act's administrative simplification provisions require the Department of Health and Human Services to adopt a single set of operating rules for each HIPAA transaction standard to improve its utility and reduce administrative costs.
ACHE names new president/CEO   01/03/2013
The American College of Healthcare Executives has named as its new president and CEO effective May 13 Deborah Bowen, who currently serves as the professional society's executive vice president and chief operating officer. Bowen joined ACHE as director of government relations in 1992 and served as vice president of its administration division between 1994 and 2000, when she left to become deputy executive director of the Society of Actuaries. She has held board leadership roles for the Institute for Diversity in Healthcare Management, Commission on Accreditation of Healthcare Management Education, and Association Forum of Chicagoland, and is a Baldrige Executive Fellow. "Deborah is a terrific choice to lead ACHE," said AHA President and CEO Rich Umbdenstock. "She has always been clear in her commitments to professional development, to diversity in health care leadership and to the transformation of the health care sector." Bowen succeeds Thomas Dolan, who will retire after 22 years at the organization's helm.
HHS announces HIPAA breach settlement with hospice   01/03/2013
Hospice of North Idaho has agreed to pay the U.S. Department of Health and Human Services $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act security rule, the agency announced yesterday. The agreement is the first involving a breach of unprotected electronic protected health information affecting fewer than 500 people. HONI reported to HHS that an unencrypted laptop computer containing electronic protected health information for 441 patients had been stolen in June 2010. According to the HHS Office for Civil Rights, the hospice had not conducted a risk analysis to safeguard electronic protected health information, and did not have in place policies or procedures to address mobile device security as required by the HIPAA security rule. The agency said the hospice has taken extensive additional steps to improve its HIPAA privacy and security compliance program since the theft. HHS recently launched www.HealthIT.gov/mobiledevices, a website offering information to help health care providers protect and secure health information when using mobile devices.