- 2009 Electronic Prescribing Incentive Program
The bonus payment available to successful e-prescribers for 2009-2010 reporting is 2%.
- January 16, 2009 HIPAA 5010 Electronic Standards
Final Rule published requiring HIPAA 5010 Electronic Standard adoption by January 1, 2012.
- January 16, 2009 ICD-10-CM
Final Rule published requiring ICD-10-CM implementation by January 1, 2013.
- February 17, 2009 HITECH Act
President Obama signed ARRA's HITECH provisions.
- March 2009 HIPAA 5010 Electronic Standards
Effective Date of the HIPAA 5010 Electroncic Standard regulation.
HHS permits dual use of existing standards (4010A1 and 5.1) and the new standards (5010 and D.0) from the March 17, 2009, effective date until the January 1, 2012 compliance date to facilitate testing subject to trading partner agreement.
- June 1 , 2009 FTC Breach Notification Guidance
FTC Breach Notification Guidance Comments Due.
- June 16, 2009 Meaningful Use
Draft Meaningful Use Definition - ONC staff identified a subset of providers eligible for incentive payments who were likely to have different needs of their EHRs than primary care providers (e.g., specialists and non-physician providers). ONC convened brief calls with representatives from these provider groups to promote a better understanding of how EHRs and meaningful use would impact their work.
- August 3, 2009 HIPAA
HHS Delegates Authority for the HIPAA Security Rule to Office for Civil Rights (OCR). CMS retains its enforcement authority for these other HIPAA rules.
- August 14, 2009 Certification
The Health IT Policy Committee on Aug. 14 approved recommendations to the federal government on establishing a new process for certifying electronic health records. Federal certification means that a system is able to achieve the minimum government requirements for security, privacy and interoperability, and that the system is able to qualify the user for bonuses under meaningful use standards. Currently, the Certification Commission for Health Information Technology is the only certifying body recognized by the federal government. But a policy committee work group noted that "considerable confusion" exists about the certification process used by CCHIT, so the panel recommends expanding the number of approved certifying bodies.
- August 18, 2009 HIPAA
Major regulations surrounding breach notifications on PHRs by the Department of Health and Human Services are due.
- August 18, 2009 FTC Breach Notification Guidance
Major regulations surrounding breach notifications on PHRs by the Federal Trade Commission and unsecure PHI by the Department of Health and Human Services are due.
- September 2009 HIPAA 5010 Electronic Standards
The Data Interchange Standards Association has launched an online testing and certification service for providers, payers and vendors migrating to the HIPAA 5010 standards for electronic claims and related transactions. The latest version of the HIPAA standard transactions, 5010 accommodates the new ICD-10 diagnosis and procedure codes, among other changes.
- September 23, 2009 HIPAA
The HIPAA Breach Notification Rule largely follows the HITECH Act, Section 13402, with several important clarifications and modifications. It also provides additional guidance on the technologies and methodologies that render protected health information (PHI) unusable, unreadable, or indecipherable to unauthorized individuals, and therefore not considered "unsecured PHI" subject to the breach notification provisions.
Contained in the document are the following:
- Develop and document policies and procedures for responding to a breach of PHI
- Train workforce members on how to respond to a HIPAA security breach
- Have sanctions procedures in place for workforce members who fail to comply with these policies and procedures
- Permit individuals to file complaints regarding these policies and procedures or a failure to comply with them
The new law becomes effective September 23, 2009. Implementing new policies and procedures and conducting workforce training now will prepare an entity subject to these regulations to comply with the law in the event of a breach, and will eliminate the possibility of failing to timely meet the notification requirements and assist the entity in mitigating the damaging effect of a breach. HHS can impose civil penalties up to $1.5 million per violation per year for non-compliance with these new laws. Do not delay in implementing a program to comply with these new requirements.
- September 30, 2009 OSHA
OSHA's Proposed Rule on Hazard Communication Released
The Hazard Communication Standard's (HCS) main purpose is to reduce chemical source illness and injuries. Since the HCS was developed in 1983, chemical injury and illness have decreased 42%, however, there is still a need for information and protection from chronic effects of chemicals. On September 30, 2009, OSHA released a proposed rule to revise the HCS to align with the Globally Harmonized System of Classification and Labelling of Chemicals (GHS). The GHS is a common logical approach to define and classify hazards and communicate information on labels and safety sheets and provides the infrastructure for the establishment of comprehensive national chemical safety programs. There are several benefits to adopting the GHS standards, such as, they: (1) enhance the protection of humans and environment; (2)better facilitate international trade of chemicals (3) reduce the need for duplicate testing and evaluation; and (4) assist countries and international organizations in the management of chemicals.
- October 7, 2009 Certification
The Certification Commission for Health Information Technology (CCHIT) will launch its new certification programs on October 7. In addition to an updated comprehensive electronic health record (EHR) certification program, called CCHIT Certified® 2011, the organization will offer a modular certification program called Preliminary ARRA 2011 that is limited to the standards for qualifying EHR technology under the American Recovery and Reinvestment Act (ARRA).
CCHIT will offer three paths to certification to bring wider availability of EHR technologies, stimulate innovation, and address the needs of providers and hospitals at varying stages of technology adoption readiness. They are:
CCHIT Certified: A rigorous certification for comprehensive EHR systems that enable providers to meet all meaningful use objectives. Products must significantly exceed minimum Federal standards requirements, are rated for usability, and are verified to be in successful use at multiple sites. This program addresses the needs of providers and hospitals who want maximal assurance of EHR capabilities and compliance.
Federal Minimum: A modular certification program for applications that address one or more of the meaningful use objectives. Products must meet minimum Federal standards requirements. This program allows providers and hospitals to combine technologies from multiple certified sources.
Site: A simplified, low cost certification for sites or organizations. Technology must meet minimum Federal standards requirements. This program allows providers and hospitals who develop or assemble EHR technologies themselves to qualify for ARRA incentives, offering an open door to encourage continued innovation.
- December 2009 Meaningful Use
National Coordinator for Health IT David Blumenthal said a preliminary definition for "meaningful use" of electronic health records will be released by the end of 2009, followed by a 60-day comment period.
- December 2009 Certification
Interim final rule expected for Standards and Certification Criteria.
- 2009-2010 PQRI
The bonus payment for PQRI is capped at 2% of an individual's total allowed Medicare charges for the reporting period, up from 1.5% for 2007 and 2008.
- 2010 Electronic Prescribing Incentive Program
The bonus payment available to successful e-prescribers for 2009-2010 reporting is 2%.
- 2010 Meaningful Use
Final definition expected to be issued in mid- to late spring 2010
- January 1, 2010 Recovery Audit Contractor
Deadline for RAC program to be expanded to all 50 states
- February 12, 2010
EHR Certification criteria interim final rule to take effect.
- February 22, 2010 HIPAA
HHS Breach Notification Requirements enforced
- February 22, 2010 Breach Notification Guidance
FTC Breach Notification Requirements enforced
- March 10, 2010
Deadline for dentists who are covered under HIPAA to notify the department of any breaches of unsecured protected health information between Sept. 23, 2009 -- when the Breach Notification Rule went into effect -- and Dec. 31, 2009.
- March 15, 2010 Meaningful Use/Standards
Comments due for proposed rulemaking on Meaningful Use and Interim final rule on EHR certification criteria.
- April 1, 2010 HIPAA 5010 Electronic Standards
The CMS Medicare Fee-for-Service schedule is:
Level I - April 1, 2010 through December 31, 2010
- June 2010
CMS expected to have meaningful use rule in place.
- June 1, 2010 Red Flags Rule
The Federal Trade Commission (FTC) is delaying enforcement of the "Red Flags" Rule, again, until June 1, 2010, for financial institutions and creditors subject to enforcement.
- August 2010 HIPAA
HHS will publish 14 modifications to HIPAA guidance and regulations which will expand protections of electronically transmitted patient health information. Each of the rules will take effect 30 days after issuance. They include regulations and/or guidance about:
- added accounting responsibilities for disclosures under the HIPAA Privacy Rule;
- extending certain HIPAA Security Rule provisions to business associates;
- modifying the HIPAA Privacy Rule's accounting of disclosure provisions;
- tighter restrictions on the disclosure of PHI for marketing and fundraising;
- detailed technical safeguards for security;
- providing electronic health records to patients who request access.
- December 31, 2010 HIPAA 5010 Electronic Standards
Required Level I compliance with HIPAA 5010 Standard
Level I compliance means "that a covered entity can demonstrably create and receive compliant transactions, resulting from the compliance of all design/build activities and internal testing."
- 2011 Electronic Prescribing Incentive Program
The bonus payment available to successful e-prescribers for 2011-2012 reporting is 1% with a simultaneous 1% payment reduction for those unsuccessful.
- 2011 Meaningful Use
Beginning in 2011, physicians who demonstrate "meaningful use" of electronic health records could qualify for up to $44,000 in Medicare incentive payments by implementing Stage 1 Meaningful Use requirements.
Meaningful Use Objectives Goal is to electronically capture in coded format and to report health information and to use that information to track key clinical conditions
- 2011 Certification
Meaningful use draft call for providers to comply with federal and state medical data privacy laws and for data sharing to comply with the Office of the National Coordinator's National Privacy and Security Framework.
Beginning in 2011, physicians who demonstrate "meaningful use" of electronic health records could qualify for up to $44,000 in Medicare incentive payments.
- October 1, 2011 Meaningful Use
Due to the 90-day reporting requirements of the Stage 1 criteria for the first year reporting, this is the last day you can begin reporting to qualify for incentives in 2011.
- December 31, 2011 HIPAA 5010 Electronic Standards
Required Level II compliance with HIPAA 5010 Standard
Level II compliance means "that a covered entity has completed end-to-end testing with each of its trading partners, and is able to operate in production mode with the new versions of the standards."