The Office of the
National Coordinator for Health
released the final
Test Method for
the 2014 Edition
of the electronic
are the test
data files that
testing laboratories and certification bodies will
use to evaluate
and functionality of EHRs and
against adopted standards,
criteria. The Test
a list of all meaningful use criteria
that an EHR must
links to each test
in 2014 Now
An industry survey has revealed significant ambivalence among hospital leaders about their ability to meet
newly issued requirements for Stage 2 of meaningful use.
The poll, conducted by I. T. consulting firm KPMG, shows that nearly half
( 47 percent) of hospital and health system business leaders are only “
somewhat confident” in their level of readiness to meet the requirements, which
became final in July. Thirty-six percent
said they were confident and just 4 percent said they were not confident at all.
Eleven percent said they didn’t know
what their level of readiness was.
Asked to identify the biggest challenge in complying with the standard,
29 percent cited training and change
management. This was followed by lack of monitoring
processes to help ensure sustained demonstration of
meaningful use, and capturing the relevant data electronically as part of clinical workflow ( 19 percent each); lack
of a dedicated meaningful use team ( 12 percent); and
vendor availability that has appropriate certified technology ( 6 percent).
“Attesting to meaningful use standards is an evolving
process,” said Mike Beaty, principal and KPMG Health-
care IT enablement leader. “It’s key for organizations to
have the right clinical workflows, care delivery processes
and the right support structures in place not just to meet
the standards but also to ensure a sustainable transfor-
mation of these critical systems.”
Leaders also said their organiza-
tions are being challenged to meet
standards on privacy and security
of patient information as prescribed
by both meaningful use Stage 2 and
HIPAA. Close to half ( 47 percent)
of respondents said they were only
somewhat comfortable with their or-
ganization’s ability to comply with all
parts of HIPAA, including new annual
risk assessments and protecting data
such as patient identifiable informa-
tion. An additional 8 percent said they
were not comfortable at all and 13 percent said they were
not sure. Thirty one percent said they were comfortable.
“Stage 2 specifically requires that the transmission
and exchange of patient data or information across the
enterprise be very solid and secure,” said Jerry Howell,
principal with KPMG Healthcare. “Stage 2 meaningful
use compliance will require an expanded focus on secure
transmission of data within, and outside the enterprise.”
The survey responses come from more than 140 hospital and health system administrators.
Health Execs Wobbly on Stage 2 MU
Readiness, HIPAA Compliance
The Department of Health and Human Services’ Office for Civil Rights for the first time is financially punishing an organization for a breach of protected health information that affected less than 500 individuals.
This is a new policy; OCR has previously limited issuance of hefty fines—and publicity of the fines—against
several organizations following a “major” breach that affected 500 or more individuals.
The Hospice of North Idaho in Hayden will pay a
$50,000 fine and has entered into a resolution agreement
and corrective action plan with OCR.
The hospice in February 2011 reported to OCR the theft
of a laptop computer in June 2010 containing PHI on 441
To uphold federal law, organizations must annually
notify OCR of breaches affecting less than 500 individuals, and must give notification of larger breaches within
60 days of discovery.
OCR notified the hospice in June 2011 that it was investigating the breach, and contends in the resolution agreement that the hospice did not adequately implement
sufficient protections to ensure security of electronic protected health information from the April 21, 2005, HIPAA
security rule compliance date until Jan. 17, 2012.
The Hospice of North Idaho in the agreement does not
admit liability, but does not contest the validity of obligations agreed to under the settlement and agrees to comply with a corrective action plan.
OCR Issues First Fine for Non-Major Breach