Online Safety Community

Complementing MACRA and MIPS with HIPAA brings about better patient engagement

The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) is a federal Act that regulates the manner in which physicians have to be paid when they treat patients who come to them under Medicare. It modifies and supersedes the earlier legislation on this topic, namely the Balanced Budget Act, which was in force from 1997. 

From the time the Balanced Budget Act linked physician payments to budget cuts and economic growth; it has reduced physician payments by over a fifth. In contrast, MACRA introduces Merit based Incentive Payment System (MIPS) and Advanced Alternative Payment Models (APM's), which are “pay-for-performance” programs and are independent of the macroeconomic factors, upon which the earlier physician payments system was based.

Bringing about patient engagement is the basic purpose of MACRA

MACRA brings about patient engagement in a big way. This is one of the quintessential features of this legislation. MACRA uses advancing technologies to foster patient engagement tools that have become so essential a feature of the smart devices that the healthcare sector uses. Certified Electronic Health Record Technology (CEHRT) has enabled features such as availability of secure patient portals and encrypted text message and email products.

Because of this, patient engagement tools sent electronically by regular (unencrypted) email and text messaging include features such as appointment reminders, healthcare instructions, patient satisfaction surveys, and health and wellness newsletters and recall reminders. Since these are part of the regular use of technology in healthcare; HIPAA has enacted rules by which Protected Health Information (PHI) can be sent by unencrypted electronic transmission. This explains the clear and strong link between MACRA, MIPS and HIPAA.

The first set of HIPAA rules came into effect when the HIPAA Omnibus Rule was passed in September 2013. Guidances from the U. S. Department of Health and Human Services in 2014 and 2016 followed these rules.

Pervasive violations

Despite the good intentions with which these HIPAA Rules and guidances have been enacted; Providers and Covered Entities, and their Business Associates have been violating the HIPAA Rules for communicating with patients by unencrypted email and text message. Lack of knowledge of the rules among them is attributed as the main reason for this. It is noticed that most providers and Covered Entities and Business Associates have very little knowledge of what a PHI as defined by HIPAA really is.

The antidote to this problem is provided by HIPAA itself, in the form of HIPAA Rules and HHS/OCR guidance. This guidance provides a simple and easy-to-use, three-step Safe Harbor for using unencrypted email and text messaging to engage patients. The highlight of this three-step HIPAA Safe Harbor is that it precludes Covered Entities and Business Associates from any responsibility or liability for unauthorized access to Protected Health Information (PHI) in unencrypted emails and text messages during transmission and after receipt by the patient.

Clear learning about the three-step Safe Harbor

Understanding what this Safe Harbor is, and knowing how to apply it is very important for Covered Entities, Business Associates and providers. It is the only real means for them to stay compliant with the requirements set out in HIPAA and avoid causing violations to the HIPAA rules on communicating with patients by unencrypted email and text message.

This is the learning a webinar from MentorHealth, a leading provider of professional trainings for the healthcare industry, will be offering. The speaker at this session is Paul R. Hales, an expert on HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis and the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and Business Associates. Please register for this webinar.

Putting the HIPAA Safe Harbor in proper perspective

An explanation of the three-step HIPAA Safe Harbor is the core of this learning session. Paul will break down the steps, which is the basis to making the process easy to follow.

He will cover the following areas in this this webinar for HIPAA Covered Entities and Business Associates:

  • MACRA-MIPS - Patient Engagement - the Required Objective: Protecting Patient Health Information and Measure: HIPAA Risk Analysis
  • A clear explanation of the simple 3 Step HIPAA Safe Harbor that protects Covered Entities (and Business Associates acting on their behalf) from liability related to Patient Engagement by unencrypted email and text messaging
  • HIPAA Law that covers unencrypted email and text messages - What emails and text messages are subject to HIPAA Law
  • What Protected Health Information (PHI) really is - according to HIPAA - a clear explanation of how HIPAA defines PHI - it's not just information about, for example, a diagnosis, disease, surgery or prescribed treatment
  • How a 2015 Federal Communications Commission Order about health care text messages added to confusion and what it really means - the 3 Step HIPAA Safe Harbor is the only text message Safe Harbor for Covered Entities and Business Associates
  • The absolute ban on unencrypted text messaging of PHI by Joint Commission in collaboration with the Centers for Medicare & Medicaid Services (CMS)
  • The interconnected liability of Covered Entities and Business Associates that provide unencrypted electronic patient engagement services like appointment reminders - and how both can protect themselves
  • Responsibility - and liability of Senior Management and Boards of Trustees.

Views: 10


You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

Roger Steven posted a blog post

Differences between Device and Drug Clinical Research

Medical devices and drugs clinical research have their differences in approach and methodology. It is necessary to have a clear understanding of these differences if one embarks upon a study involving either or both of these.Some of the major differences between device and drug clinical research include:Requirement for a study:One of the important differences between device and drug clinical research relates to the…See More
7 hours ago
Adam Fleaming posted a blog post

Philippine anti-drug agency chief vows 'rule of law'

The new chief of the Philippines’ anti-drug agency has promised a fresh approach to the controversial war on drugs, “based on the rule of law”.Aaron Aquino said that since he took over in August, only one suspect had been killed in 1,341 operations.Thousands have died in the anti-drug campaign since it was launched by President Rodrigo Duterte in 2016.Rights groups say Mr Duterte has sanctioned extrajudicial killings by vigilantes and by police.…See More
8 hours ago
John Robinson posted blog posts
8 hours ago
Training Doyens updated an event

How to Prepare and Survive an OSHA Audit at 26468 E Walker Dr, Aurora, Colorado 80016-6104

January 23, 2018 from 1pm to 2pm
OVERVIEWRegulatory Compliance Audits can be taxing and worrisome for anyone.  Having an OSHA Audit open an organization up to receiving regulatory citations, monetary fines, negative company press, etc.  The purpose of this OSHA compliance training is to cover the key concepts of how to successfully navigate through an OSHA Audit.  Being prepared ahead of time and knowing the right protocols can help turn a negative situation of being involved in a compliance audit into a positive one.WHY…See More
11 hours ago


Occupational Health and Safety 5 Replies

Health and safety are important aspects of an organisation’s smooth and effective functioning.  Did you know that workplace health & safety injuries cost Australian businesses over $60 billion…Continue

Tags: Safety, and, Health, Occupational

Started by WHS Solutions. Last reply by Tara safe Nov 16.

QlikView for its Safety Strategic Business Intelligence Solution Worldwide

QlikTech (NASDAQ:QLIK), a leading…Continue

Tags: Qlikview, safety

Started by nicolewells Nov 15.

What's your favorite motivational/safety quote? 102 Replies

Favorite Motivational Quote: If you want something, you'll find a way - If not, you'll find an excuse.Favorite Safety Quote: Don't learn safety by accident!Continue

Started by Michelle Sears. Last reply by David Collins Nov 14.

Business Intelligence with Big Data happens at Unipê

the college center of João Pessoa will preserve the 1st assembly at big records, geared toward professionals inside the regions of administration, economics, public control and facts technologies.…Continue

Tags: qliksensetraining, qliksenseonline, qliksense

Started by Soujanya Naganuri Nov 1.

Road Safety Solutions 13 Replies

The Road Safety Signs ,Barriers,Humps,Hazard Markers and Visual Warnings are some of the important marks to be observed. Signs such as "keep left",stop, "give way" should not be casually treated.…Continue

Tags: safety, gear, wear, Equipment, &

Started by Enna Henry. Last reply by Barry Oct 26.



© 2017   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service