Thursday, December 13, 2012

9 Elements of Consent are the same across 42 CFR Part II and 38 CFR Part I

Bottom Line: Similar Consent Forms for 42 CFR Part II and 38 CFR Part I

One aspect of the Data Segmentation for Privacy (DS4P) is the patient consent for a provider to "share all" or "part" of their medical information with another provider.  This consent is required for situations where: 1) the patient is being treated by a federal funded substance abuse provider, or 2) is receiving treatment as a veteran.  While there are two separate regulations governing the privacy: 42 CFR Part II for Substance Abuse Patients, and 38 CFR Part I for patients that are veterans... the 9 data elements required are effectively identical.

In the table below, you will find the 9 data elements identified by the DS4P use cases that require patient consent.  Furthermore, you will find that they are equally represented in both regulations.

#
Data Element
Definition
42 CFR Part 2
38 CFR Part 1
1
Requester Name
The name or title of the individual or the name of the organization to which disclosure is to be made.
X
X
2
Allowed Purpose(s)
The purpose of the disclosure.
X
X
3
Information to be disclosed  (i.e. Patient Data)
How much and what kind of information is to be disclosed.
“The response to the Query for Patient Data Location transaction MUST contain only elements that the receiving system user has the appropriate permissions to access.”
X
X
4
Consent Directive Effective Date/Time
The date on which the consent is signed.
X
X
5
Consent Directive Expiration Date/Time
The date, event, or condition upon which the consent will expire if not revoked before. This date, event, or condition must insure that the consent will last no longer than reasonably necessary to serve the purpose for which it is given.
X
X
6
Obligation Text
A statement that the consent is subject to revocation at any time except to the extent that the program or person which is to make the disclosure has already acted in reliance on it. Acting in reliance includes the provision of treatment services in reliance on a valid consent to disclose information to a third party payer.
X
X
7
Patient/Subject
The name of the patient.
X
X
8
Signature
The signature of the patient and, when required for a patient who is a minor, the signature of a person authorized to give consent under § 2.14; or, when required for a patient who is incompetent or deceased, the signature of a person authorized to sign under § 2.15 in lieu of the patient.
X
X
9
Consent Originator Organization

The specific name or general designation of the program or person permitted to make the disclosure.
X
X



For those with interest in reading the regulation for yourselves you can either read below or click on the hyperlinks and read directly from the code or federal regulations.


38 CFR Part I

§ 1.475   Form of written consent.

(a) Required elements. A written consent to a disclosure under §§ 1.460 through 1.499 of this part must include:
(1) The name of the facility permitted to make the disclosure (such a designation does not preclude the release of records from other VA health care facilities unless a restriction is stated on the consent).
(2) The name or title of the individual or the name of the organization to which disclosure is to be made.
(3) The name of the patient.
(4) The purpose of the disclosure.
(5) How much and what kind of information is to be disclosed.
(6) The signature of the patient and, when required for a patient who is a minor, the signature of a person authorized to give consent under § 1.464 of this part; or, when required for a patient who is incompetent or deceased, the signature of a person authorized to sign under § 1.465 of this part in lieu of the patient.
(7) The date on which the consent is signed.
(8) A statement that the consent is subject to revocation at any time except to the extent that the facility which is to make the disclosure has already acted in reliance on it. Acting in reliance includes the provision of treatment services in reliance on a valid consent to disclose information to a third party payer.
(9) The date, event, or condition upon which the consent will expire if not revoked before. This date, event, or condition must ensure that the consent will last no longer than reasonably necessary to serve the purpose for which it is given.
(b) Expired, deficient, or false consent. A disclosure may not be made on the basis of a consent which:
(1) Has expired;
(2) On its face substantially fails to conform to any of the requirements set forth in paragraph (a) of this section;
(3) Is known to have been revoked; or
(4) Is known, or through a reasonable effort could be known, by responsible personnel of VA to be materially false.
(c) Notification of deficient consent. Other than the patient, no person or entity may be advised that a special consent is required in order to disclose information relating to an individual participating in a drug abuse, alcoholism or alcohol abuse, HIV, or sickle cell anemia program or activity. Where a person or entity presents VA with an insufficient written consent for information protected by 38 U.S.C. 7332, VA must, in the process of obtaining a legally sufficient consent, correspond only with the patient whose records are involved, or the legal guardian of an incompetent patient or next of kin of a deceased patient, and not with any other person.
(d) It is not necessary to use any particular form to establish a consent referred to in paragraph (a) of this section, however, VA Form 10-5345, titled Request for and Consent to Release of Medical Records Protected by 38 U.S.C. 7332, may be used for such purpose.
(Authority: 38 U.S.C. 7332(a)(2) and (b)(1))

42 CFR Part II
§ 2.31   Form of written consent.
(a) Required elements. A written consent to a disclosure under these regulations must include:
(1) The specific name or general designation of the program or person permitted to make the disclosure.
(2) The name or title of the individual or the name of the organization to which disclosure is to be made.
(3) The name of the patient.
(4) The purpose of the disclosure.
(5) How much and what kind of information is to be disclosed.
(6) The signature of the patient and, when required for a patient who is a minor, the signature of a person authorized to give consent under § 2.14; or, when required for a patient who is incompetent or deceased, the signature of a person authorized to sign under § 2.15 in lieu of the patient.
(7) The date on which the consent is signed.
(8) A statement that the consent is subject to revocation at any time except to the extent that the program or person which is to make the disclosure has already acted in reliance on it. Acting in reliance includes the provision of treatment services in reliance on a valid consent to disclose information to a third party payer.
(9) The date, event, or condition upon which the consent will expire if not revoked before. This date, event, or condition must insure that the consent will last no longer than reasonably necessary to serve the purpose for which it is given.
(b) Sample consent form. The following form complies with paragraph (a) of this section, but other elements may be added.
1. I (name of patient)  Request  Authorize:
2. (name or general designation of program which is to make the disclosure)
3. To disclose: (kind and amount of information to be disclosed)
4. To: (name or title of the person or organization to which disclosure is to be made)
5. For (purpose of the disclosure)
6. Date (on which this consent is signed)
7. Signature of patient
8. Signature of parent or guardian (where required)
9. Signature of person authorized to sign in lieu of the patient (where required)
10. This consent is subject to revocation at any time except to the extent that the program which is to make the disclosure has already taken action in reliance on it. If not previously revoked, this consent will terminate upon: (specific date, event, or condition)
(c) Expired, deficient, or false consent. A disclosure may not be made on the basis of a consent which:
(1) Has expired;
(2) On its face substantially fails to conform to any of the requirements set forth in paragraph (a) of this section;
(3) Is known to have been revoked; or
(4) Is known, or through a reasonable effort could be known, by the person holding the records to be materially false.
(Approved by the Office of Management and Budget under control number 0930-0099)

Posted by at No comments:

Friday, November 2, 2012

eSignature Analysis


Good Recent Resources


Research

o   Hawaii has adopted UETA for its state law (this is good)
§  http://www.capitol.hawaii.gov/hrscurrent/vol11_Ch0476-0490/hrs0489e/HRS_0489E-.htm
o   Best Source (http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_045546.hcsp?dDocName=bok1_045546)
o   Guidance that a customer used for their 2005  eSignature implementation
§  How eSignature should be captured
·         The “electronic impulse” that indicates consent (21 CFR Part11) needs to be
o   unique to individual (21 CFR Part11)
o   exclusive control of individual (21 CFR Part11)
o   in view of entire contract (scroll bars were strongly advised against)
§  How eSignature should be stored
·         “electronic impulse” that indicates consent (21 CFR Part11)
Pontification Alert:  Many opinions could be discussed on this, but ultimately the opinion of the attorney  or corporate counsel potentially defending the repudiation challenge is the one that counts.
·         Reproducible view of what signor saw when they “eSigned”
***A copy of what the signor saw is preferable
·         Name of the Signer
·         Date and time of signature
·         Tamper evident hash
o   Considerations
§  Not every “electronic impulse” that indicates consent (21 CFR Part11) is equally “unique” to an individual or practical. 
Posted by at 1 comment:

Friday, August 10, 2012

84 Percent of MU Certified Products are not used for Incentive Funds

Bottom Line: 84 Percent of MU Certified Products are not used for Incentive Funds

Findings

  • CMS published the number of providers and their MU Certified Products 
  • ONC Published List of  Meaningful Use Certified products are listed 

Analysis
  • 532 different products has been used in the 77,625 MU Attestations
  • 3,372 different Meaningful Use Certified products are listed on the Certified Health IT Product List
    • 2,535 Ambulatory
    • 837 Inpatient
  • The top two products for MU Certification are
    • EpicCare Ambulatory - Core EMR
      • 15,999 MU Attestations,  20.61% of all attestations
    • eClinicalWorks
      • 6,080  MU Attestations, 7.83% of all attestations
  • Majority of Products (84%) are used for something other than Meaningful Use Incentive Payments
  • 84% of products have adopted MU Capabilities regardless of receiving incentive funds.  

Preliminary Conclusions

  • Only 16% of products required incentive funds in order to adopt ONC Recommend Health IT Standards
  • The majority of products in the Health IT market place were influenced by ONC without receiving incentive funding




Works Cited

Department of Health and Human Services. (2012, 01 24). CMS Medicare and Medicaid EHR Incentive Program, electronic health record products used for attestation. Retrieved 08 10, 2012, from Health Data.gov: http://www.data.gov/communities/node/81/data_tools/6375#
Office of National Coordinator. (n.d.). Certified Healh IT Product List. Retrieved 08 10, 2012, from http://oncchpl.force.com/ehrcert/EHRProductSearch
Posted by at No comments:
Labels:

Monday, June 25, 2012

Three simple steps to make an EIN for Technical Consulting

Go to this website: https://www.federal-ein-application.com and follow these steps

Three simple steps to make an EIN
Step 1) Click the top button "Sole Proprietor or Individual"
Step 2) Fill in your information (name, ssn, business name, where you live) & click next
Step 3) Fill in information on why you need an EIN and what you do
Reason: "Started New Business/Personal Use"
Primary Activity: Other
Product/Services Offered: Information Technology Consulting
Date Business Started: Today's Date

****************************************************************************************************
A couple common questions about being a Corp-Corp

What is the big difference between being a W2 and a 1099 (aka Corp-Corp)?
You get money quicker as an employee.  As a "corp" you only get paid after you invoice (typically it take 60 days until you receive your 1st check).  As an employee you get your 1st check two weeks after you start.  


What things do I need to do as a "Company" instead of as an "Employee"?
In a W-2 you receive a salary, but in a Corp-Corp contract you receive payment.  Even though all money is green, getting money as a "payment" is different in 3 ways.
  1. Payment Terms
  2. Invoicing
  3. Quarterly taxes to the State and Federal Government

What are "Payment Terms"?
This is the part of the contract that define when you can invoice and how long you have to wait for your invoice to be paid.  Usually the payment terms are "Net 30 - Invoice Monthly".  This means you invoice your customer at the end of the month and the customer has 30 days to pay the invoice.  

How do I do invoicing?
USE ZOHO!  Your customer will tell you what they want to see in their invoice.  Cloud-based service (like zoho) can make invoicing a simple task and will save you hours with your accountant.  For tax purposes, I highly recommend having a customer's EIN in the invoice.

What does making an EIN do?  Does this have any Legal Implication?
The EIN is an identification number that you can use instead of your SSN.  Your legal/tax status has not changes because you have an EIN.  You just have another way of identifying yourself on: Taxes, Employment Contracts, Articles of Organization (for making an LLC), ets.


If EIN doesn't make me an LLC, why do I need it to do corp-corp contracts?
No, you are still just you... but this EIN let's you do the following
  1. Contract with vendors that require an EIN for their "Corp to Corp" contracts
  2. Fill out the one-pager "Articles of Organization" to become an LLC in your state
Posted by at No comments:

Thursday, June 7, 2012

Can Patient Discovery be practical for 42 CFR Part II Programs?

Does patient consent for a substance abuse provider to disclose their identity to another provider on a Health Information Exchange (HIE) also authorize subsequent disclosures to other providers on that HIE within 200 Miles?


I recently re-read the 42 Code of Federal Regulations (CFR) Part II for the purposes of building a Health Information Exchange (HIE) rules engine.  I found a section of this regulation that has particular relevance to a maintenance treatment program HIE seeking to conduct a "Patient Discovery".

Section 2.34 and the Central Registry exception for maintenance treatment programs
A substance abuse program that has received patient consent to disclose their identity to the central registry and thereby any/all programs associated with that central registry provided that the following conditions are met.
  1. Geography: The programs are within 200 miles of each other
    (programs in different states must also be within 125 miles of the central repository)
  2. Purpose: The purpose of the request and disclosure is to avoid patient enrollment in more than one maintenance treatment program (such as a narcotic dispensing program to treat morphine-like drugs)
  3. Event:
    • Patient Acceptance into treatment
    • Type/Dosage of Drug changed
    • Treatment of patient is interrupted, resumed, or terminated
  4. Patient consent: For HIE Repository to disclose identity    
  5. Patient Information limited to:
    • Patient Identifying Information
    • Medication 
    • "Relevant Dates"
Bottom Line:  Traditional "Patient Discovery" of substance abuse patients can be practical on HIEs with a 200 mile radius of providers.

References: 

Posted by at No comments:
Labels: , , , ,
Subscribe to: Comments (Atom)