Is the HIPAA EMR/EHR Mandate Required by ALL Medical Providers?

Is the HIPAA EMR/EHR Mandate Required by ALL Medical Providers? Is the HIPAA EMR/EHR Mandate Required by ALL Medical Providers?
Recently, an interesting question was posed to me by a colleague regarding a so-called 'HIPAA EMR/EHR mandate' and whether all medical providers are required to comply, or only those providers that accept Medicare and/or Medicaid.

To the best of my knowledge, there is no such thing as a "HIPAA EMR/EHR mandate." This question seems to be conflating the HIPAA privacy, security, and breach notification requirements with the EHR Incentive Program. Under the Medicare EHR Incentive Program, providers are required to initiate participation by 2014 to avoid Medicare payment adjustments that begin in 2015. See here for a timeline - (excerpted below). Similarly, under the Medicaid Incentive Program, providers are required to initiate participation by 2016. There are no payment adjustments for providers who are only eligible for the Medicaid program.

Further, there is no mandate for medical providers to participate in the EHR Incentive Program. To the extent that a provider accepts Medicare, the provider can take the adjustment. A number of small medical providers have opted to take the adjustment because the EHR subsidy is not enough to cover the cost of EHR implementation. Alternatively, the provider can stop accepting Medicare and transition his or her practice to a cash-only, concierge style practice, or private insurance only practice.
How a provider is paid has no impact on whether a provider is subject to HIPAA compliance. All medical providers that transmit protected health information electronically are required to comply with HIPAA.

Posted by Tatiana Melnik May 5, 2014.

May 2024

Blog Home  

Newest Blog Entries
7/23/15 Hospital Settles with OCR for $ 218,400 Over Cloud-Based File Sharing

6/8/15 Two California Privacy Bills to Watch in 2015

3/28/15 When Looking at Security, Consider Every Device

3/9/15 Alabama Board of Optometry Makes Final a Rule on Telemedicine

1/25/15 Indiana Court of Appeals Upholds $1.44 Million Jury Verdict Against Walgreen Co. in a Privacy Breach Case; Denies Rehearing

12/9/14 Malware Leads to a $150,000 OCR Settlement with a Behavioral Health Provider

11/30/14 Can a Board of Medicine Use the State’s Prescription Drug Database in Investigating Physician Actions?

11/29/14 Under the Florida Telemedicine Rule, Can a Physical be Conducted by Telemedicine?

11/19/14 Wearables and the Challenge for Consumer Device Makers

10/28/14 A Few Telemedicine Resources

10/27/14 FCC: The Newest Regulator to Throw its Hat into the Data Privacy and Security Ring

Blog Archives
March 2014 (3)
October 2014 (2)
January 2014 (4)
May 2014 (6)
October 2013 (9)
September 2014 (1)
February 2014 (4)
December 2013 (5)
August 2014 (4)
December 2014 (1)
March 2015 (2)
January 2015 (1)
June 2014 (3)
November 2013 (3)
November 2014 (3)
July 2014 (1)
July 2015 (1)
April 2014 (6)
June 2015 (1)

Blog Labels
Healthcare Competition (1)
Big Data (3)
Meaningful Use (4)
Dental (1)
FAQ (6)
Data Breach (10)
Social Media (2)
Mobile Apps FDA (2)
Employment (1)
BYOD (2)
Privacy Litigation (3)
FCC (1)
Healthcare Fraud (1)
EHR (2)
Marketing (1)
Mobile Apps (2)
Identity Theft (1)
Telemedicine (7)
Privacy (4)
Financial Services (1)
Security (1)
Medical Marijuana (1)