HHS: Big Projects in Uncertain Times

Insurance Exchanges, HITECH Stage 2 Start
HHS: Big Projects in Uncertain Times

Despite a partial government shutdown, the Department of Health and Human Services has launched two initiatives that have significant privacy and security components.

See Also: OnDemand | Making the Connection Between Cybersecurity and Patient Care

On Oct. 1, state health insurance exchanges - a key element of healthcare reform - launched their online marketplaces for consumer open enrollment. HHS officials recently announced that a federal data hub that will serve as a critical conduit for sensitive information needed by the exchanges completed security testing.

Also on Oct. 1, Stage 2 of the HITECH Act financial incentive program for electronic health records began for eligible hospitals. The program starts for clinicians in January. Among the Stage 2 security requirements: Hospitals and physicians are required to use EHR software that automatically encrypts records if they're stored on an end-user device.

Funding Challenges

Meanwhile, the Republican-controlled House approved on Sept. 30 legislation to keep the government funded that included a provision to delay by one year implementation of the Affordable Care Act, better known as Obamacare, which the Democratic-led Senate rejected, resulting in the partial government shutdown that began midnight Oct. 1.

As a result, HHS has furloughed about half of its staff, virtually shutting down certain units, including the Office of the National Coordinator for Health IT, which helps develop guidelines for the HITECH program, and the Office for Civil Rights, which enforces HIPAA (see: Two HHS Units Hit Hard by Shutdown). Among those who will be at work at HHS through the shutdown are health insurance exchange-related employees ranging from call center operators to computer technicians and administrators who are responsible for the roll out of the program, which is funded by the Affordable Care Act.

In addition to its financial uncertainties, ONC faces a leadership transition at this critical time.

Farzad Mostashari, M.D., who heads the office, and his principal deputy, David Muntz, will step down on Oct. 4 (see ONC Names Interim Leadership.) Two ONC insiders, Jacob Reider, M.D. and Lisa Lewis, have been picked to temporarily fill in for Mostashari and Muntz, respectively, while HHS continues to search for permanent replacements.

ONC Funding Issues

When fiscal 2014 began on Oct 1, HITECH Act funding for ONC's operations ended. That means ONC's budget - which is part of HHS' budget - must be appropriated by Congress.

Some Republican members of Congress over the last year have questioned ONC's Mostashari and others about the merits of the "meaningful use" financial incentive program, especially when it comes to system interoperability, health information exchange, and whether EHRs make it easier for healthcare providers to submit fraudulent billing.

The billions of dollars in EHR financial incentives to hospitals and physicians are funded separately from ONC; they're paid for under the HITECH Act through 2016 and are administered by HHS' Centers for Medicare and Medicaid Services.

Under the 2014 HHS budget proposal unveiled in April, ONC is seeking $78 million, up $17 million from the pre-sequester level in fiscal 2013. "The budget will enable ONC to address new privacy and security policy issues," the proposal states. "ONC will continue to work alongside industry partners to construct and support innovative frameworks in support of a national cybersecurity program."

OCR Budget

HHS' Office for Civil Rights, which began enforcing the HIPAA Omnibus Rule on Sept. 23, has requested a budget increase for fiscal 2014 to help fund ramped-up enforcement activities as well as the permanent HIPAA compliance audit program that's slated for next year, OCR Director Leon Rodriguez noted in a presentation at a recent privacy and security conference in Boston.

OCR is seeking $42 million in funding for fiscal 2014, up from $38 million it received in 2013. In addition, OCR has authority to "bank" from fiscal year to fiscal year money it collects from its enforcement penalties, Rodriguez noted during his keynote speech. OCR collected about $4 million from its enforcement activities in the last year, he says.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.