The trusted source for
healthcare information and
The Health Care Financing Administration (HCFA) in Baltimore is establishing an advisory panel on ambulatory payment classification groups (APCs), which are used in Medicare’s prospective payment system (PPS) for hospital outpatient services. The Balanced Budget Refinement Act of 1999 required that the panel be created.
The APC panel, created in adherence with the Federal Advisory Committee Act, is being established to review the clinical integrity of the APCs and their weights. The panel’s advice will be considered by HCFA as it prepares the annual proposed rule updating the outpatient PPS to be published in the spring. The final outpatient PPS update rule for the following calendar year is scheduled to be published in late fall.
The panel will also help to ensure seniors and disabled Americans receive appropriate outpatient care by making recommendations on how Medicare classifies these services when it determines payment rates under the APCs. The panel will consist of up to 15 members who must be representatives of Medicare hospitals (including community mental health centers) that are subject to the outpatient PPS.
The panel will provide technical advice and will concentrate on operational aspects of the APC system. It is not a policy-making body, and will not make policy recommendations. The panel must consult with entities and organizations, such as the medical device and drug industries, with expert technical knowledge of the components of the APCs.
A 25-year-old Dutch man used the Internet to break into the University of Washington Medical Center’s internal network last summer, downloading medical information about thousands of heart patients.
The hacker, who called himself Kane, breached the security of two stored databases that are used to track patients for research studies and are not related to individual care. Information stored in these databases includes names, addresses, birth dates, heights and weights, Social Security numbers, and the medical procedure undergone.
The Internet news service SecurityFocus.com first reported the intrusion. The man reportedly hacked into the network from June until he was cut off in mid-July. Kane said the Seattle medical center’s machines were exposed without firewalls of any kind. He claimed the hacking was a public service aimed at exposing poor security surrounding medical information. He said he did not tamper with the information.
Kane gained initial access through a Linux system in the hospital’s pathology department, according to SecurityFocus.com. That system was running the client side of a remote administration tool called VNC, which allowed him access to a Windows NT box. From there he exploited file shares and remote administration relationships, and used Trojan horses to expand his access throughout the network.
As of Jan. 1, the Health Care Financing Administration in Baltimore has updated the ambulatory payment classification (APC) rates included in the hospital outpatient prospective payment system final rule, in part to reflect the inclusion of medical device costs associated with revenue centers 274, 275, and 278.
"We advised in the interim final rule that certain APCs were modified because of the inclusion of these centers and that the APC payment rates for some procedures will increase to reflect these added costs," HCFA says in a statement. "Therefore, as stated in our interim final rule, a reduction in an amount equal to the increase in the APC rates will be deducted from the relevant devices that are either eligible for pass-through payment or that can be billed for additional payment through the new technology APCs."
This policy is effective for services furnished on or after Jan. 1, and applies only to APCs involving the use of pacemakers, neurostimulator leads, generators, receivers and transmitters. To find a list of those APCs to which the reduction applies and the amount that will be subtracted from each APC, visit the Web page www.hcfa.gov/medlearn/pace.htm.
Payer organizations are significantly ahead of providers in several key early milestones for achieving compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, according to a study conducted by Gartner in Stamford, CT.
The Gartner HIPAA report reveals that the majority of payers have appointed executive sponsors, staffed compliance committees, completed organizational awareness programs, and assessed their status regarding standardized transactions. On the other hand, only a minority of provider organizations have completed those early tasks.
Notably, 74% of health care organizations — both payers and providers — expect to require assistance from consulting or systems integration firms to help them complete HIPAA assessment projects.
Only 15% of those surveyed by Gartner, however, indicate that they have developed preliminary overall budgets for achieving compliance. Of those organizations, spending is expected to average almost $9 million. Slightly more payers and providers (24%) have identified their HIPAA budgets just for 2001, and the average for next year’s HIPAA spending is $5 million.
The Gartner HIPAA survey targeted those individuals designated with responsibility for their organizations’ HIPAA compliance efforts. A total of 225 organizations participated, including 104 payers and 121 providers. For more information about the survey results, please contact Gartner’s QuickPath at (203) 316-1288, or e-mail the organization at email@example.com.
The Massachusetts Health Data Consortium in Boston, as part of a five-state, grant-funded initiative called HealthKey, has begun working with a group of leading security vendors to win end-user confidence in the ability of Internet encryption products to work seamlessly with one another.
The consortium and the six vendors plan to demonstrate interoperability and to produce a draft standard for secure e-mail transmission by April 2001. This initiative is a response to the Health Insurance Portability and Accountability Act, passed in 1996, which mandates the standardization of health care administrative transactions, the security of electronic systems and networks, and the privacy of health care data. Health care organizations will have two years to comply with these requirements after the release of the final regulations.
The six vendors offer products that can potentially simplify the transmission of secure e-mail for an organization, resulting in substantial cost savings. These solutions, based on extensions to S/MIME, rely on issuing organization-level rather than individual digital certificates. All e-mail traffic is then encrypted and decrypted at the "organizational border" rather than at the individual user’s computer. The six vendors are Baltimore Technologies, Content Technologies (which was acquired by Baltimore Technologies on Oct. 25), TenFour E-Mail Security Solutions, Tumbleweed Communications, Vanguard Security Technologies, and Viasec Ltd. The software solutions they offer have been labeled S/MIME Gateways.
This project is being undertaken as part of the second phase of a two-year $2.5 million grant from The Robert Wood Johnson Foundation, in Princeton, NJ, to five state health information organizations in Massachusetts, Minnesota, North Carolina, Utah, and Washington.