Bad news re: ICD-10, certification and privacy

This week in health IT had some bad news on just about every front.

For starters, more than half of healthcare organizations are not yet ready for the Oct. 1 ICD-10 transition. A survey conducted by Porter Research and commissioned by Navicure found that 85 percent of respondents expect to be ready for the transition by Oct. 1 but 57 percent are not currently ready.

More than one-third (35 percent) of respondents had not yet conducted any end-to-end testing and, among those who had completed end-to-end testing, 60 percent reported positive results.

Meanwhile, the Office of the National Coordinator for Health IT terminated the certification of two EHR products that were being used to meet the requirements of the EHR Incentive Programs, saying the products no longer meet ONC Health IT Certification Program requirements.

After failing to respond to and participate in routine surveillance requests by an ONC-authorized certification body, two versions of Platinum Health Information System's SkyCare 4.2 EHR lost their certifications.

On the privacy and security front, an Indianapolis oncology practice faces a $750,000 HIPAA settlement from the Department of Health and Human Services for failing to encrypt devices and laptops containing patient data. The practice agreed to pay the sum to settle alleged HIPAA violations involving a breach that occurred three years ago.

Cancer Care Group had an unencrypted server backup media and laptop stolen from an employee's car in 2012, which affected about 55,000 patients.

The Office for Civil Rights clearly is serious about risk assessments and strong policies and procedures related to the protection of patient data. Is your organization meeting those standards?

Beth Walsh

Clinical Innovation + Technology editor