In August, the Obama administration consolidated the enforcement of federal privacy and security provisions under Health Insurance Portability and Accountability Act of 1996 within the Office for Civil Rights at HHS, stripping the CMS of security rule enforcement responsibilities. At year's end, however, the Obama administration also had not levied a single civil monetary penalty against anyone for civil privacy or security violations.
A controversial HHS rule to implement the breach notification requirement of the stimulus law, drew the ire of privacy advocates and six key congressional leaders who said HHS overstepped its authority in weakening the breach notification requirement on behalf of providers and secondary users of patient data. At year's end, HHS had not rescinded the rule or amended the offending provision.
ONC also held several closed-door, IT work-group meetings, including one on privacy and security. These meetings were discordant with Obama administration policies on openness and transparency in government. On Dec. 23, however, Blumenthal announced in a blog post that come 2010, most work-group meetings will be open to the public.
In an example of a hardware manufacturer buying an information services provider, Xerox Corp. announced it planned to acquire Affiliated Computer Services with a cash and stock offer that the companies are valuing at $6.4 billion. The deal, disclosed in late September, was the third in a little over a year in which a company known primarily as an information technology hardware manufacturer moved to acquire a company known primarily as an IT implementation and outsourcing services provider. Also in September, Dell announced its offer to buy Perot Systems Corp. for $3.9 billion.
According to a report released in December by researchers with the National Center for Health Statistics, the government still has a lot to accomplish if the nation is to meet former President Bush's goal, set in 2004, that by 2014 most Americans will have an electronic medical record. Based on preliminary NCHS estimates from its 2009 survey, just 44% of U.S. office-based physicians reported using at least a partial EHR system. About 21% reported using an EHR with a "basic" set of functions, but just 6% reported they used a fully functional EHR system.
Healthcare quality improvement and patient safety, which, increasingly, are being augmented by health information technology as IT is adopted and implemented, also had a banner year. By fall 2009, some 68 organizations had been approved by the federal Agency for Healthcare Research and Quality as designated patient-safety organizations.
The AHRQ released a set of common formats as well as the standardized definitions and data elements that it will require providers and patient-safety organizations to use if they report information to the agency. The formats were for reporting on paper, but work is underway on writing technical specifications to automate submission of patient-safety data electronically. The standards could be in place by early 2010 with the goal by the end of the year to have the information collected in national database, which will allow researchers to identify trends and problems.
The AHRQ also began testing of a set of software tools called MONAHRQ that will assist providers in compiling their administrative data and posting quality reports to the Web.
Meanwhile, researchers gave the patient-safety community more to think about as two studies indicated that reporting and apologizing for medical errors didn't increase providers' medical malpractice liabilities.
In addition, from the patients' side of information technology, the proliferation of social-networking sites and the relative ease in developing a Web site has given patients tools to communicate amongst themselves and promote quality and safety.