In November 2006, CMS published a final rule on the Conditions of Participation (CoP) for hospitals. Among the finalized provisions, there was a five-year window given during which CMS permitted orders (including verbal and telephone orders) to be signed by either the ordering physician or another physician responsible for the patient's care (e.g., a covering physician or practice partner). Those five years came to an end on January 27, 2012, meaning that, as of that date, hospitals needed to ensure that their orders were signed only by the ordering practitioner him- or herself. However, in October 2011, CMS released a proposed rule addressing the five-year sunset provision. Per the Federal Register:
While I was on one of my first consulting engagements in the early 1980s-when the pundits were predicting that everyone would be fully on EMRs no later than 1990-I experienced a rude wake-up lesson: the automating dysfunction "reality check" factor.
HIPAA requires implementation of technical policies and procedures for electronic information systems that maintain electronic protected health information (ePHI) to allow access only to those persons or software programs that have been granted access rights [§164.312(a)] as specified in the administrative safeguards under access authorization, establishment, and modification [§164.308(a)(4)].
Navigating the new world of social media is challenging for many professions, but perhaps none more so than the medical profession, where physicians and other healthcare professionals must balance a tell-all online culture with the HIPAA Privacy Rule's mandate to protect patient privacy.