Cyber Crime Reporting

The following message is from CMS.

If you are the victim of ransomware or have cyber threat indicators to share

If you or your organization is the victim of a ransomware attack, please contact law enforcement immediately.

  1. Contact your FBI Field Office Cyber Task Force, at https://www.fbi.gov/contact-us/field-offices/field-offices , immediately to report a ransomware event and request assistance.  These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
  2. Report cyber incidents to both of the following:
  3. For further analysis and healthcare-specific indicator sharing, please also share these indicators with the HHS Healthcare Cybersecurity and Communications Integration Center (HCCIC) via email to HCCIC_RM@hhs.gov

HIPAA FAQ re Loved Ones

The HHS Office of Civil Rights (OCR) has issued a new FAQ clarifying that the HIPAA Privacy Rule permits disclosures to loved ones regardless of whether they are recognized as relatives under applicable law.  The FAQ, while applicable in a variety of circumstances, was developed in large part to address confusion following the 2016 Orlando nightclub shooting about whether and when hospitals may share protected health information with patients’ loved ones.  In particular, the FAQ makes clear that the potential recipients of information under the relevant permissive disclosure provisions of the law are not limited by the sex or gender identity of the person.  

In tandem, OCR is updating its existing Guidance on several provisions within the HIPAA Privacy Rule that recognize the integral role that a spouse often plays in a patient’s health and health care.  Consistent with a recent Supreme Court decision, OCR is issuing updated guidance that makes clear that the terms marriage, spouse, and family member include, respectively, all lawful marriages (whether same-sex or opposite-sex), lawfully married spouses and the dependents of all lawful marriages, and clarifies certain rights of individuals under the Privacy Rule.

Find the Guidance and a link to the FAQ at https://www.hhs.gov/hipaa/for-professionals/special-topics/same-sex-marriage/index.html .

11/1 SSN Removal Call

On November 1, 2016 CMS will hold an Open Door Forum conference call on the removal of Social Security Numbers from Health Insurance Claim Numbers (HICN).  HICNs will be replaced by randomly created Medicare Beneficiary Identifiers (MBIs) starting in 2018.  For more information see https://nwrnbulletins.wordpress.com/2016/09/29/mbi-replaces-hicn/ .  

The call well be held at 11am PDT, 800-837-1935, conference ID 98745631.  For TTY services, dial 800-855-2880.  CMS requests that participants dial in at least fifteen minutes before the scheduled start time.  

CMS has also advised that between now and 2018, all patients and facilities should make sure that their mailing addresses are kept current.  MBIs will be mailed to patients, and facilities will have to ask patients for their MBI.  Patient addresses in the Medicare, SSA, and CROWNWeb databases should all agree, with a correct and complete address to which the US Postal Service delivers.

MBI Replaces HICN

Over the next three years, CMS will replace their traditional Health Insurance Claim Number (HICN) patient identifiers with a new Medicare Beneficiary Identifier (MBI).  New Medicare Cards will be sent to all Medicare beneficiaries starting in April 2018, and all providers will be expected to have modified their software to accept MBIs by then.  Between April 2018 and December 2019, either the HICN or the MBI will be accepted by CMS.  After December 2019, the HICN will no longer be accepted.  

The MBI will have eleven characters, numbers and upper-case letters only.  A 2015 law (MACRA) requires CMS to remove Social Security Numbers (SSN) from Medicare identifiers.  You may encounter the new acronym SSNRI, for the CMS SSN Removal Initiative.  For more information see https://www.cms.gov/Medicare/SSNRI/Index.html and https://www.cms.gov/Medicare/SSNRI/Providers/Providers.html .

5/31 AAKP HealthLine Webinar on Social Media

On May 31, 2016, AAKP HealthLine will repeat the popular program on Mastering Social Media as a Patient Advocate, presented by  dialysis patient James Myers.  Social media has become a useful advocacy resource and this webinar will cover how to get started, how to tap into your networks, and how to advocate for yourself.  For details and registration see https://www.aakp.org/component/ohanah/mastering-social-media-as-a-patient-advocate-1.html?Itemid=166 .

Medical Consumer Protection

Medicare acknowledges Consumer Protection Week by publishing a table of guidelines to help medical consumers make important choices about finances, health, privacy, and more, in their “Five Ways to Become an Informed Medical Consumer” post on the official Medicare Blog.  Each of the Five Ways links to in-depth information.  Find the post at http://blog.medicare.gov/2016/03/07/informed-medicare-consumer/ .

Another effort to increase protections for medical consumers is the CDC Foundation Safe Injection Practices Coalition’s “One and Only Campaign,” using the motto “One Needle, One Syringe, Only One Time.”  You can find a great deal more information about this campaign at http://www.oneandonlycampaign.org/ .

3/10 AAKP HealthLine Webinar on Social Media

AAKP is celebrating World Kidney Day (March 10) during Kidney Disease Awareness Month (March) by inviting dialysis patient James Myers to present a HealthLine webinar/conference call March 10, 2016 on Mastering Social Media as a Patient Advocate.  Social media has become a useful advocacy resource and this webinar will cover how to get started, how to tap into your networks, and how to advocate for yourself.  For details see https://www.aakp.org/component/ohanah/mastering-social-media-as-a-patient-advocate.html  Register at https://attendee.gotowebinar.com/register/4433012452693683970 .