The Health Information Technology for Economic and Clinical Health Act
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is part of the American Recovery and Reinvestment Act of 2009 (ARRA), which contains specific incentives designed to accelerate the adoption of electronic health record (EHR) systems among providers.
The HITECH Act speaks to the massive expansion in the exchange of electronic protected health information between doctors, hospitals and other entities that store it. It seeks to improve patient care and make it patient-centric through the creation of a secure, nationwide health information network.
The legislation surmises that technical, bureaucratic and business-related obstacles should not interfere in the seamless exchange of secure information. The goal of the HITECH Act is to improve efficiency, coordination and quality of care in the healthcare sector.
The Concept of “Meaningful Use”
HITECH focuses on the “meaningful use” of electronic health records throughout the United States health care delivery system as a critical national goal. Meaningful use includes using certified EHR technology in a meaningful manner, as well as ensuring the certified EHR technology is connected in a way that provides for the electronic exchange of health information that improves the quality of care. It also means the provider must submit information on quality of care and other measures to the Secretary of Health & Human Services (HHS).
According to HealthIT.gov, the leading national resource on health information technology, meaningful use is using EHR technology to improve quality, safety, efficiency and reduce health disparities; engage patients and families in their health; improve care coordination; improve population and public health; and ensure adequate privacy and security protection for personal health information. It is widely recognized that compliance will result in better clinical outcomes, improved population health outcomes, increased transparency and efficiency, empowered individuals and more robust research data on health systems.
Penalties for Non-Compliance
In addition to expanding the scope of privacy and security protections available under the Health Insurance Portability and Accountability Act (HIPAA), the HITECH Act increases the potential legal liability for non-compliance and provides for more stringent enforcement.
Civil penalties for willful neglect of compliance can range from $100 to $50,000 per violation, with repeat/uncorrected violations extending up to $1.5 million. In addition to covered entities, hospital employees can be held criminally liable with fines of up to $250,000 and up to 10 years in prison for failing to meet HIPAA security and privacy rules requirements. If the Department of Justice declines to prosecute, the Department of Health and Human Services Office of Civil Rights can still bring civil suit, with a percentage of civil penalties collected distributed to individuals affected by the violations.
In the past, auditing of HIPAA security and privacy rules compliance was inconsistent, and the enforcement and imposition of penalties were rare and did not apply directly to business associates. As a result, healthcare lagged behind most other industries in their security programs. Before the HITECH Act, there were no incentives and little concern about enforcement.
Improved Privacy and Security Provisions
Other improved privacy and security provisions under the HITECH Act include breach notification, application of security and privacy provisions/penalties to business associates of covered entities, education on health information policy, restrictions on certain disclosures and sales of health information, accounting of certain protected health information disclosures, access to certain information in electronic format and business associate contracts required for certain entities.
Data Protection Challenges
Today, healthcare information flows across several interdependent institutions, individuals and service providers including physicians, outsourced diagnostic services, pharmacies, labs, billing services, rehab centers, clinics and more. Electronic patient information is communicated via all forms of wireless devices, from laptops to smart phones to specialized handheld medical information devices.
Protecting patient data has become both daunting and critical to maintaining quality patient care. Healthcare organizations must incorporate comprehensive information security programs that incorporate protection around the data to prevent its use by unauthorized individuals. Dedicated professionals who are trained in the areas of healthcare administration, informatics, information management, quality control and regulatory affairs have become invaluable members of healthcare staffs.
There is no doubt that the HITECH Act presents healthcare providers with both opportunities and challenges. Although the transition to electronic health records might be challenging, it will eventually result in a more efficient, responsive and cost-effective healthcare system.
If you are interested in learning more about healthcare regulations, such as the HITECH Act, click here to research degrees in healthcare administration.