Health Information Technology for Economic and Clinical Health Act (HITECH Act)
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is a U.S. law enacted in 2009 as part of the American Recovery and Reinvestment Act, aimed at enhancing health information technology (HIT) and facilitating the adoption of electronic health records (EHRs) in the healthcare system. By providing grants to healthcare providers, the HITECH Act encourages the transition from paper-based records to electronic formats, which aim to improve patient care and enhance communication between patients and providers.
The law also establishes stricter privacy and security provisions, extending these protections to non-healthcare entities that handle health information. It includes requirements for breach notifications, compelling organizations to inform affected individuals and authorities in case of data breaches, with specific timelines and protocols. The HITECH Act further empowers patients by granting them rights over their health records, including the ability to access and request corrections to their information.
Additionally, the act introduces incentives for healthcare providers to meet "meaningful use" criteria, which are essential benchmarks for the effective use of EHRs. These measures aim to eliminate outdated systems and improve the overall efficiency of healthcare delivery in the United States. The HITECH Act represents a significant effort to modernize healthcare infrastructure and protect patient data in an increasingly digital world.
Health Information Technology for Economic and Clinical Health Act (HITECH Act)
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is a piece of legislation enacted by the US Congress in 2009 as part of the American Recovery and Reinvestment Act (ARRA) economic stimulus bill. The HITECH Act was created to spur health information technology and promote the use of electronic records as part of health care reform in the United States. The HITECH Act created grants for health care providers to transition to using electronic health records and laid out security provisions to ensure health care providers follow privacy rules or face penalties.
Background
Health information technology encompasses the means used to store, share, and analyze health information by both health care providers and patients. It allows health care providers to electronically organize patients' files to help improve patient care. Providing patients with access to their electronic medical records helps them get involved in the management of their health care. Patients can use the files to help them communicate better with their physicians and keep track of their care.
Electronic health records (EHRs) are records of doctor visits, medical history, and other information such as medications prescribed. These previously were stored as paper files at doctors' offices. By transitioning to EHRs, physicians can access files more easily (such as when they are away from the office) and send them to other doctors or specialists in much less time. They also give patients the ability to access and view health records, lab results, and treatment plans.
Patients also have access to personal health records (PHRs) and personal health tools, which they can use as a health log to record food intake, exercise, weight, blood pressure, and more. Health information technology also includes e-prescribing, or electronic means of prescribing needed medications. Instead of giving patients a paper prescription that they must drop off at a pharmacy to be filled, physicians can send the prescribed medication request directly to a pharmacy. This allows patients to skip the step of dropping off a paper prescription, and they can just pick up their medications when they are ready.
Health information technology is protected under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA was enacted to protect health care coverage for people when they lost employment or changed jobs and safeguard medical information and establish security standards for access to electronic health care transactions, among other provisions. The establishment of HIPAA had a great effect concerning how and who can access medical records. It also laid out penalties for violations, but these were rarely enforced. This led to the creation of federal health care information privacy and security rules known as the HITECH Act, which modified some parts of HIPAA and set stricter guidelines for enforcing standards.
Overview
The HITECH Act was created in 2009 as part of the ARRA economic stimulus bill. The main purpose of the HITECH Act was to set tougher security requirements regarding health information technology. As more health information became digitized, the HITECH Act ensured it remained private and secure. It expanded privacy rules, security rules, and penalties to non–health care businesses, such as banks and software companies, that have access to health information.
It set several breach notification rules, such as requiring companies within sixty days to notify people who have had their health information compromised. A security breach includes "the unauthorized acquisition, access, use or disclosure of protected health information." If more than five hundred people are affected, the companies must contact the Department of Health and Human Services (HHS) and local news media. Companies must keep annual logs of all individual breaches and send these to HHS.
Organizations should notify individuals of a breach by mail (through first-class letters) or e-mail. If the company receives back ten or more notifications as undeliverable, it must publish the news of the breach on its website along with an information hotline for ninety days or notify the local media. Some exceptions exist; no notification is needed if the breached information was encrypted and unreadable.
The HITECH Act's Interim Final Rule includes a harm threshold provision, which allows a company to conduct a risk assessment to determine if the breach could result in significant harm to an individual. The HITECH Act provides funding for audits of health care organizations and business associates to ensure compliance of regulations. The Office of Civil Rights within the HHS is in charge of enforcing the breach notification rules. The HITECH Act institutes penalties for health care data breaches or other HIPAA violations. Fines can range up to $1.5 million per violation in addition to other criminal penalties.
The HITECH Act also gives individuals rights over their electronic health records. Patients can request that physicians and other health care organizations notify them when their health information is disclosed to other entities. Patients can request electronic copies of their personal health information, but the physician may charge a fee for this service.
In addition, the HITECH Act gave the Office of the National Coordinator (ONC) for Health Information Technology within the HHS the authority to manage Medicare and Medicaid funds and grants for health care organizations to support new health information technology systems. The act rolled out "meaningful use" requirements, which gave companies financial incentives for implementing EHRs to help the health care industry eliminate dated paper-based systems. Companies that did not adjust their systems by the set dates faced penalties. The meaningful use clauses debuted in three stages over several years and required health care providers to demonstrate that they completed certain requirements before moving to the next stage. The first stage rolled out in 2011, and the final stage began in 2017.
Bibliography
Anderson, Howard. "The Essential Guide to HITECH Act." Healthcare Info Security, 8 Feb. 2010, www.healthcareinfosecurity.com/essential-guide-to-hitech-act-a-2053. Accessed 30 Jan. 2017.
"Basics of Health IT." HeatlhIT.gov, www.healthit.gov/patients-families/basics-health-it. Accessed 30 Jan. 2017.
"Electronic Health Records (EHR) Incentive Programs." Centers for Medicare & Medicaid Services, 22 Nov. 2016, www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms. Accessed 30 Jan. 2017.
"Health IT Legislation and Regulations." HealthIT.gov, www.healthit.gov/policy-researchers-implementers/health-it-legislation. Accessed 30 Jan. 2017.
"HITECH Act Summary." University of South Florida Health, www.usfhealthonline.com/resources/key-concepts/hitech-act-summary/#.WI9EnNcrK71. Accessed 30 Jan. 2017.
"Meaningful Use." Centers for Disease Control and Prevention, 18 Jan. 2017, www.cdc.gov/ehrmeaningfuluse/introduction.html. Accessed 30 Jan. 2017.
Rouse, Margaret. "HIPAA (Health Insurance Portability and Accountability Act)." TechTarget, Apr. 2015, searchdatamanagement.techtarget.com/definition/HIPAA. Accessed 30 Jan. 2017.
---. "HITECH Act (Health Information Technology for Economic and Clinical Health Act)." TechTarget, Dec. 2014, searchhealthit.techtarget.com/definition/HITECH-Act. Accessed 30 Jan. 2017.