The Doctors’ Company offers $ 25,000 of Administrative Defense ‘Insurance’ with each medical malpractice policy to protect our physicians against the costly The Hitec Act of 2009, extends the same level of confidentiality afforded a patient in a medial practice to the electronic files stored on each physician, physician group, medical facility or business partner’s computer.
The most alarming aspect of this law is the business associate element. Suddenly with this implemented regulation, if you are doing business with a medial entity, you have the same duty of care to contain and protect the confidentiality o the patient record as the physician. This legislation opened up another area of liability that previously was not ‘on the radar’,
It was understood with HIPAA that patient records had to be carefully protected, the physical PHI had to be kept confidential or else the physician group would be fined. Now, with the investment by the government into the economy (the American Recovery and Reinvestment Act), with incentives by medical practices to introduce electronic records, also cut the other side of the sword, the penalties imposed for implementing these systems incorrectly. Hitech stands for “Health Information Technology for Economic and Clinical Health”.. Act . The American Recovery and Reinvestment Act contains incentives related to health care information technology in a government push to create a national health care record system; the Act contains incentives to accelerate the use of HER.
As is the case with any Government incentives, the ‘there is some give and take. Because this legislation anticipates a massive expansion in the exchange of electronic protected health information (ePHI), it also widens the burden of privacy and security protections.
Originally, The Doctors’ Company was one of the first medical malpractice insurance companies to recognize the need to add protection to our physicians for these onerous government investigations into confidentiality breach (the physical copy of the record); when compromised results in civil fines, penalties, investigations and perhaps license sanctions.
When this act extended the responsibility of facilities and medical groups to protect the electronic record, an entire area of risk was exposed.