HiTech ACT - January 2009

October 19, 2011

In February of 2009, President Obama signed into law the Health Information Technology for Economic and Clinical Health Act.

With this the application of the Health Insurance Portability and Accountability Act was extended to health vendors, more providers and every healthcare organization and facility.  The Health Information Technology for Economic and Clinical Health Act, under the Americans for Reimbursement and Recovery act funds the Office of the National Coordinator’s office with 19 Billion Dollars to provide subsidies and payments for providers to implement electronic health record systems. The program pays these incentives under Medicare and Medicaid to qualified health care organizations and providers. The Stated goal of the Office of the National Coordinator is that each person in the United States will use an Electronic Health Record.

The Act also rises the security and privacy responsibilities and levees fines to so many providers.  This Office is also held responsible with implementing strategies, assessing the impact and evaluating the benefits of the Electronic Health Record Exchange.

The goal of this legislation is to protect the sensitive health records of so many patients using the health system.  The Government has provided incentives under this new Hitech Act to encourage adoption of use of Health Information Technology (HIT).  The program will develop regional centers of Technical Assistance in order to facilitate adoption of Health Information Technology.

The National Science Foundation is commissioned with the task of developing higher education so that our health care organizations and providers understand, implement and even help to design the technology architecture, systems and implementation.

The loans and grants, totaling 19 Billion will be used by qualified providers to purchase and implement Electronic Health Record Information Systems.

Another significant component of the plan is that covered entities and business associates are now required to notify individuals and the Health Human Services if an individual’s unsecured or unencrypted protected health information has been or is reasonably believed to have been accessed, or somehow disclosed as the result of a breach.  If the breach affects more than 500 individuals, the notification can be through media outlets.  Further, personal health record vendors must notify the individual and the Federal Trade Commission  of a breach.  The Federal requirements are more stringent than state requirements, which only required notifying the person in the event there was reason to suspect identity theft.

Privacy and Security Requirements in HiTech include:

Covered entities must honor  a patient’s request to withhold Personal Health Information from a health plan if the patient paid for the medical care

Covered entities must limit the use for disclosure of PHI to a limited data set.

When requested, covered entities must provide patients with an audit trail of all disclosures of Personal Health Information made within the past three years.

Covered entities may not receive payment for communicating with patients for marketing purposes

employees of covered entities or other individuals who knowingly access , use or disclose the personal health information for improper purposes will be subject to criminal penalties

civil penalties for violations under HIPAA are increase depending on the conduct.

The federal government must impose penalties if the violation of the conduct was willful.

Entities, including hospitals and healthcare providers should implement the following to comply with the HITech act.

Develop and Implement a Red Flag Rules compliance program

develop and implement a breach notification compliance program

review and amend existing business associate agreements and determine if new business associate agreements are needed.

strategize and position yourself to obtain loan and grant funding

ensure your tech is CCHIT certified.

And, finally, make sure that your medical malpractice insurance policy contains electronic health record liability insurance with it, and that you have the opportunity to ‘buy up’ to higher limits of insurance.