HIPAA/HITECH Compliance – What Is the HITECH Act?

Not sure what the HITECH Act is all about? If you’re new to HIPAA compliance and related concerns, here’s a quick overview.

Summary of HITECH Act

HITECH stands for the Health Information Technology for Economic and Clinical Health. The HITECH Act was created in 2009 to encourage the adoption and “meaningful use” of electronic health records (EHR) and supporting technology in the U.S. This act was part of the American Recovery and Reinvestment Act (ARRA) economic stimulus bill. The HITECH Act initially offered financial incentives to providers who demonstrated “meaningful use” of EHRs. Later stages of the implementation of the act included penalties for providers who did not meet these requirements.

The HITECH Act also modified HIPAA. One of the ways it did so was by requiring covered entities to notify individuals whose protected health information (PHI) has been compromised. Additionally, it increased the fines that could be applied for noncompliance (up to $1,500,000); it authorized state Attorney Generals to bring actions to enforce violations of HIPAA; and it expanded portions of HIPAA to apply to business associates of covered entities and required the federal Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to audit both covered entities and their business associates.

Present and Future of HITECH Act

Many features affected by the HITECH Act are currently under debate, including changes to the definition of “meaningful use” of EHRs, cybersecurity issues, and interoperability issues.

As of April of this year, proposed new federal regulations may bring an end to the electronic health records “meaningful use” incentive program portion of the HITECH Act. This portion would be replaced with a simplified program. Concerns raised about these proposed changes state that they fail to address threats to cyber security from hackers and ransomware, a topic of real concern as healthcare providers have been under increased attack this year.

The proposed changes would also affect payment mechanisms for physicians, attempt to fight both information blocking, and would replace the current “meaningful use” program with the “advancing care information” category. As the HHS explains, this category would focus on interoperability and information exchange, and in contrast to the existing program, would not require and all-or-nothing approach to measuring the quality of EHR use. (For more on the proposed changes, see Healthcare Info Security’s in-depth article on the impact on security of Medicare’s new physician payment plan.)

Need to Learn More about HIPAA/HITECH Compliance?

If you’d like to learn more about HIPAA/HITECH compliance and how it affects your business, Aperio-IT will be holding a free Lunch and Learn Event on Wednesday, June 8. Brian Olsen, HIPAA Security Advisor, will be joining us to help answer your concerns about HIPAA regulations. You can find out details and register here to attend.

Have any HIPAA or HITECH Security questions?  Come to our lunch and learn event and feel free to ask us any questions before, during our Q&A session or after our event.  We are here to answer any questions you may have.

Additional links:

• Healthcare Info Security’s in-depth article on the impact on security of Medicare’s new physician payment plan.
• “HIPAA Trends That Could Affect Your Business”
• “Is Your Business Affected by HIPAA Regulations?”