HITECH

The Health Insurance Portability and Accountability Act of 1996, more commonly known as HIPAA, has had immense impacts on the domestic and global healthcare industry. Over a decade later, the US Department of Health and Human Services (HHS) expanded HIPAA’s protections with the publication of the Health Information Technology for Economic and Clinical Health Act (HITECH). But what are the HITECH safety measures? In other words, what do you need to do to fully secure your company and its stakeholders? Keep reading to find out.

The US Department of Health and Human Services (HHS) drafted the original Health Insurance Portability and Accountability Act (HIPAA) in 1996. HIPAA designated patients’ medical data as “protected health information” (PHI) and developed security standards to safeguard it. Later, the Health Information Technology for Economic and Clinical Health Act (HITECH) added several HITECH security standards to broaden these increasingly digital landscape protections.

Patients’ medical records are some of the most attractive targets for theft. The US Department of Health and Human Services (HHS) designated them as protected health information (PHI) in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and laid out measures to ensure their safety. Later, the HITECH Act of 2009 updated these safeguards for the modern era. But what are the major components of the HITECH Act? Keep reading to learn more.

The HITECH Act (Health Information Technology for Economic and Clinical Health Act) was created to promote the need for health information technology as the use of EHRS (electronic health records) becomes the standard. It is part of an economic stimulus package – the American Recovery and Reinvestment Act – that was passed and signed into law in 2009. 

The Health Information Technology for Economic and Clinical Act (HITECH) focuses on the transition of paper healthcare files to electronic reports, making it easier for patients to access their records. The act also covers protected health information (PHI) by requiring healthcare organizations and their third-party associates to be HIPAA compliant. Prior to the HITECH Act healthcare organizations could avoid fines due to non-compliance but this has changed. Now, organizations and their third-party associates are required under the HITECH Act to meet all HIPAA compliance rules. 

The HITECH Act changed how patient health information is processed and stored. It encourages healthcare organizations to transition from paper to electronic files allowing patients to access their records in a secure online environment. It also affected HIPAA and how its rules are enforced. In short, the HITECH Act benefited patients by making it easier for them to access their records while improving and enforcing security protocols.

2019 seems to be the year of information breaches. 2019 is reaching the fourth quarter soon, but this year has already seen at least 25 million patient records breached; this is a staggering ten million more than in 2018. 

The breaches seem to be getting larger as well according to the ten biggest healthcare data breaches, with more than 200,000 records breached at a time. Additionally, not all healthcare companies are reporting the breaches in a timely manner as required by law. 

How can you establish trust as a healthcare provider or entity that safeguards patient data? 

When you’re sick and at the doctor’s office, you have to reveal a lot of personal information for the physician to properly treat you. Within your file contains your demographic information, your personal medical history, mental health, tests and lab results, insurance information, and more. All of this falls under a specific category called protected health information (PHI).

In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in order to protect patients’ PHI. Privacy and security weren’t the only topics covered in HIPAA. It also addressed health insurance prices and changes, encouraged the use of electronic health records (EHRs), and developed the groundwork for a national healthcare standard.

HIPAA was amended — rather, bolstered — in 2009, when Congress passed the HITECH Act. It addressed many of the problems arising from HIPAA and helped bring the framework into the 21st century. It also brought with it harsher penalties for HIPAA noncompliance. To avoid these fees, healthcare providers and their business associates must understand the HITECH Act penalties and enforcement.