The HITECH Act (Health Information Technology for Economic and Clinical Health Act) was created to promote the need for health information technology as the use of EHRS (electronic health records) becomes the standard. It is part of an economic stimulus package – the American Recovery and Reinvestment Act – that was passed and signed into law in 2009.
The HITECH Act also closed the remaining loopholes in the 1996 HIPAA Act (Health Insurance Portability and Accountability). The language was tightened up to ensure that any third-party associates of HIPPA certified organizations were compliant with HIPAA rules. The HITECH Act also required organizations to notify any patient or health plan member if their files were breached.
The act also added harsher penalties for organizations that were not HIPAA compliant. This gave organizations and their third-party associates added incentive to use assessment tools to meet compliance requirements. In summary, this is what the HITECH Act does but there is more to it.
The Importance of the HITECH Act
Before the HITECH Act was passed into law, only 10 percent of hospitals in 2008 had switched from paper files to EHRs. The primary reason why so few healthcare organizations were using electronic records was due to the high expense of changing over. Once the act was passed, the included incentives encouraged healthcare organizations and providers to make the switch to electronic health records.
Here are a few statistics that show the effect the HITECH Act had on healthcare organizations,
- The rate organizations were implementing EHRs rose from 3.8 percent in 2008 to 14.2-percent in 2015.
- As of 2017, 86-percent of private physicians used EHRs
- 96-percent of private care hospitals had hired certified health IT in 2017.
By 2017, the majority of patient files were digitized. This makes it easier for health professionals, insurers, and patients to access the records. This also increases the risk that the files can be accessed or stolen from a hacker due to a network security breach. The HITECH Act also works to protect patient data from security breaches.
It does this by helping to ensure healthcare organizations and third-party associates are HIPPA compliant. This means implementing protocols that will protect data from security breaches. The Act doesn’t specifically address HIPAA compliance since it is already legally required and non-compliance can result in a hefty fine – up to $1.5 million.
HITECH and HIPAA Compliance
The HITECH and HIPAA acts work together and in 2013 were signed into the same legislation. The compliance date for healthcare organizations to meet the regulations was September 23, 2013. It was realized with patient information on electronic files, there was a need to protect the data in order to stay compliant with the original HIPPA Act signed into law in 1996. The HIPPA Act may have expanded to keep up with technology but its goal remains the same – to protect the patient’s privacy and health information.
To ensure a patient’s right to privacy the HIPAA act has legal requirements healthcare organizations need to meet in order to be in compliance. The 1996 HIPAA Act had several loopholes healthcare organizations and third-party associates could use to avoid paying non-compliance fees. In the event of a data breach, the HIPAA compliant organization could claim no knowledge that their third-party contractor was not in compliance, thus avoiding any penalties.
The HITECH Act closed these loopholes by applying the same rules and regulations as HIPPA to healthcare organizations and their associates, making both parties accountable for a data breach. Organizations and their associates are also subject to mandatory HIPAA audits and fines can be assessed to both if they are not in compliance. When the HITECH Act passed, it became easier to enforce HIPAA. This, in turn, made it mandatory for patient information to be protected from security breaches.
What else does the HITECH Act do to enforce HIPAA regulations? It increased the previously low penalties to a maximum fine of $1.5 million. The 1996 act had a maximum fine of $25,000 and most penalties ranged around $100 for each violation. With low fines and the ability to avoid penalties, being in non-compliance was often less expensive than switching from paper to electronic patient records.
The HITECH Act also had an impact on patients and healthcare professionals. Patients in the level of trust they have for healthcare organizations and professionals in the scope of their jobs.
How Does the HITECH Act Affect Patients and Healthcare Professionals?
The HITECH Act affects both patients and healthcare professionals in different ways. For patients it means:
Access to patient records
Patients and health plan members have the right to access and get copies of their health information with a formal request. While the HIPPA Act already gave patients the right to their health information, the HITECH Act made it easier for them to get copies of their EHRs and share them with other healthcare organizations.
The HITECH Act did make it easier for patients to obtain their records, however, it also allows organizations to charge a fee. This fee is to offset the cost of switching paper records to electronic ones. This is one of the incentives the Act uses to encourage organizations to use electronic patient records instead of paper files.
How health information is used and disclosed
How patient health information (PHI) was used and disclosed by third-party associates was revised with the passage of the HITECH Act. Electronic health information can no longer be used for marketing purposes by healthcare organization associates, without the consent of the patient. The Act also allows patients to revoke any previously given authorizations for records disclosure and introduced requirements stating that third-parties must disclose who the information was released to and why.
Improved patient relations with healthcare providers
One of the most important ways the HITECH Act affected patients is by improving trust between them and their healthcare providers. Confidentiality is the cornerstone of a patient’s relationship with their healthcare provider, and the HITECH Act helps ensure that their privacy is protected.
If patients’ cannot trust their healthcare provider to be discreet with their information, it makes it difficult for them to be honest about their symptoms and concerns. This can affect the level of care health professionals are able to provide. By requiring that health organizations and their third-party associates are HIPPA compliant, patients have the assurance they need knowing that their records are protected.
The HITECH Act also impacted healthcare professionals. One way is by creating new jobs in the healthcare industry. The U.S. Bureau of Labor Statistics estimated, after the passage of the HITECH Act, that over 50,000 new jobs would be created in the healthcare industry over the next several years.
Transitioning from paper to electronic patient records
Switching from paper to electronic records is a daunting task, even for a small, private healthcare organization. This has created job openings for personnel to transition the paper files to electronic records. It is a time-consuming job that healthcare professionals aren’t able to keep up with.
Ensuring security protocols are in place
The number of IT jobs in the healthcare industry is growing. With the signing of the HITECH and HIPAA Acts into one legislature, healthcare organizations no longer have the same loopholes that previously allowed them to avoid sanctions. Security protocols need to be in place, and this requires an expert. Firms like RSI Security are instrumental in ensuring that healthcare organizations and their third-party associates are HIPPA compliant.
Many healthcare organizations are turning to IT professionals to train their staff. They not only instruct healthcare personnel on how to switch from paper to electronic patient files but also on how to keep sensitive data safe from hackers. IT training can include everything from learning how to use security programs to using the correct protocols to keep data protected.
The HITECH Act created a lucrative IT job field. The Act allotted $25.9 billion for the expansion of electronic healthcare. Some of the top-paying jobs in the IT healthcare profession include,
- IT specialists
- Clinical research informatics
- Electronic medical records administrators
- Graduate program directors
The healthcare IT field is also extremely lucrative. Salaries can range from $80,000 to $200,000. The Hitech Act does have advantages for patients and healthcare professionals, but there are also disadvantages.
Advantages of Disadvantages of the HITECH Act
The HITECH Act does have its advantages and disadvantages. It is important for patients and healthcare organizations to be aware of both to meet the HIPPA compliance regulations.
- The quality of the patient’s care can be improved. Physician’s handwriting is notoriously illegible, making it difficult to follow patient care instructions. Electronic records are easy to read, reducing the risks of errors or misinterpretations from another healthcare provider that could negatively impact patient care.
- Electronic records are easier for healthcare professionals to locate than paper files. It only takes a few keystrokes to bring up a patient’s digitized file.
- Cumbersome filing cabinets that take up office space are no longer needed. This allows more space for healthcare providers to store medical supplies and other essential equipment.
- Many healthcare organizations have implemented online patient portals. This allows patients to view their medical records when they want, without office staff having to personally pull their paper file.
- The HITECH Act has several financial incentives to encourage healthcare organizations to switch to electronic records.
- New jobs are opening up in the healthcare industry, especially in the IT department. Programmers and developers are also seeing increases in job opportunities due to the standards in the HITECH Act.
- Hacking is a problem with any computer network and this includes electronic health records. This is the primary reason that healthcare organizations and third-party associates must be HIPPA compliant. Even then, data breaches can still be a treat. Routine system assessments can help protect sensitive information from being stolen.
- EHRs must be updated immediately after a patient visit or when there are any changes to their information. EHRs are instantly visible when the electronic file is pulled up. If the information isn’t immediately entered into their electronic health report, it will make it difficult for a healthcare provider to administer the correct treatment.
- Some patients can become overly upset or panic when they see their patient files. Patients can misinterpret the information and start worrying needlessly. This can affect healthcare professionals if they have to take time from other patients to calm another one down.
- The HITECH Act did increase healthcare professionals’ concerns over liability. Transitioning from paper to electronic files could result in patient data getting lost or entered incorrectly. Errors in treatment can occur from this, leaving healthcare professionals open to potential lawsuits.
- Not all patient information can be entered into an electronic file. Older records can be hard to read. These records are destroyed under the HITECH Act guidelines, leaving information out of a patient’s health record.
There are advantages and disadvantages to the HITECH Act. However, the pros do outweigh the cons. Patients have easier access to their files, and also the assurance that their information will be protected to the best of the healthcare organization’s abilities.
What Does the HITECH Act Do?
In summary, the HITECH Act encourages healthcare organizations to switch from paper to electronic health records. Along with adopting EHRs, the act improves the security protections for private healthcare data. To achieve this goal, organizations are offered financial incentives to offset the high costs of switching. Penalties for not meeting HIPAA compliance regulations are dramatically increased. This includes third-party associates of healthcare organizations.
Implementing all of the security protocols for HIPAA compliance often takes an expert. RSI Security is available to answer any questions about the HITECH Act and ensure healthcare organizations meet HIPAA compliance guidelines.
Download Our Complete Guide to Navigating Healthcare Compliance Whitepaper
Not sure if your HIPAA or healthcare compliance efforts are up to snuff? Unsure about where to even start? Download RSI Security’s comprehensive guide to navigating the HIPAA and healthcare compliance labyrinth. Upon filling out this brief form you will receive the whitepaper via email.