Hitech Act – Privacy and Security

Healthcare technology has grown and evolved over time. With the conversion to electronic medical records and the creation of social media just to name a few, ensuring patient privacy is of the utmost importance for healthcare facilities in this day and age. In order for an organization to avoid hefty fines, it is imperative that a healthcare administrator maintains compliance with the standards and regulations associated with the Health Insurance Portability and Accountability Act (HIPAA). This paper will provide a summary

Although the EHR is still in a transitional state, this major shift that electronic medical records are taking is bringing many concerns to the table. Two concerns at the top of the list are privacy and standardization issues. In 1996, U.S. Congress enacted a non-for-profit organization called Health Insurance Portability and Accountability Act (HIPAA). This law establishes national standards for privacy and security of health information. HIPAA deals with information standards, data integrity, confidentiality, accessing and handling your medical information. They also were designed to guarantee transferred information be protected from one facility to the next (Meridan, 2007). But even with the HIPAA privacy rules, they too have their shortcomings. HIPAA can’t fully safeguard the limitations of who’s accessible to your information. A short stay at your local

The purpose of this paper is to discuss the electronic health record mandate. Who started it and when? I will discuss the goals of the mandate. I will discussion will how the Affordable Care Act ties into the mandate of Electronic Health Record. It will describe my own facility’s EHR and what steps are been taken to implement it. I will describe the term “meaningful use,” and it will discuss possible threats to patient confidentiality and the what’s being done by my facility to prevent Health Information and Portability Accountability Act or HIPAA violations.

Regulation placed upon the healthcare system only seek to improve safety and security of the patients we care for. The enactment of the Health Insurance Portability and Accountability Act (HIPPA) and the enactment of Meaningful Use Act the United States government has set strict regulations on the security of health information and has allotted for stricter penalties for non-compliance. The advancement of electronic health record (EHR) systems has brought greater fluidity and compliance with healthcare but has also brought greater security risk of protected information. In order to ensure compliance with government standards organizations must adapt

The American Recovery and Reinvestment Act (ARRA) of 2009 identified three main components of meaningful use: the use of a certified EHR in a meaningful manner, electronic exchange of health information to improve quality of care, and the use of technology to submit clinical outcomes and quality measures (Heath Resources and Service Administration, n.d.). ARRA includes many measures to modernize our nation’s infrastructure, with the “Health Information Technology for Economic and Clinical Health (HITECH) Act” being an example. The HITECH Act is an effort led by Centers for Medicare and Medicare Services (CMS) in support of electronic health records and meaningful use (Centers for Disease Control and Prevention, CDC 2016). According to Galbraith (2013), the HITECH Act aims to promote the use of EHRs by providing over $27 billion in monetary incentives for health care providers that become “meaningful users”. CMS uses these core objectives to determine if a health care provider has satisfied meaningful use and is eligible to receive financial incentives (Galbraith, 2013).

HITECH stands for The Health Information Technology for Economic and Clinical Health Act It is legislation that was created and signed in 2009 by President Obama. The electronic health records (HER) legislation activate the adoption and embracing technology in the United States. HITECH signed by President Obama into law on Feb. 17, 2009, as part of the American Recovery and Reinvestment Act of 2009 (ARRA) economic stimulus bill.

The Medicaid EHR Incentive Program will provide incentive payments to eligible professionals and eligible hospitals as they adopt, implement, upgrade, or demonstrate meaningful use of certified EHR technology in their first year of participation and demonstrate meaningful use for up to five remaining participation years. The Medicaid EHR Incentive Program is voluntarily offered by individual states and territories and may begin as early as 2011, depending on the state. Eligible professionals can receive up to $63,750 over the six years that they choose to participate in the program. Eligible hospital incentive payments may begin as early as 2011,

A significant investment to encourage the adoption of electronic health records (EHRs) by healthcare providers was made by the American Recovery and Reinvestment Act of 2009. The EHR Incentive Program, which financially rewards providers for using EHRs and meeting all CMS program requirements, was launched by CMS in the year 2011. All healthcare providers (private or public) are required to adopt and demonstrate ‘meaningful use’ of electronic health records for maintaining their existing Medicaid and Medicare reimbursement levels (Cite). A set of penalties for healthcare providers who fail to meet the deadline have already been defined by the U.S. government. Healthcare providers failing to introduce EHR systems by the year 2015 will experience a one percent reduction in Medicare reimbursements in that year, a two percent reduction in the year 2016, a three percent reduction in the year 2017, followed by a reduction of up to a 95 percent reduction in reimbursements over a period of

In 2009, more than $30 billion dollars in incentives was allocated by congress for hospitals to institute meaningful use of electronic health records (EHRs) by 2011 (Adler-Milstein, Bates, & Jha, 2011) (Murphy, 2010). The Meaningful Use Act is a complicated principle that is part of the American Recovery and Reinvestment Act (ARRA) as well as the Health Information Technology for Economic and Clinical Health (HITECH) act.

In July 2010 CMS Centers of Medicaid and Medicare services published a final rule which established three phases of the EHR Incentive Program. The Medicare and Medicaid EHR Incentive Program provides financial incentives for the “meaningful use” (MU) of certified Electronic Health Record technology to improve patient care. 36$ billion was authorized.

The mission was to promote the adoption and meaningful use of health information technology to improve patient care by evaluating utilization and maximizing efficiency as established in subsequent federal regulations. In addition, HITECH Act addresses the privacy and security concerns associated with electronic transmissions of health information with several civil and criminal enforcement provisions of the HIPAA rules.

Ong (2011) notes HITECH provisions increase the civil and criminal enforcement of the HIPAA Privacy, Security and Breach Notification rules that address the privacy and security concerns associated with transmitting health information electronically. According to Ong (2011), under HITECH business associates must now fully comply with HIPAA requirements that prohibit disclosure of confidential protected health information (PHI). At the time Congress passed HITECH, protection for the privacy of health information was imperative especially with the HIV/Aids epidemic. Moreover, the adoption of EHRs by healthcare providers was only minimal according to Ong (2011). Additionally, the Institute of Medicine (IOM) reported that the number of Americans

Security breaches of EMRs vary from someone without consent viewing the patient’s information, to a hacker using the information to steal one’s identity. According to Privacy Rights Clearing House, more than 260 million data breaches have occurred in the United States, including those of health related records. Approximately 12 percent of data breaches involve medical organizations (Gellman, 2012). According to Redspin, a provider of Health Insurance Portability and Accountability Act risk analysis and IT security assessment services, more than 6 million individual’s health records were compromised during a period from August 2009 and December 2010 (Author Unknown, 2010). A provision of the Health Information Technology for Economic and Clinical Health (HITECH) Act requires all breaches affecting 500 or more people to be reported to the Department of Health and Human Services. This reporting is to be accomplished within 60 days of discovery. The Redspin report covering the period above involved 225 breaches of protected health information. The amount of people with access to an individual’s health record creates concern with confidentiality. According to the Los Angeles

The correlation of increased potential patient rights violations and sensitive personal health data among electronic medical records than paper records is growing at an alarming rate. An estimated 52,000 public comments was reviewed by the Department of Health and Human Services requiring privacy regulations governing individually identifiable health information since the passage of Health Insurance Portability and Accountability Act of 1966 (HIPPA). The individually identifiable health information includes demographic data that relates to the individuals past, present, or future physical or mental health condition. In addition, the provision of health care rights of the individual, confidentiality, protection of

The rapid changes in technology over the past few decades has left the healthcare industry ill-prepared to operate in today’s environment. Most substantial protections of sensitive consumer information has come as a result of federal regulation, most notably in 1996 with the Health Insurance Portability and Accountability Act and 2009 as part of the American Recovery and Reinvestment Act. Protection of information in the healthcare industry has lagged behind all other industries, perhaps because the records aren’t financial in nature or sensitive government information. Implementing simple steps for many organizations may be enough to limit the vast majority of breaches, although a layered, comprehensive security approach should be the ultimate goal for companies.