What is an Electronic Health Record (EHR)?

Electronic health records mean maintaining patients’ medical records in an electronic version. Electronic health records are patient-centric records that provide patient information immediately and enable the authorized person to access them. Electronic health records contain the details of patients, treatment details, medical records, radiology reports, and laboratory reports.

What is HIPAA?

The Health Insurance Portability and Accountability Act is otherwise known as HIPAA provides safety, confidentiality, and integrity to the healthcare information of the people. The main objective of HIPAA is to secure the health of employees who have lost their job or are looking for a job by providing health insurance. HIPAA minimizes healthcare costs by systemizing the regulatory and financial matters in an electronic version.

Who all are required to comply with HIPAA?

Covered entities and business associates who are providing health information technology services to healthcare entities should comply with HIPAA rules.

Covered entities

Covered entities in HIPAA means an entity that digitally gathers, creates, and accesses the Protected Health Information (PHI) of patients. PHI includes the name, address, age, mobile numbers, medical treatment history, financial settlements of medical bills, and hospital-related particulars of the individuals. The following entities are included in the list of covered entities under HIPAA:

• Healthcare organizations.
• Health insurance companies.
• Healthcare service providers.

Business associates

Business associates are defined in HIPAA as an organization or an entity that offers Health Information Technology services in favor of the covered entities. Business associates are the traders to the covered entities which create, maintain, and secure the Protected Health Information of the people in accordance with the agreement with the covered entities. Entities included in the list of business associates under HIPAA are mentioned below:

• Billing entities.
• Accounting and finance companies.
• Information technology firms.
• Medical transcriptionist firms.
• Email service providing companies.
• Storage providing companies.

Rules of HIPAA

HIPAA establishes several rules. Every healthcare organization and its vendors should follow the HIPAA rules and terms. The four rules of HIPAA are mentioned below:

• Privacy rule.
• Security rule.
• Breach notification rule.
• Omnibus rule.

HIPAA privacy rule

HIPAA privacy rules establish national standards for accessing the PHI of patients. These standards provide rights for people to access their PHI. This rule establishes national standards regarding patient permission to approach PHI, rights of service providers, right to restrict the access of PHI, and privacy notes and disclosures. Privacy rules are relevant to business entities.

HIPAA security rule

HIPAA security rules establish standards for the safeguard and control of electronically protected health information. This rule established a set of standards regarding the protection and integrity of electronic PHI and safeguard measures that all covered entities and business associates should consider. Covered entities and business associates should maintain security rules as they provide electronic PHI services.

HIPAA breach notification rule

HIPAA breach notification rule establishes standards that the covered entities and business associates are required to comply with. Breach notification rules specify standards regarding the unapproved access of PHI. Unauthorized access is treated as a breach unless the covered entities prove the low probability of prohibited access to electronic PHI. To prove the low probability of unauthorized access, covered entities should analyze the nature of PHI, the unauthorized person who views or obtains the PHI, and the risk associated with PHI. If the breach has happened, the entity performs a breach assessment test to recognize the extent of the breach.

HIPAA omnibus rule

This is the latest rule in HIPAA. This rule was established to make business associates comply with the HIPAA rules along with covered entities. It also specifies the terms and conditions of Business Associate Agreements (BBA). BBA is the contract between the business associate and covered entities to exchange PHI services and render health information technology services.

What is HITECH?

Health Information Technology for Economic Clinical Health Act is otherwise known as the HITECH act. It defines the application of health information technology in EHR services rendered by healthcare providers, which enhances the authentication and confidentiality of healthcare data. The HITECH Act motivates healthcare institutions and organizations to follow EHR to maintain patients’ medical records and other related data. The HITECH Act enlarges the dimension of the HIPAA act by providing more protection measures for PHI.

Importance of HITECH

Helps to implement EHR in healthcare organizations

The HITECH Act requires hospitals and healthcare institutions to approve EHR for the efficient and speedy transmission of data. Before the implementation of the HITECH Act, only a fewer percentage of healthcare organizations followed EHR. It necessitates the electronic EHR in healthcare organizations for the sake of advanced healthcare, efficiency, coordination with patients, and sharing the health information to the covered entities and their business associates. The HITECH Act enables organizations to understand the importance of adopting EHR.

EHR incentives

The cost incurred for EHR implementation is higher and it makes acceptance of EHR difficult. The HITECH Act provides incentives to adopt EHR systems. The HITECH Act allocates federal funds to develop information technology in healthcare entities. Adoption of EHR in Medicare or Medicaid and healthcare organizations helps them to receive EHR incentives under the HITECH scheme.

Necessitate HIPAA compliance

HITECH motivates health associates to comply with the rules of HIPAA. HIPAA rules and regulations are mandatorily followed by covered entities and business associates before the HITECH Act. The HITECH Act strengthens HIPAA compliance by enforcing HIPAA violation penalties. The HITECH Act imposes penalties for non-compliance with HIPAA rules.

Context and Applications

This topic is significant in general studies, professional exams, and also for both undergraduate courses and postgraduate courses especially for,

• Bachelors in Health Information Technology Management
• Masters in Health Information Technology

Practical Problems

Question 1: What are the objectives of HIPAA?

   a) Minimize healthcare costs

   b) Offers health insurance

   c) All of the above

Answer: Option (c) is correct.

Explanation: HIPAA provides security and confidentiality to the patient’s medical information. The main objective of HIPAA is to secure employees who lost their job or looking for a job by providing health insurance. HIPAA minimizes healthcare costs by systemizing the regulatory and financial matters in an electronic version.

Question 2: Who is required to comply with HIPAA?

   a) Covered entities

   b) Insurance companies

   c) All of the above

Answer: Option (a) is correct.

Explanation: Covered entities and business associates should obey the HIPAA rules and conditions. A covered entity means an entity that creates, manages, protects, and prohibits unauthorized access to the PHI.

Question 3: What are the entities covered in business associates?

   a) Information technology companies

   b) Medical transcriptionist firms

   c) All of the above

Answer: Option (c) is correct.

Explanation: Business associates are defined in HIPAA as an organization or an entity that offers PHI services in favor of covered entities. Information technology firms, medical transcriptionist firms are providing consultancy and technology services to covered entities.

Question 4: ___________ rule of HIPAA establishes standard regarding the protection and integrity of electronic PHI.

   a) Security rules

   b) Privacy rules

   c) Omnibus rules

Answer: Option (b) is correct.

Explanation: HIPAA privacy rule establishes a set of standards regarding patients’ permission to approach PHI, rights of service providers to restrict the access of PHI, and privacy notes and disclosures. These standards provide rights to people to access their PHI and prohibit unauthenticated users.

Question 5: What are the features of HITECH?

   a) Incentives for implementing EHR

   b) EHR adoption increased

   c) All of the above

Answer: Option (c) is correct.

Explanation: HITECH act enlarges the dimension of the HIPAA act by providing more protection measures for PHI. Before the implementation of the HITECH act, only fewer percentage of healthcare entities follow the EHR method of managing patients’ medical records. HITECH offers incentives for the adoption of EHR and it makes the process easier.