HIPAA Clinical Hitech Act

Medicare Services US

"...in-home psychotherapy services takes the fear out of office visits that many people have.”

The Health Information Technology for Economic and Clinical Health Act (HITECH Act or "The Act") is part of the American Recovery and Reinvestment Act of 2009 (ARRA). ARRA contains incentives related to health care information technology in general (e.g. creation of a national health care infrastructure) and contains specific incentives designed to accelerate the adoption of electronic health record (EHR) systems among providers.

Because this legislation anticipates a massive expansion in the exchange of electronic protected health information (ePHI), the HITECH Act also widens the scope of privacy and security protections available under HIPAA; it increases the potential legal liability for non-compliance; and it provides for more enforcement.

Under the HITECH Act, business associates are now directly "on the compliance hook" since they are required to comply with the safeguards contained in the Security Rule (SR). The HITECH Act does not speak directly to the rationale, but even casual observers understand that a potentially massive expansion in the exchange of ePHI increases the privacy and security concerns of all stakeholders. Most, if not all, software vendors providing EHR systems will clearly qualify as business associates. Requiring vendors to comply directly ensures that more provider/vendor dialog will occur regarding the necessary contracts, and regarding other compliance issues of mutual interest. The vendors themselves will insist on it.The "fun" for business associates does not stop with Security Rule compliance and contractual agreements.

Dr. Bob Osenenko final words. The HITECH ACT will be enforced to those using EHR systems but sets the tone for others to be more careful when transfer of medical information. Pertaining to this website, referrals can still be made thru emails because we use a secure line and verify system and secure socket layer technology.

Civil penalties for willful neglect are increased under the HITECH Act. These penalties can extend up to $250,000, with repeat/uncorrected violations extending up to $1.5 million. Legislators appear to be sending a clear message that "we are not in Kansas" anymore.

Furthermore, under certain conditions HIPAA's civil and criminal penalties now extend to business associates. Like HIPAA, the HITECH Act does not allow an individual to bring a cause of action against a provider. However, it does allow a state attorney general to bring an action on behalf of his or her residents. Finally, HHS is now required to conduct periodic audits of covered entities and business associates.

Clearly, the legislative intent is to provide for "enhanced enforcement." To what degree enforcement actually increases on the ground is yet to be determined, but the HITECH Act significantly ups the ante for non-compliance.