The HITECH Act’s Health IT Infrastructure Standards and Requirements

The HITECH (Health Information Technology for Economic and Clinical Health) Act was passed in 2009 as part of the American Recovery and Reinvestment Auto of 2009 (ARRA). This piece of legislation was created to accelerate the adoption of electronic health records (EHRs), and its supporting technology, in U.S. healthcare organizations. The 7 major goals of the HITECH Act were and continue to be to:

1. Accelerate the adoption of EHR systems in healthcare organizations.

Healthcare organizations and providers were offered financial incentives for the early adoption and the demonstration of meaningful use of EHRs by 2015, stipulating that failure to demonstrate meaningful use of EHR technology would result in penalties. However, stage 2 of the adoption process was slow, resulting in stage 3 of meaningful use becoming an option for providers in 2017 but mandatory for all participants in 2018. Requests for stage 3 to be canceled or paused until 2019 are in the works.

2. Provide EHR access to patients and approved third parties.

Under the HITECH Act, patients and designated third parties must have access to their electronic PHI (if the provider has implemented an EHR system).

3. Improve data breach notifications.

The HITECH Act improves data breach notifications by requiring healthcare organizations, practices, business associations, and service providers to notify patients of any unsecured data breaches, internally or externally, that relate to protected health information (PHI). Breaches that affect 500+ patients require that the U.S. Department of Health & Human Services (HHS) is notified.

4. Enhance HIPAA enforcement with greater penalties for violations.

HITECH promises greater enforcement of HIPAA, including expensive penalties for “willful neglect” and repeat or uncorrected violations.

5. Perform a HIPAA security risk assessment as outlined in the Omnibus Rule or the 2013 digital update to the original 1996 law.

HITECH requires that any physician or hospital that attests to meaningful use must meet this requirement.

6. Policing and holding business associates and service providers responsible for HIPAA.

The HITECH Act requires that business associates must comply with the measures in the HIPAA Privacy Rule (when acting on the behalf of covered entities) and the HIPAA Security Rule for e-PHI. If business associates are not in accordance with either HIPAA rules or its agreement with a covered entity, they are directly liable for uses and disclosures of PHI. They must also report PHI breaches.

7. Increase the protection of e-PHI (electronic protected health information).

Along with every detail above, the HITECH Act expands privacy and security provisions, included under HIPAA, to increase the protection of e-PHI (electronic protected health information).

Meet HITECH Requirements with the Highest Levels of IT Support and Technology

While HITECH helped increase the adoption rate of EHRs in the United States, it also continues to work alongside other healthcare IT rules, like the HIPAA Security Rule and Omnibus, to support measures that protect personal information used, stored, and transmitted electronically. Meeting these requirements and protecting your patients’ data demands that your technology is always up-to-date and that data is used, stored, protected, and transmitted in a way that not only protects your patients but your organization as well. For more information on how to improve your IT healthcare system, talk to the leading team of IT experts at Integracon, and don’t forget to ask for a free network assessment!