2. Objectives
โข Describe the purposes of the Health
Information Technology for Economic and
Clinical Health (HITECH) Act of 2009
โข Explore how the HITECH Act is enhancing the
security and privacy protections of the Health
Insurance Portability and Accountability Act
(HIPAA) of 1996.
โข Determine how the HITECH Act and its impact
on HIPAA apply to nursing practice.
3. Introduction
โข Nurses need to be familiar with the goals and
purposes of the HITECH Act of 2009, including the
Medicare and Medicaid HIT provisions of the law.
โข How it enhances the security and privacy
protections of the Health Insurance Portability
and Accountability Act (HIPAA) of 1996
โข How it otherwise impacts nursing practice in the
emerging EHR age
โข The concepts of โmeaningful useโ and โcertified
EHR technologyโ
4. Overview of the HITECH Act
โข The HITECH Act established the Office of the National Coordinator
for Health Information Technology (ONC) within the U.S.
Department of Health and Human Services (HHS).
โข The ONC is headed by the National Coordinator, who is responsible
for overseeing the development of a nationwide HIT infrastructure
that supports the use and exchange of information in order to
โ improve health care quality
โ reduce the cost of health care
โ improve peopleโs health by promoting prevention, early detection and
management of chronic diseases
โ protect public health by fostering early detection and rapid response
to infectious diseases, bioterrorism, and other situations
โ facilitate clinical research
โ reduce health disparities
โ better secure patient health information
โข Improving health care quality has been an ongoing challenge in this
country.
5. How a National HIT Infrastructure is
Being Developed
โข Developing a national HIT infrastructure is an
enormous and extremely complex undertaking
that requires extensive financial technological
and human resources.
โข Monetary incentives are available to clinicians
and facilities who implement EHR systems that
meet the specific standards.
โข Providers that fail to adopt such systems within
a specified time frame may be subject to
significant governmental penalties.
6. Health Insurance Portability and
Accountability Act (HIPAA) of 1996
โข Intent of the act was to
โ curtail healthcare fraud and abuse
โ enforce standards for health information
โ guarantee the security and privacy of health
information
โ assure health insurance portability for employed
persons.
โข Consequences were put into place for institutions
and individuals who violated the requirements of
this act.
7. How the HITECH ACT Changed HIPAA
โข The OCR is part of HHS and is responsible for enforcing
HIPAA
โข Compliance with the Privacy and Security Rules is
mandatory for all covered entities
โข Entities are to conduct regular audits to assure
compliance and any breaches in the privacy or security
of PHI must be remedied immediately
โข Improved privacy and security of patient health
information by applying the requirements of HIPAA
directly to the business associates of covered entities.
โข Strengthens the enforcement of HIPAA
8. Potential Legal Issues Associated with
Technology
โข BYOD (bring your own device) Healthcare
organizations typically do not encourage personal
devices and in many instances actually have
policies in place forbidding employees from using
personal devices in the workplace.
โ Policies may restrict use to devices issued by the
organization, secured, and routinely audited
โข Social Media Use
โ Nurses who engage with social media need to be
especially cognizant of a potential breach of
confidentiality of patient information.
10. Summary
โข HITECH Act and the HIPAA Privacy and Security Rules are intended
to enhance the rights of individuals.
โข These laws provide patients with greater access and control over
their PHI. They can control its uses, dissemination, and disclosures.
โข Covered entities must not only establish a required level of security
for PHI but also sanctions for employees who violate the
organizationโs privacy policies and administrative processes for
responding to patient requests regarding their information.
โข They must be able to track the PHI and note access from both a
perspective of what information was accessed but also by whom
and any disclosures.
โข There is global awareness of the need for privacy protections for
personal health information or PHI.