Health Information Technology for Economic and Clinical Health Act
The Health Information Technology for Economic and Clinical Health Act, abbreviated HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009. Under the HITECH Act, the United States Department of Health and Human Services resolved to spend $25.9 billion to promote and expand the adoption of health information technology. The Washington Post reported the inclusion of "as much as $36.5 billion in spending to create a nationwide network of electronic health records." At the time it was enacted, it was considered "the most important piece of health care legislation to be passed in the last 20 to 30 years" and the "foundation for health care reform."
The former National Coordinator for Health Information Technology, Dr. Farzad Mostashari, has explained: "You need information to be able to do population health management. You can serve an individual quite well; you can deliver excellent customer service if you wait for someone to walk through the door and then you go and pull their chart. What you can't do with paper charts is ask the question, 'Who didn't walk in the door?'"
Implementation and effects
In the years since the law was passed, electronic health records in the United States have become more common, but it's unclear how much this was caused by the law. The meaningful use incentives in the law only applied to certain types of hospitals, however, and a 2017 study suggests that these hospitals did adopt electronic health records more aggressively.Subtitle A – Promotion of Health Information Technology
Part 1 – Improving Health Care Quality, Safety, and Efficiency
Electronic health records (EHR)
The HITECH Act set meaningful use of interoperable EHR adoption in the health care system as a critical national goal and incentivized EHR adoption. The "goal is not adoption alone but 'meaningful use' of EHRs—that is, their use by providers to achieve significant improvements in care."Title IV of the act promises maximum incentive payments for Medicaid to those who adopt and use "certified EHRs" of $63,750 over 6 years beginning in 2011. Eligible professionals must begin receiving payments by 2016 to qualify for the program. For Medicare, the maximum payments are $44,000 over 5 years. Doctors who do not adopt an EHR by 2015 will be penalized 1% of Medicare payments, increasing to 3% over 3 years. In order to receive the EHR stimulus money, the HITECH act requires doctors to show "meaningful use" of an EHR system. As of June 2010, there are no penalty provisions for Medicaid.
Health information exchange has emerged as a core capability for hospitals and physicians to achieve "meaningful use" and receive stimulus funding. Starting in 2015, hospitals and doctors will be subject to financial penalties under Medicare if they are not using electronic health records.
Meaningful use
The main components of meaningful use are:- The use of a certified EHR in a meaningful manner, such as e-prescribing.
- The use of certified EHR technology for electronic exchange of health information to improve quality of health care.
- The use of certified EHR technology to submit clinical quality and other measures.
The meaningful use of EHRs intended by the US government incentives is categorized as follows:
- Improve care coordination
- Reduce healthcare disparities
- Engage patients and their families
- Improve population and public health
- Ensure adequate privacy and security
- Incentives: to providers who use IT
- Strict and open standards: To ensure users and sellers of EHRs work towards the same goal
- Certification of software: To provide assurance that the EHRs meet basic quality, safety, and efficiency standards
Stage 1 was finalized in July 2010,
Stage 2 in August 2012,
and Stage 3 in October 2015
Meaningful use Stage 1
The first steps in achieving meaningful use are to have a certified EHR and to be able to demonstrate that it is being used to meet the requirements. Stage 1 contains 25 objectives/measures for Eligible Providers and 24 objectives/measures for eligible hospitals. The objectives/measures have been divided into a core set and menu set. EPs and eligible hospitals must meet all objectives/measures in the core set. EPs must meet 5 of the 10 menu-set items during Stage 1, one of which must be a public health objective.Full list of the Core Requirements and a full list of the Menu Requirements.
Core Requirements:
- Use computerized order entry for medication orders.
- Implement drug-drug, drug-allergy checks.
- Generate and transmit permissible prescriptions electronically.
- Record demographics.
- Maintain an up-to-date problem list of current and active diagnoses.
- Maintain active medication list.
- Maintain active medication allergy list.
- Record and chart changes in vital signs.
- Record smoking status for patients 13 years old or older.
- Implement one clinical decision support rule.
- Report ambulatory quality measures to CMS or the States.
- Provide patients with an electronic copy of their health information upon request.
- Provide clinical summaries to patients for each office visit.
- Capability to exchange key clinical information electronically among providers and patient authorized entities.
- Protect electronic health information
- Implement drug-formulary checks.
- Incorporate clinical lab-test results into certified EHR as structured data.
- Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, and outreach.
- Send reminders to patients per patient preference for preventive/ follow-up care
- Provide patients with timely electronic access to their health information
- Use certified EHR to identify patient-specific education resources and provide to patient if appropriate.
- Perform medication reconciliation as relevant
- Provide summary care record for transitions in care or referrals.
- Capability to submit electronic data to immunization registries and actual submission.
- Capability to provide electronic syndromic surveillance data to public health agencies and actual transmission.
In 2017, the government for the first time charged an EHR vendor with falsely representing to customers and the government that its EHR system met the requirements for meaningful use. eClinicalWorks agreed to pay $155 million to settle government charges and a "qui tam" lawsuit brought by a whistleblower who implemented eClinicalWorks' system at Rikers Island Correctional Facility in New York City. The government also alleged that ECW paid kickbacks for referrals. The government also reached separate settlement agreements with three eClinicalWorks employees who will pay a total of $80,000 to the government to settle civil allegations.
National Coordinator for Health Information Technology (HIT)
There is established within the Department of Health and Human Services an Office of the National Coordinator for Health Information Technology. The National Coordinator is appointed by the Secretary and reports directly to the Secretary.The National Coordinator is responsible for the development of the Nationwide Health Information Network.
HIT Policy Committee
The HIT Policy Committee recommends a policy framework for the development and adoption of a nationwide health information technology infrastructure that permits the electronic exchange and use of health information.HIT Standards Committee
The HIT Standards Committee recommends to the National Coordinator standards, implementation specifications, and certification criteria. The Standards Committee also harmonizes, pilot tests, and ensures consistency with the Social Security Act.Part 2 – Application and Use of Adopted Health Information Technology Standards; Reports
Subtitle B – Testing of Health Information Technology
Subtitle C – Grants and Loans Funding
Subtitle D – Privacy
Part 1 – Improved Privacy Provisions and Security Provisions
The HITECH Act requires entities covered by the HIPAA to report data breaches, which affect 500 or more persons, to the United States Department of Health and Human Services, to the news media, and to the people affected by the data breaches. This subtitle extends the complete Privacy and Security Provisions of HIPAA to the business associates of covered entities. This includes the extension of updated civil and criminal penalties to the pertinent business associates. These changes are also required to be included in any business-associate agreements among the covered entities. On November 30, 2009, the regulations associated with the enhancements to HIPAA enforcement took effect.Another significant change brought about in Subtitle D of the HITECH Act is the new breach notification requirements. This imposes new notification requirements on covered entities, business associates, vendors of personal health records and related entities if a breach of unsecured protected health information occurs. On April 27, 2009, the Department of Health and Human Services issued guidance on how to secure protected health information appropriately. Both HHS and the Federal Trade Commission were required under the HITECH Act to issue regulations associated with the new breach notification requirements. The HHS rule was published in the Federal Register on August 24, 2009, and the FTC rule was published on August 25, 2009.
The final significant change made in Subtitle D of the HITECH Act implements new rules for the accounting of disclosures of a patient's health information. It extends the current accounting for disclosure requirements to information that is used to carry out treatment, payment and health care operations when an organization is using an electronic health record. This new requirement also limits the timeframe for the accounting to three years instead of six as it currently stands. These changes took effect January 1, 2011, for organizations implementing EHRs between January 1, 2009 and January 1, 2011, and January 1, 2013, for organizations who had implemented an EHR prior to January 1, 2009.
Subtitle D also includes a "third-party directive" stating that individuals have the right to obtain a copy of their health information in an electronic format and, if the individual chooses, to direct the covered entity to transmit such copy directly to an entity or person designated by the individual. Although HHS had interpreted the statutory cap on the provision of medical records to an individual to apply to medical records delivered under the third-party directive, a recent decision by the United States District Court for the District of Columbia voided that regulation on the grounds that it had not gone through notice and comment.
On July 14, 2010, HHS issued a rule that listed categories that included 701,325 entities and 1.5 million business associates who would have access to patient information without patient consent after the patient had given general consent to their medical practitioner's HIPAA release.