You are currently viewing What is the HITECH Act? Introduction for the Novice
What is the HITECH Act? New developments since 2009 including the ACA of 2010, HIPAA Omnibus of 2013, MACRA of 2015 and 21st Century CURES Act of 2016

What is the HITECH Act? Introduction for the Novice

What is the HITECH Act?   An Introduction for the Layperson

People who ask, “what is the HITECH Act?” want to understand how the Act impacts electronic health record use, privacy, patient record access, and ongoing compliance with the HITECH Act by healthcare providers.

In simple terms, the HITECH Act was promulgated to stimulate the economy with a specific focus on healthcare.   Financial stimulus in the form of incentives to stop using paper for patient records and start using an E.H.R. was developed.

To get the stimulus funds, a healthcare provider had to prove that it purchased and installed a certified electronic health record system.  But installation compliance is an extensive task requiring that several ‘measures’ be met for patient safety, quality, and security as well as providing patients access to their health records via electronic means.

What is the History of the HITECH Act?

To simplify,


  • The HITECH Act created economic incentives to implement electronic health records. The stimuli were available to hospitals (“Eligible Hospitals” or “E.H.s” and physicians “Eligible Professionals” or “E.P.s”) – meaningful use [EHR-MU], an effort led by Centers for Medicare & Medicaid Services C.M.S..), and the Office of the National Coordinator (O.N.C.) for HealthI.TT. The HITECH Act was designed to encourage nation-wide meaningful use of interoperable electronic health records.

Results of the HITECH Act

  • The HITECH Act provided over $35 billion in stimulus funds to eligible hospitals and physicians. C electronic health record technology (CEHRT) had to be purchased and used in a meaningful way (defined by precise “Meaningful Use” criteria in the HITECH Act).


  • These criteria include many compulsory and optional requirements, including privacy Safeguards. In the gold rush to access some of the stimulus funds, E.H.R. companies were required to obtain certification from ATCBs (Authorized Testing and Certification Bodies) to become a CEHRT


  • Regional extension centers sprung up that provided training, and other services advised physicians and hospitals on U.S. H.H.S., C.M.S., and Office of the National Coordinator (O.N.C.) guidelines.


  • In turn, providers licensed CEHRT and attest to be a meaningful user. Installation and meaningful use required configuration and clinical use of an E.H.R., with policies and procedures prescribed by the HITECH act.


  • The attestation entitles an E.H. or an E.P. to receive stimulus funds.


  • Making false statements to the Government carries a penalty under the False Claims Act.

 Key Provisions

  1. Key provisions of the HITECH Act for hospitals and critical access hospitals (C.A.H.s) can be found at 42 C.F.R. § 495.22 – Meaningful use objectives and measures for E.P.s, eligible hospitals, and C.A.H.s for 2015 through 2018
  2. Providers are required to meet 42 C.F.R. § 495.40 – Demonstration of meaningful use criteria.
  3. Certification of electronic health record technology (CEHRT) for 2014 Stage 2 measures can be found 42 CFR 495.6(j)-(m) Stage 2 Objectives and Measures. There are core (required) measures and optional (menu) measures, of which certain minimum number(s) of menu measures were required

What is the significance of the Act for Risk Management, Compliance, and Litigation?

  1. To get the stimulus funds, a healthcare provider files an attestation with the U.S. Government (via C.M.S.) or state Medicaid that it had complied and requested funds. If the provider’s claims were not accurate, the provider could be subject to penalties under the False Claims Act.
  2. Electronic health records now provide tamper-resistant measures that enable a skilled forensic expert in electronic health records to audit the log files and patient records, using the HITECH Act Standards for compliance. These strategies are useful in medical malpractice personal injury cases, fraud determinations, and medical billing and coding, among other types of cases.

Lasting Challenges of on the Healthcare Industry Today?

Moreover, now that E.H.R.s are installed in the majority of hospitals and providers in the U.S., some challenges have developed:

  • Privacy– When there are privacy breaches by hospitals or physicians (a.k.a. a ‘HIPAA Breach”), it can be indicative of a failure to correctly or ‘meaningfully use’ the CEHRT, or in the policies, procedures, and training of staff that use the CEHRT.


  • Patient safety alerts and medical decision making– One of the requirements of using an E.H.R. under Meaningful use is use of clinical decision support (CDS).  CDS is designed to ensure that patient safety mechanisms are always enabled. The alerts are not still designed with the workflow of a physician in mind. As a result, some hospitals and physicians have turned these alerts off. In the unfortunate case of medical malpractice, clinical decision-making errors, and injury or death of a patient, in my experience that these safety alerts have been disabled. This is both a failure to meet the Meaningful Use Standard and improper for ensuring patient safety.


  • Audit trails to ensure accuracy of record-keeping– Audit logs are supposed to be enabled to provide a complete history of all access to a patient’s record, medication orders, and other orders as well as progress notes be physicians. I have seen instances where these audit controls and required anti-tampering features have also been disabled. Like the preceding example, this is both a failure to meet the Meaningful Use Standard and improper for ensuring patient safety. It has the additional effect of calling the health care provider’s integrity into question whether they are maintaining accurate records.


  • Physician productivity– Physicians that I have interviewed have complained of up to a 20% reduction in patient volume because of documentation and data entry requirements into E.H.R.s. We believe E.H.R.s can provide productivity benefits, but programmers need to improve usability testing with the intended clinical users.

Interoperability Imperative

Interoperability between different E.H.R.s, physicians, hospitals, and clinics, and paper transmitted via fax

    • During the initial Meaningful Use adoption period for E.H.R.s, if two providers were not both are not using the same E.HR., sharing patient data was challenging. Recent improvements between disparate E.H.R.s solved part of the problem.
    • Today, new legislation such as the 21st Century CURES Act section 4003 defines’ interoperability,’ for Health I.T. as follows:
      1. “Enables the secure exchange of electronic health information with, and use of electronic health information from, other health information technology without special effort on the part of the user;
      2. Allows for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable State or Federal law; and
      3. Does not constitute information blocking as defined in section 3022(a).”
    • Interoperability problems between old and new systems and methods can cause patient safety errors. For example, patent identification errors can occur outside the reference laboratory and are not integrated with the hospital’s E.H.R. A fax of the lab results might be sent from the lab to the hospital.  The faxed document enters the hospitals’ system, is reviewed by a human who adds the image of the fax to the E.H.R. and the enters discrete data regarding the result of the lab into the hospital E.H.R. Human distraction such as having more than one chart open, or fatigue are known ‘sentinel’ or ‘never’ events that have happened

What New Health I.T. Legislation Since the HITECH Act  2009 Modifies or Changes Priorities for Healthcare?

Since 2009, several new initiatives modify or extend the importance of the HITECH Act.  Electronic health records form a foundation for the ACA, FDASIA, HIPAA, MACRA and the CURES Act.

Affordable Care Act of 2010

  • The Affordable Care Act of 2010 established comprehensive health care insurance reforms. The A.C.A. instantiated Federal regulations that sometimes-confounded state insurance regulations. To explain, concepts such as Minimum Essential Coverage (M.E.C.) and Essential Health Benefits (E.H.B.) were new terms.  Medically necessary care must be documented in the patient chart, which is now generally electronic due to the HITECH Act. The A.C.A. also provided more stringent sentencing guidelines for fraud.

FDASIA – 2012

HIPAA Omnibus Rule of 2013

To clarify, the HIPAA Omnibus Rule of 2013 provided increased, tiered civil money penalty structures of the HITECH Act. The Omnibus Rule adopted the HITECH Act’s prohibition against marketing, fundraising, and PHI (protected health information) sale without authorization.

MACRA – 2015

To elaborate, the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). Two key provisions of MACRA are Quality Payment Program tracks:

    • Advanced Alternative Payment Models (A.P.M.s) or
    • The Merit-based Incentive Payment System (MIPS)

21st Century Cures Act of 2016

  • The 21st Century Cures Act of 2016 is designed to speed up medical product development and create new innovations and advancements to patients. It has these key initiatives:
    • 4001: Health I.T. Usability
    • 4002(a): Conditions of Certification
    • 4003(b): Trusted Exchange Framework and Common Agreement
    • 4003(c): Health Information Technology Advisory Committee
    • 4004: Identifying reasonable and necessary activities that do not constitute information blocking
    • Intra-Federal agency coordination between :
      • C.M.S.,
      • H.H.S. Office of Civil Rights,
      • H.H.S. Office of the Inspector General (OIG),
      • Agency for Healthcare Research and Quality (AHRQ),
      • National Institute for Standards and Technology (NIST).
    • The CURES Act also modifies 42 C.F.R. Part 2 with respect to privacy and disclosure of substance use disorder and behavioral health records.
    • Regenerative medicine Advanced Therapy or RMAT focused on biologics
    • Breakthrough Devices program
    • Oncology center of Excellence

Related Topics

Meaningful Use HITECH Act Expert Witness

Meaningful Use Audit Defense

HIPAA Privacy and HIPAA Security and the HITECH Act


Michael F. Arrigo

Michael Arrigo, an expert witness, and healthcare executive, brings four decades of experience in the software, financial services, and healthcare industries. In 2000, Mr. Arrigo founded No World Borders, a healthcare data, regulations, and economics firm with clients in the pharmaceutical, medical device, hospital, surgical center, physician group, diagnostic imaging, genetic testing, health I.T., and health insurance markets. His expertise spans the federal health programs Medicare and Medicaid and private insurance. He advises Medicare Advantage Organizations that provide health insurance under Part C of the Medicare Act. Mr. Arrigo serves as an expert witness regarding medical coding and billing, fraud damages, and electronic health record software for the U.S. Department of Justice. He has valued well over $1 billion in medical billings in personal injury liens, malpractice, and insurance fraud cases. The U.S. Court of Appeals considered Mr. Arrigo's opinion regarding loss amounts, vacating, and remanding sentencing in a fraud case. Mr. Arrigo provides expertise in the Medicare Secondary Payer Act, Medicare LCDs, anti-trust litigation, medical intellectual property and trade secrets, HIPAA privacy, health care electronic claim data Standards, physician compensation, Anti-Kickback Statute, Stark law, the Affordable Care Act, False Claims Act, and the ARRA HITECH Act. Arrigo advises investors on merger and acquisition (M&A) diligence in the healthcare industry on transactions cumulatively valued at over $1 billion. Mr. Arrigo spent over ten years in Silicon Valley software firms in roles from Product Manager to CEO. He was product manager for a leading-edge database technology joint venture that became commercialized as Microsoft SQL Server, Vice President of Marketing for a software company when it grew from under $2 million in revenue to a $50 million acquisition by a company now merged into Cincom Systems, hired by private equity investors to serve as Vice President of Marketing for a secure email software company until its acquisition and multi $million investor exit by a company now merged into Axway Software S.A. (Euronext: AXW.PA), and CEO of one of the first cloud-based billing software companies, licensing its technology to Citrix Systems (NASDAQ: CTXS). Later, before entering the healthcare industry, he joined Fortune 500 company Fidelity National Financial (NYSE: FNF) as a Vice President, overseeing eCommerce solutions for the mortgage banking industry. While serving as a Vice President at Fortune 500 company First American Financial (NYSE: FAF), he oversaw eCommerce and regulatory compliance technology initiatives for the top ten mortgage banks and led the Sarbanes Oxley Act Section 302 internal controls I.T. audit for the company, supporting Section 404 of the Sarbanes Oxley Act. Mr. Arrigo earned his Bachelor of Science in Business Administration from the University of Southern California. Before that, he studied computer science, statistics, and economics at the University of California, Irvine. His post-graduate studies include biomedical ethics at Harvard Medical School, biomedical informatics at Stanford Medical School, blockchain and crypto-economics at the Massachusetts Institute of Technology, and training as a Certified Professional Medical Auditor (CPMA). Mr. Arrigo is qualified to serve as a director due to his experience in healthcare data, regulations, and economics, his leadership roles in software and financial services public companies, and his healthcare M&A diligence and public company regulatory experience. Mr. Arrigo is quoted in The Wall Street Journal, Fortune Magazine, Kaiser Health News, Consumer Affairs, National Public Radio (NPR), NBC News Houston, USA Today / Milwaukee Journal Sentinel, Medical Economics, Capitol ForumThe Daily Beast, the Lund Report, Inside Higher Ed, New England Psychologist, and other press and media outlets. He authored a peer-reviewed article regarding clinical documentation quality to support accurate medical coding, billing, and good patient care, published by Healthcare Financial Management Association (HFMA) and published in Healthcare I.T. News. Mr. Arrigo serves as a member of the board of directors of a publicly traded company in the healthcare and data analytics industry, where his duties include: member, audit committee; chair, compensation committee; member, special committee.

Leave a Reply