What is the HITECH Act? An Introduction for the Layperson
Money to convert from paper to electronic
People who ask, “What is the HITECH Act?” should understand how the Act stimulates the use of electronic health records and promotes patient safety and privacy. EHRs also improve patient record access and ongoing interoperability among healthcare providers and their patients’ data.
In simple terms, the HITECH Act stimulates the economy with a specific focus on healthcare. It creates stimulus through monetary incentives to stop using paper for patient records and start using an E.H.R.
Stop saying EMR and Start Saying EHR.
Above all, let’s get some acronyms straight. I recommend that you stop saying “E.M.R.” or electronic medical record and start saying “electronic health record” or “E.H.R.” Why is that? Because the ARRA HITECH Act defines a “Certified Electronic Health Record” or “C.E.H.R.T.” A CEHRT has to meet rigorous defined federal standards. There is no Standard definition for EMR, only an EHR.
A healthcare provider must prove using a certified electronic health record system to get the stimulus funds. Installation compliance is an extensive task requiring that several ‘measures’ be met for patient safety, quality, and security and providing patients access to their health records via electronic means.
What is the History of the HITECH Act?
- The HITECH Act is formally known as “The American Reinvestment & Recovery Act (ARRA)” Health Information Technology for Economic and Clinical Health (HITECH) Act.” President Obama signed HITECH into law on February 17, 2009, as part of an economic stimulus bill.
- The HITECH Act created economic incentives to implement electronic health records. The stimuli were available to hospitals (“Eligible Hospitals” or “E.H.s” and physicians “Eligible Professionals” or “E.P.s”) – meaningful use [EHR-MU], an effort led by Centers for Medicare & Medicaid Services C.M.S..), and the Office of the National Coordinator (O.N.C.) for HealthI.TT. The HITECH Act encourages nationwide meaningful use of interoperable electronic health records.
As a result of the HITECH Act
- HITECH provides over $35 billion in stimulus funds to eligible hospitals and physicians. C electronic health record technology (CEHRT) had to be purchased and used in a meaningful way (defined by precise “Meaningful Use” criteria in the HITECH Act).
- These criteria include many compulsory and optional requirements, including privacy Safeguards. In the gold rush to access some of the stimulus funds, E.H.R. companies were required to obtain certification from ATCBs (Authorized Testing and Certification Bodies) to become a CEHRT
- Regional extension centers sprung up that provided training, and other services advised physicians and hospitals on U.S. H.H.S., C.M.S., and Office of the National Coordinator (O.N.C.) guidelines.
- In turn, providers licensed CEHRT and attest to be a meaningful user. Installation and meaningful use required configuration and clinical use of an E.H.R., with policies and procedures prescribed by the HITECH act.
- The attestation entitles an E.H. or an E.P. to receive stimulus funds.
- Making false statements to the Government carries a penalty under the False Claims Act.
- Key provisions of the HITECH Act for hospitals and critical access hospitals (C.A.H.s) can be found at 42 C.F.R. § 495.22 – Meaningful use objectives and measures for E.P.s, eligible hospitals, and C.A.H.s for 2015 through 2018
- Providers are required to meet 42 C.F.R. § 495.40 – Demonstration of meaningful use criteria.
- Certification of electronic health record technology (CEHRT) for 2014 Stage 2 measures can be found 42 CFR 495.6(j)-(m) Stage 2 Objectives and Measures. There are core (required) measures and optional (menu) measures, of which certain minimum number(s) of menu measures were required
What is the significance for the Regulatory Risk and Compliance?
False Claims Act
To get the stimulus funds, a healthcare provider files an attestation with the U.S. Government (via C.M.S.) or state Medicaid that it had complied and requested funds. If the provider’s claims were not accurate, the provider could be subject to penalties under the False Claims Act.
Medical Malpractice Defense Strategy
Electronic health records now provide tamper-resistant measures that enable a skilled forensic expert in electronic health records to audit the log files and patient records, using the HITECH Act Standards for compliance. These strategies are useful in medical malpractice personal injury cases, fraud determinations, and medical billing and coding, among other types of cases.
Lasting Challenges of on the Healthcare Industry Today?
Moreover, now that E.H.R.s are in the majority of hospitals and providers in the U.S., some challenges have developed:
- Privacy– When there are privacy breaches by hospitals or physicians (a.k.a. a ‘HIPAA Breach”), it can be indicative of a failure to correctly or ‘meaningfully use’ the CEHRT, or in the policies, procedures, and training of staff that use the CEHRT.
- Patient safety alerts and medical decision making– One of the requirements of using an E.H.R. under Meaningful use is use of clinical decision support (CDS). CDS ensures patient safety mechanisms alert clinicians. The alerts should integrate with the workflow of a physician. As a result, some hospitals and physicians have turned these alerts off. This can lead, in my experience to unfortunate events. Some medical malpractice cases start clinical decision-making errors, resulting in injury or death of a patient. This is both a failure to meet the Meaningful Use Standard and improper for ensuring patient safety.
- Audit trails to ensure accuracy of record-keeping – To explain, audit logs provide a complete history of all access to a patient’s record, medication orders, and other orders as well as progress notes be physicians. Like the preceding example, this is both a failure to meet the Meaningful Use Standard and improper for ensuring patient safety. It has the additional effect of calling the health care provider’s integrity into question whether they are maintaining accurate records.
- Physician productivity– Physicians that I interview complain of up to a 20% reduction in patient volume. The reason they say this is because of increased documentation and data entry requirements. We believe E.H.R.s can provide productivity benefits, but programmers need to improve usability testing with the intended clinical users.
Interoperability between different E.H.R.s, physicians, hospitals, and clinics, and paper transmitted via fax
- During the initial Meaningful Use adoption period for E.H.R.s, if two providers were not both are not using the same E.HR., sharing patient data was challenging. Recent improvements between disparate E.H.R.s solved part of the problem.
- Today, new legislation such as the 21st Century CURES Act section 4003 defines’ interoperability,’ for Health I.T. as follows:
- “Enables the secure exchange of electronic health information with, and use of electronic health information from, other health information technology without special effort on the part of the user;
- Allows for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable State or Federal law; and
- Does not constitute information blocking as defined in section 3022(a).”
- Interoperability problems between old and new systems and methods can cause patient safety errors. For example, patent identification errors can occur outside the reference laboratory. This risk increases for a non-integrated Lab Information System (LIS) and the hospital’s E.H.R. A fax of the lab results might be sent from the lab to the hospital. The faxed document enters the hospitals’ system, is reviewed by a human who adds the image of the fax to the E.H.R. and the enters discrete data regarding the result of the lab into the hospital E.H.R. Human distraction such as having more than one chart open, or fatigue are known ‘sentinel’ or ‘never’ events can happen.
What New Health I.T. Legislation Since the HITECH Act 2009 Modifies or Changes Priorities for Healthcare?
Since 2009, several new initiatives modify or extend the importance of the HITECH Act. Electronic health records form a foundation for the ACA, FDASIA, HIPAA, MACRA and the CURES Act.
Affordable Care Act of 2010
- The Affordable Care Act of 2010 established comprehensive health care insurance reforms. The A.C.A. instantiated Federal regulations that sometimes-confounded state insurance regulations. To explain, concepts such as Minimum Essential Coverage (M.E.C.) and Essential Health Benefits (E.H.B.) were new terms. Medically necessary care must be documented in the patient chart, which is now generally electronic due to the HITECH Act. The A.C.A. also provided more stringent sentencing guidelines for fraud.
FDASIA – 2012
- FDASIA (Section 618 of the Food and Drug Administration Safety and Innovation Act of 2012) is focused on a risk-based regulatory framework for health I.T., including mobile medical applications. The Act also focuses on:
- FD.A. authority to collect user fees from industry to fund reviews of innovator drugs, medical devices, generic drugs, and biosimilar biological products;
- Promoting innovation to speed patient access to safe and effective products; (note: the breakthrough therapy provision is discussed specifically with respect to COVID.
- Increasing stakeholder involvement in F.D.A. processes; and
- Enhancing the safety of the drug supply chain.
HIPAA Omnibus Rule of 2013
To clarify, the HIPAA Omnibus Rule of 2013 provided increased, tiered civil money penalty structures of the HITECH Act. The Omnibus Rule adopted the HITECH Act’s prohibition against marketing, fundraising, and PHI (protected health information) sale without authorization.
Cybersecurity Act of 2015
The Cybersecurity Act of 2015 is designed to promote awareness via a portal that reports security threats. It also encourage leverage of existing frameworks using recognized security practices. The term “recognized security practices” is used in the HITECH Act Amendment (see bel0w), meaning “the standards, guidelines, best practices, methodologies, procedures, and processes developed under section 2(c)(15) of the National Institute of Standards and Technology (NIST) Act, the approaches promulgated under Section 405(d): Aligning Health Care Industry Security Approaches
MACRA – 2015
To elaborate, the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). Two key provisions of MACRA are Quality Payment Program tracks:
- Advanced Alternative Payment Models (A.P.M.s) or
- The Merit-based Incentive Payment System (MIPS)
21st Century Cures Act of 2016
- The 21st Century Cures Act of 2016 is designed to speed up medical product development and create new innovations and advancements to patients. It has these key initiatives:
- 4001: Health I.T. Usability
- 4002(a): Conditions of Certification
- 4003(b): Trusted Exchange Framework and Common Agreement
- 4003(c): Health Information Technology Advisory Committee
- 4004: Identifying reasonable and necessary activities that do not constitute information blocking
- Intra-Federal agency coordination between :
- H.H.S. Office of Civil Rights,
- H.H.S. Office of the Inspector General (OIG),
- Agency for Healthcare Research and Quality (AHRQ),
- National Institute for Standards and Technology (NIST).
- The CURES Act also modifies 42 C.F.R. Part 2 with respect to privacy and disclosure of substance use disorder and behavioral health records.
- Regenerative medicine Advanced Therapy or RMAT focused on biologics
- Breakthrough Devices program
- Oncology center of Excellence
HITECH Act Amendment of 2021
The HITECH Amendment provides that “recognized security practices” (“RSPs”) include: (i) standards, guidelines, best practices, methodologies, procedures, and processes developed under section 2(c)(15) of the National Institute of Standards and Technology (“NIST”) Act; (ii) the approaches promulgated under section 405(d) of the Cybersecurity Act of 2015