What is the HITECH Act? An Introduction for the Layperson
People who ask, “what is the HITECH Act?” want to understand how the Act impacts electronic health record use, privacy, patient record access, and ongoing compliance with the HITECH Act by healthcare providers.
In simple terms, the HITECH Act was promulgated to stimulate the economy with a specific focus on healthcare. Financial stimulus in the form of incentives to stop using paper for patient records and start using an E.H.R. was developed.
To get the stimulus funds, a healthcare provider had to prove that it purchased and installed a certified electronic health record system. But installation compliance is an extensive task requiring that several ‘measures’ be met for patient safety, quality, and security as well as providing patients access to their health records via electronic means.
What is the History of the HITECH Act?
- The HITECH Act is formally known as “The American Reinvestment & Recovery Act (ARRA)” Health Information Technology for Economic and Clinical Health (HITECH) Act.” President Obama signed HITECH into law on February 17, 200,9, as part of an economic stimulus bill.
- The HITECH Act created economic incentives to implement electronic health records. The stimuli were available to hospitals (“Eligible Hospitals” or “E.H.s” and physicians “Eligible Professionals” or “E.P.s”) – meaningful use [EHR-MU], an effort led by Centers for Medicare & Medicaid Services C.M.S..), and the Office of the National Coordinator (O.N.C.) for HealthI.TT. The HITECH Act was designed to encourage nation-wide meaningful use of interoperable electronic health records.
Results of the HITECH Act
- The HITECH Act provided over $35 billion in stimulus funds to eligible hospitals and physicians. C electronic health record technology (CEHRT) had to be purchased and used in a meaningful way (defined by precise “Meaningful Use” criteria in the HITECH Act).
- These criteria include many compulsory and optional requirements, including privacy Safeguards. In the gold rush to access some of the stimulus funds, E.H.R. companies were required to obtain certification from ATCBs (Authorized Testing and Certification Bodies) to become a CEHRT
- Regional extension centers sprung up that provided training, and other services advised physicians and hospitals on U.S. H.H.S., C.M.S., and Office of the National Coordinator (O.N.C.) guidelines.
- In turn, providers licensed CEHRT and attest to be a meaningful user. Installation and meaningful use required configuration and clinical use of an E.H.R., with policies and procedures prescribed by the HITECH act.
- The attestation entitles an E.H. or an E.P. to receive stimulus funds.
- Making false statements to the Government carries a penalty under the False Claims Act.
- Key provisions of the HITECH Act for hospitals and critical access hospitals (C.A.H.s) can be found at 42 C.F.R. § 495.22 – Meaningful use objectives and measures for E.P.s, eligible hospitals, and C.A.H.s for 2015 through 2018
- Providers are required to meet 42 C.F.R. § 495.40 – Demonstration of meaningful use criteria.
- Certification of electronic health record technology (CEHRT) for 2014 Stage 2 measures can be found 42 CFR 495.6(j)-(m) Stage 2 Objectives and Measures. There are core (required) measures and optional (menu) measures, of which certain minimum number(s) of menu measures were required
What is the significance of the Act for Risk Management, Compliance, and Litigation?
- To get the stimulus funds, a healthcare provider files an attestation with the U.S. Government (via C.M.S.) or state Medicaid that it had complied and requested funds. If the provider’s claims were not accurate, the provider could be subject to penalties under the False Claims Act.
- Electronic health records now provide tamper-resistant measures that enable a skilled forensic expert in electronic health records to audit the log files and patient records, using the HITECH Act Standards for compliance. These strategies are useful in medical malpractice personal injury cases, fraud determinations, and medical billing and coding, among other types of cases.
Lasting Challenges of on the Healthcare Industry Today?
Moreover, now that E.H.R.s are installed in the majority of hospitals and providers in the U.S., some challenges have developed:
- Privacy– When there are privacy breaches by hospitals or physicians (a.k.a. a ‘HIPAA Breach”), it can be indicative of a failure to correctly or ‘meaningfully use’ the CEHRT, or in the policies, procedures, and training of staff that use the CEHRT.
- Patient safety alerts and medical decision making– One of the requirements of using an E.H.R. under Meaningful use is use of clinical decision support (CDS). CDS is designed to ensure that patient safety mechanisms are always enabled. The alerts are not still designed with the workflow of a physician in mind. As a result, some hospitals and physicians have turned these alerts off. In the unfortunate case of medical malpractice, clinical decision-making errors, and injury or death of a patient, in my experience that these safety alerts have been disabled. This is both a failure to meet the Meaningful Use Standard and improper for ensuring patient safety.
- Audit trails to ensure accuracy of record-keeping– Audit logs are supposed to be enabled to provide a complete history of all access to a patient’s record, medication orders, and other orders as well as progress notes be physicians. I have seen instances where these audit controls and required anti-tampering features have also been disabled. Like the preceding example, this is both a failure to meet the Meaningful Use Standard and improper for ensuring patient safety. It has the additional effect of calling the health care provider’s integrity into question whether they are maintaining accurate records.
- Physician productivity– Physicians that I have interviewed have complained of up to a 20% reduction in patient volume because of documentation and data entry requirements into E.H.R.s. We believe E.H.R.s can provide productivity benefits, but programmers need to improve usability testing with the intended clinical users.
Interoperability between different E.H.R.s, physicians, hospitals, and clinics, and paper transmitted via fax
- During the initial Meaningful Use adoption period for E.H.R.s, if two providers were not both are not using the same E.HR., sharing patient data was challenging. Recent improvements between disparate E.H.R.s solved part of the problem.
- Today, new legislation such as the 21st Century CURES Act section 4003 defines’ interoperability,’ for Health I.T. as follows:
- “Enables the secure exchange of electronic health information with, and use of electronic health information from, other health information technology without special effort on the part of the user;
- Allows for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable State or Federal law; and
- Does not constitute information blocking as defined in section 3022(a).”
- Interoperability problems between old and new systems and methods can cause patient safety errors. For example, patent identification errors can occur outside the reference laboratory and are not integrated with the hospital’s E.H.R. A fax of the lab results might be sent from the lab to the hospital. The faxed document enters the hospitals’ system, is reviewed by a human who adds the image of the fax to the E.H.R. and the enters discrete data regarding the result of the lab into the hospital E.H.R. Human distraction such as having more than one chart open, or fatigue are known ‘sentinel’ or ‘never’ events that have happened
What New Health I.T. Legislation Since the HITECH Act 2009 Modifies or Changes Priorities for Healthcare?
Since 2009, several new initiatives modify or extend the importance of the HITECH Act. Electronic health records form a foundation for the ACA, FDASIA, HIPAA, MACRA and the CURES Act.
Affordable Care Act of 2010
- The Affordable Care Act of 2010 established comprehensive health care insurance reforms. The A.C.A. instantiated Federal regulations that sometimes-confounded state insurance regulations. To explain, concepts such as Minimum Essential Coverage (M.E.C.) and Essential Health Benefits (E.H.B.) were new terms. Medically necessary care must be documented in the patient chart, which is now generally electronic due to the HITECH Act. The A.C.A. also provided more stringent sentencing guidelines for fraud.
FDASIA – 2012
- FDASIA (Section 618 of the Food and Drug Administration Safety and Innovation Act of 2012) is focused on a risk-based regulatory framework for health I.T., including mobile medical applications. The Act also focuses on:
- FD.A. authority to collect user fees from industry to fund reviews of innovator drugs, medical devices, generic drugs, and biosimilar biological products;
- Promoting innovation to speed patient access to safe and effective products; (note: the breakthrough therapy provision is discussed specifically with respect to COVID.
- Increasing stakeholder involvement in F.D.A. processes; and
- Enhancing the safety of the drug supply chain.
HIPAA Omnibus Rule of 2013
To clarify, the HIPAA Omnibus Rule of 2013 provided increased, tiered civil money penalty structures of the HITECH Act. The Omnibus Rule adopted the HITECH Act’s prohibition against marketing, fundraising, and PHI (protected health information) sale without authorization.
MACRA – 2015
To elaborate, the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). Two key provisions of MACRA are Quality Payment Program tracks:
- Advanced Alternative Payment Models (A.P.M.s) or
- The Merit-based Incentive Payment System (MIPS)
21st Century Cures Act of 2016
- The 21st Century Cures Act of 2016 is designed to speed up medical product development and create new innovations and advancements to patients. It has these key initiatives:
- 4001: Health I.T. Usability
- 4002(a): Conditions of Certification
- 4003(b): Trusted Exchange Framework and Common Agreement
- 4003(c): Health Information Technology Advisory Committee
- 4004: Identifying reasonable and necessary activities that do not constitute information blocking
- Intra-Federal agency coordination between :
- H.H.S. Office of Civil Rights,
- H.H.S. Office of the Inspector General (OIG),
- Agency for Healthcare Research and Quality (AHRQ),
- National Institute for Standards and Technology (NIST).
- The CURES Act also modifies 42 C.F.R. Part 2 with respect to privacy and disclosure of substance use disorder and behavioral health records.
- Regenerative medicine Advanced Therapy or RMAT focused on biologics
- Breakthrough Devices program
- Oncology center of Excellence
Meaningful Use HITECH Act Expert Witness
HIPAA Privacy and HIPAA Security and the HITECH Act