You are currently viewing What is the HITECH Act? Introduction for the Novice
What is the HITECH Act? New developments since 2009 including the ACA of 2010, HIPAA Omnibus of 2013, MACRA of 2015 and 21st Century CURES Act of 2016

What is the HITECH Act? Introduction for the Novice

What is the HITECH Act?   An Introduction for the Layperson

People who ask, “what is the HITECH Act?” want to understand how the Act impacts electronic health record use, privacy, patient record access, and ongoing compliance with the HITECH Act by healthcare providers.

In simple terms, the HITECH Act was promulgated to stimulate the economy with a specific focus on healthcare.   Financial stimulus in the form of incentives to stop using paper for patient records and start using an E.H.R. was developed.

To get the stimulus funds, a healthcare provider had to prove that it purchased and installed a certified electronic health record system.  But installation compliance is an extensive task requiring that several ‘measures’ be met for patient safety, quality, and security as well as providing patients access to their health records via electronic means.

What is the History of the HITECH Act?

To simplify,


  • The HITECH Act created economic incentives to implement electronic health records. The stimuli were available to hospitals (“Eligible Hospitals” or “E.H.s” and physicians “Eligible Professionals” or “E.P.s”) – meaningful use [EHR-MU], an effort led by Centers for Medicare & Medicaid Services C.M.S..), and the Office of the National Coordinator (O.N.C.) for HealthI.TT. The HITECH Act was designed to encourage nation-wide meaningful use of interoperable electronic health records.

Results of the HITECH Act

  • The HITECH Act provided over $35 billion in stimulus funds to eligible hospitals and physicians. C electronic health record technology (CEHRT) had to be purchased and used in a meaningful way (defined by precise “Meaningful Use” criteria in the HITECH Act).


  • These criteria include many compulsory and optional requirements, including privacy Safeguards. In the gold rush to access some of the stimulus funds, E.H.R. companies were required to obtain certification from ATCBs (Authorized Testing and Certification Bodies) to become a CEHRT


  • Regional extension centers sprung up that provided training, and other services advised physicians and hospitals on U.S. H.H.S., C.M.S., and Office of the National Coordinator (O.N.C.) guidelines.


  • In turn, providers licensed CEHRT and attest to be a meaningful user. Installation and meaningful use required configuration and clinical use of an E.H.R., with policies and procedures prescribed by the HITECH act.


  • The attestation entitles an E.H. or an E.P. to receive stimulus funds.


  • Making false statements to the Government carries a penalty under the False Claims Act.

 Key Provisions

  1. Key provisions of the HITECH Act for hospitals and critical access hospitals (C.A.H.s) can be found at 42 C.F.R. § 495.22 – Meaningful use objectives and measures for E.P.s, eligible hospitals, and C.A.H.s for 2015 through 2018
  2. Providers are required to meet 42 C.F.R. § 495.40 – Demonstration of meaningful use criteria.
  3. Certification of electronic health record technology (CEHRT) for 2014 Stage 2 measures can be found 42 CFR 495.6(j)-(m) Stage 2 Objectives and Measures. There are core (required) measures and optional (menu) measures, of which certain minimum number(s) of menu measures were required

What is the significance of the Act for Risk Management, Compliance, and Litigation?

  1. To get the stimulus funds, a healthcare provider files an attestation with the U.S. Government (via C.M.S.) or state Medicaid that it had complied and requested funds. If the provider’s claims were not accurate, the provider could be subject to penalties under the False Claims Act.
  2. Electronic health records now provide tamper-resistant measures that enable a skilled forensic expert in electronic health records to audit the log files and patient records, using the HITECH Act Standards for compliance. These strategies are useful in medical malpractice personal injury cases, fraud determinations, and medical billing and coding, among other types of cases.

Lasting Challenges of on the Healthcare Industry Today?

Moreover, now that E.H.R.s are installed in the majority of hospitals and providers in the U.S., some challenges have developed:

  • Privacy– When there are privacy breaches by hospitals or physicians (a.k.a. a ‘HIPAA Breach”), it can be indicative of a failure to correctly or ‘meaningfully use’ the CEHRT, or in the policies, procedures, and training of staff that use the CEHRT.


  • Patient safety alerts and medical decision making– One of the requirements of using an E.H.R. under Meaningful use is use of clinical decision support (CDS).  CDS is designed to ensure that patient safety mechanisms are always enabled. The alerts are not still designed with the workflow of a physician in mind. As a result, some hospitals and physicians have turned these alerts off. In the unfortunate case of medical malpractice, clinical decision-making errors, and injury or death of a patient, in my experience that these safety alerts have been disabled. This is both a failure to meet the Meaningful Use Standard and improper for ensuring patient safety.


  • Audit trails to ensure accuracy of record-keeping– Audit logs are supposed to be enabled to provide a complete history of all access to a patient’s record, medication orders, and other orders as well as progress notes be physicians. I have seen instances where these audit controls and required anti-tampering features have also been disabled. Like the preceding example, this is both a failure to meet the Meaningful Use Standard and improper for ensuring patient safety. It has the additional effect of calling the health care provider’s integrity into question whether they are maintaining accurate records.


  • Physician productivity– Physicians that I have interviewed have complained of up to a 20% reduction in patient volume because of documentation and data entry requirements into E.H.R.s. We believe E.H.R.s can provide productivity benefits, but programmers need to improve usability testing with the intended clinical users.

Interoperability Imperative

Interoperability between different E.H.R.s, physicians, hospitals, and clinics, and paper transmitted via fax

    • During the initial Meaningful Use adoption period for E.H.R.s, if two providers were not both are not using the same E.HR., sharing patient data was challenging. Recent improvements between disparate E.H.R.s solved part of the problem.
    • Today, new legislation such as the 21st Century CURES Act section 4003 defines’ interoperability,’ for Health I.T. as follows:
      1. “Enables the secure exchange of electronic health information with, and use of electronic health information from, other health information technology without special effort on the part of the user;
      2. Allows for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable State or Federal law; and
      3. Does not constitute information blocking as defined in section 3022(a).”
    • Interoperability problems between old and new systems and methods can cause patient safety errors. For example, patent identification errors can occur outside the reference laboratory and are not integrated with the hospital’s E.H.R. A fax of the lab results might be sent from the lab to the hospital.  The faxed document enters the hospitals’ system, is reviewed by a human who adds the image of the fax to the E.H.R. and the enters discrete data regarding the result of the lab into the hospital E.H.R. Human distraction such as having more than one chart open, or fatigue are known ‘sentinel’ or ‘never’ events that have happened

What New Health I.T. Legislation Since the HITECH Act  2009 Modifies or Changes Priorities for Healthcare?

Since 2009, several new initiatives modify or extend the importance of the HITECH Act.  Electronic health records form a foundation for the ACA, FDASIA, HIPAA, MACRA and the CURES Act.

Affordable Care Act of 2010

  • The Affordable Care Act of 2010 established comprehensive health care insurance reforms. The A.C.A. instantiated Federal regulations that sometimes-confounded state insurance regulations. To explain, concepts such as Minimum Essential Coverage (M.E.C.) and Essential Health Benefits (E.H.B.) were new terms.  Medically necessary care must be documented in the patient chart, which is now generally electronic due to the HITECH Act. The A.C.A. also provided more stringent sentencing guidelines for fraud.

FDASIA – 2012

HIPAA Omnibus Rule of 2013

To clarify, the HIPAA Omnibus Rule of 2013 provided increased, tiered civil money penalty structures of the HITECH Act. The Omnibus Rule adopted the HITECH Act’s prohibition against marketing, fundraising, and PHI (protected health information) sale without authorization.

MACRA – 2015

To elaborate, the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). Two key provisions of MACRA are Quality Payment Program tracks:

    • Advanced Alternative Payment Models (A.P.M.s) or
    • The Merit-based Incentive Payment System (MIPS)

21st Century Cures Act of 2016

  • The 21st Century Cures Act of 2016 is designed to speed up medical product development and create new innovations and advancements to patients. It has these key initiatives:
    • 4001: Health I.T. Usability
    • 4002(a): Conditions of Certification
    • 4003(b): Trusted Exchange Framework and Common Agreement
    • 4003(c): Health Information Technology Advisory Committee
    • 4004: Identifying reasonable and necessary activities that do not constitute information blocking
    • Intra-Federal agency coordination between :
      • C.M.S.,
      • H.H.S. Office of Civil Rights,
      • H.H.S. Office of the Inspector General (OIG),
      • Agency for Healthcare Research and Quality (AHRQ),
      • National Institute for Standards and Technology (NIST).
    • The CURES Act also modifies 42 C.F.R. Part 2 with respect to privacy and disclosure of substance use disorder and behavioral health records.
    • Regenerative medicine Advanced Therapy or RMAT focused on biologics
    • Breakthrough Devices program
    • Oncology center of Excellence

Related Topics

Meaningful Use HITECH Act Expert Witness

Meaningful Use Audit Defense

HIPAA Privacy and HIPAA Security and the HITECH Act


Michael F. Arrigo

Michael is Managing Partner & CEO of No World Borders, a leading healthcare management and IT consulting firm. He serves as an expert witness in Federal and State Court and was recently ruled as an expert by a 9th Circuit Federal Judge. He serves as a patent expert witness on intellectual property disputes, both as a Technical Expert and a Damages expert. His vision for the firm is to continue acquisition of skills and technology that support the intersection of clinical data and administrative health data where the eligibility for medically necessary care is determined. He leads a team that provides litigation consulting as well as advisory regarding medical coding, medical billing, medical bill review and HIPAA Privacy and Security best practices for healthcare clients, Meaningful Use of Electronic Health Records. He advises legal teams as an expert witness in HIPAA Privacy and Security, medical coding and billing and usual and customary cost of care, the Affordable Care Act and benefits enrollment, white collar crime, False Claims Act, Anti-Kickback, Stark Law, physician compensation, Insurance bad faith, payor-provider disputes, ERISA plan-third-party administrator disputes, third-party liability, and the Medicare Secondary Payer Act (MSPA) MMSEA Section 111 reporting. He uses these skills in disputes regarding the valuation of pharmaceuticals and drug costs and in the review and audit of pain management and opioid prescribers under state Standards and the Controlled Substances Act. He consults to venture capital and private equity firms on mHealth, Cloud Computing in Healthcare, and Software as a Service. He advises ERISA self-insured employers on cost of care and regulations. Arrigo was recently retained by the U.S. Department of Justice (DOJ) regarding a significant false claims act investigation. He has provided opinions on over $1 billion in health care claims and due diligence on over $8 billion in healthcare mergers and acquisitions. Education: UC Irvine - Economics and Computer Science, University of Southern California - Business, studies at Stanford Medical School - Biomedical Informatics, studies at Harvard Medical School - Bioethics. Trained in over 10 medical specialties in medical billing and coding. Trained by U.S. Patent and Trademark Office (USPTO) and PTAB Judges on patent statutes, rules and case law (as a non-attorney to better advise clients on Technical and Damages aspects of patent construction and claims). Mr. Arrigo has been interviewed quoted in the Wall Street Journal, New York Times, and National Public Radio, Fortune, KNX 1070 Radio, Kaiser Health News, NBC Television News, The Capitol Forum and other media outlets. See and for more about the company.

Leave a Reply