How the HITECH Act Affects Health Care Facilities, Medical Professionals

In some states, health care providers must notify patients of a data breach compromised their personally identifiable information, including social security numbers, banking information, credit card numbers and more. Now, the federal government has extended these laws to include health information under the HITECH Act.

When President Obama signed the American Recovery and Reinvestment Act into law in 2009, a big part of that act was the HITECH act, which incentivized hospitals and businesses to use new technology to “demonstrate meaningful use” of electronic health records. These incentives are largely financial and last through the year 2015.

While there was some initial concern that hospitals would rush to begin using the technology only to obtain the benefits and then slowly taper off the use after the benefits ended, the act also implemented some strict punishments and consequences in case a data breach does happen and the hospital was not using new technology to protect the personal data of patients and inform them of the breach.

The HITECH Act is somewhat related to the Health Insurance Portability and Accountability Act (HIPAA) in that one of HIPAA’s primary goals was to encourage a level of individual control over people’s personal health care records. Several requirements of the HITECH Act were implied in HIPAA:

  • Informing patients when their information is compromised in a data breach
  • Regulating personal health record vendors
  • Laying out more penalties and duties for business associates
  • Enforcing penalties after data breaches
  • Increasing limits on disclosure of personal health information and the use of that information

For more information about the HITECH Act and how it affects the work of health care professionals and facilities, meet with a respected New Jersey health care attorney at Buttaci Leardi & Werner, LLC.

Tagged with: , ,

Posted in: Regulation