THE HITECH ACT: KNOW HOW TO MITIGATE YOUR RISK
The health care industry is always changing and right now it is changing quickly. Some of the most urgent changes facing Health Information Management today are a result of the Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act (ARRA) of 2009. In our role as client partners, BACTES stays informed about the implications of HITECH and ARRA. We share some of that information with you here. BACTES offers customized HITECH Compliance Assistance to help your organization respond quickly and appropriately to HITECH requirements and avoid costly violation fees.
FREQUENTLY ASKED QUESTIONS ABOUT ARRA, HITECH AND HIPAA
Download this PDF to answer your questions about HITECH incentive options, meaningful use, bonus payments, privacy and security changes, enforcement changes, and changes you need to make in your practice.
THE BASICS OF THE ARRA AND HITECH ACTS
Understanding the language of HITECH and ARRA can be overwhelming. The following covers the basics of Health IT provisions within ARRA: The health IT component of ARRA is the HITECH Act, which appropriates $19.2 billion dollars to encourage healthcare organizations to adopt and effectively utilize Electronic Health Records (EHR) and establish health information exchange networks at a regional level, all while ensuring that the systems deployed protect and safeguard the critical patient data at the core of the system. Of the $19.2 billion, there is $17 billion in incentive payments to physicians and hospitals. There is a program designed for those that see large volumes of Medicaid patients, and another for those that accept Medicare. In order to qualify for the incentive payments, both physicians and hospitals have to demonstrate three things:
1. Use of a certified EHR product with ePrescribing capability that meets current HHS standards.
2. Connectivity to other providers to improve access to the full view of a patient’s health history.
3. Ability to report on their use of the technology to HHS.
The maximum incentive is $64,000 (depending on Medicare/Medicaid population) with almost half disbursed in the first year, as a motivation to implement the use of EHR prior to 2011. Hospitals also are being encouraged with incentives available from 2011 until 2015. Payments each year will be based on a calculation equal to $2 million, plus supplemental amounts based on a formula that takes into account the hospital’s number of patient discharges and share of Medicare patients. Hospitals that do not adopt certified EHR technology by 2015 will, like their professional counterparts, see reductions in their Medicare reimbursement.
NEW HIPAA REQUIREMENTS
HITECH provisions significantly expand HIPAA regulations to include mandatory data breach notifications requiring notification of both prominent media outlets and the Secretary of HHS. HITECH includes provisions that mean a covered entity may be strictly liable even where the entity had no reason to know of or foresee the breach and otherwise did nothing wrong. Patient rights have expanded and penalties have been increased. HITECH also grants individual States broad, strong new powers to collect civil penalties and attorney fees from covered entities for HIPAA violations—a change from previous lax enforcement standards by federal agencies. As a result, health care providers need new and enhanced processes to ensure compliance. Here are just a few examples of new regulations that affect your organization:
• HIPAA Business Associates are directly subject to HIPAA Privacy and Security requirements. All Business Associate Agreements must be rewritten.
• New security breach obligations for HIPAA covered entities and some non-covered entities such as vendors and business associates.
• “Minimum necessary” standard expanded to all uses and disclosures.
• New enforcement provisions authorize States Attorney General to enforce HIPAA requirements through injunction and damages.
BACTES IS YOUR PARTNER IN NAVIGATING THE HITECH ACT AND MITIGATING YOUR RISK
Learning about and meeting the latest requirements of the HITECH act is a stress-inducing burden. BACTES relieves that burden, allowing you to focus on patient care.
• Protect your organization from costly violations.
• Achieve ongoing compliance with the highest levels of security and quality.
• Facilitate newly expanded HIPAA requirements for patient rights.
• Guard against broad new enforcement powers granted to States.
• Avoid having to notify both the media and federal government of data breaches.
• Prepare for the future with an extensive audit trail.
• Rely on a partner to guide you through the process of implementation.
• Depend on a company that has demonstrated expertise with EHR systems.
• Trust in our advanced technology for compliance, with security processes
and procedures well above minimum requirements.
• Reap the benefits of electronic records vs. paper records.
• Work with a team of dedicated professionals, committed to your success.
Learn how BACTES can help your organization with HITECH compliance here.