Health Information Technology for Economic and Clinical Health Act

Last updated

The Health Information Technology for Economic and Clinical Health Act, abbreviated the HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009 (Pub. L. Tooltip Public Law (United States)  111–5 (text) (PDF)). Under the HITECH Act, the United States Department of Health and Human Services (U.S. HHS) resolved to spend $25.9 billion to promote and expand the adoption of health information technology. [1] The Washington Post reported the inclusion of "as much as $36.5 billion in spending to create a nationwide network of electronic health records." [2] At the time it was enacted, it was considered "the most important piece of health care legislation to be passed in the last 20 to 30 years" [3] and the "foundation for health care reform." [3] [4]

Contents

The former National Coordinator for Health Information Technology, Farzad Mostashari, has explained: "You need information to be able to do population health management. You can serve an individual quite well; you can deliver excellent customer service if you wait for someone to walk through the door and then you go and pull their chart. What you can't do with paper charts is ask the question, 'Who didn't walk in the door?'" [5]

Implementation and effects

In the years since the law was passed, electronic health records in the United States have become more common, but it's unclear how much this was caused by the law. [6] The meaningful use incentives in the law only applied to certain types of hospitals, however, and a 2017 study suggests that these hospitals did adopt electronic health records more aggressively. [6]

Subtitle A – Promotion of Health Information Technology

Part 1 – Improving Health Care Quality, Safety, and Efficiency

Electronic health records (EHR)

The HITECH Act set meaningful use of interoperable EHR adoption in the health care system as a critical national goal and incentivized EHR adoption. [7] [8] The "goal is not adoption alone but 'meaningful use' of EHRs—that is, their use by providers to achieve significant improvements in care." [9]

Title IV of the act promises maximum incentive payments for Medicaid to those who adopt and use "certified EHRs" of $63,750 over 6 years beginning in 2011. Eligible professionals must begin receiving payments by 2016 to qualify for the program. For Medicare, the maximum payments are $44,000 over 5 years. Doctors who do not adopt an EHR by 2015 will be penalized 1% of Medicare payments, increasing to 3% over 3 years. In order to receive the EHR stimulus money, the HITECH act (ARRA) requires doctors to show "meaningful use" of an EHR system. As of June 2010, there are no penalty provisions for Medicaid. [10]

Health information exchange (HIE) has emerged as a core capability for hospitals and physicians to achieve "meaningful use" and receive stimulus funding. Starting in 2015, hospitals and doctors will be subject to financial penalties under Medicare if they are not using electronic health records. [11]

Meaningful use

The main components of meaningful use are:

  • The use of a certified EHR in a meaningful manner, such as e-prescribing.
  • The use of certified EHR technology for electronic exchange of health information to improve quality of health care.
  • The use of certified EHR technology to submit clinical quality and other measures.

In other words, providers need to show they're using certified EHR technology in ways that can be measured significantly in quality and in quantity. [12]

The meaningful use of EHRs intended by the US government incentives is categorized as follows:

  • Improve care coordination
  • Reduce healthcare disparities
  • Engage patients and their families
  • Improve population and public health
  • Ensure adequate privacy and security

The Obama Administration's Health IT program intends to use federal investments to stimulate the market of electronic health records:

  • Incentives: to providers who use IT
  • Strict and open standards: To ensure users and sellers of EHRs work towards the same goal
  • Certification of software: To provide assurance that the EHRs meet basic quality, safety, and efficiency standards

The detailed definition of "meaningful use" was rolled out in 3 stages. Details of each stage were hotly debated by various groups.[ which? ] Stage 1 was finalized in July 2010, [13] Stage 2 in August 2012, [14] and Stage 3 in October 2015 [15]

Meaningful use Stage 1

The first steps in achieving meaningful use are to have a certified EHR and to be able to demonstrate that it is being used to meet the requirements. [16] Stage 1 contains 25 objectives/measures for Eligible Providers (EPs) and 24 objectives/measures for eligible hospitals. The objectives/measures have been divided into a core set and menu set. EPs and eligible hospitals must meet all objectives/measures in the core set (15 for EPs and 14 for eligible hospitals). EPs must meet 5 of the 10 menu-set items during Stage 1, one of which must be a public health objective. [17]

Full list of the Core Requirements and a full list of the Menu Requirements.

Core Requirements:

  1. Use computerized order entry for medication orders.
  2. Implement drug-drug, drug-allergy checks.
  3. Generate and transmit permissible prescriptions electronically.
  4. Record demographics.
  5. Maintain an up-to-date problem list of current and active diagnoses.
  6. Maintain active medication list.
  7. Maintain active medication allergy list.
  8. Record and chart changes in vital signs.
  9. Record smoking status for patients 13 years old or older.
  10. Implement one clinical decision support rule.
  11. Report ambulatory quality measures to CMS or the States.
  12. Provide patients with an electronic copy of their health information upon request.
  13. Provide clinical summaries to patients for each office visit.
  14. Capability to exchange key clinical information electronically among providers and patient authorized entities.
  15. Protect electronic health information (privacy & security)

Menu Requirements:

  1. Implement drug-formulary checks.
  2. Incorporate clinical lab-test results into certified EHR as structured data.
  3. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, and outreach.
  4. Send reminders to patients per patient preference for preventive/ follow-up care
  5. Provide patients with timely electronic access to their health information (including lab results, problem list, medication lists, allergies)
  6. Use certified EHR to identify patient-specific education resources and provide to patient if appropriate.
  7. Perform medication reconciliation as relevant
  8. Provide summary care record for transitions in care or referrals.
  9. Capability to submit electronic data to immunization registries and actual submission.
  10. Capability to provide electronic syndromic surveillance data to public health agencies and actual transmission.

To receive federal incentive money, CMS requires participants in the Medicare EHR Incentive Program to "attest" that during a 90-day reporting period, they used a certified EHR and met Stage 1 criteria for meaningful use objectives and clinical quality measures. For the Medicaid EHR Incentive Program, providers follow a similar process using their state's attestation system. [18]

In 2017, the government for the first time charged an EHR vendor with falsely representing to customers and the government that its EHR system met the requirements for meaningful use. eClinicalWorks agreed to pay $155 million to settle government charges and a "qui tam" lawsuit brought by a whistleblower who implemented eClinicalWorks' system at Rikers Island Correctional Facility in New York City. [19] The government also alleged that ECW paid kickbacks for referrals. [19] The government also reached separate settlement agreements with three eClinicalWorks employees who will pay a total of $80,000 to the government to settle civil allegations. [20]

National Coordinator for Health Information Technology (HIT)

There is established within the Department of Health and Human Services an Office of the National Coordinator for Health Information Technology (ONC). The National Coordinator is appointed by the Secretary and reports directly to the Secretary.

The National Coordinator is responsible for the development of the Nationwide Health Information Network. [21]

HIT Policy Committee

The HIT Policy Committee recommends a policy framework for the development and adoption of a nationwide health information technology infrastructure that permits the electronic exchange and use of health information. [22]

HIT Standards Committee

The HIT Standards Committee recommends to the National Coordinator standards, implementation specifications, and certification criteria. The Standards Committee also harmonizes, pilot tests, and ensures consistency with the Social Security Act.

Part 2 – Application and Use of Adopted Health Information Technology Standards; Reports

Subtitle B – Testing of Health Information Technology

Subtitle C – Grants and Loans Funding

Subtitle D – Privacy

Part 1 – Improved Privacy Provisions and Security Provisions

The HITECH Act requires entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to report data breaches, which affect 500 or more persons, to the United States Department of Health and Human Services (U.S. HHS), to the news media, and to the people affected by the data breaches. [23] This subtitle extends the complete Privacy and Security Provisions of HIPAA to the business associates of covered entities. [24] This includes the extension of updated civil and criminal penalties to the pertinent business associates. These changes are also required to be included in any business-associate agreements among the covered entities. On November 30, 2009, the regulations associated with the enhancements to HIPAA enforcement took effect. [25]

Another significant change brought about in Subtitle D of the HITECH Act is the new breach notification requirements. This imposes new notification requirements on covered entities, business associates, vendors of personal health records (PHR) and related entities if a breach of unsecured protected health information (PHI) occurs. On April 27, 2009, the Department of Health and Human Services (HHS) issued guidance on how to secure protected health information appropriately. [26] Both HHS and the Federal Trade Commission (FTC) were required under the HITECH Act to issue regulations associated with the new breach notification requirements. The HHS rule was published in the Federal Register on August 24, 2009, [27] and the FTC rule was published on August 25, 2009. [28]

The final significant change made in Subtitle D of the HITECH Act implements new rules for the accounting of disclosures of a patient's health information. It extends the current accounting for disclosure requirements to information that is used to carry out treatment, payment and health care operations when an organization is using an electronic health record (EHR). This new requirement also limits the timeframe for the accounting to three years instead of six as it currently stands. These changes took effect January 1, 2011, for organizations implementing EHRs between January 1, 2009 and January 1, 2011, and January 1, 2013, for organizations who had implemented an EHR prior to January 1, 2009.

Subtitle D also includes a "third-party directive" stating that individuals have the right to obtain a copy of their health information in an electronic format and, if the individual chooses, to direct the covered entity to transmit such copy directly to an entity or person designated by the individual. Although HHS had interpreted the statutory cap on the provision of medical records to an individual to apply to medical records delivered under the third-party directive, a 2020 decision by the United States District Court for the District of Columbia voided that regulation on the grounds that it had not gone through notice and comment. [29]

On July 14, 2010, HHS issued a rule that listed categories that included 701,325 entities and 1.5 million business associates who would have access to patient information without patient consent after the patient had given general consent to their medical practitioner's HIPAA release. [30] [31]

See also

Related Research Articles

Medical privacy, or health privacy, is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility, and to modesty in medical settings. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) and patient care management systems (PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.

<span class="mw-page-title-main">Health Insurance Portability and Accountability Act</span> United States federal law concerning health information

The Health Insurance Portability and Accountability Act of 1996 is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It modernized the flow of healthcare information, stipulates how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and healthcare businesses, called covered entities, from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. With limited exceptions, it does not restrict patients from receiving information about themselves. It does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends, or other individuals not a part of a covered entity.

<span class="mw-page-title-main">Medical record</span> Medical term

The terms medical record, health record and medical chart are used somewhat interchangeably to describe the systematic documentation of a single patient's medical history and care across time within one particular health care provider's jurisdiction. A medical record includes a variety of types of "notes" entered over time by healthcare professionals, recording observations and administration of drugs and therapies, orders for the administration of drugs and therapies, test results, X-rays, reports, etc. The maintenance of complete and accurate medical records is a requirement of health care providers and is generally enforced as a licensing or certification prerequisite.

Health technology is defined by the World Health Organization as the "application of organized knowledge and skills in the form of devices, medicines, vaccines, procedures, and systems developed to solve a health problem and improve quality of lives". This includes pharmaceuticals, devices, procedures, and organizational systems used in the healthcare industry, as well as computer-supported information systems. In the United States, these technologies involve standardized physical objects, as well as traditional and designed social means and methods to treat or care for patients.

Health information exchange (HIE) is the mobilization of health care information electronically across organizations within a region, community or hospital system. Participants in data exchange are called in the aggregate Health Information Networks (HIN). In practice, the term HIE may also refer to the health information organization (HIO) that facilitates the exchange.

A National Provider Identifier (NPI) is a unique 10-digit identification number issued to health care providers in the United States by the Centers for Medicare and Medicaid Services (CMS). The NPI has replaced the Unique Physician Identification Number (UPIN) as the required identifier for Medicare services, and is used by other payers, including commercial healthcare insurers. The transition to the NPI was mandated as part of the Administrative Simplifications portion of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

<span class="mw-page-title-main">European Institute for Health Records</span>

The European Institute for Health Records or EuroRec Institute is a non-profit organization founded in 2002 as part of the ProRec initiative. On 13 May 2003, the institute was established as a non-profit organization under French law. Current President of EuroRec is Prof. Dipak Kalra. The institute is involved in the promotion of high quality Electronic Health Record systems in the European Union. One of the main missions of the institute is to support, as the European authorised certification body, EHRs certification development, testing and assessment by defining functional and other criteria.

Protected health information (PHI) under U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient's medical record or payment history.

WEDI, pronounced "wee dee", is a not-for-profit user group in the United States for users of Electronic Data Interchange (EDI) in public and private healthcare. It is sometimes referred to by other names including some or all of the words Workgroup for Electronic Data Interchange.

Patient portals are healthcare-related online applications that allow patients to interact and communicate with their healthcare providers, such as physicians and hospitals. Typically, portal services are available on the Internet at all hours of the day and night. Some patient portal applications exist as stand-alone web sites and sell their services to healthcare providers. Other portal applications are integrated into the existing web site of a healthcare provider. Still others are modules added onto an existing electronic medical record (EMR) system. What all of these services share is the ability of patients to interact with their medical information via the Internet. Currently, the lines between an EMR, a personal health record, and a patient portal are blurring. For example, Intuit Health and Microsoft HealthVault describe themselves as personal health records (PHRs), but they can interface with EMRs and communicate through the Continuity of Care Record standard, displaying patient data on the Internet so it can be viewed through a patient portal.

Health information technology (HIT) is health technology, particularly information technology, applied to health and health care. It supports health information management across computerized systems and the secure exchange of health information between consumers, providers, payers, and quality monitors. Based on a 2008 report on a small series of studies conducted at four sites that provide ambulatory care – three U.S. medical centers and one in the Netherlands, the use of electronic health records (EHRs) was viewed as the most promising tool for improving the overall quality, safety and efficiency of the health delivery system.

The Office of the National Coordinator for Health Information Technology (ONC) is a staff division of the Office of the Secretary, within the U.S. Department of Health and Human Services. ONC leads national health IT efforts, charged as the principal federal entity to coordinate nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information.

popHealth is an open-source reference implementation software tool that automates population health reporting.

The Fast Healthcare Interoperability Resources standard is a set of rules and specifications for exchanging electronic health care data. It is designed to be flexible and adaptable, so that it can be used in a wide range of settings and with different health care information systems. The goal of FHIR is to enable the seamless and secure exchange of health care information, so that patients can receive the best possible care. The standard describes data formats and elements and an application programming interface (API) for exchanging electronic health records (EHR). The standard was created by the Health Level Seven International (HL7) health-care standards organization.

Healthcare CRM, also known as Healthcare Relationship Management, is a broadly used term for a Customer relationship management system, or CRM, used in healthcare.

Health care analytics is the health care analysis activities that can be undertaken as a result of data collected from four areas within healthcare; claims and cost data, pharmaceutical and research and development (R&D) data, clinical data, and patient behavior and sentiment data (patient behaviors and preferences,. Health care analytics is a growing industry in the United States, expected to grow to more than $31 billion by 2022. The industry focuses on the areas of clinical analysis, financial analysis, supply chain analysis, as well as marketing, fraud and HR analysis.

Medical data, including patients' identity information, health status, disease diagnosis and treatment, and biogenetic information, not only involve patients' privacy but also have a special sensitivity and important value, which may bring physical and mental distress and property loss to patients and even negatively affect social stability and national security once leaked. However, the development and application of medical AI must rely on a large amount of medical data for algorithm training, and the larger and more diverse the amount of data, the more accurate the results of its analysis and prediction will be. However, the application of big data technologies such as data collection, analysis and processing, cloud storage, and information sharing has increased the risk of data leakage. In the United States, the rate of such breaches has increased over time, with 176 million records breached by the end of 2017. There have been 245 data breaches of 10,000 or more records, 68 breaches of the healthcare data of 100,000 or more individuals, 25 breaches that affected more than half a million individuals, and 10 breaches of the personal and protected health information of more than 1 million individuals.

<span class="mw-page-title-main">Medicare Access and CHIP Reauthorization Act of 2015</span>

Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), (H.R. 2, Pub. L.Tooltip Public Law (United States) 114–10 (text)(PDF)) commonly called the Permanent Doc Fix, is a United States statute. Revising the Balanced Budget Act of 1997, the Bipartisan Act was the largest scale change to the American health care system following the Affordable Care Act in 2010.

Health data is any data "related to health conditions, reproductive outcomes, causes of death, and quality of life" for an individual or population. Health data includes clinical metrics along with environmental, socioeconomic, and behavioral information pertinent to health and wellness. A plurality of health data are collected and used when individuals interact with health care systems. This data, collected by health care providers, typically includes a record of services received, conditions of those services, and clinical outcomes or information concerning those services. Historically, most health data has been sourced from this framework. The advent of eHealth and advances in health information technology, however, have expanded the collection and use of health data—but have also engendered new security, privacy, and ethical concerns. The increasing collection and use of health data by patients is a major component of digital health.

Federal and state governments, insurance companies and other large medical institutions are heavily promoting the adoption of electronic health records. The US Congress included a formula of both incentives and penalties for EMR/EHR adoption versus continued use of paper records as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the, American Recovery and Reinvestment Act of 2009.

References

  1. HHS.gov/Recovery Recovery Act-Funded Programs Archived 2013-05-14 at the Wayback Machine Health Information Technology (IT) section Archived 2013-09-26 at the Wayback Machine , also known as HIT
  2. "The Machinery Behind Health-Care Reform", The Washington Post, May 16, 2009
  3. 1 2 Contractors hungry for stimulus Archived 2013-11-03 at the Wayback Machine , July 24, 2009
  4. Why and How Secretary Sebelius Should Avoid a Network Monopoly, ADRIAN GROPPER MD, Mar 5, 2009
  5. ONC Chief: Meaningful Use of Meaningful Use Measures Archived 2013-06-22 at the Wayback Machine , July 23, 2012
  6. 1 2 Adler-Milstein, Julia; Jha, Ashish K. (August 2017). "HITECH Act Drove Large Gains In Hospital Electronic Health Record Adoption". Health Affairs. 36 (8): 1416–1422. doi: 10.1377/hlthaff.2016.1651 . ISSN   0278-2715. PMID   28784734.
  7. CDC (Jun 3, 2011). "Introduction". Meaningful Use. CDC. Retrieved 31 October 2011.
  8. Blumenthal, D. (2010). "Launching HITECH". New England Journal of Medicine. 362 (5): 382–385. doi:10.1056/NEJMp0912825. PMID   20042745.
  9. Blumenthal, D.; Tavenner, M. (2010). "The "Meaningful Use" Regulation for Electronic Health Records". New England Journal of Medicine. 363 (6): 501–504. doi:10.1056/NEJMp1006114. PMID   20647183.
  10. Habib JL. EHRs, meaningful use, and a model EMR. Drug Benefit Trends. May 2010;22(4):99-101.
  11. Pear, Robert. "Warnings Over Privacy of U.S. Health Network." New York Times, February 18, 2007.
  12. Centers for Medicare & Medicaid Services (Oct 12, 2011). "CMS EHR Meaningful Use Overview". EHR Incentive Programs. Center for Medicare & Medicaid Services. Archived from the original on 30 October 2011. Retrieved 31 October 2011.
  13. "Secretary Sebelius Announces Final Rules To Support 'Meaningful Use' of Electronic Health Records" (Press release). Washington, DC: U.S. Department of Health & Human Services. July 13, 2010. Archived from the original on July 15, 2010.
  14. "HHS announces next steps to promote use of electronic health records and health information exchange" (Press release). U.S. Department of Health & Human Services. August 23, 2012. Archived from the original on September 16, 2012.
  15. 80 FR 62761
  16. "Meaningful Use Definition & Objectives". HealthIT.gov. U.S. Department of Health and Human Services. 6 February 2015. Retrieved 16 October 2017.
  17. See subsection (e), "42 CFR Sec. 495.6. Meaningful use objectives and measures for EPs, eligible hospitals, and CAHs" (PDF). Government Publishing Office. Retrieved 16 October 2017.
  18. Torrieri, Marisa (December 24, 2011). "Dealing with Meaningful Use Attestation Aggravation". Physicians Practice. UBM Medica LLC. Archived from the original on January 8, 2012.
  19. 1 2 "Electronic Health Records Vendor to Pay $155 Million to Settle False Claims Act Allegations". U.S. Department of Justice. 31 May 2017. Retrieved 16 October 2017.
  20. Arndt, Rachel Z. (31 May 2017). "eClinicalWorks will pay $155 million for misleading users". Modern Healthcare. Retrieved 16 October 2017.
  21. H.R. 1 Archived 2016-01-26 at the Wayback Machine Subtitle A, Sec. 3001. "The National Coordinator is responsible for the development of a nationwide health information technology infrastructure."
  22. H.R. 1 Archived 2016-01-26 at the Wayback Machine Subtitle A, Sec. 3002.
  23. "HIPAA/HITECH Enforcement Action Alert". The National Law Review . Morgan, Lewis & Bockius LLP. 2012-03-22. Retrieved 2012-04-16.
  24. 42 U.S.C. §17931
  25. HHS Strengthens HIPAA Enforcement
  26. Guide to Privacy and Security of Electronic Health Information
  27. Health and Human Services Breach Notification Rule
  28. Federal Trade Commission Breach Notification Rule
  29. What is The Effect of Ciox Health v. Azar on HiTECH letters
  30. Federal Register Document 2010-16718 tables under paragraphs 75 FR 40911 334, 376.
  31. Health Freedom Watch Newsletter September 2010, Proposed Changes to Privacy Rule Won't Ensure Privacy

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.