Chapter 10 Legislative Aspects of Nursing Informatics: HITECH and HIPAA

Objectives Describe the purposes of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Explore how the HITECH Act is enhancing the security and privacy protections of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Determine how the HITECH Act and its impact on HIPAA apply to nursing practice.

Introduction Nurses need to be familiar with the goals and purposes of the HITECH Act of 2009, including the Medicare and Medicaid HIT provisions of the law. How it enhances the security and privacy protections of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 How it otherwise impacts nursing practice in the emerging EHR age The concepts of “meaningful use” and “certified EHR technology”

Overview of the HITECH Act The HITECH Act established the Office of the National Coordinator for Health Information Technology (ONC) within the U.S. Department of Health and Human Services (HHS). The ONC is headed by the National Coordinator, who is responsible for overseeing the development of a nationwide HIT infrastructure that supports the use and exchange of information in order to improve health care quality   reduce the cost of health care improve people’s health by promoting prevention, early detection and management of chronic diseases protect public health by fostering early detection and rapid response to infectious diseases, bioterrorism, and other situations facilitate clinical research reduce health disparities better secure patient health information Improving health care quality has been an ongoing challenge in this country.

How a National HIT Infrastructure is Being Developed Developing a national HIT infrastructure is an enormous and extremely complex undertaking that requires extensive financial technological and human resources. Monetary incentives are available to clinicians and facilities who implement EHR systems that meet the specific standards. Providers that fail to adopt such systems within a specified time frame may be subject to significant governmental penalties.

Health Insurance Portability and Accountability Act (HIPAA) of 1996 Intent of the act was to curtail healthcare fraud and abuse enforce standards for health information guarantee the security and privacy of health information assure health insurance portability for employed persons. Consequences were put into place for institutions and individuals who violated the requirements of this act.

How the HITECH ACT Changed HIPAA The OCR is part of HHS and is responsible for enforcing HIPAA Compliance with the Privacy and Security Rules is mandatory for all covered entities Entities are to conduct regular audits to assure compliance and any breaches in the privacy or security of PHI must be remedied immediately Improved privacy and security of patient health information by applying the requirements of HIPAA directly to the business associates of covered entities. Strengthens the enforcement of HIPAA

Implications for Nursing Practice Be involved Stay involved Protect yourself

Summary HITECH Act and the HIPAA Privacy and Security Rules are intended to enhance the rights of individuals. These laws provide patients with greater access and control over their PHI. They can control its uses, dissemination, and disclosures. Covered entities must not only establish a required level of security for PHI but also sanctions for employees who violate the organization’s privacy policies and administrative processes for responding to patient requests regarding their information. They must be able to track the PHI and note access from both a perspective of what information was accessed but also by whom and any disclosures. There is global awareness of the need for privacy protections for personal health information or PHI.