The Health Information Technology for Economic and Clinical Health Act, simply known as the HITECH Act to many, was officially enacted under Title XIII of the American Recovery and Reinvestment Act of 2009, and is considered a major piece of health care legislation in many ways. Specifically, HITECH advocates the adoption of electronic health records (EHR) for creating efficiency, transparency, and overall improvements in care. And there are many provisions within the Act that require much attention by various parties, particularly Subpart D—Notification in the Case of Breach of Unsecured Protected Health Information. It's a huge goal and a large task indeed, with untold numbers of organizations being affected by the HITECH Act. Essentially, HITECH emphasizes the concept of "meaningful use", whereby the main components are the following:

  • The use of a certified electronic health records (EHR) in a meaningful manner, such as e-prescribing.
  • The use of certified EHR technology for electronic exchange of health information to improve quality of health care.
  • The use of certified EHR technology to submit clinical quality and other measures.

Essentially, providers need to show they're using certified EHR technology in ways that are deemed beneficial, ultimately resulting in the following:

  • Improvement of care coordination
  • Reduction of healthcare disparities
  • Engaging of patients and their families
  • Improving the population and public health
  • Ensuring adequate privacy and security

Download HIPAA HITECH Policies and Toolkits Today
It’s without question a transformational piece of legislation that advocates, dictates - and ultimately requires - a significant expansion in the exchange of electronic protected health information (ePHI). And for purposes of regulatory compliance - specifically for that of HIPAA Privacy and Security, the HITECH ACT component of critical importance is Subpart D—Notification in the Case of Breach of Unsecured Protected Health Information, which consists of the following areas:

  • § 164.400 Applicability.
  • § 164.402 Definitions.
  • § 164.404 Notification to individuals.
  • § 164.406 Notification to the media.
  • § 164.408 Notification to the Secretary.
  • § 164.410 Notification by a business associate.
  • § 164.412 Law enforcement delay.
  • § 164.414 Administrative requirements and burden of proof.

Subpart D essentially strengthens the civil and criminal enforcements of the HIPAA Privacy and Security Rules by placing strong requirements and mandates on breaches. For purposes of HITECH Subpart D, breach means the following:

"The acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information".

Additionally, major changes came into play for HIPAA because of the HITTECH ACT - more specifically – the Privacy and Security Rules for HIPAA have been broadened and strengthened by the final Omnibus ruling put forth on January, 2013. Learn more about the HITECH ACT and Subpart D by visiting the Department of Health and Human Services (www.hhs.gov).

Download HIPAA Policies and Compliance Toolkits Today
hipaapoliciesandprocedures.com also offers industry leading HIPAA toolkits for both Covered Entities (CE) and Business Associates (BA) consisting of high-quality security policies and procedures, training material, readiness checklists and templates, essential legal forms, a HIPAA specific disaster recovery manual, and so much more. Learn about our industry leading HIPAA compliance toolkits today.