HITECH ACT & HIPAA

What you need to know about the HITECH Act of 2009

On February 17, 2009, President Obama signed the Health Information Technology for Economic and Clinical Health (HITECH) Act, as part of the stimulus package (a.k.a. American Recovery and Reinvestment Act (ARRA)). The main goal of the $19.2 billion HITECH Act is to encourage the adoption of electronic health records (EHRs) through incentive payments to physicians with a target of having almost all records electronic by the year 2014.

According to the Act, physicians are eligible to receive up to $44,000 in total incentives per physician from Medicare for “meaningful use” of a certified Electronic Health Record (EHR) starting next year. (Note: Physicians reimbursed by Medicaid can receive up to approximately $65,000 starting in 2011 based on state-defined guidelines.)

Many vendors have started pushing aggressive "the clock is ticking" marketing efforts to prompt physicians to make immediate EHR purchases. Far West Technologies, on the other hand, would like to be your partner in helping you to plan effectively for the the best and most responsible path. Moving too quickly just to take advantage of the incentives being offered could cause practices to jump into a quick-fix EHR solution that might not meet their needs.

In fact, many of the specifics of the HITECH Act, including the definition of “meaningful use” and “certified”, will be developed by the United States Department of Health and Human Services (HHS) over the coming year and released as late as December 31, 2009. Research has shown that successful EHR adoption depends on careful planning. Deploying quickly but ineffectively to receive reimbursement, will only lead longer term pain as the incentives fade away.

In short, HITECH compliance will have the following components:


  1. Protect the privacy of health information.
  2. Ensure the comprehensive collection of patient demographic and clinical data.
  3. Include patient demographic and clinical health information
  4. Have the capacity to provide clinical decision and physician order entry.
  5. Demonstrate "meaningful use" of an EHR, yet to be fully defined.

The HITECH Act, however, does stipulate that the following conditions for "meaningful use" must be met. The EHR must:


  1. Use ePrescribing. Specifically, "the professional… shall include the use of electronic prescribing as determined to be appropriate by the (HHS) Secretary."
  2. Electronically exchange information. The healthcare professional must demonstrate that the EHR allows for the "electronic exchange of health information to improve the quality of health care, such as the promoting of care coordination."
  3. Submit clinical quality measures. The healthcare professional must "submit clinical quality measures," such as PQRI, to HHS.
  4. The Act also stipulates that the requirements for "meaningful use" will become more stringent over the years, which means that the conditions that EHRs must meet will continue to be modified for years. HER solutions that qualify for "meaningful use" must be able to quickly respond to these anticipated changes.

Schedule of Medicare Incentive Payments

Healthcare professionals with Medicare patients who meet the requirements for "meaningful use" of a "certified" EHR are eligible to receive up to 75% of the Medicare allowable up the numbers according to the following schedule (brackets show schedule if prepared Jan 1, 2011):

  • Year 1 – $18,000 (2011)
  • Year 2 -- $12,000 (2012)
  • Year 3 – $8,000 (2013)
  • Year 4 -- $4,000 (2014)
  • Year 5 -- $2,000 (2015)

Total of $44,000 per professional. No incentive payments will be made after the year 2016.


Medicare Disincentives or Penalties for Failure to Adopt EHRs

In addition to providing incentives to medical practices to adopt an EHR, the HITECH Act also creates penalties or disincentives for practices that fail to utilize an EHR. If eligible professionals have not become "meaningful users" of EHRs by 2015, their Medicare payments will be reduced as follows:

  • 2015 Reduced by 1%
  • 2016 Reduced by 2%
  • 2017 Reduced by 3%
  • All Subsequent Years: Reduced by 3%


New Security Provisions

The Act includes several new security provisions including:

  • Requirement to notify patients and HHS of PHI (Protected Health Information) security breaches
  • New HIPAA regulations regarding business partners (PHRs, HIEs) and enforcement of penalties
  • Restrictions on the sale and marketing of PHI
  • Ensuring that patients have access to their electronic health information
  • Accounting of disclosures of PHI to patients

In short, the privacy restrictions will be more stringent; with more stringent patient access and notification requirements should any breaches in security occur.

This is but a brief summary of some of the major provisions of the HITECH Act. However, keep in mind that even a careful reading of the Act cannot provide a clear understanding of its requirements and consequences given that so many of the provisions have yet to be established.

At Far West Technologies we strongly believe the time to begin the planning process is now for several key reasons.

  • Be Prepared to make sure the basic secure infrastructure and current HIPAA compliance measures are in place.
  • Leverage a Technology Partner that will stay on top of the evolving provisions of the HITECH program.
  • Think Long Term. It is very important that a practice choose an EHR strategy that meets the long-term needs of its healthcare professionals and patients.

Please contact us at Far West Technologies at 949-732-7888 to set up a meeting with our compliance specialists to discuss your HITECH & HIPAA requirements.