HITECH Implementation Plan Released
Recently, the Office of the National Coordinator for Health Information Technology (ONC) released the implementation plan relative to the Health Information Technology for Economic and Clinical Health Act (HITECH) Act. The plan is titled “The Health Information Technology American Recovery and Reinvestment Act Implementation Plan” (the Implementation Plan).
The HITECH Act, a component of the American Recovery and Reinvestment Act of 2009 (ARRA), authorized $2 billion in spending to expand usage of electronic health records (EHRs) capable of sharing data between systems. The Implementation Plan addresses the need to meet the short implementation deadlines created by the ARRA, as well as the need to achieve long-term improvements in health and health care through adoption of information technology. The ONC will continue to hold hearings to develop additional policies and procedures necessary to achieve the goals of the ARRA.
On quick review, the Implementation Plan still does not address what constitutes “meaningful use” of EHRs, but does indicate that additional stakeholder input will be considered in developing a definition.
Key elements in the Implementation Plan include:
- The need to support the Health IT Strategic Plan’s goals of providing information to health care professionals to improve quality of care and reduce medical errors, costs of care, and the need to collect and analyze de-identified health data to improve health.
- An additional $24.3 million to enhance enforcement of the HIPAA privacy and security rules, including $9.5 million for audits by the Centers for Medicare & Medicaid Services (CMS) and the Office for Civil Rights (OCR). Additional targeted expenditures are identified, but $1.6 billion is allocated for “unspecified” purposes.
- A timeline chart detailing the dates when guidance required by the ARRA will be released and the agencies that will provide the guidance.
- A plan for awarding competitive contracts to carry out the mandatory regulatory and enforcement requirements in the HITECH Act related to privacy and security.
- An enhanced enforcement of the Health Insurance Portability and Accountablility Act (HIPAA) privacy and security rules by detailing revisions to how complaints are investigated and how enforcement will occur in the future.
- Deadlines for publication of standards including certification criteria for EHRs; the definition of “meaningful use of an EHR;” and how performance will be evaluated.
- Performance measurements and goals related to physician adoption of EHRs as well as measurements relating to how OCR resolves privacy complaints.
It is my opinion that physicians and compliance personnel should review their HIPAA privacy and security plans. Bring them up to date, ensure all staff members are trained, and ensure that they are compliant with their written policies and procedures. I also believe that—contrary to the opinion of some who think impending deadlines warrant expediency over compliance—providers may want to wait to purchase an EMR system until the certification standards are published and a legitimate definition of “meaningful use” is released.