HIPAA/HITECH Act and Compliance
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) legislation was created in 2009 to stimulate the adoption of electronic health records (EHR) and supporting technology in the United States. It introduced the Meaningful Use program incentivizing healthcare organizations to maintain the Protected Health Information of patients in electronic format, rather than in paper files.
Health Insurance Portability and Accountability Act (HIPAA), a Federal legislation that promulgated in 1996 requires the US Department of Health and Human Services (HHS) to develop national standards to protect the privacy and security of patients’ medical records and other personal health information. It got ratified in 2013 calling as the “Final Omnibus” rule, to include Enforcement and Civil Penalties.
HITECH and HIPAA, are separate and unrelated laws, but they do reinforce each other in certain ways. For example, HITECH requires that any physician and hospital that attests to meaningful use must also have performed a HIPAA security risk assessment as outlined in the Omnibus rule.