HITECH Act-Compliant EHR Solutions for Your Practice
Although the Health Information Technology for Economic and Clinical Health (HITECH) Act is more than a decade old, it is still a highly relevant piece of legislation that affects the way behavioral health providers interact with patient information. The goal of passing the HITECH Act was to promote the use of electronic health record (EHR) systems and support the adoption of new technology in the United States.
Clinicians who wish to maintain compliance across the regulatory landscape need to know how the HITECH Act for medical records affects the use of EHRs to avoid hefty fines and penalties.
Jump to Key Section
Start Your Free Trial Today
Learn More About Compliance
HITECH Fast Facts
Here's a quick run-down of the basics about HIPAA:
Official Title: Health Information Technology for Economic and Clinical Health Act
Year Enacted: 2009
Aliases: HITECH Act — Under the American Reinvestment and Recovery Act
Jurisdiction: State and local public health agencies
Most Recent Update to HITECH: 2019
HITECH Compliance and Enforcement: U.S. Department of Health and Human Services (HHS)
What Is HITECH?
The HITECH Act is part of the American Recovery and Reinvestment Act (ARRA) of 2009. Lawmakers signed this economic stimulus bill in February 2009. HITECH anticipated the need for greater adoption of EHRs to facilitate the exchange of protected health information (PHI) between clinicians, hospitals and other appropriate entities. Before the introduction of the law, just 10% of hospitals were using EHR technology. By 2017, 96% of non-federal acute care hospitals had adopted EHRs, as well as 86% of office-based physicians, making HITECH successful in its central goal.
HITECH Act and HIPAA Compliance
In addition to driving the adoption of EHRs, HITECH made significant changes to the Health Information Portability and Accountability Act (HIPAA) of 1996. Some of the most notable updates implemented include:
- The requirement for business associates to be HIPAA compliant
- Tougher penalties for HIPAA violations
- The requirement to issue notifications of a data breach to affected individuals within 60 days
- The requirement to give patients electronic copies of their PHI upon request
- Publishing breach summaries online
- Further restricting permitted uses and disclosures of patient information
HITECH's influence on HIPAA was to tighten up loopholes, increase auditing and enforcement and raise the upper financial penalty cap to improve compliance among healthcare providers.
Common HITECH Violations for Behavioral and Mental Health Providers
HITECH doesn't set forth regulations on its own. It merely bolsters and supports the rules already codified in HIPAA. Therefore, HITECH violations are HIPAA violations for the improper use, handling or storage of patient PHI. The most common violations for mental and behavioral health providers are:
- Not securing patient records
- Leaving data unencrypted
- Hacking breaches
- Theft or loss of devices containing PHI
- Lack of employee training on HIPAA
- Improper sharing of PHI
- Improper disposal of records
- Third-party PHI disclosure
- Unauthorized release of information
Behavioral health providers work in situations where questions of proper use are a bit more ambiguous. To help behavioral health clinicians align with proper use under HIPAA, the HHS released a set of clarifying rules specifying when mental healthcare providers can:
- Communicate with a patient's friends, family members or other individuals involved in their care
- Communicate with family members of an adult or minor patient
- Listen to family members, friends or involved individuals about the person receiving treatment
- Communicate with family members, involved individuals or law enforcement when the patient is presenting a severe imminent threat of harm
- Communicate to law enforcement about patients brought in for emergency psychiatric holds
- Consider the patient's ability to agree or object to the sharing of their information
Fines and Penalties for HITECH Violations
A new interpretation of HITECH in 2019 added four levels of culpability to HIPAA violations, each with a different range of fines.
- No knowledge: No knowledge of or culpability for the breach
- Reasonable cause: No willful violation
- Willful neglect — corrected: Willful violation through neglect, rectified promptly
- Willful neglect — not corrected: Willful violation through neglect, not rectified as soon as possible
The new fine structure for practices that violate HIPAA is as follows.
|Culpability||Annual Penalty Limit|
|Willful Neglect - Corrected||$10,000||$50,000||$250,000|
|Willful Neglect - Not Corrected||$50,000||$50,000||$1,500,000|
Criminal penalties are also possible for HIPAA violations. The possible penalties are also categorized into the following tiers:
|Unknowingly or With Reasonable Cause||One Year|
|Under False Pretenses||Five Years|
|For Personal Gain or Malicious Reasons||Ten Years|
FAQs About HITECH
To help clarify the role of HITECH in mental and behavioral healthcare, we've compiled five of the most common questions we receive about this crucial piece of legislation.
HITECH closes loopholes in HIPAA and requires more stringent data breach reporting and disclosure rules, as well as a new fine structure.
HITECH Compliance and EHRs
When selecting an EHR with the HITECH Act of 2009 in mind, the most crucial feature is HIPAA compliance. HITECH's role has been to make HIPAA compliance functionally mandatory for organizations that want to avoid substantial fines, and the best way to ensure alignment is to choose an EHR certified by the Office of the National Coordinator for Health Information Technology.
Certified EHR Technology contains all the privacy and security features you need to remain compliant with HIPAA and is also a requirement for full participation in MIPS.
ICANotes for HITECH Compliance and Beyond
ICANotes understands how stressful it can be to keep current with legislation like HITECH that expands and changes over time. That's why we consistently update our EHR software to meet the regulatory needs of all types of behavioral and mental health providers. In addition to HITECH and HIPAA compliance, our software offers the ability to integrate with a wide range of third-party health information exchanges, putting your practice on the road to required interoperability.
To see how ICANotes can improve the speed and quality of your documentation on a secure and compliant platform, register for a free trial or a live demo of the software that truly understands your unique needs.
Intuitive, Accessible, Time-Saving
ICANotes - the only EHR software that actually thinks like a clinician.