| Another day of healthcare reform, another | | | | under the ARRA can begin flowing as early as |
| cheeky acronym and another pot of federal | | | | October 1, 2010 for hospitals that meet the |
| funds. | | | | “meaningful use” standard. A typical 300 |
| Something called the HITECH Act has just taken | | | | bed hospital can expect as much as $6 million if |
| effect. For those of you (like me) who find | | | | they qualify in 2010 or 2011. Hospitals qualifying |
| acronyms ironic because they only serve to | | | | later than 2015 will receive none of these funds. |
| make the English language more confusing, | | | | Hospital administrators are knee deep in grant |
| HITECH stands for "Health Information | | | | applications and filing them faster than I can type |
| Technology for Economic and Clinical Health." For | | | | these words. |
| insurance companies and medical providers, it's | | | | Companies the Health Information Technology for |
| just another cold day in February. For anyone at | | | | Economic and Clinical Health (HITECH) Act applies |
| any other company that so much catches a whiff | | | | to also include accounting, software, billing and law |
| of wet ink on a medical record with their eyes | | | | firms that work directly with medical records |
| closed, it's going to be a pretty crazy at the filing | | | | through a contract with medical providers. What's |
| cabinets. | | | | more, their own business associates are |
| Among the most important of the new HITECH | | | | responsible for updating their vendor contracts for |
| Act mandates is a federal breach notification | | | | compliance with the HITECH Act, but covered |
| requirement for stored health information that is | | | | entities (like group health insurance plans) are |
| not encrypted or otherwise made indecipherable, | | | | being advised by the Feds to review their existing |
| as well as increasing penalties for violations. Until | | | | agreements to obtain reasonable assurances that |
| this law was passed, only two of the 48 states | | | | business associates have appropriate security |
| with data breach notification requirements included | | | | measures in place if the privacy breach notification |
| health information as a specified data type. | | | | requirements are triggered. |
| Now with the HITECH Act, the entire United | | | | What this all means in theory is if you sue |
| States health industry and their business partners | | | | someone for, let's say, money to pay medical bills |
| must quickly understand and get ready for these | | | | you got in a car wreck that wasn't your fault. |
| new data breach notification. Under HITECH, the | | | | Your attorney e-mails his or her office assistant a |
| HIPAA privacy and security rules were | | | | PDF of your hospital discharge record so it can be |
| strengthened, with business associates now | | | | filed away for court. Next, let's say that office |
| required to comply as if they were covered | | | | clerk accidently forwards that e-mail to her |
| entities. Breach notification rules also require | | | | boyfriend or anyone else who doesn't have a |
| business associates to report breaches of | | | | server that's locked down like Fort Knox. Your |
| protected health information to affected covered | | | | attorney, the office clerk and the clerk's boyfriend |
| entities. That means your attorneys, your | | | | who got your medical record instead of that |
| accountants, your health insurance companies and | | | | Valentines Day e-Card she meant to send can be |
| its vendors are all liable if your medical record falls | | | | hauled into court. |
| into the wrong hands while in their possession. | | | | Word to the wise, folks: Check your Outlook |
| Ah, but there's also Obama money to be made. | | | | settings. Maintain your "In" boxes with more |
| In February of 2009, the American Reinvestment | | | | regularity. Also, if you're in a small business that |
| and Recovery Act (ARRA) allocated $19 billion in | | | | comes into contact with any health information, |
| funding for hospitals and clinics that make | | | | make sure your employees know about HIPPA, |
| “meaningful use” of CCHIT certified | | | | HITECH and all those other letters that can get |
| Electronic Medical Record (EMR) systems. Funds | | | | you sued after tomorrow. |