Two wide-ranging pieces of legislation have significantly changed the way we deliver healthcare, from how we handle patient information and how we protect and safeguard this information from misuse to how we communicate amongst each other and with those we serve.

Both the American Recovery and Reinvestment Act of 2009 and the Patient Protection and Affordable Care Act (PPACA) will continue to shape the future of our delivery systems. Let’s take a closer look at what each has to offer.

The HITECH Act

An acronym for the Health Information Technology for Economic and Clinical Health Act, the HITECH Act comprises nearly one-quarter of ARRA 2009’s text and is composed of two titles. Title XIII, “Health Information Technology,” is part of the appropriations division of ARRA 2009; Title IV, “Medicare and Medicaid Health Information Technology; Miscellaneous Medicare Provisions,” is part of the division that deals with tax, assistance to workers and families, COBRA benefits, Medicare and Medicaid, broadband technology, and executive compensation.

Title XIII has four subtitles:

Subtitle A: Promotion of Health Information Technology:

• Establishes Office of the National Coordinator (ONC) for Health Information Technology (HIT).
• Establishes the Chief Privacy Officer of the ONC.
• Establishes HIT Policy Committee.
• Establishes the HIT Standards Committee.
• Requires application and use of adopted HIT standards.
• Requires various federal reports, e.g., effectiveness, lessons learned, actions to facilitate adoption of a nationwide system for the electronic use and exchange of health information.

Subtitle B: Testing of Health Information Technology requires the National Institute of Standards and Technology (NIST) to:

• Test standards and implementation specifications to ensure efficient implementation and use.
• Support establishment of a testing infrastructure may include program to accredit nonfederal laboratories to perform testing.
• Establish assistance program to Iistitutions of higher education to establish multidisciplinary centers for healthcare Information enterprise integration.
• Directs the National High-Performance Computing Program to include federal R&D HIT programs.

Subtitle C: Grants and Loans Funding:

• Requires investing in infrastructure necessary to allow and promote electronic exchange and use of health information for each individual in the U.S.
• Ensures funds are expended for acquisition of HIT that meets standards.
• Creates HIT research center and regional support centers.
• Authorizes grants to states and Indian tribes for loan programs to healthcare providers to support certified EHR technology.
• Authorizes matching grants for projects developing academic curricula.
• Authorizes assistance to institutions of higher education to establish/expand medical health informatics programs.

Subtitle D: Improves Privacy and Security Protections of Electronic Protected Health Information (PHI) by:

• Adding to, amending or extending the protections contained in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Social Security Act (SSA).
• Defining one’s personal health record (PHR).
• Enabling HHS, its Office of Civil Rights (OCR) and the Federal Trade Commission (FTC) to promulgate rules to extend safeguards protecting PHI to business associates (BA) of covered entities (CE) and to penalize BAs for failure to comply with PHI requirements.
• Having HHS issue yearly guidance as to the most effective and appropriate technical safeguards and security standards for use in protecting PHI.
• Requiring CEs and BAs handling unsecured PHI to notify each individual of any security breach of PHI and notifying HHS of breaches, including immediate notice of breaches involving 500 or more persons.
• Allowing an individual to restrict the disclosure of PHI if: 1) the disclosure is to a health plan for payment or healthcare operations; and 2) the PHI pertains solely to healthcare for which the provider has been paid out of pocket in full.
• Limiting the use, disclosure or request of PHI to the data set or minimum necessary to accomplish the task at hand.
• Giving individuals a right to an accounting of the disclosures of their PHI and prohibiting the sale of an individual’s PHI without the individual’s authorization with exceptions for public health activities, research, treatment of the individual or healthcare operations.
• Allowing individuals to obtain their electronic medical records in an electronic format.
• Setting forth condition for the marketing of PHI and allowing persons to opt out.
• Imposing financial and criminal penalties for HIPAA violations.
• Allowing enforcement by state attorneys general through civil actions

Title IV has three subtitles:

Subtitle A: Medicare Incentives:

• Creates incentive payments for certain eligible physicians (EP) in 2011 and eligible hospitals (EH) in federal fiscal year 2011 who adopt and use certified EHRs meaningfully.
• Reduces Medicare payments for EPs who do not meaningfully use EHRs and reduces the market basket update for EHs that have not adopted a certified EHR by 2015 except for a significant hardship.

Subtitle B: Medicaid Incentives:

• Amends SSA Title XIX (“Medicaid”), which is administered by the Centers for Medicare and Medicaid Services (CMS), creating incentive payments for Medicaid providers to adopt and use certified EHRs with state spending for payments to providers being fully and 90 percent of state administrative costs reimbursable by the federal government. 

Subtitle C: Miscellaneous Medicare Provisions:

• Sets forth budgetary matters related to Medicare hospices, medical education, Medicare, Medicaid, SCHIP and long-term care (LTC) hospitals.