Consider for a moment how the success of a surgery relies on the surgeon’s relationship with the anesthesiologist. Their shared goal is to restore the patient to health. Each is trained to perform essential surgical tasks. The success of the surgery depends upon the skill and cooperation of both professionals.
The same is true for how HIPAA and the HITECH Act (Health Information Technology for Economic and Clinical Health) work. HIPAA, which became law before everyone went online, requires healthcare businesses to protect confidential patient records while providing patients with convenient access to their records. Even inadvertent violations can bring stiff fines.
HITECH takes the next logical step of guaranteeing the privacy of electronic patient records and patient access to electronic records. The hefty fines HITECH imposes for mistakes should encourage your employees to take their training seriously and follow procedures scrupulously.
Data breaches are a real problem in the healthcare industry. April 2019 was the worst ever month for healthcare data breaches. Here’s what you need to know about HITECH and how it relates to HIPAA.
Technology takes center stage in healthcare
HIPAA was enacted in 1996, only a year after the introduction of Windows 95. Amazon, Yahoo, and eBay were struggling startups unnoticed among countless other tech companies nobody remembers today.
HIPAA, a landmark law written for the age of paper recordkeeping, took effect when offices had fax machines and only some families had home computers connected to dial-up modems. The first iPhone was a decade away.
Because HIPAA wasn’t written with the internet in mind, it hindered the adoption of electronic recordkeeping that could improve patient outcomes. It also failed to provide regulatory protections for patient data that was stored electronically.
HITECH was signed into law in 2009 to achieve the privacy and access goals of HIPAA while encouraging the adoption of electronic health records (EHRs). HITECH closes the loopholes in HIPAA to encourage better use of technology in healthcare. But how does this affect your organization?
HIPAA, HITECH, and you
HITECH and HIPAA in combination put the responsibility for patient privacy on the healthcare business that has custody of confidential medical records. Making mistakes that risk unsecured access to confidential patient data is a serious matter. HITECH and HIPAA address your responsibilities four ways:
- Business associates are now responsible for HIPAA violations.
- Heavier fines are issued for HIPAA violations.
- Patients have more access to their medical records.
- Organizations are required to inform patients of breaches.
The laws apply to all third-party organizations handling protected health information (PHI). For example, your healthcare organization can use only HIPAA-compliant apps. You must sign a business associate agreement (BAA) with the app provider in addition to taking other security precautions.
HITECH assesses tough fines for violations. Organizations can be fined for actions taken by their business associates without the principal organization’s knowledge. There are plenty of incentives to be vigilant about HIPAA compliance.
HIPAA guarantees patients access to their paper medical records. HITECH extended those rights to electronic medical records.
HITECH requires organizations to be transparent about data breaches. Organizations must notify patients when a breach happens. The definition of a breach has been broadened to incentivize strong internal security and training programs.
It’s clear that HIPAA and HITECH have a huge impact on healthcare organizations. An affordable and convenient way to securely collect patient information is with HIPAA-compliant online forms from JotForm.
HIPAA and HITECH are a winning combination for patient privacy. They have pushed healthcare organizations to improve training and data practices while modernizing their PHI technology.