What is HITECH?

After the implementation of HIPAA, much of its regulations were considered ineffective or unenforceable.  Many legislators called for a revision or a new program altogether that would contain strict enforcement laws.  Thus, in 2009, Congress passed a law that would greatly increase the security and enforcement of HIPAA known as the Health Information Technology for Economic and Clinical Health act (HITECH).  As a result of the American Recovery and Revitalization Act, better known as the “stimulus package,” Congress wasted no time in orchestrating ways to recoup some of the billions of dollars fed into the system by heavily fining law breakers.  HITECH is that guard dog. 

Here is a partial list of provisions according to HITECH:

• Health Data Breach Notification – Requires healthcare providers notify patients and local authorities when there has been a potential data breach.
• States’ Attorneys General – New training programs are in place educating States’ Attorneys General how to enforce HIPAA laws and methods to collect and retain fines incurred from violators.
• Mandatory Fines – The new laws mandate investigations and fines for offenses that willfully violate information security provisions.  Maximum fines have increased from $25,000 to $1,500,000, a 6000% increase from HIPAA’s initial rulings.

Enforcement

As a result of HITECH, State attorneys general are now responsible to enforce HIPAA laws and are additionally eligible to retain fees from fines that are levied.   A Texas based medical facility was recently fined $990,000 for placing medical records in a garbage dumpster.  A 2010 study conducted in Toronto, Canada showed that 3 out of 4 doctors’ offices had not instituted secure shredding programs and thus discarded patient documentation in the trash.