Understanding the difference between HIPAA and HITECH
August 10, 2018 // Ivan Perez
The differences between HIPAA and the HITECH Act, and what this means for the physicians and hospitals that are governed by them.
The HITECH Act was created to stimulate the implementation of electronic health records (EHR) and supporting technology in the United States. In a sense, it builds on the prior HIPAA act by extending the clout of healthcare information protection. But together, the two acts are more than just a mouthful of acronyms. We’ll start with the first one.
What is HIPAA?
HIPAA was enacted in 1996. The act laid the foundation for the variety of protections that govern the safety of an individual’s health information. HIPAA stands for Health Insurance Portability and Accountability Act. It was designed to prohibit healthcare professionals from unauthorized disclosure of protected health information.
The major points of HIPAA were to protect health insurance coverage for employees and their families when they change or lose their jobs. HIPAA also assured the protection of personal health information (PHI). It upheld the integrity and confidentiality of PHI, making providers and medical groups accountable for its mishandling.
Essentially, HIPAA is the reason carriers send out Notice of Privacy Practices. It is also why documents are put into locked drawers or stored in secured information technology networks.
Electronic Data Interchange of PHI
The HIPAA also extended itself to encourage medical groups’ use of electronic data interchange. Lastly, HIPAA implemented regulation to standardize electronic healthcare transactions: health claims, health care payment and remittance advice.
HITECH expands the enforcement of HIPAA
The HITECH Act was enacted in 2009 by building on HIPAA’s encouragement for the use of health information technology. It stimulated the adoption of electronic health records (EHR) by offering incentives to medical groups that proved “effective” implementation of EHR tech.
Another section of the HITECH Act also strengthened regulations for the Privacy and Security Rules of HIPAA. In doing so, HITECH added more technical requirements to hospitals and doctors who use electronic health records.
HITECH provisions enhance the HIPAA provisions aimed directly at business associates. In essence, HITECH was primarily enacted to expand on breach notification. Providers are now required to report a significant breach of information to the government and affected individuals. Patients, in turn, can request access to said information at any time.
The Omnibus Rule and Carrier Liability
HITECH’s enactment directly strengthened prior HIPAA regulations regarding business associates and carrier liability. The omnibus rule was enacted in 2013 to update the HITECH Act and make businesses directly liable for their covered entity, as well as for any other non-compliance issues regarding said entity.
These last updates, especially those regarding HITECH, not only expand carrier and provider’s sanctions to include criminal charges but allow for fines to climb up past the millions. This makes it primordial for providers to fully understand the difference between HIPAA and HITECH. Having a clear sense of compliance regulation can be the difference between a small mistake and a career-ending event.