THE 2009 Health Information Technology Act
The 2009 Health Information Technology Act True Financial
Incentives or More Government Control? Sara Small Mt St Mary's
College A Thesis Presented to the Faculty of the Graduate School of
Business
December 13, 2009
The 2009 Health Information Technology Act
ii
ACKNOWLEDGMENT
Thank you to Dr Mark Alhanati, Dr Janet Robinson, Dr. Peter
Antoniou and to Katherine Whitman for the honor of participating in
the first MBA Cohort at Mount St Marys College. This creative and
dynamic curriculum has provided a wealth of experience and
knowledge within a unique and stimulating learning environment. The
MBA program allowed me to return to the classroom after a 33 year
hiatus and also afforded me the opportunity to experience my first
international trip! The successful completion of this thesis would
not have been possible without the help and support from my faculty
advisor, Dr. David Burkitt. His advice, guidance and direction
allowed me to remain focused and on track during the short time
frame allowed for the completion of this thesis. His academic and
professional career experience was invaluable. Thank you, David for
helping me over the rough spots and guiding me through a complex
process. Finally, my thanks to my husband, Ben who provided
constant assistance and domestic support that enabled me to spend
countless hours away from home working with other students,
completing projects and studying. Bens encouragement to pursue my
studies often pushed his loyal support to the limits! The
completion of this degree would not have been possible without his
unconditional love and commitment. Thank you, husband!
THE 2009 Health Information Technology Act
Abstract
SMALL, S.P., The 2009 Health Information Technology Act-True
Financial Incentives- or More Government Control? Master of
Business Administration, Mount St. Marys College, December 2009.
The computerization of medical records has been recommended as a
means to reduce medical errors as well as costs, paperwork, time
and redundancy. In addition to creating and maintaining medical
records electronically, linking those records through interoperable
data exchange is seen as a primary requirement toward increasing
the efficiency and safety of care delivery. Interoperability is
viewed as a solution that will allow providers in any location
instant access to a patient's health and treatment history. There
are significant challenges facing Health Information Technology and
electronic health records, including structural, technical,
financial and social/cultural issues. Although none of these
represent insurmountable barriers, they all require viable
solutions. To promote adoption of these technologies, the federal
government has passed legislation designed to move toward their
goal of creating an electronic health record for each person in the
United States by 2014. The purpose of this qualitative study of the
2009 Health Information Technology Act is to determine if Hospital
Chief Executive Officers perceive the financial incentives as a
welcome opportunity to modernize their information management
systems, or is a basis for the Government to increase their control
of healthcare. A grounded theory model was utilized to analyze the
results from multiple data sources to finalize this theory.
The 2009 Health Information Technology Act
iv
List of Tables
Table 1: The State of Health Information Technology in
California
....
11 15 16 57 59 60 63 70 82 83 84 85 86 87 89 89 90 91
Table 2: Summary of Federal Government Health IT . Table 3: Cost
of Healthcare Facility Regulations. Table 4: Medicare Hospital
Incentives.. Table 5: Medicare Hospital Incentives.. Table 6:
Medicare Penalties.... Table 7: Medicaid Incentives for
Hospitals... Table 8: Top Issues Confronting Hospitals.. Table 9:
Literature review open coding model.... Table 10: Excessive
government regulations.. Table 11: The ARRA adds increased layers
of bureaucratic regulation.. Table 12: Implementation of a
certified electronic record ..... Table 13 Identification of
required standards...... Table 14: Uniform standards defining
clinical care protocols.. Table 15: The ARRA is in reality the
outline for total government control Table 16: The stimulus money
outlined in ARRA is a benefit Table 17: The government requirements
and regulations Table 18: The increased regulatory agencies
THE 2009 Health Information Technology Act Table 19: E H R will
make it easier for organizations. Table 20: Linking the patient
healthcare records of our organization Table 21: Government
penalties for failing to implement Table 22: Respondent Location
... Table 23: Number of years in this occupation.. Table 24:
Respondents Gender...... Table 25: Respondent Age Range ..... Table
26: Healthcare Organizations Tax Status of Respondents.. Table 27:
Has your organization implemented an electronic medical
record?........ 92 93 94 95 95 96 96 97 97
The 2009 Health Information Technology Act
vi
GLOSSARY OF TERMS AHIMA. American Health Information Management
Association AHRQ. Agency for Healthcare Research and Quality ANSI.
American National Standards Institute ANSI-ASC. American National
Standards Institute, Accredited Standards Committee ARRA. American
Recovery and Reinvestment Act of 2009 AS. Administration
Simplification Act ASC. Accredited Standards Committee Business
Associate. A person or organization that performs a function or
activity on behalf of a covered entity but is not part of the
covered entitys workforce CCHIT. Certification Commission for
Healthcare Information Technology CDC. Centers for Disease Control
and Prevention CDS. Clinical Decision Support CEO. Chief Executive
Officer Certificate of Need. Laws which control building of new
healthcare facilities and services. CFR. Combined Federal Register
CHARITY CARE. Healthcare provided for free or at a reduced cost to
low income patients. CHHS. California Health and Human Services
Agency CIM. Clinical Information Management CIO. Chief Information
Officer CIS. Clinical Information System Clearinghouse. Electronic
entity that translates nonstandard formatted data into standard
data elements or into a standard transaction format. CMS. Centers
for Medicare & Medicaid Services Covered Entity. A health plan,
clearinghouse, or a health care provider that transmits health
information in an electronic form. CPOE. Computerized Physician
Order Entry DISA. Data Interchange Standards Association
Disclosure. Release of information by an entity to persons or
organizations outside of that entity. EDI. Electronic Data
Interchange
THE 2009 Health Information Technology Act E H R. Electronic
Health Record- health related information for an individual that
can be accessed by more than one health care organization. EHNAC.
Electronic Healthcare Network Accreditation Commission EMC.
Electronic Medical Claim EMR. Electronic Medical Record synonymous
with Electronic Patient Record (EPR), and Computerized Patient
Record (CPR). Patient health record of services within one health
care organization EMTALA. Emergency Medical Treatment and Labor
Act. This act requires hospitals to provide emergency treatment to
individuals, regardless of insurance status or their ability to
pay. FACA. Federal Advisory Committee Act FALSE CLAIMS ACT. Act
which allows individuals to file a complaint against an entity that
files false claims for medical care to the Government. FAST.
Federal Adoption of Standards for Health IT. FDA. Food and Drug
Administration FEA. Federal Enterprise Architecture FFP. Federal
Financial Participation FHA. Federal Health Architecture FHIPR.
Federal Health Information Planning and Reporting FHISE. Federal
Health Information Sharing Environment FHITSOP. Federal Health IT
Standards Organization Participation FSS. Federal Security Strategy
FSWG. Federal Security Work Group FTF. Federal Transition Framework
Functionality. Systems that can support the activities and perform
the functions for which they were intended. GAO. Government
Accounting Office HCFA. Health Care Finance Agency, responsible for
oversight of the U.S. Medicare Program HI. Health Information HIE.
Health Information Exchange HEDIS. Health Plan Employer Data and
Information Set (Measures managed care program performance
indicators) HIMSS. Health Information Management Systems Society
HIO. Health Information Organization HIPAA. Healthcare Insurance
Portability and Accountability Act of 1996 (Public Law 104-191)
The 2009 Health Information Technology Act HISB. Health
Informatics Standards Board HISE. Health Information Sharing
Environment HISPC. Health Information Security and Privacy HIT.
Health Information Technology HITECH Act. Health Information
Technology for Economic and Clinical Health Act HITPC. Health
Information Technology Policy Council. HITSP. Health Information
Technology Standards Panel
viii
HL7. Health Level Seven - Founded in 1987, HL7 is a
not-for-profit Standards Developing Organization (SDO) that
specializes in developing standards for the exchange of clinical
data among disparate health care computer applications the American
National Standards Institute accredits HL7. HOSPITAL CONVERSION
REGULATIONS. Laws regulating the conversion of for profit hospitals
to non profit status. ICD- International Classification of Diseases
Interoperability. Ensuring that systems implement the recognized
standards and can exchange information and work with other
systems., IRB. Institutional Review Board IT. Information
Technology ITA. Information Technology Architecture ISO.
International Organization for Standardization ISO/TC215.
International Organization for Standards, Technical Committee 215 -
Health Informatics JCAHO. Joint Commission for the Accreditation of
Health Care Organizations Limited English Proficiency. Laws which
require hospitals to provide interpreter services to patients that
do not speak English. Meaningful Use. Meaningful users of an
electronic health record to be defined by the Federal Government as
a requirement for receiving stimulus dollars. MUMPS. Massachusetts
General Hospital Utility Multi-Programming System. A healthcare
programming language created in the late 60s. NAHDO. National
Association of Health Data Organizations NCQA. National Committee
for Quality Assurance NCVHS. National Committee on Vital and Health
Statistics NHIE. Nationwide Health Information Exchange NHIN.
Nationwide Health Information Network NIH. National Institutes of
Health
THE 2009 Health Information Technology Act NLM. National Library
of Medicine OCR. Office of Civil Rights OIG. Office of Inspector
General. OIS. Office of Interoperability and Standards OMB. Office
of Management and Budget ONC. Office of the National Coordinator
(preferred abbreviation for ONCHIT). ONCHIT. Office of the National
Coordinator for Health Information Technology PHC. Personalized
Health Care PHI. Personal Health Information PHR. Personal Health
Record PHSA. Public Health Services Act PITAC. Presidents
Information Technology Advisory Committee RHIO. Regional Health
Information Organization. SAMSA. Substance Abuse and Mental Health
Services Administration SDO. Standards Development Organization
Security. System protection of personal health information SLHIE.
State Level Health Information Exchange Consensus Project SMHP
State Medicaid HIT Plan SNOMED. Systemized Nomenclature of Medicine
VHA. Veterans Health Administration
The 2009 Health Information Technology Act
x
The 2009 Health Information Technology ActTABLE OF CONTENTS
1
Page
DEED OF DECLARATION APPROVAL SHEET ACKNOWLEDGMENT . . . . . . .
. . . . . . . . . . . . . . . . . .. . . . . . . . ABSTRACT. . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .
. . . . . . . LIST OF TABLES . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . .. . . .
ii iii iv v vi viii 4 4 7 8 10 10 12 14 15 20 26 27 28
GLOSSARY OF TERMS.. Chapter 1: INTRODUCTION. . . . . . . . . . .
. . . . . . . . . . . . . . . .. . . . . . . Background of the
Study .......................... .
History of Electronic Health Record Statement of the Problem. .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter
2: LITERATURE REVIEW. Current State American Recovery and
Reinvestment Act Purpose of Recovery Act HIT Incentives Federal
Regulatory Issues and Requirements Health Information Privacy Civil
Rights.. Food and Drugs Fraud & Prevention Detection.
The 2009 Health Information Technology Act Information
Management. Medical and Healthcare Other Federal Laws.. Regulatory
Agencies and Responsibilities California Legislation and Action
Plans. Medicare Centers for Medicare and Medicaid Services (CMS)
State Medicaid.. Costs. Savings.. Benefits. Barriers.. Privacy
Concerns.. Chapter 3: RESEARCH METHODOLOGY 29 31 32 36 47 56 60 64
65 66 69 72 74 74 76 76 78 79 80 82 82 83
2
Grounded Theory Model Data Sources.. Study population for survey
Literature Review... Data Collection. Data Analysis.... Chapter 4:
ANALYSIS..
Literature Coding Results. Survey Results .
The 2009 Health Information Technology Act
3
Chapter 5
CONCLUSION
98 103
References.. Appendix Appendix A Appendix B Appendix C Privacy
Sections in Order of Appearance in ARRA.. Literature Review: Open
Coding Model. Title 42 Federal Public Health Regulations
123 124 127 130 132 133 135 138
Appendix D Public Health Services Act.. Appendix D Meaningful
Use Documents. Appendix E Appendix F Certified Inpatient E H R
Products.. Hospital CEO Survey...
Appendix G MSMC IRB Exemption Letter.
The 2009 Health Information Technology Act Chapter 1
4
INTRODUCTION
Background to the Study Health Information Technology-Electronic
Health Records (HIT-EHR) is a broad term that refers to the
generation, storage, and transmission of electronic health
information. Information management is central to the healthcare
system, and HIT-EHR is widely viewed as the necessary step to bring
healthcare into the 21st century. It is argued that HIT-EHR will
reduce overall healthcare costs, improve quality, and increase
efficiency throughout the healthcare system. However many are still
skeptical as to its real impact given the substantial investment
required to implement it. To put this in context, U.S. healthcare
spending was $2.1 trillion in 2006, and at least $250 billion in
California. U.S. spending is projected to grow to $4 trillion by
2015, with direct administrative costs accounting for more than 7
percent of the total U.S. health spending. However, when the
administrative costs of hospitals and doctors are added to those of
insurers and Government, the administrative costs are estimated to
be 31 percent of total health care spending. These administrative
costs are estimated to be 30 to 70 percent higher than in other
countries that also have mixed public-private systems (Department
of Health, 2009). The leading nations in adopting HIT-EHR, such as
Britain and New Zealand, have achieved 98 percent participation by
primary care physicians. In the United States about 28 percent of
primary care physicians use HIT-EHRs and less than 20% of hospitals
(The
The 2009 Health Information Technology Act Commonwealth Fund,
2009). Other sectors of the U.S. economy (for example, banking)
have successfully digitalized their operations, but healthcare has
been slow to make the transition. While the development and
wide-scale use of HIT-EHR has experienced obstacles, it is gaining
ground in both the public and private sectors (Girosi, 2004). For
decades, hospitals and other medical service providers have been
enticed by the prospect of establishing electronic health record
systems to improve the efficiency of their
5
medical care and reduce medical errors. Automating the health
record process has the potential to provide a host of benefits,
most notably by reducing medical errors. For example, as many as
98,000 Americans die each year as a result of preventable medical
records (Taylor, 2005). Electronic medical record systems could
significantly reduce this number. A much cited 2005 Rand Corp (Rand
2005) study of the use of medical record automation found that a
savings of $77 billion annually could be realized. However, it is
widely believed that the cost of implementing electronic health
records systems is responsible for low adoption rates (Rand, 2005).
The United States health care system is at risk due to increasing
demand, spiraling costs, inconsistent and poor quality of care, and
inefficient, poorly coordinated care systems. Some evidence
suggests that health information technology can improve the
efficiency, cost effectiveness, quality, and safety of medical care
delivery by making best practice guidelines and evidence based
databases immediately available to clinicians, and by making
computerized patient records available throughout a health care
network (The Markle Foundation, 2009). However, much of the
evidence is based on a small number of systems developed at
academic medical centers, or studies using mixed models to project
organizational changes, costs, and the
The 2009 Health Information Technology Act time required for
implementation (Hillestad, 2005).. Definitive information regarding
the true value of systems is not widely identified within the
literature. (Price Waterhouse, 2009). Most medical records are
still stored on paper which means that they cannot be used to
6
coordinate care, routinely measure quality or reduce medical
errors. It is important to understand the barriers to
implementation of these technologies. Most often, capital cost is
cited as an impediment to adoption of medical information
technology; however, the story grows more complicated in the
framework of the complex American health care system where
government sources pay for the majority of health care services
(Acker, 2004). One Commentator has noted: most HIT-enabled savings
go to insurers and patients, while most adoption and care
improvement costs are borne by providers (Ferman, 2006). Thus, it
would seem that the incentives to adopt health information
technology are misaligned. Successful implementation of an
electronic medical record requires overcoming more than the
financial burden. Additional barries include a lack of standards,
ill defined certification requirements, privacy concerns, and lack
of clarity regarding the anticipated government regulations
(Garrido, 2004). To address the financial burden, the federal
government has recently offered a solution in the form of public
funding, grants and payment incentives. The law creates two key
concepts to determine whether providers qualify for the HIT
incentives: they must demonstrate meaningful use of HIT and use a
qualified or certified E H R (AHHR, 2009). The formal definition of
meaningful use has yet to be defined. The overarching Nationwide
goals of HIT investments are to improve healthcare quality, reduce
growth in costs, stimulate innovation, and protect privacy (Health
Information, 2009). However, there remains concern regarding the
lack of standards, incomplete defining of meaningful use and the
qualifications of
The 2009 Health Information Technology Act
7
certified records. This ambiguity puts resources at risk and has
the potential to leave healthcare organizations in a vulnerable
position as they attempt to navigate through the regulatory
minefield. Regulations impose a considerable burden on the U.S.
healthcare system. Some of these include EMTALA (Emergency Medical
Treatment and Labor Act), HIPAA (Health Insurance Portability and
Accountability Act), Charity Care, hospital conversion regulations,
limited English proficiency requirements, fraud and abuse reporting
requirements, False Claims Act, Medicare and Medicaid antifraud
statutes, Stark I and II laws, medical record regulations,
Certificate of Need regulations, Medicare Conditions of
Participation, pharmaceutical price regulations and quality related
regulations to name a few. Hospitals bear considerable expense to
insure compliance with these types of regulations, which adds a
significant financial burden to an already ailing system (Conover,
2004). History of Electronic Health Records (EHRs) The first known
medical record was developed by Hippocrates, in the fifth century
B.C. He prescribed two goals: A medical record should accurately
reflect the course of disease. A medical record should indicate the
probable cause of disease (NIH, 2005).
These goals are still appropriate. Electronic health record
systems can also provide additional functionality, such as
interactive alerts to clinicians, interactive flow sheets, and
tailored order sets, all of which cannot be done with paper-based
systems (Amatayakul, 2005). The first EHRs began to appear in the
1960s. By 1965, Summerfield and Empey reported that at least 73
hospitals and clinical information projects and 28 projects for
storage and retrieval of
The 2009 Health Information Technology Act medical documents and
other clinically-relevant information were underway(Asp, 2003).
Many of todays EHRs are based on the pioneering work done in
academic medical centers and for major government clinical care
organizations. These early projects had significant technical and
programmatic issues, including non-standard vocabularies and
systeminterfaces, which remain implementation challenges today. But
they led the way, and many of the
8
ideas they pioneered (and some of the technology, such as the
MUMPS language) are still used today (NIH, 2005).
Problem Statement This study will strive to answer the following
questions: 1. Will the advantage of accessing the stimulus money be
perceived as a true benefit, or will the increased regulations for
health care providers be another
barrier that prevents adoption? 2. Is the goal of the stimulus
plan intended to simply motivate health care organizations and
providers to transition to an electronic record or is it the
beginning of government run healthcare services?
To further develop the understanding of the question, the
American Recovery and Reconciliation Act of 2009, introduces much
needed financial incentives for implementing an electronic medical
record, but it also adds significant regulatory requirements, as
well as extends the oversight of the government into new areas of
the healthcare delivery system. Over the past decade, HIT has been
a voluntary initiative for healthcare providers. The ARRA is a
federal law that identifies increased funding and regulations with
stricter privacy laws and more onerous fines. The Office of the
National Coordinator (ONC) is granted broad new powers and an
The 2009 Health Information Technology Act additional $2 billion
in funding (American Medical Association, 2009). Electronic medical
records are intended to allow healthcare providers to improve the
quality of care, decrease costs and improve patient safety within a
framework that allows all providers to jointly share and manage the
health care information of its citizens (Brailer, 2009).
9
The very low levels of adoption of electronic health records in
U.S. hospitals suggest that policymakers face substantial obstacles
to the achievement of healthcare performance goals that depend on
health information technology. The federal stimulus bill promises
billions of dollars in incentive payments to doctors and hospitals
that buy and use the systems, with penalties starting in 2015 for
those who don't make the switch (Beatty, 2009). In the hospital
setting, the Chief Executive Officer is traditionally the decision
maker. What impact has the ARRA had on their decision to implement
(or not) an electronic medical record system? Is the role of the
government within the healthcare setting appropriate? What is the
perception of these executives regarding the impact of the
financial stimulus for adoption and use of Health Information
Technology by the federal government? These are the questions this
study will review and answer.
The 2009 Health Information Technology Act CHAPTER 2
10
REVIEW OF RELATED LITERATURE
Current State U.S. health care providers make minimal use of HIT
compared to other health systems in the industrialized world. Per a
white paper published by The Commonwealth Fund in 2009: 17% of U.S.
Physicians and 8-10% of U.S. Hospitals have at least a basic
electronic health record. In most European countries, as well as
New Zealand and Australia 80-100% of primary care physicians have
electronic healthcare records (EHRs) (The Commonwealth Fund, 2009).
Healthcare is among the least automated industries in the nation.
Studies have estimated that the healthcare industry as a whole is
almost 20 years behind the rest of the nations industries with
respect to digitalization. Limitations in software, hardware and
networking technologies has made electronic healthcare records
difficult to affordably implement (Blumethal, 2009). According to
the Centers for Disease Control (CDC, 2007 ), 29.2% of physicians
said they use full or partial clinical EHRs, however only 4% said
they used a fully functional record system ( Hing, 2007). The
majority of the research indicates that very few hospitals have a
comprehensive electronic system for recording clinical information
and only a small minority have even a basic system. However, many
institutions have parts of an electronic-records system in place,
suggesting that policy interventions could increase the prevalence
of electronic health records in U.S. hospitals faster than our low
adoption levels might suggest (HIMSS, 2009).
The 2009 Health Information Technology Act From a national
interoperability perspective, much of the infrastructure is not in
place. Key components have not yet been defined. This includes: The
rules that specify how to send information back and forth,
11
Legal business rules in place to guide organizations in order
for them to exchange data,
Identified standards for health care organizations to use as a
model for implementing an electronic medical record system,
Clinical standards for electronic systems, The ability to allow
patient medical records to be shared or moved about in the
system.
Software flexibility and customization capabilities due to
out-dated programming technology(American Hospital Association,
2007).
Table 1 The State of Health Information Technology in
California
Fully Implemented Partially Implemented Not Implemented
13% 42% 45%
Source: California HealthCare Foundation. January 2007
Health IT is moving from a voluntary initiative over the past
decade to a highly regulated
The 2009 Health Information Technology Act
12
one with new rule-making government committees, stricter privacy
laws and more onerous fines. With billions in new funding and
government regulations, the health IT market should quickly expand
far beyond the provider segment, providing new opportunities for
health plans, pharmaceutical companies and other vendors (Argawal,
2002). Less than 2% of acute care hospitals have a comprehensive
electronic-records system, and, (depending on the definition used),
between 8 and 12% of hospitals have a basic electronicrecords
system. The official definition requires the system to include the
presence of functionalities for physicians' notes and nursing
assessments. Information systems in more than 90% of U.S. hospitals
do not even meet the requirement for this type of basic
electronic-records system (HIMSS, 2007). The majority of U.S.
hospitals are in the early stages of EMR transformation (AHA,
2007). Although levels of adoption of electronic health records are
low, various components that underlie electronic record systems
have been widely implemented. A sizable proportion of hospitals
reported that laboratory and transcribed reports, radiological
images (PACS), medication lists, and some decision-support
functions are available in electronic format (American Hospital,
2007). Others reported that they plan to upgrade their information
systems to an electronic-records system by adding functionalities,
such as computerized provider-order entry (CPOE), physicians notes
and nursing assessments (Jha, 2009). The American Recovery and
Reinvestment Act of 2009 On February 17, 2009, President Barack
Obama signed into law the American Recovery and Reinvestment Act of
2009, H.R. 1 (ARRA, 2009). More commonly referred to as ARRA or the
Recovery Act, this provides substantial financial incentives to
assist providers with the
The 2009 Health Information Technology Act purchase and
implementation of HIT systems. In addition to assisting with
financing, a key element to the widespread adoption and use of HIT
is the development of uniform electronic standards that allow
various systems to communicate with each other (American Medical
Association, 2009). ARRA requires the Department of Health and
Human Services (HHS) to develop standards by December 31, 2009
(AHRQ ,2009) . The Recovery Act includes financial incentives and
penalties to be paid through the Medicare program with very
specific time frames for implementation. In addition, ARRA,
includes over $20 billion to aid in the development of a robust IT
infrastructure for healthcare
13
and to assist providers and other entities in adopting and using
health IT. Total funding for health IT is as follows: $2 billion
for the Office of the National Coordinator , $20.819 billion in
incentives through the Medicare and Medicaid reimbursement systems
to assist providers to adopting EHRs, $4.7 billion for the National
Telecommunications and Information Administrations Broadband
Technology Opportunities Program, $2.5 billion for the U.S.
Department of Agricultures Distance Learning, Telemedicine, and
Broadband Program, $1.5 billion for construction, renovation, and
equipment for health centers through the Health Resources and
Services Administration, $1.1 billion for comparative effectiveness
research within the Agency for Healthcare Research and Quality
(AHRQ), National Institutes of Health (NIH), and the Department of
Health and Human Services (HHS),
The 2009 Health Information Technology Act
14
$85 million for health IT, including tele-health services,
within the Indian Health Service,
$500 million for the Social Security Administration, $50 million
for information technology within the Veterans Benefits
Administration ,
In addition, it establishes HIT Policy and Standards Committees
that are comprised of public and private stakeholders to provide
recommendations on the HIT policy framework, standards,
implementation specifications, and certification criteria for
electronic exchange and use of health information (Department of
Health, 2009).
Purpose of Recovery Act HIT Incentives The primary purpose of
this Act is to stimulate the economy through investments in
infrastructure, unemployment benefits, transportation, education,
and healthcare (ARRA, 2009). With respect to healthcare, one of the
goals is to reduce long-term costs by modernizing healthcare
through the use of information technology. The majority of the
funds are incentive payments that will go to Medicaid and Medicare
providers that are able to demonstrate "meaningful use" of health
information technology. The requirements that define meaningful use
have not yet been published. Providers that serve patients from
both programs will be required to choose one source of
reimbursement only (AHRQ, 2009). Medicare: Eligible hospitals will
receive a base funding of $2M with additional funds provided
according to a statutorily prescribed formula related to discharge
data. The program
The 2009 Health Information Technology Act also creates a
penalty system which begins in 2015 (CMS, 2009). Medicaid: The
purpose of the 100 percent provider incentive payments to certain
eligible Medicaid providers is to encourage the adoption and
meaningful use of certified EHR technology (CMS, 2009).
15
While the incentive payments are expected to be used for
certified EHR technology and support services, including
maintenance and training necessary for the adoption and operation
of such technology, the incentive payments are not direct
reimbursement for such activities. They are intended to serve as an
incentive for eligible providers to adopt the use of certified EHR
technology (Binder, 2009).T ab le 2 S u m m a ry of F ed era l G
overn m en t H ea lth IT S tra teg ic G oa ls a n d O b jectives: 2
0 0 8 -2 0 1 2Goal 1. Patient-focused Health Care Objective 1.1:
Objective 1.2: Objective 1.3: Objective 1.4:
F a c ilita te e le c tr o n ic e x c h a n g e , E n a b le th
e m o v e m e n t o f e le c tr o P ico m o te n a tio n w id e d e
p lo y m e n t b lish m e c h a n ism s fo r m u ltinr E sta a c c
e ss, a n d u se o f e le c tr o n ic h e a lth lth in fo r m a tio
n to su p p o r t o f e le c tr o n ic h e a lth r e c o r d s sta
k e h o ld e r p r io r ity - se ttin g a n d he a in fo r m a tio
n , w h ile p r o te c tin g th ep a tie n ts h e a lth a n d c a r
e n e e d s.( E H R s) a n d p e r so n a l h e a lth d e c isio n
- m a k in g . p r iv a c y a n d se c u r ity o f p a tie n ts r e
c o r d s ( P H R s) a n d o th e r h e a lth in fo r m a tio n . c
o n su m e r h e a lth I T to o ls. Goal 2. Population Health
Objective 2.1: Objective 2.2: Objective 2.3: Objective 2.4:
A d v a n c e p r iv a c y a n d se c u r ity E n a b le e x c h
a n g e o f h e a lth P r o m o te n a tio n w id e a d o p tio n E
sta b lish c o o r d in a te d o r g a n iza tio n a l of p o lic
ie s, p r in c ip le s, p r o c e d u r e s, in n dr m a tio n to
su p p o r t p o p u la tio n - c h n o lo g ie s to im p r o v e a
fo te p r o c e sse s su p p o r tin g in fo r m a tio n u se p r o
te c tio n s fo r in fo r m a tio n a c c e ssr ie n te d u se s. o
in p o p u la tio n a n d in d iv id u a l h e a lthr. p o p u la
tio n h e a lth . fo p o p u la tio n h e a lth .
Source: Federal Health IT Strategic Plan 2008-2012
Federal Regulatory Issues and Requirements There is much debate
as to the role that the federal government should play in the
promotion of HIT-EHR. Some argue that HIT-EHR development should be
left completely to the private sector. Middleton believes that the
market has failed given the current state of HIT-EHR adoption, and
that government guidance and standardization is necessary to
jumpstart
The 2009 Health Information Technology Act widespread
implementation ( Walker et al., 2005). Both Bower and Taylor, et
al., suggest that major government intervention is the only hope of
success, in the form of subsidies, mandates, and substantial policy
directives. (Taylor, 2005) According to a study by the Cato
Institute (Conover, 2004), the burden of regulation in the health
care industry is staggering. The study provides a detailed analysis
of the cost of regulation in the health care sector, prior to the
current slew of new agencies and regulations
16
recommended for implementation of the electronic medical record.
This study (Conover, 2004) identifies the cost of regulation of
health facilities, health professionals, health insurance, drugs
and medical devices, and the medical tort system, including the
costs of defensive medicine. The calculations include a deduction
of identifiable tangible benefits of regulation. With that said,
the estimate is considerable, amounting to $169.1 billion annually.
The study suggests that the cost of health service regulation
outweighs benefits by a two to one cost. (Conover, 2004). Table 3
Cost of Health Facilities Regulation (millions of 2002 dollars)Type
of Regulation Access EMTALA Hospital uncopensated care pools
Hospital community serv requirements ice Limited English
proficiency requirements Costs Health care fraud and abuse Facility
medical records (incl priv acy) Organ transplant regulation
Certificate of need Hospital rate setting Pharmaceutical price
regulation Other cost-related facilities regulations Quality
Hospital accreditation/ licensure Nursing home
accreditation/licensure Other facilities accreditation/licensure
Peer Rev iew Clinical Laboratory Improv ement Act (CLIA) Other
quality-related facilities regulations GRAND TOTAL Source: Cato
Institute (Conover, 2004) Expected $11,755 $4,436 $6,678 $317 $324
$14,130 $3,209 $1,068 $1,815 $110 $69 $7,626 $233 $21,798 $8,640
$3,581 $2,078 $2,063 $3,236 $2,200 $47,683 Costs Minimum $2,184
$1,261 $698 $123 $102 $11,948 $2,224 $696 $1,653 $26 $57 $7,163
$129 $9,595 $833 $1,963 $465 $1,314 $3,065 $1,955 $23,727 Maximum
$29,544 $10,965 $16,591 $961 $1,027 $273,339 $9,945 $92,178 $1,785
$157,859 $3,023 $8,149 $400 $57,592 $31,885 $6,821 $7,447 $5,481
$3,466 $2,492 $360,475 Expected $3,805 $2,146 $1,524 $135 $0
$14,837 $2,154 $1,222 $1,804 $0 $51 $9,606 $0 $3,973 $0 $3,973 $0
$0 $0 $0 $22,615 Benefits Minimum $700 $421 $233 $46 $0 $20,748
$1,808 $996 $280 $5,067 $4,421 $8,176 $0 $3,973 $0 $3,973 $0 $0 $0
$0 $25,421 Maximum $8,928 $4,930 $3,601 $397 $0 $27,094 $2,912
$1,450 $4,644 $0 $0 $18,088 $0 $3,973 $0 $3,973 $0 $0 $0 $0 $39,995
Net Cost $7,950 $2,290 $5,154 $182 $324 -$707 $1,055 -$154 $11 $110
$18 -$1,980 $233 $17,825 $8,640 -$392 $2,078 $2,063 $3,236 $2,200
$25,068 Percent 31.7% 9.1% 20.6% 70.0% 0.0% 1.3% -2.8% 4.2% -0.6%
0.0% 4.0% 0.4% 0.1% -7.9% 0.9% 71.1% 34.5% -1.6% 8.3% 8.2% 12.9%
8.8% 100%
The 2009 Health Information Technology Act
17
Subsequently, the ARRA has been signed. The Recovery Act
includes significant funding for the implementation and management
of the incentive program as well as the ongoing support for
providers meeting the qualifications of a certified electronic
medical record system, and additional funding for the required
regulatory reporting agencies. The new law requires the Department
of Health and Human Services, and the Office of the National
Coordinator for Health Information Technology (ONC), to adopt a
rule-making process of initial standards, implementation
specifications and certification criteria by December 31, 2009
(AMA, 2009). The new regulatory requirements are a complex array of
additional governmental layers. When reading the following,
consider the depth and comprehension level required to administer a
successful electronic system while complying with the regulations
that are integrated into the newly defined HITECH landscape. A
clear understanding of all applicable laws and regulations is a
basic requirement for holding a position of leadership in a
Hospital, particularly at the Chief Executive Officer level. Health
Information Technology for Economic and Clinical Health Act
(HITECH) On February 17, 2009 the American Recovery and
Reinvestment Act of 2009 commonly referred to as the Stimulus Bill,
was signed into law by the federal government. Included in this law
is $19.2 Billion which is intended to be used to increase the use
of Electronic Health Records (EHR) by physicians and hospitals;
this portion of the bill is called, the Health Information
Technology for Economic and Clinical Health Act, or HITECH Act. The
government firmly believes in the benefits of using electronic
health records and is ready to invest federal resources to
proliferate its use. (Ways and Means, 2009).
The 2009 Health Information Technology Act Meaningful Use Two
important elements have yet to be defined. This includes the
official definition of meaningful use, and the specifications
required for becoming a certified electronic health record (Health
IT, 2009). The meaningful use workgroup of the HIT Policy Committee
has released its initial recommendations for a definition of
"meaningful use" of electronic health records. The definition is
important because under the economic stimulus law, providers
must
18
"meaningfully use" EHRs to receive financial incentives from
Medicare and Medicaid (Health IT Committee, 2009). These initial
recommendations do not include a formal definition of meaningful
use. They include the initial recommendation of the functionalities
that will be required by 2011 when incentive payments begin. "This
is the beginning of a conversation that will continue for some
time," said David Blumenthal, M.D., the National Coordinator for
Health Information Technology, during a meeting of the HIT Policy
Committee, a public-private advisory group. Blumenthal added that
"there is a long way to go" before a final definition of meaningful
use is achieved (Goedert,2009). The workgroup's initial
recommendations include 22 objectives--most covering inpatient and
outpatient care for EHRs in 2011. These include, among others: Use
CPOE for all order types including medications, Implement
drug-drug, drug-allergy and drug-formulary checks, Maintain an
up-to-date problem list, Generate and transit permissible
prescriptions electronically, Maintain an active medication allergy
list,
The 2009 Health Information Technology Act
19
Send reminders to patients per their preference for preventive
and follow-up-care, Document a progress note for each encounter,
Provide patients with an electronic copy or electronic access to
clinical information such as lab results, problem list, medication
lists and allergies,
Provide clinical summaries for patients for each encounter,
Exchange key clinical information among providers of care, Perform
medication reconciliation at relevant encounters, Submit electronic
data to immunization registries where required and accepted,
Provide electronic submissions of reportable lab results to public
health agencies, Provide electronic surveillance data to public
health agencies according to applicable law and practice, and,
Comply with federal and state privacy/security laws and the fair
data sharing practices in HHS Nationwide Privacy and Security
Framework, released in December 2008 (Health Information
Technology, 2009). Certified Electronic Health Record
The rules and regulations for meeting the requirements of a
certified electronic health record are still under discussion, with
preliminary models identified for 2011 (Health IT, 2009). The
Certification Commission launched its updated and new 2011
Certification Programs on October 7, 2009. In addition to its
established, CCHIT Certified Comprehensive Certification Programs,
the Commission also launched a more limited ARRA certification
program(health Information, 2009). The CCHIT Certified 2011 program
inspects products against comprehensive
The 2009 Health Information Technology Act functionality,
interoperability, and privacy and security criteria using the
Commissions published methods. Products must be fully compliant.
They must also meet or exceed applicable proposed Federal standards
for certified EHR technology to support the 2011-2012 incentives
under the American Recovery and Reinvestment Act of 2009 (Health
IT, 2009)
20
The ARRA certification component of both programs is considered
preliminary because the definitions of meaningful use, criteria,
and standards have been proposed but not yet finalized by the US
Department of Health and Human services(Certification Commission,
2009). Health Information Privacy ARRA layers on new privacy
protections and prosecution powers to discourage unauthorized
access to patient information. Under ARRA, even a brief
unauthorized look at a medical record can result in large monetary
fines for individuals and facilities. Through a wide range of
provisions, Congress used ARRA as an attempt to increase patient
trust that the healthcare industry will protect their personal
information (Healy, 2009). Health Insurance Portability and
Accountability Act of 1996 (HIPAA) The Privacy Rule provides
federal protections for personal health information held by covered
entities and gives patients an array of rights with respect to that
information. At the same time, the Privacy Rule is balanced so that
it permits the disclosure of personal health information needed for
patient care and other important purposes. The Act is defined as
follows: The Standards for Privacy of Individually Identifiable
Health Information (Privacy Rule) establishes, for the first time,
a set of national standards for the protection of certain health
information. The U.S. Department of Health and Human
The 2009 Health Information Technology Act Services (HHS) issued
the Privacy Rule to implement the requirement of the Health
Insurance Portability and Accountability Act of 1996 (HIPAA).1 The
Privacy Rule standards address the use and disclosure of
individuals health informationcalled protected health information
by organizations subject to the Privacy Rule called
21
covered entities, as well as standards for individuals' privacy
rights to understand and control how their health information is
used. Within HHS, the Office for Civil Rights (OCR) has
responsibility for implementing and enforcing the Privacy Rule with
respect to voluntary compliance activities and civil money
penalties (Department of Health and Human Services, 2009). The ARRA
has tightened existing Privacy Rules to meet the demands of the
electronic Medical Record. The privacy and security of electronic
health information must be ensured as this information is
maintained and transmitted electronically. (OCR, 2009). The Uniform
Healthcare Information Act The National Conference of Commissioners
on Uniform State Laws has promulgated a standard state privacy
statute known as the Uniform Healthcare Information Act. The Act is
supported by the American Medical Association. The main thrust of
the Uniform Act is: Medical records may be released only with the
patients consent, A subpoena may be required to release medical
information in a legal context, Patients have access to their own
records. The Act sets forth stern penalties for noncompliance. Of
great interest to third party payers is the provision of many of
the state statutes which deals with fraud and health care
The 2009 Health Information Technology Act records. The statutes
of some states prevent a provider from testifying for or against a
patient without the patients consent. These are called privileged
communication statutes (National Conference, 1985). Data Breach The
data breach notification regulations are the first of the ARRA
privacy provisions to take effect. The Department of Health and
Human Services(HHS), will oversee organizations that qualify as
covered entities and business associates under HIPAA. The Federal
Trade
22
Commission (FTC) will oversee everyone else, including vendors
of personal health records. The law requires both HHS and the FTC
to create and publish final interim regulations by August 16, 2009.
The provisions become effective 30 days after publication (ARRA,
2009). Administrative Simplification: Title II, Subtitle F. (HIPAA)
This section grants authority to mandate the use of standards for
the electronic exchange of healthcare data, to specify what medical
and administrative code sets should be used within the standards
(Health Insurance, 1996). Accounting for Disclosures ARRA requires
healthcare facilities using EHR systems to provide patients with a
fuller accounting of disclosures, including disclosures for
treatment purposes and other routine healthcare operations. This is
a significant change from the current HIPAA laws, which exempt
treatment, payment and business operations disclosure (Appendix A).
Restrictions of Certain Disclosures ARRA gives patients the right
to prevent the disclosure of health data to their health insurance
plans if they paid for treatments out of their own pockets. EHR
systems will have to
The 2009 Health Information Technology Act adapt to accommodate
such requests (Appendix A). Electronic Copies ARRA requires any
provider using an EHR system to produce an electronic copy of a
patients health record upon request. Under HIPAA, providers are
required to give a copy of a patients record in the format
requested, but only if documents are readily producible in that
format. Many EHR systems in use are not up to that challenge
(Appendix A). Liability for Business Associates ARRA has several
provisions that extend HIPAA privacy, security, and
administrative
23
requirements to business associates. Business Associates (BA)
are individuals or an organization that performs a function or
activity on behalf of a covered entity, but is not a part of the
covered entitys workforce. Covered entities must update their
business associate agreements to incorporate these new provisions.
Among the changes, ARRA requires business associates to respond to
any privacy noncompliance on the part of the covered entities.
Security breach, restrictions and disclosures, sales of health
information, consumer access, business associate obligations and
agreements (OCR, 2009). Improved Enforcement The Recovery Act
carries a number of items Congress lumped together as improved
enforcement. Many of these also relate to Section 1177(a) of the
Social Security Act (42 U.S.C. 1320) which established the
penalties as we currently know them (ARRA, 2009). Noncompliance Due
to Willful Neglect Increased penalties due to willful neglect is a
violation for which the Secretary is required to impose a penalty.
For the penalty to be levied, the Secretary must formally
investigate any
The 2009 Health Information Technology Act complaint of a
violation of a provision of HIPAA privacy. When the investigation
indicates a violation due to willful neglect a penalty will be
imposed. This change will apply to penalties that occur more than 2
years after the enactment date. The Secretary is to publish final
regulations related to this requirement not later than 18 months
after the ARRA enactment (ARRA, 2009). Distribution of Certain
Civil Monetary Penalties Collected
24
This provision calls for any civil monetary penalty (or monetary
settlement collected with respect to an offense punishable under
ARRA privacy provisions or the Social Security Act (HIPAA) to be
transferred to the HHS Office of Civil Rights for the purpose of
enforcing the provisions of these ARRA provisions. The Government
Accounting Office (GAO) is to submit a report to the Secretary
within 18 months of enactment, with recommendations for a
methodology under which an individual who is harmed by an act that
constitutes an offense to the ARRA provisions or HIPAA may receive
a percentage of any civil monetary penalties or monetary settlement
collected. Then, within three years of enactment, the Secretary
shall establish regulations based on the GAO recommendations. The
methodology will apply with respect to civil monetary penalties or
monetary settlements imposed on or after the effective date of the
regulation (ARRA, 2009). Tiered Increase in Amount of Civil
Monetary Penalties The ARRA modifies the Social Security Act
Penalties. In this case a tiered set of penalties is established as
follows: Where there is a violation that it is established when the
person did not know (and by exercising reasonable diligence would
not have known) that such
The 2009 Health Information Technology Act
25
person violated a provision, a penalty for each violation will
be at least $100 for each violation, not to exceed $25,000 (ARRA,
2009, p.158). Where there is a violation and the violation was due
to reasonable cause and not to willful neglect, a penalty for each
such violation will be at least $1,000 for each violation, not to
exceed $100,000 for each violation (ARRA, 2009). Where there is a
violation and violation was due to willful neglect: If the
violation is corrected, a penalty of $10,000 will be required for
each violation, not to exceed $250,000. If the violation is not
corrected as described, a penalty in the amount of $50,000 will be
required not to exceed $1,500.000 (ARRA, 2009). The Nationwide
Privacy and Security Framework for Electronic Exchange of
Individually Identifiable Health Information: The principles of the
Nationwide Privacy and Security Framework for Electronic Exchange
of Individually Identifiable Health Information establishes a
single, consistent approach to address the privacy and security
challenges related to electronic health information exchange
through a network for all persons, regardless of the legal
framework that may apply to a particular organization (ONC, 2009).
CMS Security Standards: The Administrative Simplification
provisions of the Health Insurance Portability and Accountability
Act of 1996 (HIPAA, Title II) required the Department of Health and
Human Services to establish National Standards for the security of
electronic health care information. The final rule adopting HIPAA
standards for security was published in the Federal Register on
February 20, 2003. This final rule specifies a series of
administrative, technical, and physical
The 2009 Health Information Technology Act
26
security procedures for covered entities to use to assure the
confidentiality of electronic protected health information. (CMS,
2009). Civil Rights Title VI of the Civil Rights Act of 1964 While
ARRA has not modified awardees civil rights obligations, which are
referenced in the HHS Grants Policy Statement, these obligations
remain a requirement of Federal law. Recipients and sub-recipients
of ARRA funds or other federal financial assistance must comply
with Title VI of the Civil Rights Act of 1964 (prohibiting race,
color, and national origin discrimination) (Title VI, 1964).
Section 504 of the Rehabilitation Act of 1973 Requires hospitals to
validate that they protect patients from disability discrimination
(Rehabilitation, 1973). Title IX of the Education Amendments of
1972 Requires hospitals to insure that they prohibit sex
discrimination in education and training programs, discrimination
on the basis of sex in Federally supported education programs is
also prohibited (Title IX, 1972). The Age Discrimination Act of
1975 Prohibits hospitals from age discrimination in the provision
of services (Age, 1975). Public Health Service Act Titles VI and
XVI of the Public Health Service Act require health facilities that
received certain Federal funds (Hill-Burton funds) to provide
certain services to members of its designated community (Appendix
D)
The 2009 Health Information Technology Act Section 542 of the
Public Health Service Act, as amended, bars discrimination in
admission or treatment against substance abusers suffering from
medical conditions by Federally-assisted hospitals and outpatient
facilities (Appendix D). Food and Drugs The Food and Drugs Act of
1906 The first of more than 200 laws that constitute one of the
world's most comprehensive and effective networks of public health
and consumer protections (Pure, 1906). The Federal Food, Drug, and
Cosmetic Act of 1938 Among other provisions, the law authorized the
FDA to demand evidence of safety for new drugs, issue standards for
food, and conduct factory inspections (FDA, 2009). The
Kefauver-Harris Amendments of 1962 Inspired by the Thalidomide
tragedy in Europe, this amendment strengthened the rules for drug
safety and required manufacturers to prove their drugs'
effectiveness (FDA, 2009). The Medical Device Amendments of 1976
The law applied safety and effectiveness safeguards to new devices
(FDA, 2009). Food and Drug Administration Amendments Act of 2007.
This law represents a very significant addition to FDA authority.
Among the many components of the law, the Prescription Drug User
Fee Act (PDUFA) and the Medical Device User Fee and Modernization
Act (MDUFMA) have been reauthorized and expanded. These
27
programs will ensure that FDA staff has the additional resources
needed to conduct the complex and comprehensive reviews necessary
to approve new drugs and devices (FDA, 2007). Electronic Records:
Electronic Signatures
The 2009 Health Information Technology Act The regulations in
this part set forth the criteria under which the agency considers
electronic records, electronic signatures, and handwritten
signatures executed in electronic records to be trustworthy,
reliable, and generally equivalent to paper records and handwritten
signatures executed on paper (Electronic, 2003). Fraud Prevention
& Detection Safe Harbor Regulation
28
The Medicare Prescription Drug, Improvement, and Modernization
Act of 2003 (MMA), identifies the final rules for Safe Harbor under
the anti-kick back statute to protect certain arrangements
involving goods, items, services, donations, and loans provided by
individuals and entities to certain health centers that are funded
under section 330 of the Public Health Service Act. The goods,
items, services, donations, or loans must contribute to the health
centers ability to maintain or increase the availability, or
enhance the quality, of services available to a medically
underserved population (OIG, 2006) Provider Self-Disclosure
Protocol The Self-Disclosure Protocol is intended to be a vehicle
under which the provider community can voluntarily disclose
self-discovered evidence of potential fraud in an attempt to avoid
the costs and disruptions that may be associated with a
Government-directed investigation and with civil or administrative
litigation. The Office of the Inspector General (OIG) verifies the
information contained in the provider's submission and evaluates
the matter for potential fraud issues.. While the OIG does not
speak for the Department of Justice or other agencies, they are
consulted, as appropriate, regarding the resolution of
Self-Disclosure Protocol matters (Levinson, 2009).
The 2009 Health Information Technology Act HHS Recovery Act
Oversight The American Recovery and Reinvestment Act of 2009
(Recovery Act) provides the Office of Inspector General (OIG), with
$17 million in funding for oversight and review. The Recovery Act
provided an additional $31,250,000 to the OIG for the purpose of
ensuring the proper expenditure of funds under Medicaid. OIG will
assess whether HHS is using the $165.4
29
billion in Recovery Act funds in accordance with legal and
administrative requirements and that they are meeting the
accountability objectives defined by the Office of Management and
Budget (OIG, 2009). Whistleblower Protections under the Recovery
Act The ARRA , provides protections for certain individuals who
make specified disclosures relating to Recovery Act funds. Any
non-federal employer receiving recovery funds is required to post a
notice of the rights and remedies provided under this section of
the Act (OIG, 2009). Information Management HHS Recovery Act The
purpose is to increase access to health care, protect those in
greatest need, create jobs, expand educational opportunities, lay
the groundwork for successful health reform, and provide immediate
relief to states and local communities. HHS has been entrusted with
carefully investing $167 billion of taxpayers funds for these
purposes, and is committed to making every dollar count (Federal
Health, 2009). The HHS Recovery Act lays a solid foundation for
health reform, and makes a down payment on the Presidents Zero to
Five plan of early care and education of children by promoting
access to health insurance and increasing the number of health care
professionals
The 2009 Health Information Technology Act through Additional
grants to healthcare workforce training institutions, Computerizing
Americans health records, which will improve the quality of
healthcare, reduce medical errors, and prevent unnecessary health
care spending,
30
Advancing scientific and biomedical research and development
related to health and human services,
Promoting economic and social well-being of individuals,
families, and communities,
Strengthening necessary healthcare services for medically
underserved individuals ,
Providing healthcare services to American Indians and Alaska
Natives (Department of Health, 2009).
Freedom of Information Act (FOIA) This is a federal statue that
allows individuals to request access to Federal agency records,
except to the extent records are protected from disclosure by the
Freedom of Information Act (Justice Department,2009). 482.24
Condition of Participation: Medical record services. Every hospital
that accepts payment for Medicare and Medicaid patients must comply
with the Center for Medicare and Medicaid Conditions of
Participation. This regulation includes specific instructions for
hospitals as well as defining criteria and standards for medical
records. This includes the organization and staffing requirements
for the medical records department, the
The 2009 Health Information Technology Act
31
standardized format and the retention requirements for the
records. It also identifies each of the specific types of documents
that must be present, as well as the required content and
documentation standards (CMS, 2009). Substance Abuse Rules Federal
laws relating to substance abuse records came into being due to the
sensitivity of such information. These special rules apply where
the facility has any special substance abuse care unit. General
medical care is not affected. There are stern monetary penalties
for noncompliance (SAMSA, 2004). Joint Commission on Accreditation
of Healthcare Organization Standards Specifically defines required
standards for hospitals and healthcare organizations with respect
to the content of the medical record, including IM.2.20 data
integrity, IM.2.30 addresses continuity and disaster recovery for
both hard copy and electronic records, and a myriad of other very
specific requirements for organizations seeking accreditation. This
accreditation process is required for all Medicare providers (The
Joint Commission, 2009). Medical and Healthcare Title 42: Public
Health Specific portion of the United States Code that identifies
requirements for public health, social welfare, and civil rights.
Specific requirements for hospitals and record keeping regulations
are outlined (See Appendix C). Section 3012 of the Public Health
Service Act The Health Information Technology Extension Program
(Extension Program), authorized by Section 3012 of the Public
Health Service Act as amended by ARRA - will establish a
The 2009 Health Information Technology Act collaborative
consortium of Health Information Technology Regional Extension
Centers facilitated by the national Health Information Technology
Research Center. The Extension
32
Program will offer providers across the nation, technical
assistance in the selection, acquisition, implementation, and
meaningful an EHR to improve health care quality and outcomes
(Public Health, 2009). Federal Medical Care Recovery Act (FMCRA)
The Medical Care Recovery Act provides that, when the government
treats or pays for the care of a military member, retiree, or
dependent, it may recover its expenses from any third party legally
liable for the injury or disease. The key to understanding the
complexities of the FMCRA is to realize that the Federal Government
operates one of the largest health care systems in the world (MCRA,
2007). Other Federal Laws In addition to being subject to HIPAA and
Substance Abuse Confidentiality Requirements, healthcare
organizations may be subject to several federal laws that touch in
some way on privacy of health information. The Preamble to the
Privacy Rule lists the following applicable laws: Privacy Act of
1974, Family Educational Rights and Privacy Act, Freedom of
Information Act, Employee Retirement Income Security Act of 1974
(ERISA), Gramm-LeachBliley Act, federally funded health programs
regulations, Food, Drug and Cosmetic Act, Clinical Laboratory
Improvement Amendment, federal disability and non-discrimination
laws, and U.S. Safe Harbor Privacy Principles. In addition, many
federal regulations require disclosure of specific PHI for specific
purposes in specific circumstances (Miller, 2007).
The 2009 Health Information Technology Act Federal Rule of
Evidence, Article VIII Defines the requirements that a record must
have to meet the federal and state rules of evidence to stand as a
legal business record (Federal Rule, 1997). ONCs Federal HIT-EHR
Strategic Plan: 2008-2012:
33
This plan brings together all HIT-EHR Federal efforts in a
coordinated fashion, setting a number of goals, objectives, and
strategies. The goals include privacy and security,
interoperability, widespread adoption, and collaborative
governance. The plan catalogs activities from many Federal agencies
that focus on HIT (Federal Health,2008). The Patient Safety and
Quality Improvement Act of 2005 (PSQIA) Establishes a voluntary
reporting system to enhance the data available to assess and
resolve patient safety and health care quality issues. To encourage
the reporting and analysis of medical errors, PSQIA provides
Federal privilege and confidentiality protections for patient
safety information called patient safety work product. Patient
safety work product includes information collected and created
during the reporting and analysis of patient safety events
(Department of Health, 2005). Stark Laws Congress included a
provision in the Omnibus Budget Reconciliation Act of 1989 (OBRA
1989) which barred self-referrals for clinical laboratory services
under the Medicare program, effective January 1, 1992. This
provision is known as "Stark I". The law included a series of
exceptions to the ban in order to accommodate legitimate business
arrangements. A number of observers recommended extending the ban
to other services and programs. The Omnibus Budget Reconciliation
Act of 1993 (OBRA 1993) expanded the restriction to a range of
The 2009 Health Information Technology Act
34
additional health services and applied it to both Medicare and
Medicaid; this legislation, known as "Stark II," also contained
clarifications and modifications to the exceptions in the original
law. Minor technical corrections to these provisions were included
in the Social Security Amendments of 1994 (Centers for Medicare,
2009). On August 1,2006 Health and Human Services (HHS) Secretary
Mike Leavitt announced the issuance of final regulations(published
in the Federal Register on August 8, 2006) creating new information
technology exceptions under the Federal Stark law and safe harbors
under the Federal Anti-Kickback statute. The issuance of these
regulations substantially increases the ability of hospitals and
other providers of Medicare and Medicaid services to donate
information technology to physicians without violating the Stark
law or Anti-Kickback statute. The changes include: Provision of
Information Technology Items or Services to Physicians at Fair
Market Value, Pre-Existing Exception for Community-Wide Health
Information Systems, Electronic Prescribing Items and Services,
Electronic Health Records Items and Services, Interoperability
Requirement, Receipt of Items or Services Not Condition for Doing
Business with Donor, Prohibition Against Eligibility for Items or
Services Based on Volume or Value of Referrals (OBrien, 2006).
Physician Payment of 15% of Donors Cost under EHR Exception Under
the EHR exception, perhaps the most significant change from the
proposed
The 2009 Health Information Technology Act regulations is a
requirement that the physician pay 15% of the donors cost for the
EHR items and services, before receipt of the items and services
(CMS, 2009). Donated Technology Not Equivalent to Technology
Physician Already Possesses
35
The donated technology must not be technically or functionally
equivalent to technology that the physician already possesses.
Parallel Safe Harbors Under Federal Anti-Kickback Statute The final
information technology safe harbors under the Federal Anti-Kickback
statute are essentially identical to the information technology
exceptions under the Federal Stark law. If the Federal Stark law
applies (because there is a financial relationship between a
physician and a provider of designated health services), any
referral of a Medicare or Medicaid patients for designated health
services is prohibited, unless the referral falls within one of the
Stark exceptions. Only such referrals as qualify under one of the
exceptions is permitted(CMS, 2009). The Federal Anti-Kickback
statute prohibits the offer, payment or receipt of any financial
inducement in exchange for the referral of Medicare or Medicaid
patients. The safe harbors provide immunity for arrangements that
satisfy their requirements. The failure to qualify for a safe
harbor, however, does not mean that an arrangement is unlawful.
Risk to Tax-Exempt Status: Prohibitions Against Private Benefit and
Inurement In order to prevent or minimize the risk to a hospitals
tax-exempt status, the hospital should be able to document and
demonstrate the benefit which it or the community derives from the
donation arrangement. For example, it can be argued that providing
information technology items or services to physicians on its
medical staff furthers the provision of safer and more effective
patient care and advances the overall health of the community
served by the hospital.
The 2009 Health Information Technology Act
36
The issuance of the subject final regulations substantially
increases the ability of hospitals and other providers of Medicare
or Medicaid services to donate information technology to physicians
without violating the Federal Stark law and the Federal
Anti-Kickback statute. Such arrangements will need to be carefully
structured with appropriate agreements compliant with the subject
exceptions and safe harbors (OBrien, 2006). The Federal Advisory
Committee Act (FACA) This federal law governs the behavior of
federal advisory committees. Specifically, the Act restricts the
formation of committees to those that are deemed essential, limits
their powers to provision of advice to officers and agencies in the
executive branch of the Federal Government and also limits the
length of their term (Federal Advisory Committee, 1994). Regulatory
Agencies and Their Responsibilities Multiple federal and state
regulatory agencies play key roles in the implementation, strategy
and management of this program. The individual agencies and their
role are outlined as follows: Agency for Healthcare Research and
Quality (AHRQ) AHRQ is a significant funding source for research
and development across the HIT-EHR spectrum, with $166 million in
grants and contracts specific to this effort. Funding is awarded to
collect HIT-EHR data and to stimulate investment in HIT-EHR
products. The Agency for Healthcare Research and Quality's mission
is to improve the quality, safety, efficiency, and effectiveness of
healthcare for all Americans. Information from AHRQ's research
helps people make more informed decisions and improve the quality
of healthcare services. AHRQ was formerly known as the Agency for
Health Care Policy and Research (AHRQ, 2009).
The 2009 Health Information Technology Act The American Health
Information Community The American Health Information Community
(AHIC) is a federal advisory body,
37
chartered in 2005, to make recommendations to the Secretary of
the U.S. Department of Health and Human Services on how to
accelerate the development and adoption of health information
technology (American Health, 2005). American National Standards
Institute (ANSI) This organization accredits various
standards-setting committees, and monitors their compliance with
the open rule-making process they are required to follow to obtain
ANSI accreditation. HIPAA prescribes that the standards mandated
under it be developed by ANSIaccredited bodies (American National,
2009). The Centers for Disease Control and Prevention (CDC) To
improve and support state health departments capacity for rapid
scale of healthcare associated infections (HAI) prevention,
dissemination of HHS evidence-based practices within hospitals,
targeted monitoring and investigation of the changing epidemiology.
Also require access to healthcare data and voluntary reports of
hospital-related infections to the Centers for Disease Control and
Prevention (CDC, 2007). Certification Commission for Healthcare
Information Technology (CCHIT) CCHIT is a collaboration among three
industry associations that are developing federal certification
criteria and an inspection process for HIT-EHR under a three-year
contract awarded in 2005 from HHS. Interoperability and security
standards are central to certification. The Commission to date has
certified over 100 ambulatory and inpatient systems as meeting
federal guidelines (Certification, 2011).
The 2009 Health Information Technology Act The eHealth
Initiative, A nonprofit organization that is dedicated to the
promotion of HIT-EHR development. This organization is the
best-known funding source for regional HIT efforts (eHealth, 2009).
Electronic Healthcare Network Accreditation Commission (EHNAC) This
organization tests transactions for consistency with the HIPAA
requirements and subsequently accredits healthcare clearinghouses
(State Alliance, 2009). Federal Communications Commission (FCC) As
directed in the American Recovery and Reinvestment Act of 2009, the
Federal Communications Commission will develop a national broadband
plan and consult with the
38
National Telecommunications and Information Administration of
the Department of Commerce in their implementation of the Broadband
Technology Opportunities Program. The Secretary of Commerce, in
consultation with the FCC and following Congressional notification,
may transfer funds to the FCC for carrying out these
responsibilities. Federal HealthCare Architecture (FHA) The Federal
Healthcare Architecture is responsible for ensuring that federal
agencies can seamlessly exchange health data between and among
themselves, with state, tribal and local governments; and with
private sector healthcare organizations. In addition, they leverage
federal expertise in creating a cross-agency health information
interoperability architecture framework that provides a common
vocabulary, simple tools and lifecycle processes (Federal
Healthcare, 2009). Food and Drug Administration (FDA) The FDA will
receive data from existing reporting systems regarding adverse
events, as
The 2009 Health Information Technology Act
39
well as provide support and regulatory guidance for
pharmaceuticals and medical devices. They are responsible for
regulations related to electronic signatures used in electronic
medical records (Food and Drug, 2009). Health Informatics Standards
Board (HISB) An ANSI-accredited standards group has developed an
inventory of candidate standards for consideration as possible
HIPAA standards (Health Informatics, 2009). The Health Information
Security and Privacy Collaboration (HISPC) Established in June 2006
by RTI International through a contract with the U.S. Department of
Health and Human Services, HISPC originally comprised 34 states and
territories. HISPC phase 3 began in April 2008, and now comprises
42 states and territories. This organizations goal is to address
the privacy and security challenges presented by electronic health
information exchange through multi-state collaboration. Each HISPC
participant continues to have the support of its state or
territorial governor and maintains a steering committee and contact
with a range of local stakeholders to ensure that developed
solutions accurately reflect local preferences (Health Information,
2009). Health Information Technology Regional Centers A Federal
Register Notice and Request for Comments has been published
announcing the draft description of the program for establishing
regional extension centers to assist providers seeking to adopt and
become meaningful users of health information technology, as
authorized by the American Recovery and Reinvestment Act of 2009
(Health Information, 2009). Health IT Policy Committee The ARRA
provides that the HIT Policy Committee be created under the
Federal
The 2009 Health Information Technology Act
40
Advisory Committee Act (FACA) and charged this committee with
making recommendations to the National Coordinator for Health
Information Technology. They are responsible for the development of
a policy framework for the implementation and adoption of a
nationwide health information infrastructure, including standards
for the exchange of patient medical information. Among the areas
for infrastructure standards, the Policy Committee is to consider:
Implementation specifications shall include named standards,
architectures, and software schemes for the authentication and
security of individually identifiable health information and other
information as needed to ensure the reproducible development of
common solutions across disparate entities, Technologies that
protect the privacy of health information and promote security in a
qualified electronic health record including the segmentation and
protection from disclosure of specific and sensitive individually
identifiable health information, To minimize the reluctance of
patients to seek care (or disclose information about a condition)
because of privacy concerns, To develop technologies that allow
individually identifiable health information to be rendered
unusable, unreadable, or indecipherable to unauthorized individuals
when such information is transmitted in the nationwide health
information network or physically transported outside of the
secured, physical perimeter of a health care provider, health plan,
or healthcare clearing house (HIT Policy, 2009). Health IT
Standards Committee The ARRA requires the HIT Standards Committee
be created under FACA and charged
The 2009 Health Information Technology Act with making
recommendations to the National Coordinator for Health Information
Technology
41
on standards, implementation specifications, and certification
criteria for the electronic exchange and use of health information.
Initially, the HIT Standards Committee will focus on the policies
developed by the Health IT Policy Committee (HIT Standards, 2009).
Health Resources and Services Administration (HRSA) This agency of
the U.S. Department of Health and Human Services, is the principal
Federal Agency charged with increasing access to health care for
those who are medically underserved (Health Resources, 2009). The
Healthcare Information Technology Standards Panel (HITSP) This is a
cooperative partnership between the public and private sectors. The
Panel was formed for the purpose of harmonizing and integrating
standards that will meet clinical and business needs (Healthcare
Panel, 2009). HHS Patient Safety Task Force Federal and state
agencies, accrediting bodies and other organizations collect data
that can provide insights into the causes of medical errors and
strategies to increase patient safety, but these separate sources
of information are difficult to compare and analyze. In April 2001,
Secretary Thompson created the HHS Patient Safety Task Force to
coordinate the efforts of these various data-collection sources to
promote more consistent, effective use of the information
(Department of Health, 1999). Inspector General (IG) Each federal
agency has an Inspector General (IG) responsible for overseeing how
federal funds are spent and for working with the agency to minimize
fraud, waste, and abuse. IGs
The 2009 Health Information Technology Act for agencies who
received Recovery Act funds are reviewing their stimulus spending
to ensure Recovery-related projects meet legal and administrative
requirements. The IGs are also
42
reviewing their agencies administrative practices to ensure that
effective controls are in place for managing Recovery funds
(Inspector General, 2009). National Center for Health Statistics
(NCHS) A federal organization within the CDC that collects,
analyzes and distributes health care statistics. The NCHS maintains
the ICD-9 CM codes (National Center, 2009). National Association of
Health Data Organizations (NAHDO) The National Association of
Health Data Organizations (NAHDO) is a national, not-for-profit
membership organization dedicated to improving health care through
the collection, analysis, dissemination, public availability, and
use of health data. NAHDO provides leadership in health care
information management and analysis, promotes the availability of
and access to health data, and encourages the use of data to make
informed decisions and guide the development of health policy.
NAHDO provides information on current issues and strategies to
develop a nationwide, comprehensive, integrated health information
system, sponsors educational programs, provides assistance, and
serves as a forum to foster collaboration and the exchange of ideas
and experiences among collectors and users of health data (National
Association, 2009). National Committee on Vital and Health
Statistics (NCVHS) The National Committee on Vital and Health
Statistics was established by Congress to serve as an advisory body
to the Department of Health and Human Services on health data,
statistics and national health information policy. It fulfills
important review and advisory
The 2009 Health Information Technology Act functions relative to
health data and statistical problems of national and international
interest, stimulates or conducts studies of such problems and makes
proposals for improvement of the Nations health statistics and
information systems. In 1996, the Committee was restructured to
43
meet expanded responsibilities under the Health Insurance
Portability and Accountability Act of 1996 (National Committee,
2009). The National Health Information Network (NHIN): To provide a
secure, nationwide, interoperable health information infrastructure
that will connect providers, consumers, and others involved in
supporting health and healthcare (National Health Information,
2009). National Committee for Quality Assurance (NCQA) This
organization accredits managed care plans or HMOs. Their role will
expand to include certification of those organizations to insure
they are compliant with HIPAA requirements. This organization
maintains the (HEDIS) Health Employer Data and Information Sets
(National Committee, 2009). National Uniform Billing Committee
(NUBC) This organization is chaired and hosted by the American
Hospital Association. They maintain the UB04 institutional billing
form and the data element specifications for both the hardcopy form
and the electronic format. The NUBC has a formal consultative role
under HIPAA for all transactions affecting institutional healthcare
services (National Uniform, 2009). Office for Civil Rights (OCR)
Responsible for the enforcement of Health Insurance Portability and
Accountability Act (Office of Civil Rights, 2009).
The 2009 Health Information Technology Act Office of the
Inspector General (OIG): The mission of the Office of Inspector
General (OIG), as mandated by Public Law 95452 (as amended), is to
protect the integrity of Department of Health and Human Services
programs, as well as the health and welfare of the beneficiaries of
those programs. Within this
44
capacity they maintain legal access to all health records
throughout the United States (Office of the Inspector, 2009). The
Office of the National Coordinator for Health Information
Technology (ONC) The ONC serves as the resource for the entire
health system to support the adoption of health information
technology for the promotion of nationwide health information
exchange to improve healthcare. ONC is organizationally located
within the Office of the Secretary for the U.S. Department of
Health and Human Services. (Office of the Inspector, 2009). ONC is
the principal Federal entity charged with coordination of
nationwide efforts to implement and use the most advanced health
information technology and the electronic exchange of health
information. The position of National Coordinator was created in
2004, through an Executive Order, and legislatively mandated in the
Health Information Technology for Economic and Clinical Health Act
[HITECH Act] of 2009. The Coordinators responsibilities include:
drafting HIT-EHR policy, establishing strategic action plans, and
acting as a guiding force in nationwide electronic healthcare
record development (Office of the Inspector, 2009). Office of
Recovery Act Coordination This Office will ensure that HHS fully
implements the Acts requirements. This includes ensuring that
programs are designed to meet the Recovery Acts objectives, that
reporting due dates are met, performance outcomes are established
and tracked, risks of fraud and abuse are
The 2009 Health Information Technology Act mitigated, and that
the public is kept informed through the Web and other means of
communication. Once programs are in place, this office will be
responsible for reporting, auditing, and investigating for fraud
and abuse; and protecting the confidentiality and integrity of HHS
data systems (Monegain, 2009). Recovery Accountability and
Transparency Board The Recovery Board oversees Recovery Act
spending and prevents and detects fraud, waste and mismanagement of
the recovery fund expenditures (Recovery Board, 2009). Regional
Health Information Organizations (RHIOs) These are entities in
which local healthcare providers and plans agree to communicate
45
health information over a standardized electronic network. It is
estimated that there are between 100 and 200 RHIOs nationwide. They
range in size from statewide structures to local city efforts and
are mainly funded by federal funds, regional providers, and
philanthropic grants (Regional Health, 2009). State Alliance for
eHealth: The State Alliance was created through an HHS contract
with the National Governors Association (NGA) in 2006. The State
Alliance for e-Health is a consensus-based, executivelevel body of
state elected and appointed officials, formed to address the unique
role state governments can play in facilitating adoption of
interoperable electronic HIE. It is also intended to be a forum
through which stakeholders can work together to identify new inter-
and intrastatebased policies and best practices and explore
solutions to programmatic and legal issues related to the exchange
of health information (State eHealth, 2009).
The 2009 Health Information Technology Act State Level Health
Information Exchange Consensus Project The State-level Health
Information Exchange Consensus Project is managed through a
46
contract with American Health Information Management
Associations Foundation of Research and Education. The projects
main objective is to provide a forum for ONC to work with states to
ensure all health information exchange activities throughout the
Unites States align. This is a forum that enables ONC to
disseminate information about the national agenda and for the
states based efforts to inform the federal government thereby
enabling a nationwide alignment of all health information exchange
activities (State Level, 2009). United States Department of Health
and Human Services (HHS) To coordinate and manage the complexity of
HHS role in the Recovery Act, HHS established an Office of Recovery
Act Coordination (United States Department of Health, 2009). United
States Department of Agriculture (USDA) The Rural Development
Broadband Program supports the expansion of broadband service in
rural areas through financing and grants to projects that provide
access to high speed service to facilitate economic development in
locations without sufficient access to such service (USDA, 2009)
Veterans Administration To provide software development, staff, and
associated supplies and equipment to support implementation of the
Post-9/11 GI Bill and to support upgrades to other VHA systems. The
VHA Office of Information also provides use of an electronic
medical record through their demo system that is down loadable on
their website (VA, 2009).
The 2009 Health Information Technology Act California
Legislation and Action Plans
47
Achieving electronic health information exchange (HIE) through
the application of health information technology (HIT) is one of
the cornerstones of the overall healthcare reform strategy in
California. This includes implementation of interoperable HIE, key
strategies to achieve the goals of better health care outcomes,
efficiencies in the delivery of healthcare, and strengthening
emergency and disaster response preparedness. The California Health
and Human Services Agency (CHHS) serves as the lead, coordinating
all HIE and HIT issues for the State. CHHS works with the State
Chief Information Officer (OCIO), the Department of Managed Care
and the Transportation and Housing Agency to oversee the States HIE
and HIT related efforts (Wulsin, 2008). The structure for achieving
these goals is as follows: Governance Establish a governance
structure that achieves broad-based stakeholder collaboration with
transparency, buy-in and trust. Set goals, objectives and
performance measures for the exchange of health information that
reflect consensus among the health care stakeholder groups, and
finalize requirements related to meaningful use crit