HITECH Act and Omnibus Final Rule

HITECH (Health Information Technology for Economic and Clinical Health Act) was created to encourage organizations to “promote the adoption and meaningful use” of Electronic Health Records (EHR).

HITECH includes incentives for healthcare providers who use digital medical records to improve the quality of healthcare.

The law also imposes penalties for failing to make sufficient use of EHR. Therefore, the ultimate goal of HITECH is to promote the use of secure, interoperable EHR throughout the U.S

The Omnibus Rule finalized:

8. Modifications to the HIPAA Privacy, Security, and Enforcement Rules
9. The HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act
10. Changes on Breach Notification for unsecured PHI under the HITECH Act from providing evidence to prove there was a breach, to presuming a breach occurred and requiring proof how data was not compromised
11. Modifications to the HIPAA Privacy Rule addressing the GINA (Genetic Information Nondiscrimination Act) to prohibit most health plans from using or disclosing genetic information for underwriting purposes
12. Patients may pay out of pocket in full and instruct their provider to refrain from sharing information about their treatment with their health plan
13. Federal Common Law of Agency – the law holds Business Associates and Subcontractors to the same standards required of Covered Entities. They are subject to the same fines and penalties as Covered Entities
14. Healthcare providers can share vaccination records with schools directly with a written or verbal release from the student’s parent or guardian
15. The Omnibus Rule adopted HITECH’s prohibition against the marketing, fundraising, and sale of PHI without authorization