Edward M. Stern, J.D., has a private law practice in Newtonville, Mass. Stern serves as assistant dean for pre-law advising at Boston University and is a visiting lecturer for the University of Massachusetts/Boston Department of Sociology.

HITECH Act contained in stimulus package law
(June 2009 Issue)

By Edward Stern, J.D.

Many of you have heard or read about the American Recovery and Reinvestment Act (ARRA) which will inject billions or perhaps a trillion dollars into the economy. The ARRA is, in the main, a stimulus package that is intended to provide money to have the effect of supporting a weakened economy. Many states have made plans to apply for and use these funds to provide jobs to keep people working and to repair or modernize the nation's infrastructure or to establish innovations to advance a more "green" (clean) approach to areas presently dependent on fossil fuels.

All the above would probably be sufficient for a complicated law such as ARRA. Yet, there are other questions to be asked. Which states will participate? What would be the criteria for participation? Who would get to decide what projects were acceptable? Would there be any payback to the federal government in return for funds used by others? Would there be oversight by the federal government of the federal funds? Would there be any remedies if something occurred in using these funds that was not acceptable?

As interesting as all these questions are, the reason for this column is that in the ARRA is the Health Information Technology for Economic and Clinical Health Act (HITECH Act) which modified and expanded the Health Insurance Portability and Accountability Act of 1996 (HIPAA) with which many of you are familiar.

One of the reasons that the HITECH Act is in ARRA is that there is a $20 billion, more or less, fund allocated to different technologies (IT), projects and infrastructure, dealing with establishing electronic health record technology (HER) and systems to enhance Medicare and Medicaid reimbursement. There will be changes regarding notice to patients if there are breaches in security of protected health information (PHI).

There will be distinctions between "protected" PHI and "unprotected" PHI and what constitutes proper use of each. The attempt here seems to be to have better and clearer enforcement with greater penalties when a breach of security or privacy occurs.

Previously under HIPAA, there were providers designated as "covered entities." These new provisions may, in certain circumstances, now cover "business associates," who were not previously covered by HIPAA but had contractual relationships with "covered entities."

There will be new regulations covering most of the issues that need to be established over the next six months from the Department of Health and Human Services, although there are different enforcement dates for different parts of HITECH.

If a state has a law which protects privacy rights of patients similar to HIPAA, now including the HITECH Act, either law may be enforced. Neither federal nor state jurisdiction is required to give up its authority when enforcing privacy laws.

Over the next six months, most of these new terms will have a clearer meaning to all of us. More and more of these issues are being discussed by their acronyms. Stay tuned for updates as they occur.

Top | Home | Psy Jobs | CE Listings | Archives | Contact Us

Leading Stories | Columns | Book Reviews | Hospital Directory
Residential School Directory | Advertising | Classifieds | About Us