Technological advances have reshaped medical documentation. What was once a completely paper system is now dominated by electronic health records (EHR), leading to an entirely different approach to security.
The 1960s brought about a new era of healthcare record-keeping. Clinical record systems and medical record management systems took root after academic medical centers began implementing these exciting new technologies.
- During the 1960s Lockheed brought about one of the first clinical information systems
- In the 1970s the federal government began using EHRs
- In the mid-1990s the Institue of Medicine (IoM) advocated for EHRs with a published study
- The early 2000s brought about the Office of the National Coordination of Health Information Technology
- In 2009, the Health Information Technology for Economic and Clinical Health Act went into effect
Perhaps the biggest motivator for the HITECH act was to encourager electronic medical record uses. This act incentivized healthcare centers by offering financial benefits for transitioning from paper to electronic documentation. HIPAA rules and regulations were also strengthened with the adoption of this act, granting better security and privacy features.
How Did HITECH Affect HIPAA?
The implementation of HITECH changed the way that HIPAA-covered entities are handled. Protected health information (PHI) needed to align with the HIPAA Privacy Rule. So, the HITECH required business associates that worked with HIPAA covered entities to refrain from sharing any PHI outside of HIPAA guidelines. What constitutes a “business associate” includes any persons and subcontractors who receive PHI. Businesses must be in a business associate agreement (BAA) with all subcontractors, as well.
One of these new regulations included implementing new hardware, administrative, and technical controls that would secure sensitive information included in someone’s medical records. Keeping up with these controls and adhering to regulations regarding PHIs is the responsibility of businesses themselves. Violations fall under HIPAA stipulations and can be subject to substantial financial penalties.
Speaking of fines, the implementation of HITECH greatly influenced the ways in which HIPAA violations were penalized. The HITECH Act gets the United States Department of Health and Human Servies (HHS) involved, requiring them to investigate security risks or breaches and discover if any HIPAA violations occurred.
HITECH also put into place contingency plans regarding violations that may have occurred without the knowledge of certain entities. These penalties go into effect if due diligence wasn’t done — allowing for violations to occur and penalties to be given. There are ways for businesses to appeal their penalties through corrections and proof that there was no willful neglect.
Requesting Files Under HITECH
HITECH was formed for many reasons, but one of the most significant was for individuals to gain access to their electronic health records. There are many ways in which medical records can be ordered and given — however, many of these avenues are confusing. Here are some tips regarding how you can utilize HITECH to request medical records.
Third parties can be designated to receive medical records. One such example of this is for attorneys that need access to medical documentation. The designated third party still receives all of the low-cost record retrieval benefits of HITECH as well. There is some debate surrounding this, however close examination with certain cases will yield you this answer. The request must be from the individual, but can be through a designated third party such as an attorney.
Individuals can have all records with a few minor exceptions. There is a lot of information in a medical record. While some commonalities exist throughout most medical documentation, the anatomy will look slightly different from person to person. Some common threads are:
- Identification information
- Medical history
- Medication history
- Family medical history
- Medical directives
- Treatment history
While there are many facets of medical documentation that an individual is entitled to, there are certain areas that a covered entity may withhold. These can include psychiatric notes and documents that have been prepared for ligation or quality control purposes.
Keep your requests simple when it comes to medical documentation. The individual’s letter needs to be in writing, designating who will be receiving the records, and signed. While attorneys can help with requests, they should not be signing the request nor adding unnecessary complexities. HITECH has low-cost provisions for a reason, and complicating requests with legal jargon may negate those provisions.
Records maintained on paper may cost significantly more to request. This cost increase is mainly due to the labor associated with scanning records into digital format. There are set-in-stone permissible fees for HIPAA rights to access medical records. However, there are some variables that can affect these costs, such as paper records.
Page fees may be implemented if individual pages need to be scanned in order for electronic records to be created. State fees may be slightly different (and usually higher) than HIPAA allows. Again, this is where HITECH is continuing to encourage electronic record usage for all entities that deal with medical documentation.
Some Final Thoughts
HITECH has had a hand in positively impacting the adoption and implementation of electronic health records. The use of digitalized systems and portals has sped up document recovery, organization, and access for both individuals and entities that may require legal access through HIPAA compliances.
The faster turnaround time for retrieval requests, simple medical record sharing allowing for collaboration, and easy search functions has created a much more efficient and secure system.
We provide top of the line retrieval services for businesses around the country, helping them expedite, manage, and remain compliant with HIPAA regulations for medical record retrieval. If your business could benefit from better, smarter processes — contact us today.