As part of last year’s economic stimulus act congress passed the Health Information Technology for Economic and Clinical Health Act (HITECH). “HITECH broadens the scope of privacy and security protections already available under HIPAA. This law also increases the potential legal liability for non-compliance and provides for more enforcement. HITECH requires data breach notification for unauthorized uses and disclosures of “unsecured PHI” (unencrypted personal health information). These breach notification requirements are similar to most state data breach laws related to personally identifiable information. For those health providers with an electronic health record (EHR) system in place, patients have a right to access their electronic personal health information. The patient can also have their records be sent to a third-party for a fee that is equal to the labor cost to produce. Additionally, HITECH has changed it so that business associates (e.g. accounting firms, billing agencies, law firms) of those organizations subject to HIPAA (e.g. health care providers, pharmacies) are now subject to the same data privacy and security requirements, including the civil and criminal penalties, as those HIPAA regulated organizations they work with.” Quotation from Lawbrain. I corrected the typos in the original. The law sounds like it’s designed to protect privacy and make it easy for patients to access their electronic medical records .

Well, there’s more to this act. There are incentives to use certified EHR technology. Certified by whom. Well, HHS of course. Health care professionals and hospitals can collect as much as $27 billion over 10 years they meet the meaningful use objectives set by HHS. The final rules for “meaningful use” were released July 13 by Secretary Sebelius. When the act was proposed it was said to offer savings of $12.5 billion. So it appears that we’re going to spend $27 billion to save less than half that amount.

[The following quotation is from the Medical Economics article linked above.] “As much as $27 billion may be expended in incentive payments over ten years. Eligible professionals may receive as much as $44,000 under Medicare and $63,750 under Medicaid, and hospitals may receive millions of dollars for implementation and meaningful use of certified EHRs under both Medicare and Medicaid…the final rules divides the requirements into a core group of requirements that must be met, plus an additional “menu” of procedures from which providers may choose.”  Sounds like a Chinese restaurant.

Why is the government going to spend what used to be a lot of money to encourage doctors and hospitals to do what they were already in the process of doing without incentive payments? The electronic medical record was going to happen all by itself. It will now happen the way bureaucrats in Washington think best. I don’t know if their way is the best way; past experience with federal rules will likely color your estimate of how effective the rules will prove. But there’s going to be a big payoff for doing it the fed’s way. Hospitals and doctors will soon be besieged by purveyors of courses and seminars designed to maximize their take from this new incentive program. It’s virtually certain, however, that over time these incentives will turn into mandates. If your electronic medical records don’t pass government muster you’ll likely discover that you don’t qualify for Medicare or Medicaid payment.

Patients and purveyors of medical care can take heart that CMS is only going to spend a trifling sum ($27 billion) on this new program. It’s a rounding error given our once and future spending on medical care.