The Health Information Technology for Economic and Clinical Health (HITECH) Act is one part of the American Recovery and Reinvestment Act (ARRA), a piece of legislation designed to stimulate the economy. Additionally, its goal was to improve the management and protection of healthcare documents.
Since its inception in 2009, there have been a number of modifications, many of which include detailed explanations of what a violation of HITECH looks like and the penalties for those violations.
What Is HITECH in Healthcare?
HITECH in healthcare stands for Health Information Technology for Economic and Clinical Health. It aptly describes the original intent of the legislation, which was to create jobs and help to spread the use of technology in hospitals and other healthcare settings to manage patient records.
Before the inception of HITECH, only about 10 percent of healthcare facilities maintained patient records electronically. Instead, most had files packed full of medical records going back decades, all of which could be easily accessed by anyone behind the counter.
It was easy for professionals to get busy and leave files on desks, grab the wrong file when intaking a patient, or file a new document in the wrong file and thus put those records and the information they contained at risk.
With the implementation of healthcare technology, medical providers were able to access records via computer, input their notes directly into that file, making them immediately accessible (and legible!) to patients and the next provider to care for the patient within the healthcare complex.
How Has the HITECH Act Impacted Healthcare?
HITECH has helped to improve accountability when it comes to managing patient files. Computers can monitor who accesses which files and when as well as what actions were taken on those files, making it easier to identify those who were transferring files carelessly or otherwise exposing them or putting them at risk.
In response, four penalty tiers have been introduced along with specific minimum and maximum fines per violation. Currently, those penalty tiers include the following:
- Tier 1: Lack of Knowledge
These violations are incurred due to inexperience or lack of understanding of how a system works or what should be protected. Penalties are the least severe, ranging from a minimum of $120 to $30,113 per violation with a max penalty limit per year of $30,133.
- Tier 2: Reasonable Cause
These violations may have occurred because the individual or organization thought they had cause for sharing the information. Fines range from the minimum $1,205 to $60,226, with a max annual penalty limit of $120,452.
- Tier 3: Willful Neglect
Purposefully breaking privacy protection of patients or blocking them from access to files is punishable with a minimum fine of $12,045 and a max penalty of $60,226 per violation, with a max annual penalty list of $301,130.
- Tier 4: Willful Neglect Not Corrected Within 30 Days
Should the willful neglect go uncorrected for more than a month, penalties get severe. Minimum penalties per violation go to $60,226 and maximum penalties can be more than $1.8 million, with an annual penalty limit of $1,806,757.
HITECH Violation Support
If you are facing fines and litigation due to an alleged HITECH violation, reach out to Florida Healthcare Law Firm for assistance today.