The resources that follow should serve as a starting point for a reader that wants to find additional information regarding the HIPAA Privacy Rule, HIPAA Security Rule and the HITECH Act, as well as health information technology (HIT) content related to them. This combined legislation has a significant HIT focus that makes it quite unique.
While it was not within the scope of the HIPAA Survival Guide to discuss HIT, it was certainly one of the factors that led us to write it. We felt that a baseline understanding of the regulatory framework was critical to understanding the operational characteristics of the proposed technology framework with which it is so closely intertwined. With that in mind we have decided to include regulatory, HIT, and industry resources below.
U.S. Department of Health and Human Services (HHS)
HHS' website located at www.hhs.gov is an excellent resource that contains a wealth of information for any reader that is trying to become grounded in either the HIPAA regulations or in HIT. Because of the website's expansive nature, it is often difficult to find the appropriate place to start, depending on your specific topic of interest. We provide a list of "entry points" that have been useful to us below:
HHS Privacy Rule Portal
The following URL is the entry point to the HHS Health Information Privacy portal. If you are looking for regulatory information regarding the HIPAA Privacy Rule this is where you should start: HHS Health Information Privacy
HHS Security Rule Portal
The following URL is the entry point to the HHS Security Standard portal. If you are looking for regulatory information regarding the HIPAA Security Rule this is where you should start: HHS Overview Security Standard
Of special note on the page above is a link to a HIPAA Security Educational Paper Series.
HHS Health Information Technology (HIT) Portal
The following URL is the entry point to the HHS Health Information Technology portal. If you are looking for information at the intersection of HIPAA and HIT then this is where you need to start. Of special interest is the item labeled "Privacy & Security" in the left navigation menu: HHS Health Information Technology Home
HHS Nationwide Health Information Network (NHIN)
This following URL is the entry point for information regarding NHIN. This network is akin to the interstate highway system, but facilitates the movement of health information instead of goods. NHIN states its vision as follows:
Create a nationwide health information network infrastructure that can revolutionize the delivery of health care and wellness by providing efficient, secure, and accurate access to health information.
Any definition of "certified EHR" will likely require a mandate that such a system interoperate with the NHIN once the latter is available for production use.
This link below is to a free "course" which contains information regarding ARRA and the HITECH Act. It is, in our opinion, one of the better summaries of this legislation, especially regarding topics relevant to the provider community.
The transformation of the health care industry, fueled by the Obama administration's initiatives, is moving forward at an accelerated pace. If you are interested in tracking the changing landscape "real time" then the blogosphere is the best place to do that. Below are some of the leading health care/technology blogs. These blogs in turn point to others. By following the links you should quickly find authors writing on your specific topic(s) of interest.
- My Health Tech Blog
- The Healthcare Blog
- Chilmark Research
- Healthcare Blog Law
- Healthcare Guy
- Neil Versel's Healthcare IT Blog
- Remaking Healthcare
This list above is a small subset of the health care blogs available, but should be more than enough to get you started.
As previously discussed, information technology is going to play an enabling role in the health care industry's transformation. Data and interoperability standards will of necessity be core foundational components leveraged by HIT. The HITECH Act states that provider incentive payments for EHR adoption will require implementation of a "certified EHR" system. While HHS has yet to define this term, certification will likely be based on existing industry standards, or on variations that build on and/or modify these standards.
The organizations below have done significant work with respect to HIT standards. They often work together as affiliates to "harmonize" standards required to underpin the "national health infrastructure." There is broad consensus that standards are required to enable effective sharing of electronic health records. However, there is also some concern that standards "harmonization" may cause unwarranted delays. A pragmatic resolution probably falls somewhere in the middle.
- Healthcare Information Technology Standards Panel
- American National Standards Institute - ANSI
- CCHIT : Certification Commission for Healthcare Information Technology
- Health Level Seven
In addition to standards organizations, there are other quasi-governmental and industry organizations that will continue to play important roles going forward. Again, we do not attempt to provide an exhaustive list. Such a list would likely become dated in short order, since this space is rapidly changing. To be sure, often determining who does what in this organizational maze is a challenging exercise in its own right.
Because any transformation of the health care industry will require an enormous collaborative effort between public/private partnerships, we expect new organizations to emerge and perhaps consolidation among existing players. The list below provides a reader a glimpse of who is out there and what they do.
- NeHC | National eHealth Collaborative
- HIMSS | Healthcare Information and Management Systems Society
- RTI International
- AMIA | American Medical Informatics Association
- CDT | Health Privacy
- National ePrescribing Patient Safety Initiative