The Security Scrutinizer with Howard Anderson

Dr. HIPAA: HITECH is Good and Bad

Dr. HIPAA: HITECH is Good and Bad

William R. Braithwaite, M.D., Ph.D., likes HITECH's funding for electronic health records. But he's not too keen on the short compliance timeline or the lack of specific standards in the rules.

And if you agree, don't forget to share your views with federal regulators before it's too late. March 15 is the deadline for comments on the HITECH rules.

We don't have enough people who are educated enough to get this all done in time. 

Braithwaite helped craft the HIPAA transaction standards as well as privacy and security provisions. Then he traveled from coast to coast educating healthcare leaders about the regulations.

He stepped down from his seven-year role as senior adviser in the U.S. Department of Health and Human Services several years back. Today, he's chief medical officer for Anakam Inc.

In an interview March 3 at the HIMSS Conference in Atlanta, Braithwaite praised the HITECH Act for paving the way for a new era of medicine.

By providing funding for automation projects, including electronic health records and health information exchanges, HITECH will help speed efforts to get doctors to rely more on information technology to make the right decisions, he says.

Braithwaite is a firm believer that IT, including EHRs and clinical decision support systems, helps doctors practice evidence-based medicine.

But the HITECH timeline for earning federal incentive payments for using EHRs is way too aggressive, the veteran HIPAA proponent argues.

"We don't have enough people who are educated enough to get this all done in time," he says, lamenting a lack of those trained in healthcare information technology.

Under HITECH, passed in February 2009 as part of the economic stimulus package, the incentive program's first phase begins in October for hospitals and January for physicians.

HITECH doesn't mandate that anyone participate in the incentives. But it includes what could be a powerful "threat." Those physicians' offices and hospitals that have not made "meaningful use" of records systems by the end of 2014 will see a series of escalating cuts in their reimbursements for treating Medicare patients starting in 2015.

Braithwaite is glad that HITECH is providing motivation for hospitals and doctors alike to finally complete their clinical automation efforts. But he calls for a much longer timeline for compliance, with intermediate, achievable qualification thresholds. He argues this approach is necessary "so folks feel like they're making progress and they won't give up."

The College of Healthcare Information Management Executives, an association of CIOs, recently made similar recommendations.

In addition to his concerns about the timeline, Braithwaite says HITECH is far too vague when it comes to standards for everything from patient data elements to encryption and access control.

The proposed rule establishing standards for qualifying EHR software offer generic requirements, rather than specifying proven, existing standards, he argues.

"We have to be more specific," he says. Otherwise, hospitals and physicians alike may find it too difficult to comply with vague instructions and give up trying to qualify for EHR incentive payments.

Braithwaite, like CHIME, is hopeful that federal regulators will heavily revise the HITECH rules in the weeks ahead. Comments on the rules are due by March 15.

So don't forget to share your HITECH views with regulators before it's too late. To learn more, visit

David Blumenthal, M.D., who serves as HITECH point man in his role as national coordinator for health information technology, told an audience at HIMSS that the three core HITECH regulations would be finalized by the end of spring. To view a story on his presentation, click here.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.