The HITECH act has gone through many deliberations over the year with regards to changes and adoption of different healthcare technology. Alongside the legislative aspect of things, the ever-growing focus on data security of medical records and allied patient information is turning to be more and more critical by the day. Managing medical data and securing medical records have always been a matter of great concern for the U.S. healthcare industry. Faced with the ever changing technology, the industry today is more concerned about safety and security of data transfer in lines with the regulatory compliance alongside the cost parameters.

Impact of the HITECH Act

All healthcare providers and healthcare clearing houses that transmit health information in an electronic form are covered under the HIPAA standards. The HITECH Act envisages certain modifications in the existing HIPAA requirement. For example, the electronic health record (EHR) certification criteria fall within the HIPAA Security Rules. The objective of this rule is to protect privacy of individuals’ health information and allow providers to adopt new technologies to improve quality and efficiency of patient care. A key component to HITECH is that business associates (an organization that provides services to those entities, e.g., IT services, document destruction or clinical staffing etc.) as well as the covered entities (someone who provides treatment, payment and operations in healthcare) are responsible for the same level of HIPAA compliance. Mandatory evaluation is another important aspect of the HITECH legislation.

Tools and Threats

It can be said that the HITECH Act has triggered a technology explosion on the healthcare front. Aided by the HIT program, today it is possible to store about 25,000 individual charts on a PC server. Secure and encrypted exchange of information between hospitals and medical transcription service providers has been a prime lookout of the above act. However, on many occasions devices like removable disks and storage technologies connected to a large network become potential threats to data security. It has become possible to battle down threats with the help of advanced technologies viz., Data Loss Prevention Technology (DLP), Enterprise-Mobility tools and Cloud computing – thanks to the HITECH Act. For example, Data Loss Prevention Technology (DLP) prevents critical data like personal health information (PHI) from leaving the network in a non-secure manner. It can issue alerts and block the data in such situations.  At times it is also used as a web proxy to facilitate such exchange. Similarly, Enterprise-mobility tools safeguard enterprise applications or corporate data on mobile devices by way of password protection, encryption or remote wipe technology. These tools manage the ever increasing range of mobile devices, wireless networks and associated services in mobile computing functions. It makes the device nonfunctional by erasing the data by the administrator once it is found misplaced. This emerging discipline with its multi-dimensional utilities has found its way in application management within the healthcare domain. Cloud computing is only the starting point of a mission seeking new computing models that are hundred percent perfect in managing security concerns and risk factors. With upcoming HIPAA Audits becoming a reality, no health care organization can afford to ignore this powerful tool.

More to Come

The key aspect of any compliance is protection of information. Data protection and storage technologies are two sides of the same coin. Research and innovations would carry both these concepts to more powerful, efficient and intelligent solution levels reducing cost and ensuring security of patient data more than ever before.