The Security Scrutinizer with Howard Anderson

HITECH EHR Incentives Kick Off

Will the Electronic Health Record Program Prove Successful?
HITECH EHR Incentives Kick Off

Well, it's finally official: Hospitals and physicians, effective Jan. 3, can apply for the HITECH Act electronic health record incentive payments. And if all goes according to plan, the payments will start flowing in May.

As much as $27 billion in EHR incentives will be available from Medicare and Medicaid. As a result, executives at hospitals and physician groups are taking steps to make sure they can demonstrate they are "meaningful users" of electronic health records so they can qualify.

Although Medicare incentive payment applications can be submitted starting Jan. 3, Medicaid applications will be accepted in phases, based on state readiness, according to David Blumenthal, M.D. national coordinator for health information technology.

Registration for Medicaid incentives began today for those in Alaska, Iowa, Kentucky, Louisiana, Oklahoma, Michigan, Mississippi, North Carolina, South Carolina, Tennessee and Texas. In February, registration will be open in California, Missouri and North Dakota. Other states likely will launch their Medicaid incentive programs in the spring and summer, Blumenthal says.

So will federal authorities be inundated with applications for the incentive payments? Or will the response be underwhelming? Stay tuned.

Slim Chance of Success?

Futurist Jeff Bauer is forecasting that the HITECH EHR incentive program has a slim chance of success. He contends the incentive program has a 70 percent chance of failure, mainly because of the tough standards for qualifying.

As more hospitals and physicians become aware of the high costs and hassles involved in qualifying for the federal EHR incentive payments, many will choose not to participate, Bauer predicts. Instead, he says, they'll follow their own "digital transformation" agendas at their own pace.

But Dixie Baker, a well-known security expert who's advising federal regulators on policy issues, predicts that a top trend for 2011 will be the adoption of certified electronic health records.

Will the money start flowing in May as planned? Will the government successfully dole out $27 billion worth of incentives in the coming years? And will the looming cuts in Medicare reimbursements for hospitals and clinics that fail to implement EHRs by the end of 2014 prove to be a powerful additional incentive? Only time will tell.

The only explicit security requirement for achieving meaningful use of EHRs to qualify for the incentives is to conduct a risk assessment and then mitigate all risks identified. Although this has been required under HIPAA for years, far too many organizations have yet to conduct an assessment.

To be certified for the incentive program, EHR software must include a long list of security functions, including encryption and authentication. But the HITECH rules don't spell out what security functions of the EHR software actually must be used.

Security Guidance Needed

As a result, hospitals and clinics will "have a greater need for guidance on how to configure and use the security features that are incorporated into those EHRs to support HIPAA compliance," Baker says.

I remain optimistic that the incentive program will lead more hospitals and clinics to make widespread use of EHRs. But as more information is digitized, let's hope that healthcare organizations take adequate steps to protect it.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.