This is a “heads up” about some important, very positive, privacy and security provisions in the next implementation stage of the Health Information Technology for Economic and Clinical Health (HITECH) Act.   The HITECH Act was enacted as part of the American Recovery and Reinvestment Act of 2009.  Various aspects of the HITECH Act have gone through several revisions and implementation stages, known as Stage 1 and now Stage 2.

The provisions are contained in two rules —- the “meaningful use rule” and the “electronic health records certification rule” for Stage 2 .  Stage 2 implementation is to start in 2014.

These rules are particularly important for consumers.  Here are some of the key consumer highlights:

  • The “meaningful use rule” requires healthcare providers to assess the use of encryption for stored information — information that includes, for example, patient treatment and history data;
  • The “electronic health records certification rule” requires that patients be given easier online access to their medical information.  This will be done through a required “activity history log”; this log will capture information so patients can know and follow the activities surrounding their medical information (e.g., who has seen it, downloaded it or sent it elsewhere);
  • The “electronic health records certification rule” requires that the software used by healthcare providers should automatically encrypt patient information that is stored on end-user devices.  This is critical to help combat breaches of medical data.

These privacy and security provisions will help protect patient information while giving patients easier access to their own medical information through specially created and designated patient portals.  All of these steps can enable us, as patients, to gain better control over the management of our health information and our personal healthcare.