
Since we first co-authored the
HIPAA Survival Guide, HHS has provided key guidance regarding the definition of
meaningful use under the HITECH Act. Compliance with HIPAA's Privacy and Security Rules is now an integral part of the meaningful use definition. It is also part of the 2011 meaningful use objectives. Providers and facilities
must ensure adequate privacy and security protection for personal health information if they expect to receive HITECH EHR incentive payments.
HHS' HITECH meaningful use definition can be broken down into three principal components: 1) five policy priorities; 2) care goals; and 3) a set of objectives and measures for each two year window (2011, 2013, and 2015). Lost in much of the HITECH discussion to date are the transformational privacy implications of
HITECH's Subtitle D-Privacy, which provides the central point of intersection between HITECH, HIPAA and meaningful use. Compliance with Subtitle D is therefore critical with respect to providers and facilities receiving ARRA's promised EHR incentives.
In short,
in order to understand the non paper tiger HIPAA you must understand Subtitle D. The remainder of this article will highlight key sections of this Subtitle and provide an explanation as to why HITECH/HIPAA compliance is a "wicked problem."