Transferring medical information electronically has obvious advantages, but every solution creates new problems. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) spells out how users of electronic devices for communicating medical records must maintain strict patient privacy. At the time it was written HIPAA had few teeth.
In 2009 the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted to reinforce HIPAA in several ways. HITECH requires the Department of Health and Human Services (HHS) to make periodic checks of entities sending medical information electronically. It raises the penalties for non-compliance and includes businesses dealing with such entities liable as well. It prohibits the use of genetic information for the use of determining insurance rates, and disallows the use of health information for fundraising, marketing, or sales.
It also spells out several goals, with ultimately having secure and universally compatible electronic health records that can “talk to each other” to reduce redundancy and waste in the healthcare system.
References
hhs.gov/hipaa/for-professionals
Federal Register / Vol. 78, No. 17 / Friday, January 25, 2013 / Rules and Regulations