by Government Relations Staff

February 19, 2009 — For nearly five years, the APA Practice Organization (APAPO) has lobbied to ensure that comprehensive patient records privacy and security standards are included in any health information technology (HIT) legislation before Congress. The persistent effort has just been rewarded.

On February 13, the House and Senate passed the Health Information Technology for Economic and Clinical Health (HITECH) Act, a health information technology (HIT) bill that provides as its centerpiece many of the records privacy and security provisions sought by the APAPO. The bill is part of the economic stimulus package that President Obama has signed into law.

The HITECH Act builds on the federal government's continuing efforts to encourage the development of a national interoperable, electronic health records network with the goal of providing improved patient care at lower cost.

The Government Relations staff has written a background document on the HITECH Act.

The core of the HITECH Act contains provisions to ensure records privacy and security as HIT develops. The Act will:

• Provide for an ongoing process for setting standards to better ensure that privacy and security are protected in the health care system

• Incorporate Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule standards, where possible, including standards regarding psychotherapy notes and other sensitive patient information

• Improve upon the HIPAA "minimum necessary" standard, which requires that only the minimum amount of patient information can be disclosed depending on the request for the information

• Implement further restrictions on health care plan use of patient records for administrative "health care operations" purposes

• Allow a patient to pay privately for health care and not have his or her records included in an electronic network

• Implement a process to explore segmenting particularly sensitive patient records (such as mental health records)

• Provide a notice to the patient when privacy is breached 

• Examine technologies to help patients track how their records have been disclosed

• Contain new strong patient enforcement measures and strengthen existing HIPAA enforcement measures

• Require the Department of Health and Human Services to study expanding the HIPAA psychotherapy notes authorization requirement to include mental health testing data

• Make psychologists eligible for funding provisions in the law to implement health information technology (HIT) into their practices and to join electronic networks in their communities

• Preserve stronger state privacy laws and allow the continued application of state consent provisions

• Require a study for providing for patient consent in electronic records systems

• Protect the well-established psychotherapist-patient privilege currently recognized under federal and state law, and

• Provide for continued Congressional oversight to ensure the bill's privacy and security standards are effective.

The HITECH Act is far more comprehensive than HIT legislation introduced in the last Congress. Due to continuous advocacy, both by the APA Practice Organization government relations team and grassroots psychologists in our Federal Advocacy Network, the APAPO was able to prevent passage of weak congressional proposals in 2008. This year, psychology made a giant leap forward in achieving strong patient records privacy and security protections through the HITECH Act.