HITECH Act Technology and Controls

The HITECH Act requires providers applying for financial incentives for meaningful use to engage in a number of very specific data collection, storage, and exchange activities. A large percentage of healthcare providers that might qualify for these financial incentives are small practices—essentially small businesses. These small businesses rarely have the resources available to purchase and maintain the technology necessary to qualify for these incentives. Providers have chosen a variety of solutions including partnering with large health systems that might provide the services as part of the partnership or choosing to outsource the work to a third party.

Dr. Taylor has been providing healthcare for his neighbors since the 1960s. Over the years, he has shared a clinic space with several other independent physicians, sharing expenses, support staff, and on-call responsibilities. Dr. Taylor and his partners have decided that they do not want to follow the path of many of their peers by joining forces with a large health insurance company. At a partners meeting, Dr. Taylor was tasked with finding a cloud provider to help the partners implement an appropriate electronic health record (EHR). The EHR would meet all criteria, including security and privacy regulations, that would qualify these health providers for meaningful use financial incentives.

Describe the steps necessary to select an appropriate cloud provider that will provide access to an EHR and host data storage for a small provider practice.
Identify the security and privacy controls that the selected cloud provider must be able to implement to comply with the HITECH Act criteria.
Explain the roles and responsibilities of the cloud provider and the healthcare providers in ensuring that the HITECH Act security and privacy regulations are met.