Security and Privacy Implications of the HITECH Act

Idaho Falls Health System consists of four hospitals and six healthcare clinics that cover three rural counties. The CEO of the health system has joined forces with several of his peers to purchase the services of a local IT shop, Trustworthy Computing. Trustworthy Computing has been hired to provide health information exchange services that are part of the HITECH Act’s meaningful use financial incentive program. Mary Miller, the owner of Trustworthy Computing, was thrilled to win the contract to provide secure health information exchange services and immediately set about hiring additional technical staff and equipment to prepare to engage in this work. Mary hired Roger Murphy, who recently completed an undergraduate certification program in information security, to manage the project. Roger is the nephew of the Idaho Fall Health System’s CEO and was hired on the CEO’s recommendation.

Roger immediately set about working with the internal IT staff to develop connectivity among the partners in the health exchange agreement. Three weeks into the project, the network manager of Health Right, one of the partners, discovered that a vulnerability in the Idaho Falls Health System network has resulted in a breach of patient information. The breach has impacted Health Right and all of the other partners in the health exchange agreement.

Evaluate how the criteria related to security, privacy, and health information exchange that are covered in the HITECH Act come into play in this scenario.
Analyze the components of this scenario to determine the liability for each of the partners engaged in this health information exchange agreement.
Develop recommendations for how healthcare partners can mitigate the risk that may occur in meeting the meaningful use health information exchange criteria.