top of page
  • CombatThePatentPrices

How Secure Are Our Health Records?

Healthcare data storage has changed in tremendous ways over recent years. Moving from paper-based documents to digital health records has been a giant step for the healthcare system in its entirety. Electronic health records have vastly changed and improved the quality of assistance that is provided to patients for optimal care. The benefits of this move are, no doubt, undeniable, but with this new change in data storage, we are seeing a greater risk in patient security, than we have ever seen before. This article will explore the HITECH Act as it was implemented and its effects, the fallout of healthcare companies, and where we lie today.

What is the HITECH Act?

The Health Information Technology for Economic and Clinical Health Act (HITECH Act), was enacted as a means to encourage the adoption of electronic health records(EHRs) by healthcare providers. HITECH was signed into law as a part of the 2009 stimulus package, the American Recovery and Reinvestment Act(ARRA), during the Obama administration. Before HITECH had been implemented we were only seeing around 10% of hospitals that had applied the use of EHRs. It became increasingly clear that in order to take a progressive step in improving the healthcare system and its major flaws, it was critical to implement better security and privacy protections that had been neglected in the Health Information Portability and Accountability Act of 1996 (HIPAA Act).

HITECH’s main goal was to reform the damage that had been done by the Health Information Portability and Accountability Act of 1996 (HIPAA Act). The HIPPA Act was a federal law that had been implemented in order to create nationwide standards and practices for protecting patient healthcare information as they were moving into a technological platform. HIPAA quickly revealed its flaws, as it was confronted with issues regarding its disregard to notify its users of privacy practices or system breaches. “In 2015, the Department of Health and Human Services (HHS) released a report concerning HIPAA breaches, security and breach notification compliance, and breaches of unsecured protected health information (HIPAA: Key Areas Where Problems Occur).”

Issues regarding HIPAA:

  • HIPAA failed to send patients a Notice of Privacy Practice(NPP) which has all the information users need to understand their rights in terms of their EHRs.

  • It charged patients more than the nominal fee for requesting their records and held it ransom in case they didn't pay.

  • Records reached patients late due to administrative issues even if they were able to pay.

  • Over “...65 percent of breaches involving more than 500 patients...” of lost or stolen protected health care is due to the patient database not being properly encrypted with effective access security.

  • HSS reported the HIPAA organization failing to update its systems and run risk analysis checks.

  • Patients and sometimes even companies did not know/were not notified when there had been a system breach.

The HITECH Act was introduced to overcome the flaws of HIPAA by strengthening its regulations to comply with the Privacy and Security Rules. In attempts to improve its systems, HITECH supposedly imposed more technical requirements to healthcare officials and hospitals who use EHRs.

HITECH provisions improved the HIPAA act and made it more feasible to healthcare businesses. “Providers are now required to report a significant breach of information to the government and affected individuals. Patients, in turn, can request access to said information at any time(HIPAA vs HITECH – Understanding the Difference).” In essence, HITECH was supposedly meant to improve all defects that had been reported about HIPAA.

Improvements the HITECH Act had on healthcare organizations:

  • The rate at which different organizations were integrating electronic health records “...rose from 3.8 percent in 2008 to 14.2-percent in 2015(What Does The HITECH Act Do?).”

  • In 2017 we saw one of the biggest spikes in the implementation of EHRs, of nearly 86-percent by private physicians.

  • That same year, nearly “96-percent of private care hospitals had hired certified health IT...(What Does The HITECH Act Do?).”

Although there are many pros to HITECH we do see a plethora of disadvantages. Just like any other online platform, EHRs can also be subjected to hacking. This is a critical reason why any healthcare organization or private physician must be HIPPA compliant, but in spite of that, data hacking can happen at any given time. Another concern HITECH brings up is ectronic healthcare records must be put into the system immediately after a patient has visited in case there are any changes to their data. The consequence of not entering information directly into their report after a visit can be an administration of incorrect treatment. “Transitioning from paper to electronic files could result in patient data getting lost or entered incorrectly(What Does The HITECH Act Do?).” There are significant repercussions to any errors in treatments, such as healthcare officials being subjected to a lawsuit. Older patient records in HITECH “...are destroyed under the HITECH Act guidelines, leaving information out of a patient’s health record.” Which would be a detrimental loss of information for a patient’ sake. Despite all of its advantages, HITECH is ultimately an internet based platform and is subjected to the same weaknesses that any robust and secure platform is prone to, some of which are caused by ever evolving hacker intelligence.

Were companies affected by HITECH?

While the adoption of electronic health records was necessary for American healthcare to keep up with the rest of the world and the rapidly changing technological landscape, it came with its own downsides. With the need for automation and seamless data flow came the dangers of maintaining that data accurately and securely. The number of security breaches has been rising steadily since the EHRs were adopted. The healthcare industry has blamed this on the rapid adoption of EHRs. The data from 2018 shows that the reported incidents have been increasing rapidly.

To track all breaches that affect at least 500 or more patients, a HIPAA breach tracker website was set up to identify companies that will be penalized under this act and to explain any actions being taken by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general in relation to those breaches. The goal of this data was to encourage the healthcare providers to take decisive action to prevent their patients’ and members’ data from being exposed

In 2019, the American Medical Collection Agency breach was the largest seen, impacting about 21 million patient records from a wide range of covered entities, including Quest Diagnostics, LabCorp, BioReference, and Clinical Pathology. The breach went undetected for about eight months and exposed a large batch of personal data, including Social Security numbers, personally identifiable information, and physical addresses. According to researchers, the breach was discovered when an analyst found the information for sale on the dark web.

Where do we lie today?

The main goal of the HITECH Act was to improve overall patient care by providing doctors timely access to all the information they need for better diagnoses and patient outcomes. Some of the biggest advantages of this Act were that the patient care would be improved. Electronic records are easy to read, reducing the risks of errors or misinterpretations from another healthcare provider that could negatively impact patient care. Also, it would take a long time for medical providers to access the client records which is affected by the provider’s location and organization of records. Having medical records online helps not just the providers but also the patients. They have access to their records without having to ask the medical staff or paying money to access their own records. HITECH Act provides a guideline to the medical providers to better manage and supervise their database thereby cutting costs related to errors, lawsuits and minimizing the office space and staff requirements.


Patient data security has seen trivial times in the early stages of HIPAA. Patient security and breach protection were the most controversial aspects of implementing a platform that was safe and user friendly. The shift to online platforms have been crucial to optimising healthcare quality for patients, especially during unpresidented times such as the covid pandemic. The importance of the HITECH Act was felt during the recent pandemic when telimedice became an primary source of medical help for patients with non-covid illnesses. Although the platform did come with its disadvantages, it has greatly benefitted many lives and dramatically increased the quality of healthcare services for patients.

By Anjali Sadalge

Works Cited

  • HIPAA vs HITECH - Understanding the Difference. (2020, May 13). Retrieved October 16, 2020, from

  • What is the HITECH Act. (2020, August 18). Retrieved October 16, 2020, from

  • Compliancy Group. (2020, August 03). What is the HITECH ACT?: What HITECH Compliance Means. Retrieved October 16, 2020, from

  • HIPAA: Key Areas Where Problems Occur. (n.d.). Retrieved October 16, 2020, from

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA). (2018, September 14). Retrieved October 16, 2020, from

  • Stericycle. (2014, December 08). How to Comply with HIPAA Privacy Regulations. Retrieved October 16, 2020, from

  • What is the HITECH Act. (2020, August 18). Retrieved October 16, 2020, from

  • Healthcare Data Security - The 5 Biggest Challenges Today. (2019, May 29). Retrieved October 16, 2020, from

  • Davis, J. (2020, July 21). UPDATE: The 10 Biggest Healthcare Data Breaches of 2020, So Far. Retrieved October 16, 2020, from

  • Why Data Security is The Biggest Concern of Health Care. (2020, July 08). Retrieved October 16, 2020, from

  • HealthITSecurity. (n.d.). Home. Retrieved October 16, 2020, from

  • Security, W. (2020, September 10). What Does the HITECH Act Do? Retrieved October 16, 2020, from

15 views0 comments

Recent Posts

See All


bottom of page