Email to a Colleague

HIPAA/Health Information Technology

Why Employers Care

The widespread implementation of health information technology (HIT) will increase the quality of care by reducing inefficiency and errors in the current health care system, providing clinical decision support tools at the point of care to improve decision-making, identifying effective treatments, and by facilitating the coordination of care. HIT could also lower the administrative costs of care by reducing paperwork through electronic claims/payment processing; increasing the use of generic drugs through electronic-prescribing; and reducing medical errors through the use of electronic medical records. Simply eliminating unnecessary paperwork would reduce over $294 billion (31% of all health care expenditures) spent annually in the U.S. on health care administration (paper work) each year.

The American Recovery and Reinvestment Act of 2009, or stimulus, included $19 billion for HIT with $17 billion in Medicare and Medicaid incentives to providers to adopt HIT and an additional $2 billion will be provided to the States for grants. Additionally, the bill requires Department of Health and Human Services (HHS) to develop a schedule for the assessment of federal HIT standards by December 31, 2009. The new standards must be implemented by all federal health care programs. Private health care providers may voluntarily adopt them.

However, one of the main challenges regarding health information technology remains the Health Insurance Portability and Accountability Act (HIPAA). Recent advancement of health information technology initiatives in Congress has spurred new interest in expanding the reach of HIPAA privacy and security regulations with a potentially significant impact on employers.

HIPAA privacy regulations forever changed the landscape of employer health plan administration and communication, dictating when, under what circumstances and to whom a health plan can disclose an individual's protected health information, provide patient rights regarding their health information.

The Health Information Technology for Economic and Clinical Health Act (HITECH) Act (included in the 2009 stimulus law) substantially expanded the HIPAA Privacy and Security rules as well as increased the penalties for violations. HITECH applies the HIPAA Privacy and Security Rules and their penalties to HIPAA business associates; creates a new security breach reporting requirement for HIPAA covered entities; creates new privacy requirements for HIPAA covered entities and their business associates; and increases the penalties for HIPAA covered entities and business associates that violate HIPAA.

In February of 2013, HHS released final regulations under HIPAA, HITECH Act, and GINA. In September of 2013, HHS provided an updated HIPAA Model Notice of Privacy Practices for compliance purposes. For more information on those regulations please visit our resources page.

What Can Employers Do?

The National Business Group on Health is a member of Partnership for Value-Driven Health Care, a consortium of business groups and employers committed to improving the nation's health care system by advancing HIT and transparency. Together, members work in partnership with HHS to ensure the President's Executive Order on Promoting Quality and Efficient Health Care in Federal Government Administered or Sponsored Health Care Programs — and the four cornerstones — including interoperable HIT — are part of employers' health care purchasing activities. For more information or to join the partnership, employers can contact

Employers can also refer to the Business Group recommendations to Employers on Essential Actions to Improve the Quality and Safety of Health Care. One recommendation is to require all hospitals and health care systems in employers' preferred networks implement health information technology, including electronic medical records and personal health records for all patients, according to the standards and requirements specified by the Secretary of HHS, based on the work of the American Health Information Community (AHIC). The systems should include electronic-prescribing, and connections to the personal health records that every consumer will have and be able to carry.

Many employers are using the new HIPAA non-discrimination rules for wellness programs as guidelines for creating innovative incentive and wellness initiatives.

As members of the National Business Group on Health, employers can also voice their concerns while shaping and influencing public policy on HIPAA regulations and legislation by:

  • Making recommendations on proposed rules and regulations;
  • Becoming involved in coalitions addressing confidentiality and privacy issues;
  • Contacting their Congressional representatives to express their views on pending legislation; and
  • Providing statements or testimony to Congress or the Administration on HIPAA-related issues.

Relevant Tools and Resources Include:

Page last updated: January 29, 2014

Resource Library