Health Information Technology

Hospitals are leaders in the adoption of health information technology (HIT) to improve the quality, safety, and efficiency of care delivered to patients. HIT encompasses a broad range of tools — from electronic health records (EHRs) that document and help facilitate patient medical encounters to portals that allow patients and caregivers to access important medical information. These technologies allow health professionals to access real-time information quickly and securely while also creating a more transparent health care system for patients. The development of a digital health care infrastructure through the implementation of EHRs and investment in HIT is critical to achieving a higher-performing, better-coordinated health care system.

Medicare & Medicaid EHR Incentive Programs (now known as the Promoting Interoperability Programs) and Certification

The Health Information Technology for Economic and Clinical Health (HITECH) Act, which passed as part of the 2009 stimulus legislation, included provisions to provide incentive payments to eligible hospitals (and eligible medical professionals) that adopt and demonstrate “Meaningful Use” of certified EHR technology. The Centers for Medicare & Medicaid Services (CMS) administers the Medicare EHR Incentive Program and state Medicaid agencies manage the Medicaid EHR Incentive Program. In 2018, CMS rebranded these as the Promoting Interoperability Programs to highlight the focus on interoperability and patient access to health information.

The Office of the National Coordinator for Health IT (ONC) administers the Certification program, which ensures that EHR technology meets the functional criteria to enable hospitals and other eligible providers to comply with the Promoting Interoperability Programs.


The HITECH Act was successful in significantly increasing hospital adoption of certified EHRs. It has been less successful, however, in achieving its second objective: interoperability. The 21st Century Cures Act, enacted in 2016, authorizes further advances in interoperability. The Act requires the Department of Health and Human Services (HHS) to recognize or create a trusted exchange framework and common agreement (TEFCA) to support information sharing, identify activities that do not constitute information blocking, develop voluntary pediatric EHR standards and encourage the exchange of information among registries and patient safety organizations.

The exchange of health information among providers and the sharing of information with patients is critical to improving the quality and efficiency of care delivered to patients. Hospitals recognize that interoperable EHRs and other health information technologies are a critical tool to allow the right information to be in the right place at the right time, whether in the Emergency Department or upon admission to a post-acute facility. Health IT also can facilitate greater access to critical information for non-clinicians, empowering patients (and their caregivers) to assume a more active role in their health care.

FAH is committed to improving health information exchange and routinely engages with public and private sector partners to identify and address barriers to interoperability.

In January 2019, FAH joined with six other leading hospital associations on a report, Sharing Data, Saving Lives: The Hospital Agenda for Interoperability, outlining a pathway to advance interoperability. The report discusses the benefits of fully interoperable data for patients and providers, outlines current challenges, and provide suggestions for how all stakeholders can collaborate to achieve the goal of the best possible health for each individual. The hospital associations identified six elements that make up the pathway to interoperability and recommend actions for stakeholders across the health care sector:

  • Security and Privacy: Stakeholders must be able to trust that shared data is accurate, secure, and used in accordance with best practices and patient expectations.
  • Efficient, Usable Solutions: Data must be available where and when it is needed, and in a useful format.
  • Cost Effective, Enhanced Infrastructure: The infrastructure to connect information sharing networks must be secure, cost-effective, accessible and updated over time.
  • Standards that Work: Connected systems require improved — as well as new — standards used consistently to minimize proprietary solutions and gatekeeping
  • Connecting Beyond Electronic Health Records: To improve health and care, interoperable systems must expand the reach of information sharing to support population health, address social determinants of health and facilitate remote monitoring and patient-generated data
  • Shared Best Practices: Information sharing is happening in pockets but needs to be expanded. All stakeholders should share best practices and build on what works.

Privacy & Security

Protecting patient privacy and ensuring the security of patient information within EHRs and other HIT systems is a top priority for hospitals. The Health Information Portability and Accountability Act (HIPAA) of 1996 is enforced by the Office of Civil Rights (OCR) HHS. This law sets strong national standards for privacy and security compliance for HIPAA-covered entities. In addition, hospitals are steadfastly committed to building strong defenses against cybersecurity threats and work with public and private sector partners to ensure robust threat detection and response.

With the expanding use of mobile technology in health care, such as smartphone apps, more and more patient data is being shared with entities that are not required to comply with the HIPAA privacy and security standards. FAH believes it is possible to support innovation in the marketplace while ensuring the security, privacy and clinical efficacy of third-party applications, including smartphone apps, through both education and an industry-backed vetting process.

FAH has called upon CMS, ONC, the Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) to undertake a joint campaign to educate patients about the differences between HIPAA and non-HIPAA-covered entities and how those differences may affect the ways in which their data is used, stored and shared with others.

In addition, FAH believes there is a need for an industry-backed process to independently vet these non-HIPAA-covered entities, including smartphone apps, to ensure they are:

  • Meeting all relevant security standards
  • Using data appropriately and in line with consumer expectations
  • Clinically sound (for those applications that offer medical advice)