Health Information Technology (HIT) is used by health care providers to manage patient care and population health through using and sharing health information in a secure system.

Electronic health records (EHRs) are included under the umbrella of HIT.  They automate access to information and have the potential to streamline clinician workflow and support other care-related activities, such as evidence-based decision support, quality management and outcomes reporting.  The Office of the National Coordinator for Health Information Technology (ONC) leads the Administration’s HIT efforts.

Some common elements of Health Information Technology (HIT) include:

  1. Electronic Health Records (EHRs)
  2. Meaningful Use
  3. Federal Communications Commission (FCC)
  4. mHealth Laws and Regulations

Electronic Health Records

The Health Information Technology for Economic and Clinical Health Act (HITECH) provided the U.S. Department of Health and Human Services (HHS) with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records (EHRs) and a private and secure electronic health information exchange.

Additionally, the act works to update and strengthen existing laws and HIPAA privacy protections to facilitate the secure movement of appropriate information through the health care system.

Under HITECH, eligible health care professionals and hospitals can qualify for Medicare and Medicaid incentive payments when they adopt certified EHR technology and use it to achieve specific objectives. If providers can show they have met a set of criteria, i.e., achieved “meaningful use,” they will receive incentive payments. Providers receiving Medicaid payments had until 2016 to achieve meaningful use or face penalties.  Standards for structured data that EHRs must use to qualify for the incentive program have been established by CMS and ONC. Providers must use a certified EHR to receive the incentive payment.

An EHR is an electronic version of a patient’s medical history. The EHR may include demographics, progress notes, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports. The EHR automates access to information and has the potential to streamline the clinician’s workflow. The EHR also has the ability to support other care-related activities directly or indirectly through various interfaces, including evidence-based decision support, quality management and outcomes reporting.

Meaningful Use

Meaningful use is a set of specific objectives which eligible professionals and hospitals must achieve to qualify for the Centers for Medicare & Medicaid Services (CMS) incentive payments for electronic health records (EHRs).  CMS issues specific qualifications that if met will allow providers to show they have achieved “meaningful use.” Each defined stage of achievement has a different focus that typically builds upon what was achieved in the previous stage.  Failure to show “meaningful use” results in a reduction in Medicare reimbursement.  Penalties began in 2015.

Medicare and Medicaid eligible professionals, eligible hospitals, and critical access hospitals (CAHs) may participate in the EHR Incentive Program. Although most hospitals will be able to receive a payment from both programs, eligible professionals must choose between either the Medicare or Medicaid EHR Incentive Program.

Medicare EHR Incentive Program Medicaid EHR Incentive Program
Run by CMS Run by State Medicaid Agency
Maximum incentive amount is $44,000 Maximum incentive amount is $63,750
Payments over 5 consecutive years Payments over 6 years, does not have to be consecutive
Payment adjustments will begin in 2015 for providers who are eligible but decide not to participate No Medicaid payment adjustments
Providers must demonstrate meaningful use every year to receive incentive payments. In the first year providers can receive an incentive payment for adopting, implementing, or upgrading EHR technology. Providers must demonstrate meaningful use in the remaining years to receive incentive payments.

The three stages involved span over five years with a specific focus for each stage, though CMS has delayed stages.

  • Stage 1 (2011-2012) Data Capture and Sharing
  • Stage 2 (2016) Advance Clinical Processes (originally scheduled for 2014)
  • Stage 3 (2017) Improved Outcomes (originally scheduled for 2016)

Final rules for Stages 1 -3 have been issued that set the standards that must be met to achieve meaningful use in that particular stage. While providers must meet a certain number of standards in each stage, they are allowed to select which ones from those listed.

Penalties began in 2015, though some leniency has been offered by CMS in the form of “hardship exceptions.”  Providers may be able to receive an exception to penalties under certain circumstances. An application to CMS must be made to avoid a penalty.


The Healthcare Connect Fund

The Federal Communications Commission (FCC) administers the Healthcare Connect Fund, which directs up to $400 million annually from the Universal Service Fund toward supporting high capacity broadband services, designed to bring the benefits of telehealth to areas of the country in acute need of those services.  Of that funding, $50 million was allocated to skilled nursing facilities’ pilot program, although there has been no further development of this pilot since the announcement was made.

mHealth Laws and Regulations

Mobile health, or mHealth, is a rapidly evolving aspect of technology-enabled health care.

Smart phones and portable monitoring sensors that transmit information to providers, as well as dedicated application software (apps) which are downloaded onto devices, are used in mHealth. Given its recent emergence into the telehealth field, policies governing the use of this technology are continually being shaped.

The Food and Drug Administration (FDA), the Federal Trade Commission (FTC), and the Federal Communication Commission (FCC) all share jurisdiction over some part of the federal regulation of mHealth.


The Federal Drug Administration (FDA) has the responsibility of regulating equipment or software intended for use in the diagnosis or treatment of a disease or other condition. With passage of the Food and Drug Administration Safety and Innovation Act in 2012, the FDA was given approval to go forward with its regulatory work on medical apps.

If a device is classified as a medical device, FDA requires registration and listing, premarket notification and/or approval, good manufacturing practices, and post-market surveillance. FDA also regulates the software used in telehealth systems. The FDA does make a distinction and provides guidance on distinguishing what is considered a medical device and what is not.

In February 2015, the FDA issued guidance to provide clarity for mobile medical app manufacturers and other interested parties, which stated the FDA’s intent to exercise enforcement discretion on mobile medical apps that pose a low risk to patients’ safety. Additionally, in February 2015, the FDA also issued guidance stating that it would practice enforcement discretion on medical device data systems (MDDS) devices.  MDDS is a device that is intended to transfer, store, convert or display medical device data without controlling or altering the functions or parameters of any connected medical devices. An MDDS may include software, electronic or electrical hardware, modems, interfaces, and a communications portal.

Notably, this definition does not include devices intended to be used in connection with active patient monitoring.  For more information, see CCHP’s factsheet on the MDDS and Mobile App guidance for more information.


The Federal Trade Commission (FTC) protects consumers from unfair or deceptive acts or practices as well as false or misleading claims. Where mHealth is concerned, it has focused on the claims companies have made about the effectiveness of their devices or apps. The FTC also has jurisdiction over health data breaches when the entities involved are not HIPAA-covered entities. The FTC has already been active, taking enforcement action against several mobile health app marketers that have not met the requirements of the FTC. The FTC collaborates closely with both the FDA and FCC on areas where there is jurisdictional overlap.


The Federal Communications Commission (FCC) regulates devices that utilize electromagnetic spectrum, or broadcast devices. FCC regulates the device as a communications device, not as a medical device. With potential overlapping jurisdictions, the FCC and FDA entered into a Memorandum of Understanding, where they would collaborate with each other within the areas of their respective agencies.

In 2012, the FCC approved its mobile body area network (MBAN), which allocates an electromagnetic spectrum for personal medical devices. The allocated spectrum would be used to form a personal wireless network, within which data from numerous body sensors could be aggregated and transmitted in real time. This dedicated spectrum would allow for faster and more reliable transmission of information from patient monitoring devices to practitioner.

The rapid pace of development of this field and the wide range of applications available on the market today have also been the source of a number of legal and ethical questions regarding their use.  Questions are being raised regarding privacy protection. With the vast amount of individual health data being generated by remote monitoring and mhealth devices, determining what are actionable health data, who monitors the data, and where it gets stored are challenges that we will need to address as the field evolves. For an interesting discussion on the subject, read Ethical Issues in mHealth: What is Good Enough? on the South Central Telehealth Resource Center Website.

Article reposted from the Center for Connected Health Policy