Health IT Legislation

The implementation and effective use of Health IT is promoted through legislation at the Federal and state level.

Federal HITECH Act and ARRA

In February 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted at the federal level, as part of the American Recovery and Reinvestment Act (ARRA). The act provides direct incentives to physicians, other outpatient providers and short-stay hospitals to implement interoperable Electronic Health Records (EHR).
The HITECH Act set standards for the Meaningful Use of EHRs including privacy and security requirements for managing data stored electronically in Health IT systems and standards for electronic patient engagement.

The Meaningful Use criteria stipulated in the HITECH Act promote the use of Certified EHR Technology (CEHRT) to securely manage health information and improve the safety of care. The criteria encourage providers to submit clinical quality measures and public health data electronically, while enabling greater participation in Health Information Exchange (HIE) programs and quality reporting initiatives. Read summary of HITECH on Wikipedia


In August 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted by the federal government. Title I of the act focuses on healthcare access, portability and renewability. Title II requires administrative simplification, medical liability reform, and national standards for electronic healthcare transactions to prevent healthcare fraud and abuse. Title II has significant implications for eHealth and Health IT and demonstrating compliance is incorporated into the Meaningful Use.

The Privacy Rule of Title II regulates the use and disclosure of Protected Health Information (PHI), requires notification to people whose PHI is used, gives individuals the right to request that inaccurate PHI is corrected, and stipulates reporting of child abuse. Title II covers healthcare providers, insurers, employer plans, clearinghouses, which must appoint a privacy official to handle complaints, and train all staff members who handle PHI.


The Security Rule of 2003 complements the Privacy Rule and defines administrative, physical and technical safeguards and standards for electronic PHI that covered entities must adhere to.

The Final Omnibus Rule of 2013 added updates to the Security Rule and Breach Notification of the HITECH Act, making Title II applicable to business associates (consultants) and adding more scrutiny to breach disclosure.

The Enforcement Rule of 2006 set civil money penalties and established investigative procedures for violating the HIPAA rules. Read summary of HIPAA on Wikipedia

Chapter 305 of the Acts of 2008

In August 2008, Chapter 305 of the Acts of 2008 was signed into law. The act "Promotes Cost Containment, Transparency and Efficiency in the Delivery of Quality Health Care". Recognizing that deploying Health IT is imperative to supporting real healthcare reform in the Commonwealth, Chapter 305 established the goal of statewide implementation of EHR systems in all provider settings, as well as a statewide HIE (which has become the Mass HIway).

The state provided $15 million in initial funding and established 1) the Massachusetts eHealth Institute (MeHI) within the Massachusetts Technology Collaborative, and 2) a Health Information Technology Council (Health IT Council) that represents experts from essential areas relevant to Health IT. MeHI is responsible for coordinating Health IT initiatives and HIE technologies in the Commonwealth. As a result of the centralized structure created by Chapter 305, MeHI was designated as the State agency to receive HITECH funding under the State Health Information Exchange Cooperative Agreement Program and to serve as the single Regional Extension Center (REC) for the entire Commonwealth.

MeHI was able to partner with EOHHS to use $5 million of its $15 million, in funding from the Massachusetts legislature, to leverage more than $40 million in federal funding to build the Mass HIway

Chapter 224 of the Acts of 2012

In August 2012, Chapter 224 of the Acts of 2012 was signed. The act aimed to "Improve the quality of health care and reduce costs through increased transparency, efficiency and innovation”. Chapter 224 further refined and extended MeHI’s role in advancing the Meaningful Use of Health IT in Massachusetts and created a first-in-the-nation requirement that providers implement and use EHR technology to continue to practice in the Commonwealth.

Chapter 224 charged MeHI is to focus on the following key activities:

  • Complete the statewide implementation of EHRs in all provider settings;
  • Help providers connect these EHRs to the Commonwealth’s HIE, the Mass HIway;
  • Identify and promote technologies with the potential to improve the quality and reduce the cost of healthcare;
  • Help providers continue to evolve their use of EHRs to comply with future Meaningful Use stages; and
  • Promote the understanding of the benefits of Health IT to providers, patients and the general public.

Furthermore, Chapter 224 mandates that by January 1, 2017 "all providers in the commonwealth shall implement fully interoperable electronic health records systems that connect to the statewide health information exchange. See M.G.L. Chapter 118I, Section 7

MeHI assists healthcare providers Massachusetts to comply with Chapter 224 requirements to implement EHRs in all healthcare delivery settings through support programs, services, funding, collaboration and education.