August 5, 2011 – Small- and medium-sized information technology vendors from outside the health care industry can and should play a larger role in helping health care providers adopt electronic health records and other systems, contends CompTIA, an IT industry trade association.

In a white paper, CompTIA calls for policy changes that will help others in the IT industry become partners in health care's move toward automation and assist small providers in implementing systems. "This partnership will not only allow for more widespread adoption of health IT among small medical providers, but will also allow health care providers to continue their focus on patients and avoid dedicating staff to new information technology systems."

While the federal government is funding health IT training programs at community colleges and universities, more resources are needed, according to the association. "While bringing new people into the profession is important, the existing IT community must not be forgotten and, indeed, should be leveraged more effectively as we work to draw current IT professionals into new careers. These men and women can be activated very rapidly to help with the transition toward health IT, but they need some economic assistance to offset some of the costs of this sizable investment."

Other recommendations by CompTIA include:

  • Provide capital support for small IT businesses by re-allocating funds from existing programs, such as the Small Business Lending Fund;
  • Ensure the nation's 62 federally funded regional extension centers work to educate and integrate small IT firms into health IT;
  • Enact federal preemption over state laws governing data breach standards and notification requirements, including elimination of private rights of action; and
  • Amend the new provision of treating business associates as covered entities under the HIPAA security rule. "This means that a small IT solution provider can now be exposed to criminal penalties and civil fines that can range up to $1.5 million -- a crushing amount for a business with 20 employees or less," according to the white paper, which advocates returning to liability being based on the applicable business associate contract with a covered entity.

CompTIA realizes the size of the challenge to amend HIPAA privacy, security and breach rules, says Elizabeth Hyman, vice president of public advocacy and co-author of the white paper. "Nevertheless, we would like to see a federal approach to data breach and notification so that there is not a patchwork of state laws. But we also want to get some recognition for the challenges faced by IT small- and medium-sized businesses in this space."
The CompTIA white paper, "Health I.T. Deployment: The Essential Role of Small I.T. Solution Providers," is available here.

This story originally appeared on Health Data Management.