The American Recovery and Reinvestment Act of 2009

We waited years for the federal government to do more than talk--and occasionally sponsor a pilot or demonstration program--about health IT. Annually from 2004 through 2008, various members of Congress would talk about how the country needs electronic health records and such, praise a new-found spirit of bipartisanship, then sponsor legislation authorizing maybe $125 million a year of federal money for health IT. Inevitably, the bills would die in committee. (What, you expected a bipartisan bill to pass in a presidential election year?)

That changed in 2009. The American Recovery and Reinvestment Act, the Obama administration's $787 billion stimulus bill, passed on a highly partisan vote, but the health IT portion of the legislation, called the Health Information Technology for Economic and Clinical Health (HITECH) Act had broad support. The legislation will pump a net $19.2 billion of federal money into health IT over the next eight years, mostly in the form of Medicare and Medicaid incentives for providers to adopt and demonstrate "meaningful use" of interoperable electronic health records starting in 2011.

While the money may not cover the full cost of EHR acquisition and usage, hospitals and physician practices won't be able to hold out much longer, since those still charting on paper are subject to Medicare payment deductions beginning in 2015.

The landmark legislation also significantly tightens HIPAA privacy and security regulations by requiring patient consent for more types of information disclosures, stiffens penalties for breaches and, for the first time, gives states the authority to enforce HIPAA.