If you are going to be successful with your HITECH/HIAA compliance initiative you have to change the compliance culture from the C-Suite down to the receptionist and Change Is Hard. Huge corporations are investing billions of dollars with the hope of reaping the benefits of disruption. Forget what is going in Washington D.C., it pales in comparison to the tsunami of change that billions of investment dollars creates when unleashed upon the marketplace. Adding to this, and in part fueling it, is the fact that in the age of the global Internet, patients will no longer tolerate the healthcare industry's Luddite stance regarding EHRs in particular and technology in general. You can kiss those "good 'ole days" goodbye, they are gone forever (RIP).
This is not an argument that all will be sweetness and light with respect to the change the industry will undergo, but rather a statement of the obvious: the healthcare industry status quo has exploded into a million and one pieces and we are never going back. Privacy and security concerns regarding protected health information("PHI") remain a mission critical component of healthcare's next iteration. The importance of privacy and security grows exponentially as the Nationwide Health Information Network ("NHIN") become more and more real with each passing day.
What does that mean to you if you are responsible for your organization's HITECH / HIPAA compliance initiative? It means that what you do today will be disrupted by all the technological changes surrounding you. Why? Because there is no way that the NHIN can survive without robust privacy and security governance baked in from the get go, and without a commitment from all market participants, which means you. It is not likely that the government is the entity to be feared the most, but rather the demands of the marketplace, and your organization's role in this ecosystem.