The Health Information Technology for Economic and Clinical Health Act (HITECH Act) compromises several protections, protocols, and procedures that shift focus from paper forms to electronic Protected Health Information (PHI).  

What does the HITECH Act do?

HITECH imposes tougher compliance requirements for the healthcare organization, business associates, and individuals within the healthcare organization. 

The act was developed to motivate the implementation of electronic health records (EHR) and other supporting technologies in the US. The Act became law in February 2009 as part of the American Recovery and Reinvestment Act of 2009 and was created to improve the safety, efficiency, and quality of the healthcare ecosystem in the US.

Is the HITECH Act different from HIPAA?

HITECH is an upgrade to the Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996, a time when health IT was not as prevalent as it is today. With the growing and widespread use of digital and wireless technologies such as cloud computing, the Internet of Things, pervasive use of mobile phones and other connected devices. At the same time, increasingly sophisticated hacking and the prevalence of data breaches made it important to upgrade HIPAA-imposed requirements to account for the new challenges created by the technological advances available to doctors, patients, and administrators.

Both HITECH and HIPAA address the security of PHI, but HITECH has more in-depth compliance requirements. 

For example, after the Act was implemented, patients can request access reports which show all parties that accessed their electronic PHI. There are also several differences in the penalty structure and breach notifications, which require administrators to notify patients if their health information has been breached deliberately or by accident. The HITECH Act has much harsher penalties for non-compliance with fines ranging up to $50,000 per violation or $1.5 million per year.  

What are the Major Components of the HITECH Act?

  • Business Associates: The HIPAA penalties are extended to apply to business associates such as software companies, banks, billing firms, and health information exchanges.
  • More Audits: The Act offers funding for more audits by federal regulators for both, the business associated and the healthcare organization.
  • Enforcement: The US Department of Health has been given more authority to enforce the rules and regulations of HIPAA.
  • Toucher Fines: Under the HITECH Act, penalties can be levied against individuals within a healthcare origination along with all the other fines already part of HIPAA.
  • Accountability: Patients can request the healthcare organization to report all disclosures of their PHI. Individuals also have the right to request copies of their electronic health records.
  • Marketing Restrictions: The Act places several restrictions on marketing activities including communication to patients about new products and services.

Image of HITECH Act cover page.Where can I read the full HITECH Act?

The HITECH Act is formally called PUBLIC LAW 111–5—FEB. 17, 2009, TITLE XIII Sec, 13001. The full text of the HITECH Act is available for download from the U.S. Government Printing Office, and begins on page 112 as part of the larger American Recovery & Reinvestment Act of 2009.

Ali Azhar
Ali Azhar
Ali is a professional writer with diverse experience in content writing, technical writing, social media posts, SEO/SEM website optimization, and other types of projects. Ali has a background in engineering, allowing him to use his analytical skills and attention to detail for his writing projects.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

Crypt888 Ransomware

Crypt888, also known as Mircop, is ransomware that encrypts files on desktops, downloads,...

AutoLocky Ransomware

AutoLocky is ransomware written in the popular AutoIt scripting language. It uses strong...

Data Governance

Data governance is a term used to refer to the management of processes,...