The Health Information Technology for Economic and Clinical Health Act (HITECH Act) compromises several protections, protocols, and procedures that shift focus from paper forms to electronic Protected Health Information (PHI).  

What does the HITECH Act do?

HITECH imposes tougher compliance requirements for the healthcare organization, business associates, and individuals within the healthcare organization. 

The act was developed to motivate the implementation of electronic health records (EHR) and other supporting technologies in the US. The Act became law in February 2009 as part of the American Recovery and Reinvestment Act of 2009 and was created to improve the safety, efficiency, and quality of the healthcare ecosystem in the US.

Is the HITECH Act different from HIPAA?

HITECH is an upgrade to the Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996, a time when health IT was not as prevalent as it is today. With the growing and widespread use of digital and wireless technologies such as cloud computing, the Internet of Things, pervasive use of mobile phones and other connected devices. At the same time, increasingly sophisticated hacking and the prevalence of data breaches made it important to upgrade HIPAA-imposed requirements to account for the new challenges created by the technological advances available to doctors, patients, and administrators.

Both HITECH and HIPAA address the security of PHI, but HITECH has more in-depth compliance requirements. 

For example, after the Act was implemented, patients can request access reports which show all parties that accessed their electronic PHI. There are also several differences in the penalty structure and breach notifications, which require administrators to notify patients if their health information has been breached deliberately or by accident. The HITECH Act has much harsher penalties for non-compliance with fines ranging up to $50,000 per violation or $1.5 million per year.  

What are the Major Components of the HITECH Act?

  • Business Associates: The HIPAA penalties are extended to apply to business associates such as software companies, banks, billing firms, and health information exchanges.
  • More Audits: The Act offers funding for more audits by federal regulators for both, the business associated and the healthcare organization.
  • Enforcement: The US Department of Health has been given more authority to enforce the rules and regulations of HIPAA.
  • Toucher Fines: Under the HITECH Act, penalties can be levied against individuals within a healthcare origination along with all the other fines already part of HIPAA.
  • Accountability: Patients can request the healthcare organization to report all disclosures of their PHI. Individuals also have the right to request copies of their electronic health records.
  • Marketing Restrictions: The Act places several restrictions on marketing activities including communication to patients about new products and services.

Image of HITECH Act cover page.Where can I read the full HITECH Act?

The HITECH Act is formally called PUBLIC LAW 111–5—FEB. 17, 2009, TITLE XIII Sec, 13001. The full text of the HITECH Act is available for download from the U.S. Government Printing Office, and begins on page 112 as part of the larger American Recovery & Reinvestment Act of 2009.

Ali Azhar
Ali Azhar
Ali is a professional writer with diverse experience in content writing, technical writing, social media posts, SEO/SEM website optimization, and other types of projects. Ali has a background in engineering, allowing him to use his analytical skills and attention to detail for his writing projects.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...